PRIVACY POLICY GHOST-BIKES.COM

1. DATA PROTECTION AT A GLANCE

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is all data with which you can be personally identified. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.

Data collection on this website

Who is responsible for the data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the section "Note on the responsible party" in this data protection declaration.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This can be, for example, data that you enter in a contact form.

Other data is collected automatically or with your consent by our IT systems when you visit the website. This is mainly technical data (e.g. Internet browser, operating system or time of the page view). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure that the website is provided without errors. Other data can be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right at any time and free of charge to obtain information about the origin, recipient and purpose of your

stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. In addition, you have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

For this purpose, as well as for further questions on the subject of data protection, you can contact us at any time.

Analysis tools and third-party tools

When you visit this website, your surfing behavior can be statistically evaluated. This is done primarily with so-called analysis programs.

Here we also use services from Google - this is a company headquartered in the USA. Further information and the privacy policy can be found here or athttps://policies.google.com/privacy?hl=en

The analysis of your surfing behavior is usually anonymous, the surfing behavior cannot be traced back to you.

Detailed information on these analysis programs can be found in the following privacy policy.

2. Hosting + Content Delivery

We host the content of our website with the following provider:

Externes Hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the hoster(s). This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

External hosting is provided for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 (1) (f) GDPR).

If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Our hoster(s) will only process your data to the extent necessary to fulfil its performance obligations and will follow our instructions with regard to this data.

We use the following host(s):

Accell IT B.V.

Industrieweg 4,

NL-8444 AR Heerenveen

Auftragsverarbeitung

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Amazon CloudFront CDN

We use the Amazon CloudFront CDN content delivery network. The provider is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg (hereinafter "Amazon").

Amazon CloudFront CDN is a globally distributed content delivery network. Technically, the transfer of information between your browser and our website is routed via the Content Delivery Network. This allows us to increase the worldwide accessibility and performance of our website.

The use of Amazon CloudFront CDN is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR).

The data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.

To learn more about Amazon CloudFront CDN, see:

https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf.

Auftragsverarbeitung

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. GENERAL INFORMATION AND MANDATORY INFORMATION

Privacy

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected.

Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. It is not possible to completely protect data from access by third parties.

Note on the responsible body

The party responsible for processing data on this website is:

GHOST-Bikes GmbH

An der Tongrube 3

95652 Waldsassen

Phone: 09632-92550

Email: info@ghost-bikes.de

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

Speicherdauer

Unless a more specific storage period has been specified within this data protection declaration, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion takes place after these reasons cease to apply.

General information on the legal basis of data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, provided that special categories of data pursuant to Art. 9 para. 1 GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art.49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your device (e.g. via device fingerprinting), the data processing is also carried out on the basis of § 25 para. 1 TTDSG. The consent can be revoked at any time. If your data is required for the fulfilment of the contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) (b) GDPR. Furthermore, we process your data, insofar as it is necessary to fulfill a legal obligation, on the basis of Art. 6 para. 1 lit. c GDPR.

Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Information on the relevant legal bases in each individual case is provided in the following paragraphs of this data protection declaration.

Data protection supervisor

We have appointed a data protection officer.

Dipl.-Ing. Lars Ebertz on behalf of EBERTZ DATENSCHUTZ GmbH

Ober den Wiesen 17

35756 Mittenaar

Email: lars@ebertz-datenschutz.de

Note on data transfer to the USA and other third countries

Among other things, we use tools from companies based in the USA or other third countries that are not secure in terms of data protection. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, U.S. companies are obliged to hand over personal data to security authorities without you, as the data subject, being able to take legal action against this. Therefore, it cannot be ruled out that US authorities (e.g. secret services) may process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke your consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)

IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 PARA. 1 LIT. E OR F GDPR

, YOU HAVE THE RIGHT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR

SITUATION, OPPOSE THE PROCESSING OF YOUR PERSONAL DATA

TO OBJECT; THIS SHALL ALSO APPLY TO A CONTRACT BASED ON THESE PROVISIONS.

PROFILING. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED,

PLEASE REFER TO THIS PRIVACY POLICY. IF YOU FILE AN OBJECTION,

IF WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED, IT

UNLESS WE CAN HAVE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING

EVIDENCE THAT OUTWEIGHS YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 (1) GDPR).

YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES,

THUS, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR

PERSONAL DATA CONCERNED FOR THE PURPOSE OF SUCH ADVERTISING

TO PICKLE; THIS APPLIES TO PROFILING TO THE EXTENT THAT IT IS CONNECTED TO SUCH DIRECT MARKETING IN

CONNECTION IS ESTABLISHED. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION PURSUANT TO ART. 21 (2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a

supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedies.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done to the extent that it is technically feasible.

Information, deletion and correction

Within the framework of the applicable legal provisions, you have the right to free of charge at any time

Information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time. The right to restriction of processing exists in the following cases:

 If you dispute the accuracy of your personal data stored by us, we need

usually time to check. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.

If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.

If we no longer need your personal data, but you use it for the purpose of exercising it,

If you wish to defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.

 If you have lodged an objection pursuant to Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, this data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL or TLS encryption

This site uses for security reasons and to protect the transmission of confidential content, such as

For example, orders or inquiries that you send to us as the site operator, an SSL or TLS

Encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to advertising e-mails

We hereby object to the use of contact data published within the scope of the imprint obligation for the purpose of sending unsolicited advertising and information material. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

4. DATA COLLECTION ON THIS WEBSITE

Cookies

Our Internet pages use so-called "cookies". Cookies are small data packets and are aimed at

does not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.

Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies).

Cookies). Third-party cookies enable the integration of certain services of

Third-party companies within websites (e.g. cookies for processing payment services).

Cookies have different functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.

Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent has been given to the

storage of cookies and comparable recognition technologies, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG); the consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and

Allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general

as well as activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

You can find out which cookies and services are used on this website in this privacy policy.

OneTrust Einwilligungsmanagement

We offer you the opportunity to decide for yourself in detail in which cases you want to consent to tracking via cookies and other technologies - for the purpose of displaying content relevant to you as well as offers tailored to you.

The processing of your data for the purposes mentioned here is partly based on legitimate interest, but in some cases we also require your consent. For this purpose, we use the Consent Management Platform (CMP) of OneTrust, LLC, 1350 Spring St NW, Atlanta, GA 30309, as a processor.

Onetrust's CMP enables you to give us your consent to the processing of your data in compliance with data protection regulations and to revoke it at any time. You can also object to data processing based on our legitimate interest. Further information on data protection and Onetrust's CMP can be found here: https://www.onetrust.de/datenschutzerklaerung/

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and browser version Operating system used

Referrer URL

Host name of the accessing computer

Time of the server request IP address

This data will not be merged with other data sources.

This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be recorded.

Contact

If you send us enquiries via the contact form, your details from the

Enquiry form including the contact details you provided there for the purpose of processing the enquiry

and stored with us in case of follow-up questions. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, if your request is related to the performance of a contract or for the implementation of pre-contractual measures is required. In all other cases, the processing is based on our legitimate interest in

effective processing of the enquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested; the consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies

(e.g. after your request has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Enquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your enquiry, including all personal data resulting from it (name, enquiry), will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in

effective processing of the enquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested; the consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies

(e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Salesforce Sales Cloud

We use Salesforce Sales Cloud to manage customer data. The provider is salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich (hereinafter referred to as "Salesforce").

Salesforce Sales Cloud is a CRM system and allows us, among other things, to manage existing and potential customers as well as customer contacts and to organize sales and communication processes. The use of the CRM system also enables us to analyze our customer-related processes. Customer data is stored on Salesforce's servers. Personal data may also be transmitted to the parent company of salesforce.com Germany GmbH, salesforce.com inc., Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA.

Details about Salesforce Sales Cloud features can be found here: https://www.salesforce.com/de/products/sales-cloud/overview/.

The use of Salesforce Sales Cloud is based on Art. 6 para. 1 lit. f GDPR. The

Website operator has a legitimate interest in the most efficient customer management and customer communication possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Salesforce has Binding Corporate Rules (BCR) approved by the French Data Protection Authority. These are binding internal company regulations that legitimize the company's internal data transfer to third countries outside the EU and the EEA. Details can be found here: https://www.salesforce.com/de/blog/2020/07/die-binding-corporate-rules-von-salesforce-erfuellenhoechste-da.html.

For details, please refer to Salesforce's privacy policy: https://www.salesforce.com/de/company/privacy/.

Auftragsverarbeitung

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Registration on this website

You can register on this website to use additional functions on the site. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.

For important changes, for example in the scope of the offer or in the event of technically necessary changes, we will use the e-mail address provided during registration to inform you in this way.

