1. Name and contact details of the data controller and the company data protection officer
This data protection information applies to data processing by:
Data Controller: bc GmbH & Co. KG (hereinafter: bc),
Carlo-Schmid-Strasse 12, 52146 Würselen, Germany
Phone: +49 (0)2405 – 450045
Fax: +49 (0)2405 – 450046
Trade Register Aachen HRA6179
VAT no. DE191317292
bc Verwaltungs GmbH
Trade Register Aachen HRB21024
Marcus Wenkel, Klaus Hoenig, Philipp Simon
The company data protection officer for bc is Mr Stefan Sippel. He can be contacted at the above address, F.A.O. Mr Stefan Sippel, or at firstname.lastname@example.org.
2. Collection and storage of personal data as well as the nature and purpose of its use when visiting our website
When you visit our website www.bike-components.de, the browser used on your device automatically sends information to our website server. This information is stored temporarily in a log file. The following information is collected without any action on your part and stored until it is automatically deleted:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- The website from which access takes place (referrer URL)
- The browser used and, if applicable, the operating system of your computer as well as the name of your access provider
We process the aforementioned data for the following purposes:
- To guarantee a smooth connection to the website
- To guarantee comfortable use of our website
- To evaluate system security and stability
- For other administrative purposes
The legal basis for the data processing is Art. 6(1)(1)(f) GDPR (General Data Protection Regulation). Our legitimate interest is derived from the purposes listed above for the collection of data. We will not use the data collected to draw conclusions about you under any circumstances.
3. Collection and storage of personal data as well as the nature and purpose of its use upon registration
Upon registration, we will save the information that we have listed under 2. in addition to
- Date and time of registration
- First name, last name
Our General Terms and Conditions valid at this time will also be stored. Our registration form is encrypted to ensure that the data entered in it cannot be viewed by third parties. You have the option to change your registration data at any time.
We store this data in order to give you the possibility to place orders and to access your order data at any time. The ordering data includes: your orders, your account data, your address book, your password, your newsletter subscription, your user data and your reviews.
The data is processed at your request and is required for the purposes stated for the appropriate processing of your orders and subscriptions and for the mutual fulfilment of obligations under the order agreements in accordance with Art. 6(1)(1)(b) GDPR.
If you have entered into a contract with us for the order of goods, the length of time for which your data is stored depends on the explanations below for 4. - Online order. If you have not placed an order, we will store your registration data for a reasonable period of time within which an order can be expected after registration, but no longer than three months.
4. Collection and storage of personal data as well as the nature and purpose of its use when ordering online
You can place an online order only once you have completed the registration process. We therefore store the information listed under 2. and 3. Our order form is encrypted to ensure that the data entered in it cannot be viewed by third parties. When you place an order, we collect the following additional information:
- Title, first name, last name
- Email address
- Phone number (if specified)
- Date and time of order
- Ordered goods
- Payment details
We also store the wording of the contract and our General Terms and Conditions applicable at the time of conclusion of the contract.
This data is collected:
- To identify you as our customer
- To deliver the ordered goods to you and to fulfil the contract
- For invoicing
- To settle the payment claims and assert any other claims against you
- For correspondence with you
- The data is processed at your request and is required for the purposes stated for the mutual fulfilment of obligations under the purchase contract in accordance with Art. 6(1)(1)(b) GDPR.
The personal data collected by us for the settlement of the purchase contract shall be stored until the statutory period of limitation expires (3 years after the end of the calendar year in which the claim arose and the creditor has become aware of the circumstances substantiating the claim and the person of the debtor or has had to obtain knowledge of it without gross negligence, Section 199(1) of the German Civil Code, (BGB)) and subsequently deleted, unless we are obligated to store it for longer in accordance with Art. 6(1)(1)(c) GDPR due to statutory and commercial legal storage and documentation obligations (from the German Commercial Code (HGB), the German Criminal Code (StGB) or General Fiscal Law (AO)) or you have consented for it to be stored for longer in accordance with Art. 6(1)(1)(a) GDPR.
