PRIVACY POLICY
1.0. Person responsible
The controller within the meaning of the General Data Protection Regulation (hereinafter: “GDPR”) and other national data protection laws as well as other data protection provisions is:
HARO Bikes Europe GmbH
Max-Planck-Str. 54
32107 Bad Salzuflen
Germany
PHONE +49 (0)170 861 89 17
MAIL info@harobikes.de
2.0. General information on data processing
Data protection is of particular importance to us. For this reason, we only collect and use personal data of users and visitors to our website to the extent that this is necessary to provide a functional website and our content and services. Personal data is all information that relates to an identified or identifiable natural person (hereinafter: "data subject").
The collection and use of our users' personal data always takes place in accordance with the GDPR and the applicable country-specific data protection regulations. If the processing of personal data is necessary and such processing is not permitted by law, we always obtain the consent of the person concerned.
Personal data will not be passed on to third parties. Data will only be passed on if you have expressly consented (Art. 6 Para. 1 Clause 1 Letter a GDPR); there is a legitimate interest in the data being passed on and there is no reason to assume that you have an overriding legitimate interest in not passing on your data (Art. 6 Para. 1 Clause 1 Letter f GDPR); there is a legal obligation to pass on the data (Art. 6 Para. 1 Clause 1 Letter c GDPR); or the data being passed on is permitted in the context of fulfilling a contract with you (Art. 6 Para. 1 Clause 1 Letter b GDPR)
3.0 Collection and storage of personal data when visiting the website
Every time you visit our website, the browser you use automatically transmits information to our website server. The following information is recorded and stored until it is automatically deleted:
- IP address of the requesting computer,
- Date and time of access,
- Name and URL of the retrieved file,
- the referrer URL, i.e. the website from which access was made,
- Information about the browser type used,
- the operating system of your computer,
- the name of the Internet service provider.
This data is only stored temporarily in a so-called log file. This does not affect the user's IP addresses or other data that allow the data to be assigned to a user. This data is not stored together with other personal data of the user. When using this data, we do not draw any conclusions about the person concerned.
The legal basis for this processing is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. Our legitimate interest lies in providing a functional website with correctly delivered content, in optimizing our systems and in providing law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. As soon as there is no longer a legitimate interest and there is no legal obligation to retain the data, this data is routinely deleted.
4.0 Cookies
We use cookies on our website. Cookies are small text files that your browser automatically creates and that can be stored on your device. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again. This does not mean that we will immediately know your identity.
The use of necessary cookies serves to ensure that our website can be displayed in a technically flawless manner. The data processed by these cookies is required for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. Our legitimate interest lies in providing a functional and user-friendly website.
In addition, we use cookies to optimize the user-friendliness of our offering and for statistical purposes.
We use so-called session cookies to recognize that you have already visited individual pages on our website. These cookies are automatically deleted when you leave our site. We also use temporary cookies that are stored on your device for a specific period of time. If you visit our site again, it is automatically recognized that you have already visited us and what entries and settings you have made so that you do not have to enter them again. The data collected includes the frequency of page views, search terms entered and the use of website functions.
The use of cookies for statistical recording and evaluation of our offer as well as for marketing purposes is described in more detail in sections 5 and 6 of the data protection declaration.
The legal basis for data processing by cookies for statistical purposes and evaluation of our offer as well as for marketing purposes is your consent in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR. When you visit our website, you have the option of giving your consent to data processing by cookies for evaluation and marketing purposes. This consent is voluntary and can be revoked by you at any time. If you do not give your consent, no cookies will be set for marketing or analysis purposes.
You can also configure your browser so that no cookies are stored on your computer or so that a warning always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our website.
5.0 Google Analytics
For the purpose of needs-based design and continuous optimization of our website, we use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google"). We use tracking measures to statistically record the use of our website, for the purpose of optimizing our offer and to evaluate it for you.
The legal basis for this data processing is your consent in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR. When you visit our website, you have the option of giving your consent to data processing using cookies for evaluation and marketing purposes. This consent is voluntary and can be revoked by you at any time. If you do not give your consent, no cookies will be set for marketing or analysis purposes.
In this context, pseudonymized user profiles are created and cookies (see section 4) are used. The information generated by the cookie about your use of this website, such as
- Browser type/version,
- operating system used,
- Referrer URL (the previously visited page),
- Hostname of the accessing computer (IP address),
- Time of server request,
are usually transferred to a Google server and stored there. Under certain circumstances, the data may also be transferred to Google servers in the USA. Due to Google's certification under the EU-US Data Privacy Framework, the European Commission has determined that Google has an adequate level of data protection.