The processing of the data entered during registration is carried out for the purpose of carrying out the user relationship established by the registration and, if necessary, for the initiation of further contracts (Art. 6 para. 1 lit. b DSGVO).

The data collected during registration will be stored by us as long as you are registered on this website and will then be deleted. Statutory retention periods remain unaffected. See also 8 #YESGHOST.

5. ANALYSIS TOOLS AND ADVERTISING

ALGOLIA

This website uses the search technology Algolia via an API. The provider is Algolia, Inc., 589 Howard Street, Suite 5, San Francisco, CA 94105, USA. In order to use the functions of the Algolia search, it is necessary to save your IP address and your search query. This information is usually transmitted to an Algolia server in Europe or the USA and stored there. As the provider of this site, we have no influence on this data transfer.The use of the Algolia search is in the interest of good accessibility and easy findability of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Further information on the handling of user data can be found in Algolia's privacy policy:


https://www.algolia.com/policies/privacy.

Auftragsverarbeitung

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. Details can also be found under https://www.algolia.com/pdf/DPA-latest.pdf

Bings Ads

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR),  we use the conversion and tracking tool "Bing Ads" from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. In doing so, Microsoft stores cookies on users' devices in order to enable an analysis of the use of our online offer by users, provided that users have reached our online offer via a Microsoft Bing ad (so-called "conversion measurement"). In this way, Microsoft and we can recognize that someone has clicked on an ad, has been redirected to our online offer and has reached a previously determined target page (so-called "conversion page"). We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No IP addresses are stored. No personal information about the identity of the users is communicated.

Microsoft is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active). If users do not wish to participate in the Bing Ads tracking process, they can also deactivate the setting of a cookie required for this via browser settings or use Microsoft's opt-out page: http://choice.microsoft.com/de-DE/opt-out.

Users can find more information about data protection and the cookies used by Microsoft Bing Ads in Microsoft's privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

 

Clarity

This website uses Clarity. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA

98052-6399 (USA), https://docs.microsoft.com/en-us/clarity/ (hereinafter "Clarity").

Clarity is a tool for analyzing user behavior on this website. In particular, Clarity records mouse movements and creates a graphical representation of which part of the website users scroll to particularly frequently (heat maps). Clarity may also record sessions so that we can view site usage in the form of videos. Furthermore, we receive information about the general user behavior within our website.Clarity uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or the use of device fingerprinting). Your personal data is stored on Microsoft's servers (Microsoft Azure Cloud Service) in the USA.

Insofar as consent has been obtained, the use of the above-mentioned service is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. The consent can be revoked at any time. If no consent has been obtained, the use of this service is based on Art. 6 para. 1 lit. f GDPR; the website operator has a legitimate interest in an effective user analysis.

Further details on Clarity's data protection can be found here: https://docs.microsoft.com/en-us/clarity/faq.

Criteo

This website uses functions of Criteo. The provider is Criteo SA, 32 Rue Blanche, 75009 Paris (hereinafter referred to as "Criteo").

Criteo is used to provide you with interest-based advertisements within the Criteo

advertising network. Your interests are determined on the basis of your previous usage behavior. Criteo records, for example, which products you have viewed, added to your shopping cart or purchased. More details about the data collected by Criteo can be found here: https://www.criteo.com/de/privacy/how-we-use-your-data/.

In order to be able to show you interest-based advertising, we or other Criteo partners need to be able to recognize you. For this purpose, a cookie is stored on your device or a comparable identifier is used, which links your user behavior with a pseudonymous user profile. For details, please refer to Criteo's privacy policy at:

https://www.criteo.com/de/privacy/.

Your personal data and the Criteo cookies stored in your browser will be stored for a maximum of 13 months from the date of collection.

Insofar as consent has been obtained, the use of the above-mentioned service is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TTDSG. The consent can be revoked at any time. If no consent has been obtained, the use of this service is based on Art. 6 para. 1 lit. f GDPR; the website operator has a legitimate interest in targeted advertising measures.

Criteo and we are joint controllers within the meaning of Art. 26 GDPR. A joint processing agreement has been concluded between Criteo and us, the essential contents of which Criteo describes at the following link: https://www.criteo.com/de/privacy/how-we-use-your-data/.