5. Collection and storage of personal data as well as the nature and purpose of its use when registering for our newsletter
Provided you have given express consent in accordance with Art. 6(1)(1)(a) GDPR, we will use your email address to send you our newsletter regularly. An email address is sufficient to receive the newsletter. You can unsubscribe at any time, for example using a link at the end of each newsletter. Alternatively, you can send your request to unsubscribe by email to email@example.com.
6. Collection and storage of personal data as well as the nature and purpose of its use when using our contact form
If you have any questions, we give you the option to contact us via a form provided on the website. A valid email address is required to tell us who the request is from and to enable us to respond to it. Further information may be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6(1)(1)(a) GDPR based on your voluntary consent. The personal data collected by us for the use of the contact form will be automatically deleted after completion of the inquiry you have made. Our contact form is encrypted to ensure that the data entered in it cannot be viewed by third parties.
7. Transfer of data
Your personal data will not be transferred to any third parties for purposes other than those listed below.
We will only share your personal data with third parties if:
- This is permitted by law and is required for the execution of contractual relations with you in accordance with Art. 6(1)(1)(b) GDPR. We use the information you provide:
- To fulfil and process your order
- For transfer to the shipping company contracted with delivery as far as this is necessary to deliver the goods
- To process payments. We may pass on your payment details to our bank;
- The transfer in accordance with Art. 6(1)(1)(f) GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to believe that you have an overriding vested interest in the non-disclosure of your data, in the event that there is a legal obligation to the transfer in accordance with Art. 6(1)(1)(c) GDPR, and
- You have given your explicit consent to this in accordance with Art. 6(1)(1)(a) GDPR, for example when applying for a purchase by instalments (instalment transaction). In the case of an instalment transaction, by submitting your application you consent to the transfer of your data to PayPal for a credit check. For the purpose of the credit check, your data, first and last name, street, house number, postal code, city, date of birth, telephone number as well as the data related to your order is stored, processed and used within the limits permitted by law. You consent to this information being sent to PayPal for the purposes of credit checking.
- You select the payment method Amazon Pay. We will then pass on your payment details to Amazon Payments Europe s.c.a, 38 avenue J.F.Kennedy, L-1855 Luxembourg as part of payment processing. The data processors of data transferred to Amazon Payments are Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL, all three of which are located at 38 avenue J.F.Kennedy, L-1855, Luxembourg. We will transfer your data exclusively for the purpose of payment processing with the payment service provider Amazon Payments and only to the extent that it is necessary for this. The transmission of your data to Amazon Payments takes place on the basis of Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (processing for the fulfilment of a contract). You have the option to withdraw your consent to data processing at any time. Withdrawal does not affect the validity of past data processing.
For details on how to pay with Amazon Pay and its Privacy Notice, please see the following link: https://pay.amazon.com/uk/help/201751600.
Your data will not be transferred to other third parties for any other purposes or used for advertising purposes outside of an agreed newsletter mailing list. Insofar as we pass on your data to third parties as described above, these third parties have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.
If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you about the consequences of this in the description of the offer. We will only transfer your data to a service provider or partner outside the EEA if the delivery location that you have indicated in your order is outside the EEA. We will send your data to service providers or partners outside the EEA if there is an adequacy decision by the Commission for the country concerned. In the case of a transfer in accordance with Art. 46 or Art. 47 or Art. 49(1)(2), we will inform you about the consequences of this situation in the offer. The Commission has an adequacy decision for the following countries: Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, USA (limited to the Privacy Shield framework). The Commission's explanations regarding its adequacy decisions are available at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en
Details and explanations of the EU-US Privacy Shield can be found at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-data-transfers_en
We use the following types of cookies, the scope and functionality of which are explained below:
- Transient cookies (see a)
- Persistent cookies (see b)
a) Transient cookies are automatically deleted when you close the browser. This includes session cookies in particular. These store a session ID with which various requests from your browser can be assigned to the common session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.
b) Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete cookies at any time in your browser's security settings.