The above information may also be transferred to third parties if this is required by law or if third parties process this data on their behalf. Under no circumstances will the IP address transmitted by your browser be merged with other data held by Google. The IP addresses are anonymized so that they cannot be assigned to a specific user (IP masking). Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.
On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage.
You can prevent the installation of cookies by setting your browser software accordingly; however, we would like to point out that in this case, not all functions of this website may be fully available. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing a browser add-on to deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de .
For more information about data protection in connection with Google Analytics, please see the Google Analytics Help: https://support.google.com/analytics/answer/6004245?hl=de .
6.0 Google AdSense
We use the Google AdSense service on our website. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google"), for integrating advertisements. Google AdSense uses cookies. Google AdSense also uses web beacons, invisible graphics that allow Google to analyze clicks on this website, traffic on this website, and similar information.
The legal basis for this data processing is your consent in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR. When you visit our website, you have the option of giving your consent to data processing using cookies for evaluation and marketing purposes. This consent is voluntary and can be revoked by you at any time. If you do not give your consent, no cookies will be set for marketing or analysis purposes.
The information obtained via cookies and web beacons, your IP address and the delivery of advertising formats are transmitted to a Google server, possibly located in the USA, and stored there. Google may transfer this collected information to third parties if this is required by law or if Google passes the data on to a processor commissioned by Google.
Due to Google's certification under the EU-US Data Privacy Framework, the European Commission has determined that Google provides an adequate level of data protection.
You can prevent the cookies mentioned above from being saved on your PC by making the appropriate settings on your Internet browser. However, this may mean that you will no longer be able to use the contents of this website to the same extent.
For more information about data protection in connection with Google AdSense, please see Google Help: https://support.google.com/adsense/answer/10924669?hl=de .
7.0 Data processing for contract and order processing as well as when opening a customer account
If you provide us with your data when opening a customer account or when ordering goods from our online shop, these data will be used and processed to process the contract in accordance with Art. 6 Paragraph 1 Clause 1 Letter b of GDPR. The categories of data processed are determined from the respective input forms.
You can delete your customer account at any time; to do so, please contact the person responsible named in section 1.
This data will only be passed on to service providers for delivery and payment purposes as part of the processing of your order.
Your data will be deleted if the contract has been fully concluded or terminated and there are no longer any statutory retention periods (in particular retention periods under tax and commercial law and no legitimate interest on our part to process/store your data beyond this).
8.0 Data processing by PayPal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal, we pass on your payment data to PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal") as part of the payment processing. The data is passed on on the basis of Art. 6 Para. 1 Clause 1 Letter b of GDPR for the purpose of contract processing and only to the extent that this is necessary for the payment processing.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or - if offered - "purchase on account" or "installment payment" via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR on the basis of PayPal's legitimate interest in determining your ability to pay. PayPal uses the result of the credit check in relation to the statistical probability of default for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, among other things, but not exclusively, address data. For further information on data protection, including information on the credit agencies used, please refer to PayPal's privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing.
09. Newsletter
If you subscribe to our newsletter, we will process your
E-mail address for the purpose of sending newsletters. Legal basis for this data processing
is your consent in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR. Your consent
You can revoke your consent at any time with effect for the future.
To register for our newsletter, we use the so-called double opt-in procedure.
This means that after entering your email address in the corresponding
field you will receive an email asking you to confirm your registration
This confirmation is necessary to ensure that you have
have entered the correct email address and it has not been used by unauthorized third parties
is abused. The subscription to the newsletter is logged in order to
To do this, we save the time of your
Registration and the IP address based on our legitimate interests within the meaning of.
Art. 6 paragraph 1 sentence 1 lit. f GDPR.
We also send newsletters to our existing customers
in the context of advertising for similar goods pursuant to Section 7 Para. 3 UWG. In
In this case, the legal basis for this data processing is our
legitimate interest in advertising and marketing within the meaning of Art. 6 Paragraph 1 Clause 1 Letter f
GDPR.
To send our newsletter and for success analysis
We use the service Klaviyo for our newsletter campaigns. Provider of this
Service is Klaviyo, Inc., 125 Summer St, Boston, MA, 02111 USA. Due to
Klaviyo’s certification under the EU-US Data Privacy Framework has
European Commission for this service provider an appropriate
We have also established a data protection level with Klaviyo.
Standard contractual clauses have been agreed, in which the service provider agrees to a
has committed itself to a standard comparable to the European data protection level.
You can find Klaviyo’s privacy policy here
see: https://www.klaviyo.com/legal/data-processing-agreement .
