.png?width=254&height=45&name=Design%20ohne%20Titel%20(3).png){kind=small}
PRIVACY POLICY
safeguards for data transfers to third countries. You may request a copy or access these EU standard contractual clauses by contacting the address listed under "Contact."
If you consent to the transfer of personal data to third countries, the transfer is based on Article 49 (1)(a) GDPR.
Processing in Exercising Your Rights
When you exercise your rights under Articles 15 to 22 GDPR, we process the personal data provided to us for the purpose of implementing those rights and to be able to demonstrate compliance. Data stored for the purpose of providing information and its preparation will be processed only for this purpose and for the purposes of data protection oversight, and we will otherwise restrict processing in accordance with Article 18 GDPR.
These processes are based on the legal foundation of Article 6 (1)(c) GDPR in conjunction with Articles 15 to 22 GDPR and § 34 (2) BDSG.
Your Rights
As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:
Right to Rectification: You have the right, under Article 16 GDPR, to requestGeneral Notes
If you have any questions or suggestions regarding this information or wish to contact us to exercise your rights, please direct your request to:
Gert Weißbach GmbH
Olbenrhauerstraße 36
09125 Chemnitz, Germany
Email: office@weissbach-bikes.com
Phone: +49 (0)371/278038-0
Legal Foundations
The term "personal data" under data protection law refers to any information that relates to an identified or identifiable person. We process personal data in accordance with applicable data protection laws, particularly the GDPR and the German Federal Data Protection Act (BDSG). We only process personal data based on legal permissions. We process personal data only with your consent (§ 25 (1) TTDSG or Article 6 (1)(a) GDPR), for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract (Article 6 (1)(b) GDPR), to comply with a legal obligation (Article 6 (1)(c) GDPR), or if the processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, provided that your interests or fundamental rights and freedoms requiring the protection of personal data do not override these interests (Article 6 (1)(f) GDPR).
If you apply for a position in our company, we process your personal data also for the purpose of deciding on the establishment of an employment relationship (§ 26 (1)(1) BDSG).
Data Retention Period
Unless otherwise stated in the following notes, we store the data only as long as it is necessary to fulfill the processing purpose or to meet our contractual or legal obligations. Such legal retention obligations may arise, in particular, from commercial or tax regulations. From the end of the calendar year in which the data was collected, we will retain personal data contained in our accounting records for ten years, and personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consent-based processing, complaints, and claims for the duration of the statutory limitation periods. Data stored for advertising purposes will be deleted if you object to its processing for this purpose.
Categories of Data Recipients
We use processors to handle your data in certain processing activities. Processing tasks carried out by such processors include, for example, hosting, email distribution, IT system maintenance and support, customer and order management, order processing, accounting and invoicing, marketing activities, and document or data storage destruction. A processor is a natural or legal person, public authority, institution, or other entity that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes but only process it for the controller and are contractually obligated to ensure appropriate technical and organizational measures for data protection. Additionally, we may transfer your personal data to entities such as postal and delivery services, our bank, tax consulting/auditing firms, or tax authorities. Additional recipients may arise from the following notes.
Data Transfers to Third Countries
Our data processing activities may involve the transfer of certain personal data to third countries, i.e., countries where the GDPR is not applicable law. Such transfers are permitted if the European Commission has determined that an adequate level of data protection is guaranteed in the third country. If such an adequacy decision is not in place, the transfer of personal data to a third country will only occur if there are appropriate safeguards in place under Article 46 GDPR, or if one of the conditions set out in Article 49 GDPR applies.
Unless otherwise stated, we use the EU standard contractual clauses as appropriate that we correct any inaccurate personal data concerning you.
You have the right, pursuant to Article 17 of the GDPR and Section 35 of the BDSG, to request the deletion of your personal data from us.
You have the right, pursuant to Article 18 of the GDPR, to restrict the processing of your personal data.
You have the right, pursuant to Article 20 of the GDPR, to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and to transmit those data to another controller.
If you have given us a separate consent to process your data, you may revoke this consent at any time in accordance with Article 7(3) of the GDPR. Such revocation will not affect the lawfulness of the processing carried out based on the consent before its revocation.
If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR.
