We are, of course, the data controller and we will be happy to answer any questions you have at any time. In fact, bc GmbH is responsible for processing and protecting your data on bike-components.de (hereinafter referred to simply as "we" or "bc").
Where to find us and how to contact us: bc GmbH Commercial Register of Aachen HRB 25211 VAT ID number DE191317292
If you have any questions, please do not hesitate to contact our Data Protection Officer Severine Petersen (Data Business Services GmbH & Co. KG). You can contact her by email at email@example.com.
2. Your visit to bike-components.de
When you visit one of our websites, information from your browser is automatically sent to our server. We only need this information to ensure that you can access our site properly. This relates to the following information, which we temporarily store in a so-called log file until it is automatically deleted:
● IP address of your computer,
● Date and time of your access,
● Name and URL of the file you have retrieved,
● Website from which you gain access (referrer URL),
● The browser used and, if applicable, the operating system of your computer and the name of your access provider.
We will only process this data in order to make your visit to our website as simple as possible for you from a technological point of view, specifically:
● to ensure a smooth connection to our website,
● to ensure that you can use our website in comfort,
● to evaluate how secure and robust the system is and
● for other administrative purposes.
The legal basis for processing data is Art. 6 Para. 1 (1) (f) of the General Data Protection Regulation (GDPR). Under no circumstances will we use the data collected to identify you as an individual.
We also use our website cookies and analysis services when there is a visit to our website.
3. Your log-in to bike-components
Having an account with bc means you can order even more easily and quickly. You will have all your orders, account and user data, your address book, password, newsletter subscription and your reviews at your fingertips.
To ensure that you can also use and access your account benefits, we store your registration data with each log-in in addition to the data mentioned under 2.:
● Date and time of your log-in
● First name and surname
● Our current terms and conditions
We take care of your data, which is why our registration form is so encrypted that the data entered there cannot be viewed by third parties. Of course, you always have the right to change your log-in data.
We process your data strictly in accordance with Art. 6 Para. 1 (1) (b) of the GDPR and we need this data in order to be able to process your orders and subscriptions properly, as well as to mutually fulfil obligations arising from our order contracts.
If you place an order with us while you are logged in, we will store the data for as long as is set out under 4. If you were logged in without placing an order, we will store your registration data for as long as, from experience, we would expect you to place an order, but not for longer than three months.
4. Your purchase from bike-components
We will make sure that you receive all you need for your bike as soon as possible. And this is why we need data.
You can order from us either by using a customer account so that we store the data set out under 2. and 3. in order to process your order or you can order as a guest, meaning we will only store the data set out under 2. and the data from our order form. To prevent third parties from viewing your data, we have also encrypted our order form. To process your order, we store the following information:
● Title, first name, surname,
● Email address
● Phone number (if specified)
● Date and time of the order
● Ordered goods
● Information about the payment method
We also save the text of the contract and our general terms and conditions in force at the time the contract is concluded.
Why do we need this data:
● To make sure that you are our customer,
● To be able to deliver the ordered goods to you and to be able to fulfil the contract,
● To issue you with your invoice,
● To process our entitlements to payment from you and to assert any other claims against you and
● To keep you informed about your order.
Your data will be processed at your request and is required in accordance with Art. 6 Para. 1 (1) (b) of the GDPR for the purposes outlined for our mutual fulfilment of the obligations arising from the sales contract.
We store the data that we collect for the purposes of processing the sales contract until the statutory period of limitation has expired (three years after the end of the calendar year in which the claim arose and we became aware of the circumstances substantiating the claim and of your identity or would have become aware without gross negligence, Section 199 Para. 1 of the BGB (German Civil Code)). After that we delete it, unless we are obliged to store it for longer in accordance with Article 6 Para. 1 (1) (c) of the GDPR due to retention and documentation requirements under tax and commercial law (arising from the HGB (German Commercial Code), StGB (German Penal Code) or AO (German Fiscal Code)) or you have consented to your data being stored for a longer period in accordance with Art. 6 Para. 1 (1) (a) of the GDPR.