6. NEWSLETTER

Newsletterdaten

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected or will only be collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered in the newsletter registration form takes place exclusively on

Basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide us with for the purpose of subscribing to the newsletter will be processed by us until your

Unsubscribe from the newsletter is stored by us or .dem newsletter service provider and deleted from the newsletter distribution list after the newsletter has been unsubscribed or after the purpose has ceased to apply. We reserve the right to use e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

Data that has been stored by us for other purposes remains unaffected.

After you have unsubscribed from the newsletter distribution list, your e-mail address will be sent to us or .dem

Newsletter service providers may be stored in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest. We continue to refer to Salesforce Sales Cloud.

7. PLUGIN AND TOOLS

YouTube

This website incorporates videos from the YouTube website. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our websites on which YouTube is embedded, a connection to YouTube's servers is established. In doing so, the YouTube server is informed which of our pages you have visited.

Furthermore, YouTube can store various cookies on your device or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things:

is used to collect video statistics, improve user-friendliness and prevent fraud attempts.

If you are logged into your YouTube account, you enable YouTube to track your surfing behavior directly.

Assign to your personal profile. You can prevent this by logging out of your YouTube

Log out of your account.

The use of YouTube is in the interest of an appealing presentation of our online offers.

This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Provided that an appropriate

consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a

GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

For more information on how to handle user data, please refer to YouTube's privacy policy at: https://policies.google.com/privacy?hl=de.

Google Fonts

This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to Google's servers. As a result, Google learns that this website has been accessed via your IP address. The use of Google Fonts is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

If your browser does not support Google Fonts, a standard font will be used by your computer.

You can find more information about Google Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Google Maps

This site uses the map service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

In order to use the functions of Google Maps, it is necessary to store your IP address. These

Information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Provided that an appropriate

consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a

GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

You can find more information on the handling of user data in Google's privacy policy:

https://policies.google.com/privacy?hl=de.

Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter referred to as "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to check whether the data entry on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis, evaluates

reCAPTCHA extracts various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1)

TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Use at the following links:

https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

Smartfit

You can use Smartfit Online Sizing on our website. Smartfit is a solution from Radlabor GmbHHeinrich-von-Stephan-Str. 5c 79100 Freiburg (https://www.onlinesizing.bike/).

You can download the application on our website.

To get a size recommendation for a specific bike, you can submit the following information through the application:

  • Gender (mandatory)

  • Height (mandatory)

  • Leg length (optional)

  • Arm length (optional)

Smartfit calculates a specific size recommendation for a bike by using algorithms that find the right bike size based on your anthropometric data and gender. In some cases, you can transfer your preferred bike size from the application to your personal shopping cart via a button on the results screen.

Use of personal data from our application

We use your personal data from the application exclusively for the following purposes:

  • Recommendation of bike sizes in real time.

  • Providing fit prediction services in our partners' online stores.

  • Optimizing the overall quality of our referral mechanisms.

  • Statistical analysis of the number of bicycle sizes over time.

All personal data is processed anonymously and Smartfit never collects or processes personal data (e.g. real name, address data, payment information). All data is stored on servers and databases located either in Frankfurt, Germany, or in Nuremberg, Germany. No data will be transferred outside the European Union. All data is automatically deleted after a certain retention period.

We do not use any data for marketing or advertising purposes.

Cookies

We use a local storage cookie to store the following information:

  • Gender (mandatory)

  • Height (mandatory)

  • Leg length (if specified by the user)

  • Arm length (if specified by the user)

We store this data together with a session identifier in your local storage. The cookie is considered necessary for technical reasons. Without the cookie, the Online Sizing Widget cannot be used sensibly. The cookie allows us to identify returning users so that you do not have to re-enter your basic information when you use the application again. The token (JWT) is renewed after a user has been inactive for 4 hours.

In some cases, the cookie allows the immediate display of size recommendations on the product detail pages of our partners' webshops without using the application again. In some cases, our application transmits the recommended size to a partner store (i.e. so that the recommended size is automatically selected in a dropdown on the product page). When the Smartfit Recommendation Engine feature is enabled, you don't have to re-enter your basic information with the recommended bikes displayed in new browser tabs.

Safety and security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss and/or destruction as well as against access by unauthorized persons. Our security measures are subject to continuous improvement in line with current technological developments.

Further data processing by Radlabor GmbH - in the sense of independent or instruction-bound data processing - does not take place!

8. #YESGHOST

BECOME PART OF OUR COMMUNITY We love it when
our community is happy and we love it even more when they share it with us!