Right to Object
You have the right, pursuant to Article 21(1) of the GDPR, to object to processing based on the legal grounds of Article 6(1)(e) or (f) of the GDPR, for reasons related to your particular situation. If we process personal data concerning you for the purpose of direct marketing, you may object to this processing pursuant to Article 21(2) and (3) of the GDPR.
Data Protection Officer
You can reach our data protection officer at the following contact details:
Email: office@weissbach-bikes.com
Gert Weißbach GmbH
Olbenrhauerstraße 36
09125 Chemnitz, Germany
2. Data Processing on Our Website
When using the website, we collect information you provide yourself. Additionally, certain information about your use of the website is automatically collected during your visit. Under data protection law, the IP address is generally also considered personal data. An IP address is assigned to every device connected to the internet by the internet provider, allowing the device to send and receive data.
Processing of Server Log Files
When you visit our website for informational purposes only, general information is automatically stored (not through registration) that your browser transmits to our server. This includes: browser type/version, operating system, accessed page, previously visited page (referrer URL), IP address, date and time of the server request, and HTTP status code.
The processing is carried out to protect our legitimate interests and is based on the legal grounds of Article 6(1)(f) of the GDPR. This processing serves the technical administration and security of the website. We are not able to identify you as a data subject based on the stored information. Therefore, Articles 15 to 22 of the GDPR do not apply unless you provide additional information that enables your identification.
Contact Forms and Inquiries
Our website contains contact forms through which you can send us messages. Your data is transmitted in an encrypted format (recognizable by the “https” in the browser’s address bar). All fields marked as mandatory are required to process your inquiry. Failure to provide this data will prevent us from processing your request. Providing additional data is voluntary. You can alternatively send us a message via the contact email. We process the data to respond to your inquiry.
If your inquiry relates to the conclusion or performance of a contract with us, Article 6(1)(b) of the GDPR serves as the legal basis for data processing. Otherwise, we process the data based on our legitimate interest in communicating with the person making the inquiry. The legal basis for the data processing is then Article 6(1)(f) of the GDPR.
Online Shop
When you order a product through our website, we process personal data exclusively for the purpose of fulfilling the contract or providing the ordered product to you. We only process the data you enter in the form and, if applicable, payment information if you pay by pre-transfer. To deliver the ordered products, we transfer the necessary data to one of our shipping service providers as specified in the order. The legal basis for processing is Article 6(1)(b) of the GDPR.
The provision of additional data is voluntary. Such voluntarily provided data is processed based on Article 6(1)(f) of the GDPR.
Payments
You have the option to choose between various payment options to pay for ordered products in our online shop. For this, we work with different payment providers. The payment data you provide during the ordering process may be transmitted to the payment provider to the extent necessary for the payment transaction.
The legal basis for this transmission is Article 6(1)(b) of the GDPR.
We use the following payment providers:
- Stripe
You have the option to make payments via Stripe, offered by Stripe Payments Europe Ltd. (Ireland, EU). For more information about Stripe’s privacy policy, visit: https://stripe.com/de/privacy#translation.
Newsletter
We offer the option to subscribe to our newsletter on our website. After subscribing, we will regularly inform you about the latest news regarding our offers. To subscribe to the newsletter, a valid email address is required. When subscribing to the newsletter, we process personal data, such as your email address and name, based on the consent you have provided. The processing is based on the legal grounds of Article 6(1)(a) of the GDPR. You can revoke your consent at any time with effect for the future by contacting us via the above channels.
Cookies
We use cookies and similar technologies (“Cookies”) on our website. Cookies are small data sets stored by your browser when you visit a website. This allows the browser to be identified and recognized by web servers. You have full control over the use of cookies through your browser and can delete them at any time. The use of cookies may be necessary for certain functions and content on our website and may also serve analytical or marketing purposes. We only use non-essential cookies with your consent.
Data Processing for Job Applications
If you apply to us electronically (e.g., by email or web form), we collect and process your personal data for the purpose of handling the application process. The legal basis for this processing of personal data is Section 26 of the BDSG.
Your data is stored for 90 days beyond the conclusion of the application process. If you receive and accept an employment offer, the data collected during the application process will be stored for at least the duration of the employment relationship.