In our shop we use the "Endereco" service provided by Endereco UG, Balthasar-Neumann-Straße 4b, 97236 Randersacker, Germany to validate and correct addresses. These services enable us to check and correct errors in entered information in real time. Checking your address allows us to process your order correctly. Checking your address also helps prevent fraud and identify false addresses. For this purpose, your address data is transferred to Endereco and analysed there. Endereco never stores addresses or any other data at any time and never links information such as name and address data together. Endereco stores the time stamp of the request and the result of the check for billing purposes. Data is stored by Endereco only if a suggestion for an error correction occurs and is then denied by you. The purpose of data storage by Endereco is to further improve service. Stored addresses are deleted bc Endereco after 4 weeks. The data is not merged with other data sets either. Since performance of the contract and the implementation of pre-contractual measures require the correctness of the data you entered to be checked, processing is based on Art. 6(1)(b) GDPR. However, processing is equally based on our legitimate interest in collecting your customer data in accordance with regulations in order to prevent contract performance problems, which means that it is also based on Art. 6(1)(f) GDPR.
We also store address information that Endereco corrects for us. However, this only applies to customers who have a customer account. Data is stored for the purpose of continued quality assurance, to improve address validation and to have the option of sharing this data with the customer.
6. Your newsletter subscription
Do you want to be kept up-to-date on all things cycling? Our newsletter will send you tips, product & brand launch news and current trends.
We collect your e-mail address when you sign up for our newsletter. This is necessary in order to be able to send you the newsletter. After subscribing, you can voluntarily tell us your first name, date of birth and interests (mountain biking, road biking, gravel biking). In addition to storing the required e-mail address when you sign up for the newsletter, we store the IP address which you used to subscribe, as well as the date and time of registration and confirmation, in order to be able to trace possible misuse at a later date. We also collect information regarding your selected language and the country you are logging in from via your browser.
We use the double opt-in method for sending the newsletter. This means that we will only send you our newsletter by e-mail if you confirm your subscription. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, would like to receive future newsletters. By confirming, you give us your consent according to Art. 6 para. 1 lit. a DSGVO that we may use your personal data for the purpose of sending the newsletter as requested.
You can unsubscribe from the newsletter at any time via the link included in each newsletter or by e-mail. After unsubscribing, your e-mail address will be immediately deleted from our distribution list, unless you have expressly consented to the continued use of your collected data or if continued data processing is permitted by law.
We evaluate the opening/click rates of our newsletters when we send them out. Processing is carried out for statistical analysis purposes, namely how often are newsletters are read as well as the optimisation of our e-mail advertising. We record when you read our newsletter, which browser you use, your IP address and which links you click on in the newsletter. These evaluations are anonymised.
7. What happens with questions submitted via the contact form, chat, email or over the phone
If you have any questions, such as about your order or one of our items, we are always happy to help you via email, phone or chat. You can, of course, also contact us via our contact form.
If you contact us via email, phone or the chat feature on our website, we will only receive the personal data about you that you provide us. The legal basis for this is our legitimate interest in responding to your query (Art. 6(1)(1)(f) GDPR) or fulfilling existing contractual relationships (Art. 6(1)(1)(b) GDPR).
We use Novomind software to process any queries you send via the contact form, chat or email. Everything you need to know about Novomind can be found under point 9 "Novomind".
We use myAgent telephone software to process any queries you make over the phone.
7.1 Contact form
We need you to provide a valid email address so that we can answer your query via the contact form on our website and assign it to you. All other information you provide in order to help us respond more quickly is voluntary. Your data is processed in accordance with Art. 6(1)(1)(b) GDPR (fulfilling existing contractual relationships) or Art. 6(1)(1)(f) GDPR (our legitimate interest in responding to your query). Our contact form is also encrypted so that your data cannot be viewed by third parties.
If you contact us via WhatsApp, we will receive the following personal information from you:
Nickname stored in WhatsApp
Chat messages and any personal data they contain (e.g. first name, surname, customer number)
We use Novomind software to process your query. Everything you need to know about Novomind can be found under point 9 "Novomind". Once your query has been answered by one of our service representatives, you will receive a response directly in WhatsApp. You can object to the use of WhatsApp at any time with future effect by withdrawing your consent via WhatsApp or by emailing firstname.lastname@example.org.
8. myAgent telephone software
10. Price Alert
Use our Price Alert function to let us know when you see an item on another website at a lower price. This action will open a contact form that will collect information on the item as well as your name and e-mail address. You can provide us with further information in the “Notes” field. Your data will be used to verify the Price Alert and to secure you an offer or send you a voucher. The legal basis for this is our legitimate interest in satisfying your request and being able to offer you a fair price, Art. 6 para. 1 lit. f DSGVO. If a purchase is made, the legal basis Art. 6 para. 1 lit. b DSGVO (contract) applies.