That's why we're asking you if you want to share your photos or videos with us. If you see a comment under one of your photos or videos asking for permission to use your photo or video, you can use the following hashtags in the specific languages to give your permission.

English:
#yesghostgoEN #yesghost #ghostgoEN #cheersghostEN

German:
#klarghostDE #goghostDE #absolutghostDE #yesghostDE #sureghostDE #cheersghostDE #JAghostDE

Czech:
#yesghostCZ#goghostCZ

Spanish:
#goghostESP #sighostESP

By doing so, you agree to the following terms and conditions and rights of use:

We may use your photo or video for marketing purposes, for example on our website, newsletter or social media. To make sure your photo or video is recognized, we'll publish your account name with the corresponding photo or video.

With the consent of the hashtag #yesghost, you grant us (GHOST Bikes GmbH) a non-exclusive, gratuitous, temporally and spatially unlimited right to use your photos and videos for all marketing purposes online and offline.  Below is an explanation of the above-mentioned rights of use:

  • Not exclusively: Photos and videos can be used for your own purposes or used by others for their own purposes

  • Free of charge: In connection with the use of your photos or videos, remuneration is not agreed, the granting of the simple right of use is free of charge

  • Perpetual: The license is granted for an indefinite period of time

  • Spatially unlimited: A specific scope for use is not agreed

 

By consenting to use by the hashtag #yesghost, you also confirm,

  • that you have the right to grant us the license to the extent described above

  • that you have permission from all person(s) depicted in your photo or video that the photos or videos in which they are depicted may be used to the extent described above;

  • that your photos or videos do not infringe any legal rights of third parties, such as intellectual property rights or privacy rights

  • that you, as an individual, are at least eighteen (18) years of age, or that your legal guardian agrees to the license to the extent described above

 

We reserve the right to stop using your photos or videos without giving a reason and to remove them from our marketing channels without notice or replacement.

8.1 Our social media presences

This privacy policy applies to the following social media sites

https://www.facebook.com/ghostbikesgmbh/

https://www.instagram.com/ghostbikes_mtb/

Tik Tok: @ghost_bikes

Data processing by social networks

We maintain publicly accessible profiles on social networks. The individual social networks we use are listed below.

Social networks such as Facebook, Instagram and TikTok can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the widest possible presence on the internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social

The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).

Responsible Party and Exercise of Rights

When you visit any of our social media profiles (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing activities triggered during your visit. You can assert your rights (access, rectification, deletion, restriction of processing, data portability, and complaint) both with us and with the operator of the respective social media portal (e.g., Facebook).

Please note that despite our joint responsibility with the social media platform operators, we do not have full control over the data processing activities of the social media portals. Our capabilities largely depend on the corporate policies of the respective provider.

Storage Duration

Data directly collected by us via social media presence will be deleted from our systems once you request deletion, revoke your consent for storage, or the purpose for data storage ceases to exist. Stored cookies remain on your device until you delete them. Mandatory legal provisions, especially retention periods, remain unaffected.

We do not have control over the storage duration of your data stored by social network operators for their own purposes. For details, please refer directly to the social network operators' privacy policies (e.g., in their privacy policy below).

Your Rights

You have the right to obtain information about the origin, recipients, and purpose of your stored personal data free of charge at any time. You also have the right to object, data portability, and the right to lodge a complaint with the competent supervisory authority. Furthermore, you can demand the correction, blocking, deletion, and under certain circumstances, restriction of the processing of your personal data.

Individual Social Networks

Facebook

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as Meta). The data collected is also transferred to the USA and other third countries, according to Meta.

You can adjust your advertising settings independently in your user account. To do this, click on the following link and log in: [link].

The data transfer to the USA is based on the standard contractual clauses of the European Commission.

For details regarding the handling of your personal data, please refer to Facebook's privacy policy: https://www.facebook.com/privacy/policy/

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA aimed at ensuring compliance with European data protection standards for data processing in the USA. Any company certified under the DPF commits to complying with these data protection standards. For further information, please contact the provider.

Instagram

We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The data transfer to the USA is based on the standard contractual clauses of the European Commission.


For details regarding the handling of your personal data, please refer to Instagram's privacy policy: https://help.instagram.com/155833707900388?cms_id=155833707900388
The company is certified under the "EU-US Data Privacy Framework" (DPF). For further information, please contact the provider.