You can configure your browser settings in accordance with your wishes and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the features of this website if you do so.
Facebook pixel advanced matching
We also use Facebook pixels. The provider is Facebook Inc., 1601 S California Avenue AVE, Palo Alto, California 94304 USA or if you are located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; information on data collection: https://www.facebook.com/policy.php; more information on data processing: https://www.facebook.com/help/186325668085084, https://www.facebook.com/about/privacy/your-info-on-other#applications as well as https://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Facebook is certified under the Privacy Shield Agreement, providing a guarantee of compliance with European Data Protection Law.
The Facebook pixel allows us to improve our website and make it more interesting for you as a user. The legal basis for its use is Art. 6(1)(1)(f) GDPR. When you visit our website, the Facebook pixel is integrated directly by Facebook and can store a cookie on your device. If you subsequently log in to Facebook or log in to our site, the visit to our website will be noted in your profile. The Facebook pixel captures the following types of data:
- HTTP headers – Everything contained in HTTP headers. HTTP headers are a standard web protocol that is sent between the browser request and server on the Internet. HTTP headers contain IP addresses, information on the web browser, site location, document, referrer and the visitors to the website.
- Pixel-specific data – This includes the pixel ID and the Facebook cookie.
- Button-click data – This includes any buttons clicked by the website visitor, the labels on these buttons and any pages accessed as a result of clicking on the button.
- Optional values – Conversion values, page types
- Form field names – These include the names of website fields, such as "Address" and "Quantity" that are filled out when you purchase a product or service. The pixel does not capture field values.
We also use the "advanced matching" access function. This feature allows customer data such as first name, last name, email address, telephone number or Facebook IDs to be transmitted to Facebook and enhanced using existing tracking data. If you are registered with a service from Facebook, Facebook can associate the visit with your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that your IP address and other identifying features will be learned and stored. You can find further information on advanced matching at: https://www.facebook.com/business/help/611774685654668.
We have no influence on the extent and further use of the data collected by Facebook and therefore inform you in accordance with our knowledge.
You can object to collection by the Facebook pixel. You can also choose which types of ads you see within Facebook. To do this, you must go to the page set up by Facebook for this purpose and follow the instructions for setting usage-based advertising: https://www.facebook.com/settings?tab=ads. You can also object to its use by following the opt-out procedure:
I hereby consent to the collection of my data by the Facebook pixel.
The data processed by cookies is required for the purposes stated for the protection of our legitimate interests as well as of third parties in accordance with Art. 6(1)(1)(f) GDPR.
9. Analysis tools
The tracking measures listed below and used by us are performed on the basis of Art. 6(1)(1)(f) GDPR. By using these tracking measures, we intend to ensure that our website is designed appropriately and that it is continuously optimised. We also use the tracking measures to record statistics pertaining to the use of our website and to evaluate these in order to optimise our website for you. These interests are considered legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
(1) Google Analytics
For the purpose of designing and continuously optimising our pages as required, we use Google Analytics, a web analysis service provided by Google Inc. (https://about.google/intl/en/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as "Google"). In this context, pseudonymised user profiles are created and cookies (see section 8) are used. The information generated by the cookie about your use of this website, such as
- Browser type/version
- Operating system used
- Referrer URL (the page visited previously)
- Host name of the accessing computer (IP address)
- Time of the server request
is transferred to a Google server in the United States and stored there. The information is used to evaluate the use of the website, to compile reports on website activities and to provide other services related to website use and Internet use for market research purposes and to design these Internet pages appropriately. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymised so that an assignment is not possible (IP masking). You can prevent the installation of cookies by
setting your browser software accordingly; we would, however, like to point out that in this case, you may not be able to use all functions of this website in full.
In addition, you can prevent Google from collecting the data generated by the cookie and related to your use of the website (incl. your IP address) as well as from processing this data by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en). As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. This sets an opt-out cookie to prevent future collection of your data when you visit this website. The opt-out cookie is valid only in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again. For more information about data protection in relation to Google Analytics, see the Google Analytics Help page (https://support.google.com/analytics/answer/6004245?hl=en).