Analytics and retargeting
Google Analytics
We use the Google Analytics service provided by Google Ireland Limited (Ireland, EU) on our website.
Google Analytics is a web analytics service that helps us collect and analyze data about visitor behavior on our website. Google Analytics uses cookies to enable an analysis of website usage. In doing so, personal data such as online identifiers (including cookie IDs), IP addresses, device identifiers, and information about interactions with our website are processed.
Some of this data consists of information stored on your device. In addition, cookies store other information on your device. Such storage of information by Google Analytics or access to information already stored on your device is carried out only with your consent.
Google Ireland will process the collected data on our behalf to evaluate the use of our website, compile reports on activities within our website, and provide us with other services related to website usage and internet usage. Pseudonymous user profiles may be created from the processed data.
The setting of cookies and the further processing of personal data described herein are based on your consent. The legal basis for the data processing in connection with the Google Analytics service is therefore Art. 6(1)(a) of the GDPR. You may withdraw this consent at any time via our consent management tool with future effect.
Personal data processed on our behalf by Google Analytics may be transferred to any country where Google Ireland or its subcontractors maintain facilities. Please refer to the section "Data Transfer to Third Countries" for more information.
We use Google Analytics with IP anonymization enabled. This means that the IP address of users is truncated by Google Ireland within member states of the European Union or in other contracting states of the European Economic Area Agreement. The IP address transmitted by the user's browser will not be merged with other data held by Google.
Further information on the use of data for advertising purposes can be found in Google's privacy policy at: www.google.com/policies/technologies/ads/.
We use the Google Universal Analytics variant, which allows us to associate interaction data from different devices and sessions with a unique user ID. This enables us to contextualize individual user actions and analyze long-term relationships.
Data about user actions is stored for 14 months and is automatically deleted afterward. Data whose retention period has expired is automatically deleted once a month.
We also use Google Analytics 4, which enables us to track interaction data from different devices and sessions. This allows us to contextualize individual user actions and analyze long-term relationships.
Data about user actions is stored for 14 months and is then automatically deleted. All other event data is stored for two months and is automatically deleted. Data whose retention period has expired is automatically deleted once a month.
We also use Google Analytics advertising features (Remarketing). This feature allows us to show ads more targeted, using Google's cross-device capabilities, and present users with interest-based ads. Through remarketing, users are shown ads and products for which interest was detected on other websites in the Google Network. This feature allows us to link Google Analytics remarketing audiences with Google Ads cross-device features. This enables interest-based, personalized advertising messages that are customized based on prior usage and browsing behavior on one device (e.g., a phone) to be displayed on another device (e.g., tablet or PC).
If you have provided corresponding consent, Google will link your web and app browsing history with your Google account. In this way, the same personalized advertising messages can be displayed on any device where you sign in with your Google account. The aggregation of collected data in your Google account is based solely on your consent, which you can give or withdraw at Google. Data for these linked services is then collected for advertising purposes through Google Analytics. To support the remarketing function, Google Analytics collects users' Google-authenticated IDs, which are temporarily linked to our Google Analytics data. This serves to define and create audiences for cross-device ad targeting.
Google Ads
We use the online advertising program Google Ads from Google Ireland Limited (Ireland, EU) on our website, through which we place advertisements on Google's search engine. If you access our website via a Google ad, Google will place a cookie on your device ("Conversion Cookie"). Each Google Ads customer is assigned a different conversion cookie, so the cookies cannot be tracked across different Ads customers' websites. The information obtained with the help of the cookie is used to generate conversion statistics. This allows us to know the total number of users who clicked on one of our Google ads. However, we do not receive any information that can personally identify users.
The processing of your data is based on your consent according to Art. 6(1)(a) of the GDPR.
The setting of cookies is based on your consent, which you can withdraw at any time via the consent management tool with future effect. The use of the service may involve the transfer of your data to the USA. Please refer to the section "Data Transfer to Third Countries" for further information. More information on data protection at Google can be found in Google's privacy policy at https://policies.google.com/privacy#infocollect.
