Privacy and data protection

Privacy Policy


Varibike GmbH (hereinafter referred to as VARIBIKE) is pleased that you are visiting our website. Data protection and data security are very important to us when you use our website. Therefore, we would like to inform you here about what personal data we collect when you visit our website and for what purposes this data is used.


Since changes in legislation or modifications to our internal processes may necessitate adjustments to this privacy policy, we ask that you review it regularly. The privacy policy can be accessed, saved, and printed at any time under the "Privacy" section of our website.

§ 1 RESPONSIBLE PARTY AND SCOPE

The controller within the meaning of the EU General Data Protection Regulation (hereinafter: GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

Varibike GmbH

Bergstrasse 16/1

89081 Ulm, Germany

Telephone: 49 (0)171 28 678 66

Fax: 49 (0)731 940 23 837

Email: info@varibike.com


This privacy policy applies to the internet services of Varibike GmbH, which can be accessed under the domains www.Varibike.com and www.varibike.de as well as the various subdomains (hereinafter referred to as "our website").


§ 2 DATA PROTECTION OFFICER

You can reach our data protection officer at:

Martin Kraiß

Varibike GmbH

Bergstrasse 16/1

89081 Ulm, Germany

Telephone: 49 (0)171 28 678 66

Fax: 49 (0)731 940 23 837

Email: info@varibike.com


§ 3 PRINCIPLES OF DATA PROCESSING

Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address, or user behavior. Information that we cannot link to you (or only with disproportionate effort), for example, through anonymization, is not considered personal data. The processing of personal data (e.g., collection, retrieval, use, storage, or transmission) always requires a legal basis or your consent. Processed personal data is deleted as soon as the purpose of the processing has been fulfilled and there are no longer any legally mandated retention periods.

If we process your personal data to provide certain offers, we will inform you below about the specific processes, the scope and purpose of the data processing, the legal basis for the processing and the respective storage period.


§ 4 INDIVIDUAL PROCESSING OPERATIONS


1. Provision and use of the website

A. TYPE AND SCOPE OF DATA PROCESSING

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a log file. When you use our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which access is made (referrer URL),
  • browser used, device used and, if applicable, the operating system and the name of your access provider.


B. LEGAL BASIS

The legal basis for the aforementioned data processing is Article 6(1)(f) GDPR. The processing of this data is necessary for the provision of a website and thus serves the legitimate interests of our company.


C. STORAGE PERIOD

The aforementioned data will be deleted as soon as it is no longer required for displaying the website. Collecting this data for providing the website and storing it in log files is essential for the website's operation. Therefore, users cannot object to this data processing. Further storage may occur in individual cases if required by law.


2. PURCHASE OF GOODS

A. TYPE AND SCOPE OF DATA PROCESSING

On our website, we offer users the opportunity to purchase goods by providing personal data. The data required for this is entered into an input form, transmitted to us, and stored. This data will not be shared with third parties. The following data is collected during the ordering process:

  • Salutation
  • name
  • Address
  • Telephone number
  • E-mail address
  • Payment information
  • Shipping method

Your data will be shared with the shipping company commissioned to deliver your order, insofar as this is necessary for the delivery of the goods. To process payments, we will share your payment information with the bank responsible for processing the payment. These companies are only permitted to use your data for order processing and not for any other purpose.

If you purchase goods on our website and provide your email address, we may subsequently use it to send you a newsletter about our own similar goods or services.

B. LEGAL BASIS

The processing of your personal data (see Section 4 3. a.), which is necessary for the performance of a purchase contract concluded with us, is based on Article 6(1)(b) GDPR. This also applies to processing operations that are necessary for carrying out pre-contractual measures.

The legal basis for sending the newsletter following the purchase of goods is Section 7 Paragraph 3 of the German Unfair Competition Act (UWG).

C. STORAGE PERIOD

Once the contract has been fully executed and the purchase price has been paid in full, your data will be blocked from further use and deleted after the statutory retention periods under tax and commercial law have expired, unless you have expressly consented to the further use of your data. Data may be stored for longer periods in individual cases if required by law.


3. NEWSLETTER

A. TYPE AND SCOPE OF DATA PROCESSING

You can subscribe to our free newsletter on our website. To send you the newsletter regularly, we need the following information from you:

  • Salutation
  • E-mail address
  • birth date
  • Bicycle category of interest
  • News category of interest

Your data will not be passed on to third parties in connection with the newsletter distribution.

We use the so-called double opt-in procedure for sending our newsletter. This means we will only send you the newsletter after you have confirmed your subscription via a confirmation email sent to you for this purpose, using the link contained therein. This ensures that only you, as the owner of the specified email address, can subscribe to the newsletter. Your confirmation must be made promptly after receiving the confirmation email, otherwise your newsletter subscription will be automatically deleted from our database.

