Hereinafter we inform you about the nature, scope and purpose of the processing of your personal data when you visit our websites at bikablo.com and https://online.bikablo.com and when you use our app “bikablo” (hereinafter the “App”). Personal data is any information that relates to an identified or identifiable natural person.
The person responsible (“Controller”) within the meaning of the EU General Data Protection Regulation (GDPR) is the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data. Controller within the meaning of the GDPR for the personal data processed by this shop is bikablo GmbH & Co. KG, Lüderichstr. 2-4, 51105 Köln, phone (0221) 98 55 90 20, email firstname.lastname@example.org (hereinafter “we”).
2. When you visit our web site or use our app
When you visit our website or use our app, our server collects the following information from your device: IP address, type and version of the operating system of your terminal device, time of the data connection, and – when connecting via a web browser – type and version of the web browser, the address of the currently accessed website and the address of the previously visited website (“referrer”).
We collect and process this data in order to ensure the trouble-free operation of our website and to detect, fend off and prosecute a misuse of our services. Furthermore, we use the collected data for statistical purposes to evaluate, for example, by which devices and browsers our shop is accessed in order to improve and adapt our offer to our customers’ needs on an ongoing basis. This data processing is based on Article 6 par. 1 f GDPR.
We will delete the aforementioned data no later than twelve months after they have been collected.
3. When you enter into a contract with us
When you order or book with us, we process your name, your address (as far as provided by you) and your e-mail address. We will also process any additional information provided by you voluntarily during the ordering process (such as a differing billing address or a telephone number).
We process this data electronically for the proper performance of the contract, in particular for shipping, invoicing, accounting, and processing of returns and complaints. Where we are obligated to provide you with updates for a digital product or for a product with digital elements, we will process your contact information for this purpose as well. This data processing is based on Article 6 par. 1 b GDPR.
We store this data until all mutual claims arising from the respective contractual relationship with you have been completely settled and the commercial and fiscal retention periods to which we are subject have expired.
To conclude a contract between you and us, it is necessary that we have your name and your e-mail address. The necessity of providing this data arises from various statutory regulations (eg. § 312i par. 1 and 3 BGB [German Civil Code], § 14 par. 4 UStG [German Turnover Tax Act]. Without providing this data, you cannot conclude a contract with us.
We refrain from using automated decision-making or profiling for deciding whether or not to conclude a contract.
4. Customer Account
When a customer account is not already necessary for us to provide our services to you, you may, optionally, setup a customer account with us. In such case your consent is the legal basis for processing your account data (Article 6 par. 1 a GDPR). We keep the account data stored until you close the account or you ask us for its closure. For personal data connected to contracts already concluded by you, the retention periods given in section “If you place an order” apply independently from the existence of your customer account.
5. Shipping and Payment
When we ship physical goods in order to perform a contract, we may transmit the recipient’s name and address, and, if you have given your consent, your e-mail address, to our shipping service provider Deutsche Post (Deutsche Post AG, 53113 Bonn), DHL (DHL Paket GmbH, 53113 Bonn) und DPD (DPD Deutschland GmbH , Wailandtstraße 1 , 63741 Aschaffenburg) our logistic partner Lufapak (Lufapak GmbH, Carl-Borgward-Straße 20, 56566 Neuwied)for the purpose of delivering the shipment, including, if applicable, a prior e-mail notification of the expected time of delivery, and, if necessary, for returns back to us, on the basis of Article 6 par. 1 b GDPR.
Upon receipt of a payment, we process the data transmitted to us by the payment service provider.
This data processing takes place according to Article 6 par. 1 b GDPR. We shall store this data until all mutual claims arising from the respective contractual relationship with you have been completely settled and all commercial and fiscal retention periods to which we are subject have expired.