Meta Pixel
We use Meta Pixel, a business tool of Meta Platforms Ireland Limited (Ireland, EU), on our website. For Meta Platforms Ireland Ltd.'s contact details and their Data Protection Officer's contact information, please refer to their Data Policy at https://www.facebook.com/about/privacy.
Meta Pixel is a JavaScript snippet that enables us to track the actions of visitors on our website. This tracking is called Conversion Tracking. Meta Pixel collects and processes the following information (so-called Event Data):
- Information about actions and activities of visitors on our website, such as searching for and viewing a product or purchasing a product;
- Specific pixel information such as pixel ID and Facebook cookie;
- Information about buttons clicked by website visitors;
- Information available in HTTP headers, such as IP addresses, browser information, page location, and referrer;
- Information about the status of ad tracking disabling/restriction.
Some of this Event Data is stored on your device. Additionally, cookies are used via Meta Pixel, through which information is stored on your device. Such storage of information by the Facebook Pixel or access to information already stored on your device is carried out only with your consent pursuant to § 25(1) of the TTDSG.
The Event Data collected through Meta Pixel is used for targeting our advertisements and improving ad delivery on Meta products such as the social media platforms Facebook and Instagram, for personalizing functions and content, and for improving and securing Meta products. For this purpose, the Event Data collected on our website using Meta Pixel is transmitted to Meta Platforms Ireland Ltd. This collection and transmission of Event Data are carried out by us and Meta Platforms Ireland Ltd. as joint controllers. We have entered into a joint controller agreement with Meta Platforms Ireland Ltd., which sets out the allocation of data protection obligations between us and Meta Platforms Ireland Ltd. In this agreement, we and Meta Platforms Ireland Ltd. have agreed, among other things, that: - We are responsible for providing you with all information in accordance with Articles 13, 14 of the GDPR regarding the joint processing of personal data;
- Meta Platforms Ireland Ltd. is responsible for enabling data subjects' rights under Articles 15 to 20 of the GDPR concerning personal data stored by Meta Platforms Ireland Ltd. after the joint processing.
You can view the agreement between us and Meta Platforms Ireland Ltd. at https://www.facebook.com/legal/controller_addendum.
Meta Platforms Ireland Ltd. is solely responsible for the subsequent processing of the transmitted Event Data. For more information on how Meta Platforms Ireland Ltd. processes personal data, including the legal basis on which Meta Platforms Ireland Ltd. relies and the options for exercising your rights against Meta Platforms Ireland Ltd., please refer to Meta Platforms Ireland Ltd.'s Data Policy at https://www.facebook.com/about/privacy.
We have also commissioned Meta Platforms Ireland Ltd. to create reports on the effectiveness of our ad campaigns and other online content (Campaign Reports) based on the Event Data collected via Meta Pixel and to generate analyses and insights about the users and their use of our website, products, and services (Analyses). For this purpose, we transmit personal data contained in the Event Data to Meta Platforms Ireland Ltd. The transmitted personal data will be processed by Meta Platforms Ireland Ltd. as our processor to provide us with the Campaign Reports and Analyses.
The collection and transmission of personal data by us to Meta Platforms Ireland Ltd. and the commissioned processing of personal data by Meta Platforms Ireland Ltd. to create analyses and campaign reports will only take place if you have previously given your consent. The legal basis for processing personal data is therefore Art. 6(1)(a) of the GDPR.
The data processed on our behalf by Meta Platforms Ireland Ltd. is transferred to Meta Platforms, Inc. in the USA. Meta Platforms Ireland Ltd. transfers the data based on Standard Contractual Clauses for processor-to-processor transfers to Meta Platforms, Inc., but reserves the right to use an alternative transfer mechanism recognized by the GDPR and other applicable data protection laws in the European Economic Area, the United Kingdom, and Switzerland.
External Media and Third-Party Services
YouTube
We use the YouTube service provided by Google Ireland Limited (Ireland, EU) to embed videos on our website. For such embedding, processing of your IP address is technically necessary to send the content to your browser. Your IP address is therefore transmitted to Google, and Google may set its own cookies. We use YouTube in "extended data protection mode," meaning that no cookies are set by YouTube for analyzing usage behavior.