B. LEGAL BASIS

The processing of your email address, salutation, date of birth, and the cycling and news categories of interest to you for newsletter distribution is based on your consent declaration given in the context of a double opt-in, in accordance with Art. 6 para. 1 lit. a GDPR.

C. STORAGE PERIOD

Your email address will be stored for as long as you are subscribed to the newsletter. After unsubscribing, your email address will be deleted. Further storage may occur in individual cases if required by law.


4. CONTACT FORM

A. TYPE AND SCOPE OF DATA PROCESSING

On our website, we offer you the option of contacting us via a provided form. During the submission process of your inquiry via the contact form, you will be referred to this privacy policy to obtain your consent. If you use the contact form, the following personal data will be processed:

  • name
  • E-mail address

Providing your email address allows us to process your request and respond to you. When using the contact form, your personal data will not be shared with third parties.

B. LEGAL BASIS

The data processing described above (see § 4 5. a.) for the purpose of contacting you is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the basis of the declaration of consent you voluntarily give below:

Declaration of consent:

By entering my data and clicking the "Submit" button, I declare my consent to my email address and name being used to answer my contact request.

I can revoke my consent to the collection of personal data gathered during the registration process at any time.

C. STORAGE PERIOD

Once your inquiry has been processed and the matter has been fully resolved, the personal data you provided via the contact form will be deleted. Further storage may occur in individual cases if required by law.


§ 5 TRANSFER OF DATA

We only share your personal data with third parties if:

  • You have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
  • This is legally permissible and necessary for the performance of a contract with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR,
  • if there is a legal obligation to disclose the data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR,
  • The transfer is necessary pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR for the purposes of legitimate business interests and for the establishment, exercise or defense of legal claims, and there is no reason to assume that you have an overriding legitimate interest in not having your data transferred.


§ 6 USE OF COOKIES

A. TYPE AND SCOPE OF DATA PROCESSING

We use cookies on our website. Cookies are small files that are sent to your browser and stored there during your visit to our website. Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies, however, allow us to perform various analyses. For example, cookies can recognize your browser when you revisit our website and transmit various pieces of information to us. With the help of cookies, we can, among other things, make our website more user-friendly and effective by tracking your use of our website and determining your preferred settings (e.g., country and language settings). If third parties process information via cookies, they collect this information directly through your browser. Cookies do not harm your device. They cannot execute programs or contain viruses.

Our website uses various types of cookies, the nature and function of which are explained in more detail below.

Type:

Our website uses transient cookies, which are automatically deleted as soon as you close your browser. This type of cookie allows us to record your session ID. This enables us to associate different requests from your browser with a single session and to recognize your device on subsequent visits to our website.

Furthermore, our website uses persistent cookies. Persistent cookies are cookies that are stored in your browser for an extended period and transmit information to us. The specific storage duration varies depending on the cookie. You can delete persistent cookies yourself via your browser settings.

Function:

Required cookies

These cookies are required for technical reasons so that you can visit our website and use the functions we offer. This applies, for example, to the following applications: ordering process, payment process.

Furthermore, these cookies contribute to the safe and compliant use of the website.

Performance-related cookies

These cookies allow us to analyze website usage and improve the performance and functionality of our website. Information is collected about how visitors use our website, which pages are visited most frequently, and whether error messages are displayed on certain pages.


Cookies for marketing and social media


Advertising cookies (third-party cookies) allow us to show you various offers that match your interests. These cookies, among other things, can track users' web activity over a longer period. You may be recognized by these cookies on different devices you use.


The following third-party providers receive personal data via cookies integrated on our website:


• Google, AdRoll


Furthermore, certain cookies allow you to connect to your social networks and share content from our website within your networks.

B. LEGAL BASIS

Due to the described purposes of use (see Section 6. a.), the legal basis for processing personal data using cookies is Article 6(1)(f) GDPR. If you have given us your consent to the use of cookies based on a notice we provided on the website ("cookie banner"), the lawfulness of the use is additionally governed by Article 6(1)(a) GDPR.

C. STORAGE PERIOD

The data transmitted to us via cookies will be deleted as soon as it is no longer required for the purposes described above. Further storage may occur in individual cases if required by law.

D. BROWSER SETTINGS CONFIGURATION

Most browsers are preset to accept cookies by default. However, you can configure your browser to accept only certain cookies or no cookies at all. Please note, however, that if cookies are disabled in your browser settings, you may no longer be able to use all the features of our website. You can also delete cookies already stored in your browser via your browser settings. Furthermore, it is possible to configure your browser to notify you before cookies are stored. Since different browsers may vary in their functionality, please consult your browser's help menu for configuration options.

If you would like a comprehensive overview of all third-party access to your internet browser, we recommend installing specially developed plug-ins for this purpose.