6. bikablo app
a) Obtaining the app
You cannot obtain our app directly from us, but only via the “Play Store” of Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) or the App Store of Apple (Apple Inc., 1 Apple Park Way, Cupertino, CA 95014, USA). For the purchase of our app via the Google Play Store or the Apple App Store, the contract and data protection conditions of Google or Apple apply. Neither Google nor Apple transmit any personal data to us in connection with the purchase or use of the app.
b) Use of the app
To use the app on your mobile device, you must allow your device to access the Internet. Internet access is necessary so that the app can load and display the current content. In doing so, the app connects to our web server, which processes the data mentioned under point 2.
When you use our app, your end device transmits the following information to our server: Device ID, operating system version, IP address and – if you use paid content in our app – your email address, a password chosen by you and the receipt file as proof of payment. We collect and process this data to ensure the trouble-free operation of the app and to be able to recognise, ward off and prosecute misuse of our services. Furthermore, we use the collected data for statistical purposes, for example to evaluate with which end devices and operating systems our app is used, in order to continuously adapt and improve our offer to the needs of the users on this basis.
If we process your email address, your password and the receipt file for payment verification, this is done as part of the performance of the contract in accordance with Article 6 par. 1 b GDPR. We keep your email address and password stored until you inform us that you no longer wish to use the paid version of the app.
The processing of the other categories of data is based on our legitimate interest pursuant to Article 6 par. 1 f GDPR. We delete the personal data collected on the basis of our legitimate interest 90 days after their collection.
To use the app, your end device must grant the app access to certain functions:
— Internet access: Internet access is required so that the app can retrieve media content and updates provided by our server and make them available to you.
— Device storage: Your device storage is accessed solely to allow you to store and retrieve media content created with our app. Media content created by you will not be transmitted to us or to third parties.
c) Registration, user account with elopage
Registration is required to save content, search results and settings in the app, to contribute your own content and to comment on other users’ contributions.
The use of the contents of the app requires an existing user account for “elopage”, a service of elopage GmbH, Kurfürstendamm 208, 10719 Berlin, Germany (hereinafter “elopage”). The contractual relationship regarding the creation of the elopage account is exclusively between you and elopage. Likewise, the storage and processing of your user account and profile data is exclusively between you and elopage in accordance with elopage’s data protection provisions, which can be found at https://elopage.com/privacy?locale=de.
Registration requires you to provide an e-mail address and a password of your choice. To check whether the e-mail address you have provided actually belongs to you, you will receive an e-mail containing an activation link. Only if you follow this link will the user account be activated for you. If you have not followed the activation link within one week, the data collected for registration will be deleted.
After successful registration, you can log in to your user account in the app with your email address and password. Other users cannot see your email address.
Your data will be stored as long as your user account exists. You can terminate your user account at any time without notice, which will cause us to delete your access data immediately. The rights granted to us to any content contributed by you will continue to exist unchanged even if you terminate your user account.
This data processing is based on your consent. The legal basis in this respect is Article Article 6 par. 1 a GDPR.
7. Using one of our course communities via Podio (bikablo community)
If you want to use one of our course communities, you must register by providing your first and last name as well as your e-mail address. In addition, we process any further data that you voluntarily provide to us as part of the registration process (e.g. photos, further supplementary texts from you). The processing is based on Article 6 par. 1 b GDPR.
If you upload a photo or a text for your user profile (hereinafter “content”), you thereby grant us a simple right of use to store it on our server and to publish and make it publicly available within the scope of your user profile. These rights of use are geographically unlimited. The rights of use granted to us are only valid as long as the user profile exists and you have not deleted the content yourself beforehand.
You can specify online in your user profile at any time which additional information you would like to make available for viewing by other users. Changes to your data will also be displayed to us and other registered users.
Your data will remain stored by us until your user profile is deleted. For the purpose of deletion, you can cancel your user profile at any time without notice.
8. Use of the online member area and/or the online community (elopage)
If you wish to use the online member area or an online community, you must register by providing your first and last name, as well as your e-mail address. The processing is based on Article 6 par. 1 b GDPR.