11. What information is stored when you use payment service providers
You can pay us safely in different ways and choose the simplest method for you. We will not share your personal information with third parties unless:
1. It is permitted under law and is required in accordance with Art. 6 Para. 1 (1) (b) of the GDPR for the purposes of fulfilling contractual relationships with you. As part of this process, we use the data you provide: 1.1. To process your order. 1.2. To pass the data on to the shipping company responsible for delivery, as far as this is necessary for your goods to be delivered. 1.3. To process payments. For this purpose, we may pass on your payment data to our principal bank.
2. It is necessary to share your personal information in accordance with Art. 6 Para. 1 (1) (f) of the GDPR in order to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding and legitimate interest in your data not being shared in the event that there is a legal obligation to share in accordance with Art. 6 Para. 1 (1) (c) of the GDPR and
3. You have expressly consented to this in accordance with Art. 6 Para. 1 (1) (a) of the GDPR.
4. You select the PayPal payment method. Then we pass on the required data to PayPal (Europe) S.à r.l. et Cie, S.C.A. (22–24 Boulevard Royal, L-2449 Luxembourg; hereinafter referred to as PayPal). PayPal is run as a bank across the EU. The supervisory authority is the Luxembourg Banking Authority CSSF (Commission de Surveillance du Secteur Financier). The information that we automatically pass on to PayPal for the purposes of your payment transaction is usually first name and surname, street, house number, postcode, city, phone number and the data related to your order within the scope permitted by law. 4.1. If you use PayPal services, PayPal collects the following data from you: 4.1.1. Information on registration and use. If you do not have a PayPal account, you may need to provide your name, address, phone number, email address and other identifying information to set up an account, depending on the services you choose. 4.1.2. Information about transactions and experiences, such as the amount sent or requested, the amount paid for products or services, dealer information, including sources of payment used for the transaction, device information, technical usage data and location data. 4.1.3 Personal data of those participating in the transaction, i.e., data that you provide to PayPal about other participants in connection with the transaction. 4.1.4. All other data collected by PayPal can be found here. 4.2. For credit checking purposes, PayPal will pass your data on to credit agencies. These can also be found here.
Except in the aforementioned cases, we will not pass your data on to other third parties or use it for advertising purposes other than for the purposes of sending the newsletter to you, to which you will have consented. Bikers' word of honour. If we share your information with the aforementioned third parties, you can be sure that we have carefully selected and explicitly appointed them; they are bound by our instructions and are monitored regularly.
If our service providers or partners have their registered office in a country outside the European Economic Area (EEA), we will inform you in the description of our offer, what the consequences are. We will only transfer your data to a service provider or partner outside the EEA if the delivery location you specified in your order is outside the EEA. In addition, there must be an EU Commission adequacy decision in place for the country concerned. Where data will need to be transmitted in accordance with Art. 46 or Art. 47 or Art. 49 Para. 1 sub-paragraph 2, we will inform you about the consequences as part of our offer. The Commission has adopted adequacy decisions for the following countries: Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, South Korea, Uruguay and the United Kingdom. The Commission's comments on its adequacy decisions can be found here. Data transfer to the USA is based on the standard contractual clauses (SCC) approved by the EU Commission. The latest standard contractual clauses can be found here.
12. Cookies and analysis services
13. You have control over your data
Your data belongs to you and we will be happy to provide you with information about what happens to it. That's why you always have the right:
● under Art. 15 of the GDPR to request information about your data processed by us. In particular, you may request information about: 1. The processing purposes, 2. The categories of data, 3. The categories of recipients to whom the data has been or will be disclosed; 4. The envisaged retention period, 5. Your right to rectification, erasure, restriction of processing or right to object, 6. Your right to lodge a complaint with a regulatory authority, 7. The source of your data if it has not been collected by us, 8. The existence of automated decision-making, including profiling in accordance with Art. 22 Para. 1 and 4 of the GDPR and meaningful information about the logic involved and the significance and envisaged consequences of such processing for you as the data subject, 9. Whether the data relating to you is transferred to a third country or to an international organisation. In that regard, under Art. 46 of the GDPR, you may request to be informed about the appropriate guarantees in connection with the transmission.
● under Art. 16 of the GDRP to immediately request that data stored by us be corrected or completed.
● under Art. 17 of the GDPR, you may request, in the following cases, that we delete the data that we have stored about you if: 1. The data concerning you is no longer necessary for the purposes for which we have collected it or processed it in any other way. 2. You are revoking your consent on the basis of which we process your data under Art. 6 Para. 1 (a) or Art. 9 Para. 2 (a) of the GDPR and there is no other legal basis for processing. 3. You object under Art. 21 Para. 1 of the GDPR to your data being processed and there are no overriding legitimate reasons for processing, or you file an objection under Art. 21 Para. 2 of the GDPR. 4. The data relating to you has been processed illegally. 5. It is necessary to delete data relating to you in order to fulfil a legal obligation under EU law or the law of the Member States to which we as the data controller are subject. 6. The data relating to you has been collected in relation to the services provided by the information society under Art. 8 Para. 1 of the GDPR.