TikTok

We have a profile on TikTok. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

For details regarding the handling of your personal data, please refer to TikTok's privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en
The data transfer to non-secure third countries is based on the standard contractual clauses of the European Commission.

By consenting to the use of the hashtag #yesghost, you also confirm that:
- You have the right to grant us the license as described above.
- You have obtained permission from all individuals depicted in your photo or video for the use of the photos or videos in the manner described above.
- Your photos or videos do not infringe upon any third-party legal rights, such as intellectual property rights or privacy rights.
- You are at least eighteen (18) years old as an individual, or your legal representative agrees to the license as described above.

We reserve the right to cease the use of your photos or videos without stating a reason and to remove them from our marketing channels without notice or compensation.

9. CHECKOUT AND PAYMENT PROVIDER

Processing of customer and contract data

We collect, process and use personal customer and contract data to establish, design and change our contractual relationships. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill for it. The legal basis for this is Art. 6 (1) (b) GDPR.

The collected customer data will be processed after completion of the order or completion of the

Business relationship and expiry of any existing statutory retention periods. Statutory retention periods remain unaffected.

Data transfer upon conclusion of contract

If you order something from us, we will pass on your personal data to the transport company entrusted with the delivery as well as to the payment service provider commissioned with the payment processing. Only such data will be released that the respective service provider needs to fulfill its task. The legal basis for this is Art. 6 para. 1 lit. b GDPR, which prohibits the processing of data for

Fulfillment of a contract or pre-contractual measures. If you have a corresponding

Consent according to Art. 6 para. 1 lit. a GDPR, we will pass on your e-mail address to the transport company entrusted with the delivery so that they can inform you by e-mail about the shipping status of your order; You can revoke your consent at any time.

Creditworthiness checks

In the case of a purchase on account or any other payment method for which we make advance payments, we can carry out a credit check procedure (scoring). For this purpose, we transmit the data you have entered (e.g. name, address, age or bank details) to a credit agency. Based on this data, the probability of a payment default is determined. In the event of an excessive risk of non-payment, we may refuse the payment method in question.

The credit check is carried out on the basis of the fulfillment of the contract (Art. 6 para. 1 lit. b DSGVO) as well as the

Avoidance of payment defaults (legitimate interest according to Art. 6 para. 1 lit. f DSGVO). If consent has been obtained, the credit check is carried out on the basis of this consent (Art. 6 para. 1 lit. GDPR); the consent can be revoked at any time.

Zahlungsdienste

We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, bank account details, credit card number) will be processed by the payment service provider for the purpose of payment processing. These transactions are subject to the respective contractual and data protection provisions of the respective providers. The payment service providers are used on the basis of Art. 6 para. 1 lit. b GDPR (contract processing) as well as in the

Interest in a payment process that is as smooth, convenient and secure as possible (Art. 6 para. 1 lit. f GDPR). Insofar as your consent is requested for certain actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; Consents can be revoked at any time for the future.

We use the following payment services / payment service providers within the framework of this website: Payment service providers used by us are:

• Adyen (Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam) hereinafter referred to as Adyen

The processing is carried out on the basis of Art. 6 Para. 1 S. 1 lit. b) GDPR. The provision of your payment data is necessary and obligatory for the conclusion or execution of the contract. If the payment data is not provided, it is impossible to conclude and / or execute the contract by means of a credit card payment. The data required for payment processing is transmitted securely via the "SSL" procedure and processed exclusively for payment processing. We delete the data arising in this context after the storage is no longer necessary, or restrict the processing if there are legal storage obligations. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we restrict the processing and reduce the processing to compliance with existing legal obligations.

Via Adyen we handle the following payment methods:

Payment methods

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal").

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

Details can be found in the privacy policy of PayPal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Mastercard

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter referred to as "Mastercard").

Mastercard may transfer data to its parent company in the United States. The data transfer to the USA is based on Mastercard's Binding Corporate Rules. Details can be found here:

https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

 

VISA

The provider of this payment service is Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, Great Britain (hereinafter referred to as "VISA").

Great Britain is considered a safe third country in terms of data protection. This means that the UK has a level of data protection equivalent to the level of data protection in the European Union.

VISA may transfer data to its parent company in the United States. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zuzustandigkeitsfragen-fur-den-ewr.html.

For more information, please refer to VISA's privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

 Santander Financing

Furthermore, we offer you financing options through our partner Santander Consumer Bank AG (SCB). For this purpose, after selecting this payment option, you will be forwarded directly to the partner for the preparation and execution of a contract. We will inform you of the forwarding in accordance with §19 TTDSG at an appropriate place.