The online community is a closed group for which all participants in a respective course can register individually. This means that you decide whether you also want to join the associated online community in addition to participating in the course. Here you can post contributions and communicate with each other in real time.
If you upload a photo or texts for your user profile (hereinafter referred to as “content”), you thereby grant us a simple right of use to store as well as to publish and make publicly available the content within the framework of your user profile. These rights of use are geographically unlimited. The rights of use granted to us are only valid as long as the user profile exists and you have not deleted the content yourself beforehand.
You can specify online in your user profile at any time which additional information you would like to make available for viewing by other users. Changes to your data will also be displayed to us and other registered users.
Your data will remain stored until your user profile is deleted. For the purpose of deletion, you can cancel your user profile at any time without notice.
9. Contacting us
If you use a contact or chat form on our website, we will process the data input by you; this may be, besides your message as such, your name and your e-mail address.
If you send us a message by e-mail, we will save your message along with the sender details (your name, e-mail address, and any additional information added by your e-mail program) in order to be able to answer it and also to respond to possible subsequent questions (legal basis: Article 6 par. 1 f GDPR). For reception, storage and sending of e-mails, we use an e-mail provider who acts for us as a processor in accordance with Article 28 GDPR.
This data processing is based on our legitimate interest to answer your request and handle possible follow-up requests from you (Article 6 par. 1 f GDPR). We will erase the information collected from your message no later than twelve months after the last communication with you on your request, subject to the provision in the following paragraph.
If you send us a message with information legally relevant for the contractual relationship (e.g. a withdrawal or a complaint), the legal basis for the processing is Article 6 par. 1 b GDPR, regardless of how you transmitted your message to us. In such a case, we will erase the data related to your message as soon as all mutual claims arising from the contractual relationship have been completely settled and the commercial and fiscal retention periods have expired.
10. Job Applications
We process the data sent to us in connection with a job application in order to check the personal suitability of the sender for the position (or other open positions with us, if applicable) and to carry out the application procedure. The legal basis for the processing of personal data in the application procedure is § 26 of the German Federal Data Protection Act (BDSG).
After the application procedure has been completed, we may continue to store this data in order to safeguard our legitimate interests, e.g. asserting or defending claims (legal basis: Article 6 par. 1 f GDPR). Data of applicants will be deleted after 6 months in case of rejection. In the event of employment with us, the data from the successful application that is necessary for the implementation of the employment relationship will be transferred to our personnel information system. As a matter of principle, only those persons have access to the applicant data who require this for the proper conduct of our application procedure.
If you have subscribed to our newsletter, we will inform you by e-mail about new offers and functions of our shop. You will not receive more than one newsletter a week. You can object to the use of your e-mail address for advertising purposes at any time in any form, without incurring any costs other than transmission costs at the basic rate.
This data processing is based on your consent in accordance with Article 6 par. 1 a GDPR. If you revoke your consent to the use of your e-mail address for advertising purposes, we will delete your e-mail address from our mailing list.
12. Comments and Ratings
When you write a comment or an evaluation on one of our services, we will publish your contribution on our website together with your username, for which you may specify a pseudonym. To counteract misuse of our offer, we store the IP address of the device you are writing from for a period of twelve months (Article 6 par. 1 f GDPR). We reserve the right to delete any unsuitable or thematically inappropriate posts at any time. In other respects we delete published contributions at the request of the respective author.
This data processing is carried out on the basis your consent (Article 6 par. 1 a GDPR).
14. Cookie consent with ConsentManager
Our website uses the cookie consent technology of ConsentManager to obtain your consent to the storage of certain cookies in your browser and to document this in a data protection compliant manner. The provider of this technology is consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden (hereinafter “ConsentManager”).
When you enter our website, a ConsentManager cookie is stored in your browser, which stores the consents you have given or the revocation of these consents. This data is not shared with the ConsentManager provider.
