We operate our websites according to the principles regulated below: We commit ourselves to complying with the data protection regulations and strive to always consider the principles of data avoidance and data minimization.
1. Name and address of the responsible party and the data protection officer
a) The responsible party The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States of the European Union and other data protection regulations is: BMZ Germany GmbH Zeche Gustav 1 63791 Karlstein Tel.: 06188 9956-0 E-Mail: firstname.lastname@example.org www.shop.bmz-group.com
b) The data protection officer The data protection officer of the responsible party can be reached as follows: SiDIT GmbH, Langgasse 20, 97261 Güntersleben, email@example.com
2. Definition of terms
3. Legal basis for the processing of data
a) Processing of personal data according to the GDPR
We process your personal data such as your name and surname, your e-mail address and IP address, etc. only if there is a legal basis for this. According to the General Data Protection Regulation, the following regulations are particularly relevant:
• Art. 6 para. 1 sec. 1 lit. a GDPR: The data subject has given his or her consent to the processing of the personal data concerning him or her for one or more specific purposes.
• Art. 6 para. 1 sec. 1 lit. b GDPR: The processing is necessary for the performance of a contract of which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
• Art. 6 para. 1 sec. 1 lit. c GDPR: The processing is necessary to fulfill a legal obligation to which the controller is subject. • Art. 6 para. 1 sec. 1 lit. d GDPR: The processing is necessary to protect the vital interests of the data subject or another natural person.
• Art. 6 para. 1 sec. 1 lit. e GDPR: The processing is necessary for the performance of a task that is in the public interest or is carried out in the exercise of public authority delegated to the controller.
• Art. 6 para. 1 sec. 1 lit. f GDPR: The processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject requiring protection of personal data predominate, in particular where the data subject is a child.
b) Processing of information according to § 25 Paragraph 1 TTDSG
We also process information in accordance with § 25 Paragraph 1 TTDSG by storing information on your terminal device or accessing information already stored on your terminal device. This may include both personal information and non-personal data such as cookies, browser fingerprints, advertising IDs, MAC addresses, and IMEI numbers. Terminal device refers to any device that is directly or indirectly connected to the interface of a public telecommunications network for the transmission, processing, or receipt of messages, § 2 Paragraph 2 Number 6 TTDSG.
We usually process this information based on your consent, § 25 Paragraph 1 TTDSG.
If an exception is given under § 25 Paragraph 2 Number 1 and Number 2 TTDSG, we do not require your consent. Such an exception applies if we only access or store the information to transmit a message over a public telecommunications network or if this is absolutely necessary in order to provide you with a telemedia service you have explicitly requested. You can revoke your consent at any time.
We would like to inform you that the revocation of your consent will not affect the legality of the processing carried out based on your consent until the revocation.
4. Transfer of personal data
Even when personal data is transferred, this constitutes a processing under the previous paragraph 3. However, we would like to inform you separately here about the topic of transferring data to third parties. Protecting your personal data is very important to us. For this reason, we are particularly cautious when it comes to transferring your data to third parties.
Therefore, data is only transferred to third parties if there is a legal basis for the processing. For example, we transfer personal data to individuals or companies that are acting as processors for us under Article 28 of the GDPR. Processor means anyone who processes personal data on our behalf, that is, especially in a relationship of instructions and control to us.
In accordance with the requirements of the GDPR, we conclude a contract with each of our processors to obligate them to comply with data protection regulations and to provide comprehensive protection for your data.
5. storage period and deletion
Your personal data will be deleted by us insofar as it is no longer necessary for the purposes for which it was collected or otherwise processed, the processing is not necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.