 

For more information, please refer to SCB's privacy policy: https://www.santander.de/privatkunden/service-kontakt/datenschutz/.

 

Klarna

The supplier is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna“). Klarna offers various payment options (e.g., hire purchase). If you choose to pay with Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimize the use of Klarna checkout solution. For details on the use of Klarna cookies, please see the following link.

Details can be found in Klarna’s privacy policy under the following link.

10. FACEBOOK LEAD ADS PRIVACY POLICY

PRIVACY POLICY FOR OUR FACEBOOK (META) LEAD ADS

General information on data protection
The protection of your  private rights and freedoms is important to us; we only use your data for the intended purposes. Since it is important to us that  you know at all times  to what extent  we  collect, use and, if necessary, transmit your data to third parties, we will inform you below in detail about the processing of your personal data (collected via our lead form).

When processing personal data, we strictly adhere to the requirements of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) and, if applicable, other data protection-relevant provisions.

Scope
This Privacy Policy applies exclusively to our Facebook (META) lead ad extension. It does not apply to Facebook's  own content  (META);  the privacy policy of Facebook (META) can be found herehttps://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0  

Name and address of the controller
GHOST-Bikes GmbH
An der Tongrube 3
95652 Waldsassen

Telefon: 09632-92550
E-mail: info@ghost-bikes.de

Name and address of the data protection officer
Dipl.-Ing. Lars Ebertz on behalf of L-E-C.COM GmbH
Lubergstraße 2
35756 Mittenaar
Fon: +49 2778 6969 10
eMail: lars(at)ebertz-datenschutz.de 

If you have any questions about the processing of your personal data, if you wish to assert your  rights as a data subject (such as the right to information, correction, blocking or deletion of data) or if you revoke your consent,  please contact our data protection officer directly.

Information about Facebook (META)  Ads (provider of the lead extension)
We use the "Lead Ads" function of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook") to collect and process certain personal data of interested parties – so-called leads – via a contact form displayed on Facebook websites (so-called "instant form"). The content and scope of the data requested in this form depends on the targeting of the respective lead campaign. 

The processing of the data is strictly tied to the purposes pursued with the respective lead ad campaign. These purposes are clearly stated in the lead ad or on the form provided before the data provided is transmitted. Depending on the orientation of the lead ad campaign, the legal basis for data processing is either your express consent in accordance with Art. 6 para. 1 lit. a GDPR (e.g. for direct marketing measures such as registration for e-mail newsletter dispatch) or our legitimate interest in optimal marketing of our offer in accordance with Art. 6 para. 1 lit. f GDPR. A transfer of the data to third parties does not take place.

As part of the aforementioned services, data transmitted via instant forms may be stored on servers of Meta Platforms, Inc., 1601 Willow Rd, Menlo Park, CA 94025, USA.

The privacy policy of Facebook (META) can be found here
https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0 

Data Protection Officer of Facebook (META)
You can contact Meta's data protection officer as the operator of Facebook via the online contact form provided athttps://www.facebook.com/help/contact/540977946302970 

Interaction with our lead form
As soon as you enter data in our  lead form, it will be stored in our Facebook (META) profile. Through our profile, we can download the data collected and use it for the purpose stated in the form. The data will not be passed on to third parties.

We transfer the data into our:

SALESFORCE SALES CLOUD

We use Salesforce Sales Cloud to manage customer data. The provider is salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich (hereinafter referred to as "Salesforce").

Salesforce Sales Cloud is a CRM system and allows us, among other things, to manage existing and potential customers as well as customer contacts – such as Facebook (META) LeadAd accounts – and to organize sales and communication processes. The use of the CRM system also enables us to analyze our customer-related processes. 

Customer data is stored on Salesforce's servers. Personal data may also be transmitted to the parent company of salesforce.com Germany GmbH, salesforce.com inc., Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA. 

Salesforce has Binding Corporate Rules (BCR) approved by the French Data Protection Authority. These are binding corporate regulations that legitimize intra-company data transfer to third countries outside the EU and the EEA. 

Details can be found  here: www.salesforce.com/de/blog/2020/07/die-binding-corporate-rules-von-salesforce-erfuellenhoechste-da.html

Details can  be found in Salesforce's privacy policy: www.salesforce.com/de/company/privacy/.