The collected data will be stored until you request us to delete it or until you delete the ConsentManager cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. Details on data processing by ConsentManager can be found at https://www.consentmanager.de/datenschutz/.
15. Google Services
As far as you have given your consent, we use certain Google services on our website. If you visit our website from a location within the European Union, Norway, Iceland, Liechtenstein or Switzerland “Google“ means Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, otherwise Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
General information on the use of data by Google may be found on the Google website at https://policies.google.com/technologies/partner-sites (“How Google uses information from sites or apps that use our services“).
16. Google Analytics
As far as you have given your consent, we use Google Analytics, a web analytics service of Google. Google therefore places cookies on your device. With these cookies, Google can collect information about how you use our website. This information is transmitted to a Google server, where it is evaluated by Google and made available to us. We use the information to better understand what visitors to our website are interested in, to determine the success of our advertising and to improve our services. The legal basis for this data processing is your consent (Article 6 par. 1 a GDPR).
For compiling the usage analytics, Google acts as our processor according to Article 28 GDPR, based on a processing contract that incorporates the EU standard contractual clauses. You can access the content of the processing agreement with Google (“Data Processing Terms”) online at privacy.google.com/businesses/processorterms.
17. Google Ads
If you have consented, we use Google Ads, a web analytics service provided by Google. When you click on one of our Google Ads ads, a Google cookie is stored on your device. These cookies allow Google to collect information about how you use our website. This information is transferred to a Google server, analysed there and made available to us. We use the information to better understand what visitors to our website are interested in, the success of our advertising material and how we can improve our offering.
The legal basis for this processing is your consent (Article 6 par. 1 a GDPR).
For the creation of the usage analyses, Google acts as a processor for us (Article 28 GDPR) on the basis of a processing agreement that incorporates the EU standard data protection clauses. You can access the content of the agreement with Google (“data processing terms”) online at privacy.google.com/businesses/processorterms.
The data collected by Google Ads is encrypted by Google and stored on a Google server in the USA. The cookies expire after 30 days.
18. Google Fonts
As far as you have given your consent, our web site uses fonts provided by Google as “Google Fonts”. Google Fonts are downloaded directly from Google when you access our website from your device. Google hereby receives your IP address, your operating system, your browser type and its version and evaluates this information for their own business purposes.
19. Embedded videos
We embed videos from YouTube on our website. When you play these videos, data is necessarily transmitted directly from your end device to YouTube, including your IP address and information on the browser type, browser version and operating system of your end device. If you do not play the embedded videos, no data is transmitted to YouTube.
The operator of YouTube and, in this respect, the responsible party for the embedded videos within the meaning of the GDPR is Google.
20. Social Media
You may find Social Media buttons on our website; they can be recognized by the logos of the social media platforms (hereinafter “Platforms”) (Facebook: „f“ logo, Twitter: bird silhouette, Instagram: square camera logo, Xing: „X“ logo, Linkedin: „in“ logo). Clicking on such a button calls the respective Platform’s website; at the same time, the IP address of your device and the address of the page where the link is placed (“Referrer”) will be transmitted to the Platform. However, we neither collect nor otherwise process any data related to the use of these social media buttons.
For the operation of our website online.bikablo.com on the Internet and our app, as well as our offer of the online member area or course communities, we use the technical services of elopage (elopage GmbH, Kurfürstendamm 208, 10719 Berlin, Germany) as a processor in accordance with Article 28 GDPR.
For the operation of our website bikablo.com on the Internet, we use the technical services of IONOS SE (Elgendorfer Str. 57, 56410 Montabaur, Germany) as a processor pursuant to Article 28 GDPR.
Our customer management is carried out by means of the service Podio of the company Citrix (Citrix Systems UK Ltd, Building 3, Chalfont Park, Chalfont St Peter, Gerrards Cross, Buckinghamshire SL9 0BG, U.K.), which acts for us as a processor in accordance with Article 28 GDPR.