6. SSL or TLS Encryption
This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
When cookies are used, a distinction is made between technically necessary cookies and "other" cookies. Technically necessary cookies are those that are absolutely necessary in order to provide an information society service that you have expressly requested.
a) Technically necessary cookies
In order to make the use of our offer more pleasant for you, we use technically necessary cookies, these may be so-called session cookies (e.g. language and font selection, shopping cart, etc.), consent cookies, cookies to ensure server stability and security, or similar. The legal basis for the cookies results from Art. 6 para. 1 p. 1 lit. f) DSGVO, our legitimate interest in the error-free operation of the website and the interest in providing you with our services optimized.
b) Further cookies
The other cookies include cookies for statistical purposes, analysis and marketing and retargeting purposes.
We use these cookies for you based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a) DSGVO.
We inform you that the revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
We will inform you of the legal basis on which this data is processed for the respective services within the data protection declaration.
Changing cookie settings
You can change your cookie settings here.
8. cookie banner
To obtain consent for the cookies we use, we use the cookie banner "Cookiebot" of the service provider Usercentrics GmbH, Sendlinger Straße 7, 80331 Mümchen. This itself sets a so-called consent cookie to query and process the respective consent status. This consent cookie is technically necessary and is therefore used on the basis of our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO, § 25 para. 1 TTDSG.
9. collection and storage of personal data as well as their type and purpose of use
a) External hosting
Our website is hosted by Host Europe GmbH Hansestrasse 111 51149 Cologne, Germany. For this reason, all personal data collected on our website is stored on the servers of our hoster, unless an external service of a third party is integrated. This may be the IP address, your e-mail address, communication data or similar. You can find out what specific personal data is involved in the individual functions and services explained by us below. If we use an external service of a third party, this will be made clear in the description of the respective service or tool.
The hoster processes your data only on our instructions and to the extent necessary to fulfill the services on the website. The hoster does not process the data for its own purposes. We have concluded an order processing contract with this hoster.
b) When visiting the website
When you call up our website, information is automatically sent to the server of our website by the browser used on your end device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the accessed file
The aforementioned data is processed by us for the following purposes:
- Evaluation of system security and stability
- error analysis
Data that allow a conclusion to your person, such as the IP address, will be deleted after 7 days at the latest. If we store the data beyond this period, this data is pseudonymized so that it is no longer possible to assign it to you.
The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
c) Contractual relationship
(1) Conclusion of contract
In the context of the establishment of the contractual relationship, only the personal data that is absolutely necessary for the execution of the contract will be processed in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO.
If you provide additional voluntary information, this will only be processed on the basis of your consent pursuant to Art. 6 (1) sentence 1 lit a DSGVO. We use this voluntary information to offer a customer-friendly service and to constantly improve it.
(2) Customer account
You have the option to create a customer account with us. For this purpose, in addition to your personal data for contract processing, your other voluntary information and the purchases you have made with us in the past will be stored and processed. You can call this up at any time and thus obtain an overview of the purchases you have made with us. This data is used so that you can easily log in with your login data for your next purchase. It is also intended to help you control your purchasing activities.
The legal basis arises on the basis of the consent given by you according to Art. 6 para. 1 p. 1 lit. a DSGVO.
You have the option to change or delete your data in the customer account at any time and also to delete the account as a whole. If you make use of this function, your customer account with all the data it contains will be deleted immediately.
(3) Passing on of data for shipment
The data necessary for the shipment of our goods (name and surname, address, e-mail address, telephone number as far as necessary due to shipping goods) we pass on to the appropriate shipping service provider for notification / coordination for the delivery of the goods and for the delivery of the goods.
The legal basis for the disclosure results from Art. 6 para. 1 p. 1 lit. b DSGVO.
In this context, we pass on your data to one of the following shipping service providers. You will then receive further information about the processing of your data from them:
DPD Deutschland GmbH, Wailandtstraße 1, Postcode/Place: 63741 Aschaffenburg Germany, Phone: +49/ (0) 6021 8430, E-Mail: firstname.lastname@example.org; https://www.dpd.com/de/de/datenschutz/
(4) Passing on of data when using online payment service providers
If you decide to pay with one of the online payment service providers offered by us during your order process, your contact data will be transmitted to them as part of the order triggered in this way. The legitimacy of the transfer of the data results from Art. 6 para. 1 p. 1 lit. b DSGVO, for the implementation of the payment method you have chosen as well as our legitimate interests according to Art. 6 para. 1 p. 1 lit. f DSGVO to enable a user-friendly and uncomplicated payment processing.