(2) Google Adwords Conversion Tracking
(3) Google AdWords Remarketing
Our website uses Google Adwords Remarketing Tags. Google Adwords Remarketing is a service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as "Google"). For this purpose, cookies are stored on your computer and are used by Google to analyse the use of the website. The information generated by the cookie (including your IP address) is transmitted to and stored by Google on a server in the United States. Google then truncates the last three digits of the IP address. This means that a unique assignment of the IP address is no longer possible. Google will use this information to evaluate your use of the website, to compile reports on website activities for website operators and to provide other services related to website use and Internet use. In addition, Google may transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Third parties, including Google, place ads on websites on the Internet.
However, we would like to point out that in this case you may not be able to use all functions of this website in full. By using this website, you agree to the processing of the data collected about you in the manner described above by Google and for the purpose stated above.
(4) YouTube plugin, links to social media
(a) We do not use any Twitter or Instagram media plugins on our website. The icons shown are links to these social media sites only. Consequently, no data will be transferred to the servers of the above-mentioned providers unless you actively click on one of these links.
(b) We have embedded YouTube videos in our online site. These are stored at http://www.youtube.com and can be played directly from our website. All of these are embedded in "privacy-enhanced mode", which means that no data about you as a user will be transferred to YouTube if you do not play the videos. Only when you play the videos will the data stated in Paragraph 2 be transferred. We have no influence on this data transfer.
(c) By visiting the website, YouTube will be informed that you have accessed the corresponding subpage of our website. In addition, the data stated under Point 2 of this declaration will be transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles, which it uses for advertising, market research and/or the design of its website. This kind of evaluation shall be carried out in particular (even for users who are not logged in) for the provision of appropriate advertising and in order to inform other users of the social network about your activities on our website. You are entitled to object to the formation of these user profiles. You must contact YouTube to exercise this right.
Google also processes your personal data in the United States and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
(5) Commerce Connector
We use a tracking pixel from the company Commerce Connector GmbH, Eberhardstrasse 69-71, 70173 Stuttgart on our website.
The tracking pixel is a 1 x 1 pixel-sized graphic that is virtually invisible and has no relevant impact on loading times. The tracking pixel is activated only for customers who access our website via the link of a manufacturer who has integrated this pixel. Via the manufacturer, you can open the website of Commerce Connector GmbH, www.commerce.connector.com. For this purpose, the manufacturer uses the Commerce Connector buy now online software-based service in order to show visitors which online retailers stock a certain product for purchase. One of these online retailers is www.bike-components.de. If you have clicked on the manufacturer's link, Commerce Connector GmbH will store a cookie on your device for a limited period of time, which is usually seven days. If you make a purchase with us within this period, Commerce Connector GmbH can access the cookie to obtain information about your purchase from us as soon as you access our confirmation page.
The tracking pixel is used to communicate the following to the manufacturer via Commerce Connector: information about the shop ID, the EAN for each article, the quantity ordered, the net price (optional), the time of the order, the number of orders and the IP address of the customer or other user data or customer data. The tracking pixel is located on the website of Commerce Connector GmbH using only an HTML embed image tag. Anonymised sales statistics regarding individual products are generated using the purchase information.
For more information, see https://www.commerce-connector.com/web/en/policy-cco/
If you wish to disable the tracking system from Commerce Connector, you can do so via https://www.commerce-connector.com/web/en/policy-cco/
To disable this, please follow the instructions at the Commerce Connector URL specified.
10. Rights of data subjects
You have the right:
- To request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right of complaint with a supervisory authority, the origin of your data, if it has not been collected by us and the existence of automated decision-making processes including profiling in accordance with Art. 22(1) and (4) GDPR and meaningful information on the logic involved as well as the scope and intended impact of such processing on the data subject. You have the right to request information on whether the personal data concerning you has been transferred to a third country or to an international organisation. In this context, you may request that the appropriate guarantees be provided in accordance with Art. 46 GDPR in the context of the transfer;
- To demand the immediate correction of inaccurate personal data or completion of personal data stored by us in accordance with Art. 16 GDPR;
- To request the deletion of your personal data stored by us in accordance with Art. 17 GDPR in the following cases:
- The personal data pertaining to you is no longer necessary for the purposes for which it was collected or otherwise processed.