The newsletter is sent
a) by means of the service provider CleverReach GmbH & Co. KG, CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany, as a processor in accordance with Article 28 GDPR.
b) via the technical service provider The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (http://www.mailchimp.com/), to whom we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Art. 6 (1) lit. f DSGVO and serves our legitimate interest in using a newsletter system that is effective in advertising, secure and user-friendly. Please note that your data is usually transferred to a MailChimp server in the USA and stored there.
MailChimp uses this information to send and statistically evaluate the newsletters on our behalf. For the evaluation, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. With the help of the web beacons, Mailchimp automatically creates general, non-personal statistics about the response behavior to newsletter campaigns. However, based on our legitimate interest in the statistical evaluation of newsletter campaigns for the optimization of promotional communication and better targeting of recipient interests, the web beacons also collect and utilize data of the respective newsletter recipient (mail address, time of retrieval, IP address, browser type and operating system) in accordance with Art. 6 (1) lit f DSGVO. This data allows an individual conclusion to be drawn about the newsletter recipient and is processed by Mailchimp for the automated creation of statistics that reveal whether a particular recipient has opened a newsletter message.
If you wish to deactivate the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
MailChimp may also use this data itself in accordance with Art. 6 (1) lit. f DSGVO due to its own legitimate interest in designing and optimizing the service to meet demand, as well as for market research purposes, for example to determine which countries the recipients come from. However, MailChimp does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.
To protect your data in the USA, we have concluded a data processing agreement (“Data Processing Agreement”) with MailChimp based on the standard contractual clauses of the European Commission to enable the transfer of your personal data to MailChimp. If you are interested, this data processing agreement can be viewed at the following Internet address: https://mailchimp.com/legal/data-processing-addendum/.
22. Your Rights
With regard to your personal data we process, you have the following rights:
You have the right to obtain a confirmation from us as to whether we process personal data concerning you. If this is the case, we will inform you about the personal data stored about you and the further information in accordance with Article 15 par. 1 and 2 GDPR.
You have the right to have your inaccurate personal data rectified without undue delay. Taking into account the purposes of processing, you also have the right to request the completion of incomplete personal data, including by means of providing a supplementary statement.
You can demand the erasure of your personal data concerning you under the conditions of Article 17 par. 1 GDPR without undue delay, as far as their processing is not necessary according to Article 17 par. 3 GDPR.
You may demand that we restrict the processing of your data if one of the requirements of Article 18 par. 1 GDPR applies. In particular, you can request the restriction instead of an erasure.
We will communicate any rectification or erasure of your personal data and a restriction of processing to all recipients to whom we have disclosed your personal data, unless this proves impossible or involves a disproportionate effort. We will also inform you about these recipients if you request it.
You have the right to receive the personal data which you provide to us in a structured, commonly used and machine-readable format. You may also request that we transmit the data to another controller without hindrance, where technically feasible.
As far as a data processing is based on your given consent, you have the right to, withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of the data processing based on consent before its withdrawal.
RIGHT TO OBJECT: ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, YOU MAY, AT ANY TIME, OBJECT TO PROCESSING OF YOUR PERSONAL DATA; this right applies to a processing, according to Article 6 par. 1 f GDPR, necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. If you exercise your right to object, we will no longer process the personal data in question unless we can demonstrate compelling legitimate grounds for processing that override the interests, rights and freedoms of you, or for the establishment, exercise or defense of legal claims.
IN CASE WE PROCESS PERSONAL DATA FOR DIRECT MARKETING PURPOSES (E.G. NEWSLETTER), YOU MAY, AT ANY TIME, OBJECT TO PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING, WITH THE RESULT THAT WE WILL NO LONGER PROCESS YOUR DATA FOR THESE PURPOSES.
If you believe that the processing of your personal data is in breach of the GDPR, you may lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. This does not exclude other administrative or judicial remedies.