The personal data transmitted to the online payment service provider is mostly first name, last name, address, telephone number, IP address, e-mail address, or other data required for order processing, as well as data related to the order, such as number of items, item number, invoice amount and taxes in percent, billing information, etc..
This transmission is necessary to process your order with the payment method you have selected, in particular to confirm your identity, to administer your payment and the customer relationship.
However, please note: Personal data may also be disclosed by the online payment service provider to service providers, subcontractors or other affiliated companies to the extent necessary to fulfill the contractual obligations arising from your order or to process the personal data on behalf.
Depending on the selected payment method, e.g. invoice or direct debit, the personal data transmitted to the provider will be transmitted by the provider to credit agencies. This transmission serves to check your identity and creditworthiness in relation to the order you have placed. You can find out which credit agencies are involved here and which data is generally collected, processed, stored and passed on by the respective provider in the respective data protection declarations of the providers:
PayPal (Europa) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxemburg unter https://www.paypal.com/de/webapps/mpp/ua/privacy-full
your payment GmbH
your payment GmbH, Schloßstr. 20, 12163 Berlin
Content of the newsletter and registration data
We will only send you a newsletter tailored to your needs if you order it from us and have given your consent in accordance with Art. 6 (1) p. 1 lit. a DSGVO, § 25 (1) TTDSG. The contents and functions of the newsletter are specifically described when you register for the newsletter. For the registration of the newsletter, it is sufficient to provide your e-mail address. If you provide further voluntary information, such as your name and/or gender, this will be used exclusively for the personalization of the newsletter addressed to you.
Double opt-in and logging
For security reasons, we use the so-called double opt-in procedure to register for our newsletter so that no one can register with other people's e-mail addresses. Therefore, after you have registered for our newsletter, you will first receive an e-mail asking you to confirm your registration. Only with the confirmation of the registration it becomes effective.
Furthermore, your registration for the newsletter will be logged. The logging includes the storage of the registration and confirmation time, your specified data and your IP address. If you make changes to your data, these changes will also be logged.
If you no longer wish to receive our newsletter, you can revoke your consent at any time for the future. To do so, you can click on the unsubscribe link at the end of each newsletter or send us an e-mail to the following e-mail address: email@example.com.
The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Use of sendinblue
We use the e-mail tool sendinblue (Sendinblue GmbH, Köpenickerstr. 126, 10179 Berlin) to send our newsletter.
For this purpose, the data you provide is passed on to sendinblue and processed by it. Via this tool we have the possibility to evaluate how the newsletters are opened and used.
Sendinblue is a German company whose servers are located in Germany, so they are also subject to the provisions of the BDSG and the DSGVO.
We have also concluded an order processing contract with sendinblue. Sendinblue does not obtain the right to share your data.
For more information on sendinblue's data protection, please visit: https://de.sendinblue.com/legal/privacypolicy/
e) Contact form / e-mail contact
We provide a form on our website so that you have the opportunity to contact us at any time. For the use of the contact form, it is necessary to provide a name for a personal salutation and a valid e-mail address to contact us, so that we know from whom the request comes and can also process it.
If you send us inquiries via the contact form, the information you provide in the inquiry form, including the contact data you provide there, as well as your IP address, will be processed in accordance with Art. 6 (1) p. 1 lit. b and f DSGVO for the purpose of carrying out pre-contractual measures that take place in response to your inquiry or for the exercise of our legitimate interest, namely to carry out our business activities.