§ 7 TRACKING AND ANALYSIS TOOLS

We use tracking and analysis tools to ensure the continuous optimization and user-friendly design of our website. Tracking measures also allow us to statistically record website usage by visitors and to further develop our online services based on the insights gained. Due to these legitimate interests, the use of the tracking and analysis tools described below is justified in accordance with Article 6(1)(f) of the GDPR. The respective processing purposes and the data processed can also be found in the following description of the tracking and analysis tools.

1. GOOGLE ANALYTICS 360

This website uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA ("Google"). Google Analytics uses "cookies," which are text files placed on your computer, to help the website analyze how users use the site.

The information generated by these cookies, such as the time, location, and frequency of your use of this website, is generally transmitted to and stored on a Google server in the USA. When using Google Analytics, it is possible that the cookies set by Google Analytics may collect other personal data in addition to the IP address. Please note that Google may transfer this information to third parties if required to do so by law, or if third parties process this data on Google's behalf.

The information generated by cookies will be used by Google on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services relating to website activity and internet usage to the website operator. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can generally prevent the storage of cookies by adjusting your browser software settings; however, please note that in this case you may not be able to fully utilize all the functions of this website.

It is possible that the cookies set by Google Analytics may collect other personal data besides the IP address. To prevent information about your use of the website from being collected and transmitted to Google Analytics, you can download and install a browser plugin from the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

This plugin prevents information about your website visit from being transmitted to Google Analytics. It does not prevent other forms of analysis.

Please note that you cannot use the browser plug-in described above when visiting our website via the browser of a mobile device (smartphone or tablet). When using a mobile device, you can prevent the collection of your usage data by Google Analytics by clicking the following link: Disable Google Analytics.

Clicking this link will set an opt-out cookie in your browser. This prevents information about your website visit from being transmitted to Google Analytics. Please note that the opt-out cookie is only valid for this browser and only for this domain. If you delete the cookies in this browser, the opt-out cookie will also be deleted. To continue preventing data collection by Google Analytics, you must click the link again. Using the opt-out cookie is also an alternative to the browser plug-in mentioned above when using your computer's browser.

To ensure the best possible protection of your personal data, Google Analytics on this website has been extended with the code "anonymizeIP". This code causes the last 8 bits of IP addresses to be deleted, thus anonymizing your IP address (so-called IP masking). Your IP address is generally shortened and therefore anonymized by Google before transmission within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

2. GOOGLE ADWORDS

We use Google AdWords technology, specifically conversion tracking. Google Conversion Tracking is an analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you click on an ad served by Google, a conversion tracking cookie is placed on your computer. These cookies are valid for 30 days and are not used for personal identification. If you visit certain pages of our website while the cookie is still valid, Google and we can recognize that you clicked on a specific ad and were redirected to this page. Each Google AdWords customer receives a different cookie. This prevents tracking cookies across the websites of different AdWords customers.

The data collected using the conversion cookie is used to generate conversion statistics for AdWords customers who use conversion tracking. These customers learn the number of users who clicked on their ad and were subsequently redirected to a page with a conversion tracking tag. However, they do not receive any information that can personally identify the users.

If you do not wish to participate in conversion tracking, you can prevent this by adjusting your browser settings, for example, by generally preventing the installation of cookies. You can also disable cookies for conversion tracking by configuring your browser to block only cookies from the web address "googleadservices.com".

3. GOOGLE REMARKETING

We use the "Google Remarketing" technology from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Remarketing displays ads to users who have already visited our websites and online services and shown interest in a specific offer. Within the Google advertising network, this allows us to display targeted and interest-based ads on our site. Google Remarketing uses cookies for this analysis. This allows our visitors to be recognized when they visit websites within the Google advertising network. Within the Google advertising network, this enables us to display targeted and interest-based ads based on the websites the visitor previously visited within the Google advertising network (which also use Google's remarketing function).

If you do not wish to receive targeted, interest-based advertising, you can opt out of Google's use of cookies for this purpose via the following link: https://www.google.de/settings/ads deactivate.


§ 8 PLUGINS

1. FACEBOOK, GOOGLE AND TWITTER

Our websites contain social plugins from the social networks "Facebook" (Facebook Inc., 1601 S. California Ave, Palo Alto, California 94304, USA), "Google " (Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA), and "Twitter" (Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA). It is possible that these plugins may collect personal data about website visitors, transmit it to the respective service, and link it to the visitor's account on that service.