In the event that we as data controller have made your data public and are obliged under Art. 17 Para. 1 of the GDPR to delete the data, we will take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform data controllers who process the data, that you, as data subject, have requested that they delete all links to this data or copies or replications of this data.
However you shall have no right to deletion should processing be necessary 1. To exercise the right to freedom of expression and information; 2. To fulfil a legal obligation which requires processing under EU law or the law of the Member States to which we are subject, or to carry out a task which is in the public interest or which is carried out as part of exercising public authority which has been entrusted to us; 3. For reasons of public interest in the field of public health under Art. 9 Para. 2 (h) and (i) and Art. 9 Para. 3 of the GDPR; 4. For archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes under Art. 89 Para. 1 of the GDPR, insofar as your right stated under Para. 1 is likely to make the realisation of the objectives of this processing impossible or seriously impair it, or 5. To assert, exercise or defend legal claims.
Under Art. 18 of the GDPR, you may request that restrictions are placed on your personal data being processed if
1. You dispute the accuracy of the data about you for a period of time that allows us to verify that the personal data is accurate; 2. Processing is unlawful and you decline to delete the personal data, instead requesting that restrictions are placed on how the data is used; 3. We no longer need the data for the purposes of processing, but you need it to assert, exercise or defend legal claims, or 4. You have filed an objection to processing under Art. 21 Para. 1 of the GDPR and it is not yet clear whether the legitimate reasons for us as data controller outweigh your reasons.
In the event that restrictions have been placed on how data about you is processed, we may only process this data (storing the data aside) with your consent or to assert, exercise or defend legal rights or to protect the rights of another natural or legal person or for reasons of significant public interest of the European Union or of a Member State.
In the event that restricted processing has been restricted in accordance with the above conditions, we will inform you before we remove the restriction;
● under Art. 20 of the GDPR, you may receive your data that you have provided to us in a structured, standard and machine-readable format or request that the data be transferred to another data controller. In addition, you have the right to transfer this data to another data controller without any obstruction by us to whom you have provided the data, provided that 1. Processing is based on consent under Art. 6 Para. 1 (a) of the GDPR or Art. 9 Para. 2 (a) of the GDPR or on a contract under Art. 6 Para. 1 (b) of the GDPR and 2. Processing is carried out by means of automated processes.
In exercising this right, you also have the right to have the data about you transferred directly from us to another data controller, as far as it is technically feasible to do so. The freedoms and rights of other persons must not be affected by this process.
The right to data transfer shall not apply to personal data being processed that is necessary to perform a task which is in the public interest or which is carried out in the exercise of public authority that has been entrusted to us:
● under Art. 7 Para. 3 of the GDPR, you may withdraw your consent at any time. As a result, we will not be permitted to continue processing data based on your consent in future and
● under Art. 77 of the GDPR, you may complain to a regulatory authority. Normally you can contact the regulatory authority for your usual place of residence or workplace or for our company headquarters.
14. Your right to object
What should you do if you no longer want us to process your data? It's your prerogative, just let us know. If we process your personal data based on legitimate interests under Art. 6 Para. 1 (1) (f) of the GDPR, you have the right under Art. 21 of the GDPR to file an objection to your data being processed, provided there are reasons to do so based on your particular circumstances or you are objecting to direct mail. In the latter scenario, you have a general right to object which we will act on without you needing to state a particular reason. If you would like to use your right to revoke your consent or your right to file an objection, send us an email to email@example.com.
Of course, you can also object to your data being processed for the purposes of advertising and data analysis at any time. All you have to do is send us an email to firstname.lastname@example.org.
15. Your data is safe
Safety and security is important for us, not only when out cycling, but also when processing your data.
During your visit to the bc website, we use the popular Secure Socket Layer (SSL) method in conjunction with the highest level of encryption that is supported by your browser. Typically, this will involve 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. The closed padlock or unbroken key icon in the address bar of your browser tells you whether a single page is transmitted in encrypted form.
We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or from being accessed by unauthorised third parties. To this end, we continuously improve our security measures in line with technological developments.
As cyclists, we know how important it is to always keep up to speed, which is why we also like to make sure that we are up to date when it comes to data protection.