The inquiries as well as the associated data will be deleted no later than 6 months after receipt, unless they are required for a further contractual relationship.
f) Book a test ride
We provide a form on our website that allows you to request a test ride for one of our e-bike models. To use the form, it is necessary to provide a name for a personal salutation, and a valid e-mail address to contact you, as well as your body size to determine the frame size.
Your information from the request form, including the contact details you provide there, as well as your IP address according to Art. 6 para. 1 p. 1 lit. b and f DSGVO for the implementation of pre-contractual measures, which are carried out in response to your request or processed for the exercise of our legitimate interest, namely to carry out our business activities.
The inquiries as well as the associated data will be deleted no later than 6 months after receipt, unless they are required for a further contractual relationship.
10. analysis and tracking tools
We use the analysis and tracking tools listed below on our website. These are used to ensure the ongoing optimization of our website and to design it to meet your needs.
We use these tools on the basis of your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO. You can revoke your consent at any time by changing the cookie settings. The processing remains lawful until the revocation.
The respective data processing purposes and data categories can be found in the corresponding tools. We would like to point out that we have no influence on whether and to what extent the service providers carry out further data processing.
We use Google Analytics on our website, a web analytics service provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter "Google").
- Name and version of the browser used
- Operating system of your computer
- Website from which the access is made (referrer URL)
- IP address of the requesting computer
- Time of the server request
are usually transferred to a Google server in the USA and stored there.
However, since we have activated IP anonymization on our website, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On our behalf, Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
We have concluded an order processing agreement with Google.
Please click here for an overview of data protection at Google: https://support.google.com/analytics/answer/6004245
11. rights of the person concerned
You have the following rights:
In accordance with Art. 15 DSGVO, you have the right to request information about your personal data processed by us. This right to information includes information about
- the purposes of processing
- the categories of personal data
- the recipients or categories of recipients to whom your data have been or will be disclosed
- the planned storage period or at least the criteria for determining the storage period
- the existence of a right to rectification, erasure, restriction of processing or objection
- the existence of a right of appeal to a supervisory authority
- the origin of your personal data, if it was not collected by us
- the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details
In accordance with Art. 16 DSGVO, you have a right to prompt correction of incorrect or incomplete personal data stored by us.
Pursuant to Art. 17 DSGVO, you have the right to request that we delete your personal data without delay, unless further processing is necessary for one of the following reasons:
- the personal data are still necessary for the purposes for which they were collected or otherwise processed
- to exercise the right to freedom of expression and information
- for compliance with a legal obligation which requires processing under the law of the European Union or the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) and Art. 9(3) DSGVO
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) DSGVO, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing
- for the assertion, exercise or defense of legal claims
d) Restriction of processing
In accordance with Art. 18 DSGVO, you may request the restriction of the processing of your personal data for one of the following reasons:
- You dispute the accuracy of your personal data.
- The processing is unlawful and you object to the erasure of the personal data.
- We no longer need the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims.
- You object to the processing in accordance with Article 21 (1) DSGVO.
If you have requested the rectification or erasure of your personal data or a restriction of processing pursuant to Art. 16, Art. 17 or Art. 18 DSGVO, we will inform all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. You may request that we inform you of these recipients.
You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format.
You also have the right to request the transfer of this data to a third party, provided that the processing was carried out with the help of automated procedures and is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a or Art. 9 para. 2 lit. a or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b DSGVO.
In accordance with Art. 7 (3) DSGVO, you have the right to revoke your consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. In the future, we may no longer continue the data processing that was based on your revoked consent.
Pursuant to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR.
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without specifying the particular situation. If you would like to exercise your right of revocation or objection, it is sufficient to send an e-mail to firstname.lastname@example.org.
j) Automated decision in individual cases including profiling
You have the right not to be subjected to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
i. is necessary for the conclusion or performance of a contract between you and us
ii. is permitted by legislation of the European Union or the Member States to which we are subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests
iii. is made with your explicit consent.
However, these decisions must not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases mentioned in i) and iii), we take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person from our side, to express your point of view and to contest the decision.