You can unsubscribe from the newsletter at any time. To do so, you can
For example, use the unsubscribe link in every newsletter. You can also
Withdraw your consent or object to the use of your email address
Marketing purposes.
10.0. Contact via the website
Due to legal regulations, our website contains information that enables you to quickly contact our company electronically (in particular email address). If you contact us by email, your voluntarily submitted personal data will be automatically saved for the purpose of processing or contacting you. This data will not be passed on.
The data will be deleted when there is no longer a statutory retention period and if it is no longer required to fulfill or initiate a contract. The legal basis for processing the data transmitted when sending an email is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. The legitimate interest within the meaning of the GDPR is to process and respond to your contact.
The data is deleted as soon as it has been used to achieve the purpose. This is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. You have the option of objecting to the storage of your personal data at any time. To do so, contact the person responsible named in section 1 (in writing, by email or by telephone). The data from the previous communication will then be deleted and further conversation will no longer be possible.
11.0. Rights of data subjects
As a data subject, you have the following rights vis-à-vis the controller. If you would like to exercise one of these rights, please contact the controller using the contact details provided in section 1.
11.1. Right to information (Art. 15 GDPR) : You can request information from the controller as to whether personal data concerning you is being processed by him. If processing has taken place, you can obtain information from the controller about this personal data and the purposes of the processing; the categories of personal data being processed; the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed; the planned duration for which the personal data concerning you will be stored or, if this is not possible, the criteria for determining the storage period; the existence of a right to rectification or erasure of the personal data concerning you or to restriction of processing by the controller or a right to object to such processing; the existence of a right to lodge a complaint with a supervisory authority; if the personal data are not collected from you, all available information about the origin of the data; the existence of automated decision-making, including profiling, in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the scope and envisaged effects of such processing for the data subject; the transfer of personal data to a third country or to an international organization, as well as the appropriate guarantees in this context in accordance with Art. 46 GDPR; request information.
11.2. Right to rectification (Art. 16 GDPR) : You have the right to have your personal data rectified and/or completed by the controller without delay if the personal data concerning you that are processed are incorrect or incomplete.
11.3. Right to erasure (Art. 17 GDPR) : You can request the erasure of your data stored by us if the data is no longer necessary for the purposes for which it was collected or processed; you withdraw your consent and there is no other legal basis for the processing; you object in accordance with Art. 21 Para. 1 GDPR and there are no overriding legitimate reasons for the processing or you object in accordance with Art. 21 Para. 2 GDPR; the personal data was processed unlawfully; the erasure is necessary to fulfill a legal obligation; or the personal data was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR. This right to erasure does not apply if the processing is necessary to exercise the right to freedom of expression and information; to fulfill a legal obligation; for reasons of public interest; or to assert, exercise or defend legal claims.
11.4. Right to restriction of processing (Art. 18 GDPR) : You can request the restriction of the processing of personal data concerning you if you contest the accuracy of the personal data for the duration of the verification of the accuracy by the controller; the processing is unlawful and you request the restriction of processing instead of deletion; the controller no longer needs the data, but you need it to assert, exercise or defend legal claims; or you have objected to the processing in accordance with Art. 21 Para. 1 GDPR and it has not yet been determined whether the controller's legitimate reasons outweigh your reasons. If the processing of personal data concerning you has been restricted, these data - apart from their storage - may only be processed with your consent or for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
11.5. Right to data portability (Art. 20 GDPR) : You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another controller.
11.6. Right to object : If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR, you have the right to object to the processing of your personal data if there are reasons for doing so that arise from your particular situation. If the objection is directed against direct advertising, you have a general right of objection, which we will implement without specifying a particular situation.
11.7. Right to withdraw consent : You have the right to withdraw your consent at any time, with the result that we may no longer continue the data processing based on this consent in the future.
11.8. Right to complain (Art. 77 GDPR) : You have the right to complain to a supervisory authority. You can contact the supervisory authority of your place of residence or work or the supervisory authority responsible for us.
12.0 Data security
In order to protect your data as best as possible, we use the SSL (Secure Socket Layer) process on our website in conjunction with the highest level of encryption supported by your browser. You can tell whether an individual page of our website is being transmitted using encryption by the closed display of the key or lock symbol in the status bar of your browser. We also use suitable technical and organizational security measures to protect your data against manipulation, loss, destruction or unauthorized access by third parties.
13.0 Current status and changes to this privacy policy
This privacy policy is current as of March 2024. Due to the further development of our website and offers or due to changed legal requirements, a change to this declaration may become necessary.