- You revoke your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR and there is no other legal basis for the processing.
- You object to the processing in accordance with Art. 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21(2) GDPR.
- Your personal data has been processed unlawfully.
- The deletion of personal data pertaining to you is necessary to fulfil a legal obligation under EU law or the law of the Member States to which the data controller is subject.
- The personal data pertaining to you has been collected in relation to the information society services offered in accordance with Art. 8(1) GDPR;
If the data controller has made the personal data pertaining to you public and if it is obligated to delete it in accordance with Art. 17(1) GDPR, it shall take appropriate action, including technical measures, taking into account available technology and implementation costs, to inform data controllers that process the personal data that you, as the data subject, have requested that they delete all links to this personal data or any copies or replications of this personal data.
The right to deletion does not exist if processing is necessary
- For the exercise of the right to freedom of expression and information;
- For the fulfilment of a legal obligation that requires processing under the law of the Union or of the Member States to which the data controller is subject, or for the performance of a task that is in the public interest or in the exercise of public authority entrusted to the data controller;
- For reasons of public interest in the field of public health, in accordance with Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
- For archive purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89(1) GDPR, insofar as the law referred to in Para. 1 is expected to make realising the objectives of this processing impossible or seriously impair it, or
- For the assertion, exercise or defence of legal claims.
- You can request that the processing of your personal data is restricted in accordance with Art. 18 GDPR, if
- You contest the accuracy of the personal data pertaining to you for a period of time that enables the data controller to verify the accuracy of the personal data;
- The processing is unlawful and you reject the deletion of the personal data and instead request the restriction of its use;
- The data controller no longer requires the personal data for the purposes of processing, however, you require it for the assertion, exercise or defence of legal claims, or
- You have objected to processing in accordance with Art. 21(1) GDPR and it is has not yet been determined whether the legitimate reasons of the data controller outweigh your reasons.
If the processing of personal data pertaining to you has been restricted, such data – with the exception of its storage – may only be processed with your consent or for the purpose of asserting, exercising or defending legal rights or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the restriction on processing has been limited in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted;
- To receive the personal data that you have provided us with in a structured, accessible and machine-readable format or to request its transfer to another data controller in accordance with Art. 20 GDPR. Furthermore, you have the right to transfer this data to another data controller without hindrance by the data controller to whom the personal data has been provided, as long as
- Processing is based on consent pursuant to Art. 6(1)(A) GDPR or Art. 9(2)(a) GDPR or a contract pursuant to Art. 6(1)(b) GDPR and
- Processing is carried out using automated methods.
By exercising this right, you also have the right to have personal data pertaining to you transferred directly by one data controller to another data controller insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task that is in the public interest or in the exercise of public authority that has been entrusted to the data controller;
- To withdraw any consent you have given us at any time in accordance with Art. 7(3) GDPR. If you do so, this means that in future we will no longer continue to process the data based on this consent.
- To lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. Usually, you can contact the supervisory authority of your usual place of residence or workplace
or our company headquarters.
11. Right of objection
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6(1)(1)(f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, if there are reasons for this which arise from your particular situation or if the objection is directed at direct advertising. In the latter case, you have a general right of objection, which is implemented by us without stating a particular situation. If you would like to exercise your right of withdrawal or objection, it is sufficient to send an email to firstname.lastname@example.org.
You can of course object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can inform us of your objection to advertising via the email address above.
12. Data security
We use the commonly used SSL procedure (Secure Socket Layer) as part of visits to our website in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether a single page of our website is transmitted in encrypted form by the closed key or padlock icon in the lower status bar of your browser. We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
at any time.