The processing of your data is based on Art. 6(1)(f) of the Google reCAPTCHA We use the service Google reCAPTCHA (hereinafter referred to as "reCAPTCHA") provided by Google Ireland Limited (Google, EU).
The purpose of reCAPTCHA is to verify whether the data input on this website (e.g., in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor accesses the website. The reCAPTCHA analyses run completely in the background, and website visitors are not informed that an analysis is taking place.
For analysis purposes, reCAPTCHA evaluates various types of information (e.g., IP address, the time a website visitor spends on the website, or the user's mouse movements). This helps to identify and prevent automated access attempts and attacks.
We are legally obligated to take technically and economically reasonable measures to ensure the security of the portal.
The processing of your data is based on Article 6(1)(c) in conjunction with Article 32 of the GDPR and Section 19(4) of the TDDDG.
For further information about Google reCAPTCHA, please refer to the Google Privacy Policy and Terms of Service at the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.
- TikTok
- YouTube
Visiting a Social Media Page
Facebook and Instagram
When you visit our Facebook or Instagram page where we present our company or specific products from our offerings, certain information about you will be processed. The sole controller of this processing of personal data is Meta Platforms Ireland Limited (Ireland, EU). For more information on the processing of personal data by Meta, please refer to: https://www.facebook.com/privacy/explanation. Meta provides the option to object to specific data processing; related information and opt-out options can be found at: https://www.facebook.com/settings?tab=ads.
Meta provides us with anonymized statistics and insights in the form of "Page Insights," which help us understand the types of actions people take on our page. These Page Insights are created based on specific information about individuals who have visited our page. This processing of personal data is carried out by Meta and us as joint controllers. The processing serves our legitimate interest in evaluating the types of actions taken on our page and improving our page based on these insights. The legal basis for this processing is Article 6(1)(f) of the GDPR.
We cannot associate the information obtained via Page Insights with specific user profiles interacting with our Facebook and Instagram pages. We have entered into an agreement with Meta regarding joint responsibility, which defines the allocation of data protection obligations between us and Meta. Details regarding the processing of personal data to create Page Insights and the agreement between us and Meta can be found at: https://www.facebook.com/legal/terms/information_about_page_insights_data. With regard to these data processing activities, you can exercise your data subject rights (see "Your Rights") with Meta as well. Further information can be found in Meta's Privacy Policy at: https://www.facebook.com/privacy/explanation.
Please note that, in accordance with Meta's data protection policies, user data may also be processed in the United States or other third countries. Meta only transfers user data to countries for which an adequacy decision by the European Commission under Article 45 of the GDPR exists or based on suitable safeguards under Article 46 of the GDPR.
Comments and Direct Messages
We also process information that you provide to us through our company page on the respective social media platform. This information can include the username used, contact details, or a message to us. Such processing is carried out solely under our control. We process this data based on our legitimate interest in contacting individuals who make inquiries. The legal basis for this data processing is Article 6(1)(f) of the GDPR. Further data processing may occur if you have given your consent (Article 6(1)(a) GDPR) or if it is required for compliance with a legal obligation (Article 6(1)(c) GDPR).
If you have provided information to participate in a contest, we will only process it to deliver a prize to you if applicable. After delivering the prize, or if you do not win, we will delete the data. The legal basis for processing is Article 6(1)(b) GDPR.
4. Further Data Processing
Contacting via Email
If you send us a message via the contact email provided, we will process the data transmitted for the purpose of responding to your inquiry. We process this data based on our legitimate interest in contacting individuals who make inquiries. The legal basis for data processing is Article 6(1)(f) of the GDPR.
Customer and Interested Party Data
If you contact our company as a customer or interested party, we will process your data to establish or carry out the contractual relationship as necessary. This regularly includes processing the personal data, contract and payment data, as well as the contact and communication data of our points of contact with business customers and partners. The legal basis for this processing is Article 6(1)(b) of the GDPR.
We also process customer and interested party data for evaluation and marketing purposes. These processes are based on the legal foundation of Article 6(1)(f) of the GDPR and serve our interest in further developing our offerings and informing you specifically about our offers.
Further data processing may occur if you have given your consent (Article 6(1)(a) GDPR) or if it is required for compliance with a legal obligation (Article 6(1)(c) GDPR).