VARIBIKE itself does not collect any personal data via the social plugins or their use. To prevent data from being transferred to service providers in the USA without the user's knowledge, we have implemented the so-called Shariff solution on our website. This means that the respective social plugins are initially embedded on the website only as graphics. These graphics contain a link to the website of the respective plugin provider. Only when you click on one of the graphics will you be redirected to the service of the respective provider. This solution ensures that personal data is not automatically transferred to the providers of the respective social plugins when you visit our website. If you click on one of the social plugin graphics, data can be transferred to the respective service provider and stored there. If you do not click on any of the graphics, no data transfer takes place between you and the respective social plugin provider. You can find more information about the Shariff solution on the following website: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

After clicking on a social plugin, the respective service provider receives information that you have visited the corresponding page of our website. Please note that you do not need to have a user account with the service in question, nor do you need to be logged in. However, if you do have a user account with the service provider and are logged in to that account while visiting our website, the data collected by the social plugin will be directly associated with your account. If you do not want this information to be associated with your profile on the service provider's platform, you must log out of your user account before clicking on one of the social plugins.

Please note that VARIBIKE has no control over whether and to what extent the respective service providers collect personal data. We are not aware of the scope, purpose, or retention periods of the respective data collection. However, we would like to point out that it must be assumed that at least the IP address and device-related information are used and collected via social plugins. It is also possible that the respective service providers use cookies.

For information on the scope and purpose of data collection by the respective service, as well as the further processing and use of your data, please refer to the privacy policy directly on the respective service's website. There you will also find further information about your corresponding data protection rights and settings options to protect your privacy.

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA

https://www.facebook.com/policy.php

https://www.facebook.com/help/186325668085084

b) Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA

https://www.google.com/policies/privacy/partners/?hl=de

c) Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA

https://twitter.com/privacy?lang=de

2. YOUTUBE

On our website, we use YouTube, among other providers, to embed videos. YouTube is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

On some of our web pages, we use plugins from YouTube. When you visit a page on our website that contains such a plugin, a connection is established to the YouTube servers, and the plugin is displayed. This transmits information to the YouTube server about which of our web pages you have visited. If you are logged into YouTube as a member, YouTube will associate this information with your personal user account. When you use the plugin, such as by clicking the play button on a video, this information is also associated with your user account. You can prevent this association by logging out of your YouTube user account and any other user accounts with YouTube LLC and Google Inc. before using our website, and by deleting the corresponding cookies.

Further information on data processing and privacy by YouTube (Google) can be found at https://policies.google.com/privacy


§ 9 HYPERLINKS

Our website contains hyperlinks to websites of other providers. Activating these hyperlinks will redirect you directly from our website to the website of the other provider. You can recognize this, among other things, by the change in the URL. We cannot assume any responsibility for the confidential handling of your data on these third-party websites, as we have no control over these companies' compliance with data protection regulations. Please refer to the privacy policies of these companies directly on their websites for information on how they handle your personal data.

§ 10 RIGHTS OF PERSONS

The GDPR grants you, as a data subject whose personal data is being processed, the following rights:

  • In accordance with Article 15 of the GDPR, you have the right to request information about your personal data that we process. In particular, you can request information about the purposes of the processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected from you, any transfers to third countries or international organizations, and the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved.
  • According to Article 16 GDPR, you can request the immediate rectification of inaccurate or the completion of your personal data stored by us.
  • According to Article 17 GDPR, you can request the deletion of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.
  • According to Article 18 of the GDPR, you can request the restriction of the processing of your personal data if you contest the accuracy of the data, the processing is unlawful, we no longer need the data, and you object to its erasure because you require it for the establishment, exercise, or defense of legal claims. You also have the right under Article 18 of the GDPR if you have objected to the processing pursuant to Article 21 of the GDPR.
  • According to Article 20 of the GDPR, you can request to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, or you can request its transmission to another controller.
  • In accordance with Article 7(3) of the GDPR, you can withdraw your consent at any time. This means that we will no longer be permitted to process your data based on this consent in the future.
  • According to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority. You can usually contact the supervisory authority in your place of habitual residence, your place of work, or the location of our company headquarters.


§ 11 RIGHT OF OBJECTION

When your personal data is processed based on legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, provided there are grounds relating to your particular situation or the objection is directed against direct marketing. In the case of direct marketing, you have a general right to object, which we will implement without requiring you to specify a particular situation.



§ 12 DATA SECURITY AND SECURITY MEASURES

We are committed to protecting your privacy and treating your personal data confidentially. To prevent manipulation, loss, or misuse of your data stored with us, we implement comprehensive technical and organizational security measures, which are regularly reviewed and adapted to technological advancements. These include, among other things, the use of recognized encryption methods (SSL or TLS). However, we would like to point out that, due to the structure of the internet, it is possible that data protection regulations and the aforementioned security measures may not be observed by other persons or institutions outside of our control. In particular, unencrypted data – for example, when transmitted via email – can be intercepted by third parties. We have no technical control over this. It is the user's responsibility to protect the data they provide against misuse by means of encryption or other methods.