Salesforce Order Processing
We have concluded a contract for order processing (DPA) with the above-mentioned provider. This is a contract prescribed by data protection law that ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Deletion or blocking of personal data
We store your personal data only for the period necessary to fulfil the specified purpose. After the purpose ceases to exist and after expiration, if necessary. existing retention periods, your data will be  deleted immediately. If deletion is not possible, the data will be blocked instead.

Rights of data subjects
Chapter III of the EU General Data Protection Regulation (GDPR) provides extensive rights for data subjects, which we explain to you below  with regard to the processing of your personal data:

1) Right to informationThis requirement applies in particular to information on the following details of data processing:

  • Purposes of processing

  • Categories of data

  • Recipients or categories of recipients, if applicable

  • If applicable, the planned storage duration or the criteria for determining this duration

  • Reference to the respective right to correction, deletion, restriction or objection

  • Existence of the right to lodge a complaint with a supervisory authority

  • If applicable, origin of the data (if not collected from you)

  • If applicable, existence of automated decision-making including profiling including meaningful information about the logic involved, the scope and the expected effects

  • If applicable, (planned) transfer to a third country or international organisation

2) Recht auf Berichtigung
Ggfs. fehlerhafte Datenbestände werden wir umgehend berichtigen, sofern Du uns über den Umstand entsprechend informieren.

3) Right to erasure (right to be forgotten)If processing is no longer necessary and one of the following conditions is met:

  • Elimination of the purpose of processing

  • Withdrawal of your consent and absence of any other legal basis for processing

  • Objection to processing without an important reason to the contrary

  • Unlawful processing

  • Necessary to comply with a legal obligation

  • Data was collected in accordance with Article 8 (1) GDPR

As part of the deletion request, we may pass on your  request to those third parties to whom your data had previously been transmitted.

4) Right to restriction of processingIf one of the following conditions is met:

  • You dispute the  accuracy  of your data (restriction can be made for the duration of the review on our site)

  • In the event of unlawful processing and provided that the data is not to be deleted, the deletion shall be replaced by a restriction of processing

  • If the processing purposes cease to apply, at the same timeyou need your data to assert, exercise or defend legal claims

  • After you have objected in accordance with Article 21 (1) GDPR and for the duration of the examination as to whether our legitimate reasons  outweigh yours.

5) Right to data portabilityIf it is technically possible and does not affect the rights and freedoms of other persons, we will – at your  request –  transfer your data to another recipient (controller).

6) Right to objectIf we collect or have collected and process personal data from you (on the basis of Art. 6 para. 1 e or f or Art. 9 para. 2 a GDPR), you have the  right to object to data processing (including profiling) at any time (with effect for the future). In exceptional cases, the objection may be ineffective, e.g. if we can demonstrate compelling legitimate interests for the processing that  outweigh your interests or if processing serves to assert, exercise or defend legal claims. If we  process your personal data for direct marketing purposes, you have the right to object to this processing at any time. This also applies to profiling to the extent that it is associated with such direct marketing. You also  have the right to object to the processing of your data  concerning you, which is carried out  by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out for reasons of public interest.

7) Automated individual decision-making, including profilingIf we collect or have collected and process personal data from you, you have  the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or   similarly significantly affected. Exceptions to this requirement apply if the decision is necessary for the conclusion or performance of a contract between you and us or if you  have expressly consented to the processing. In any case, we will take appropriate measures to  safeguard your rights and freedoms  and legitimate interests, including at least the right to obtain human intervention on our part, to express our point of view and to contest the decision.

8) Right to revoke consent under data protection law
You have the  right to revoke your consent to the processing of personal data at any time.

9) Right to lodge a complaint with a supervisory authorityYou can  find a list of the supervisory authorities responsible in Germany  on the website of the Federal Commissioner for Data Protection or under the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/AufsBehoerdFuerDenNichtOeffBereich/AufsichtsbehoerdenNichtOeffBereich_liste.html

Legal basis of processing

We process personal data in accordance with the requirements of the GDPR, depending on the type and purpose of the processing as follows:

Informed consent Article 6(1)(a)
Protection of our legitimate interest Article 6(1)(f)

Our legitimate interest
Our legitimate interest, defined in accordance with Article 6 (1) (f) GDPR, is based on the performance of our business activities to maintain our operational capacity and secure the employment of our employees.

Existence of automated decision-making
We do not use automatic decision-making and do not use techniques to carry out profiling measures.

Service provider for Facebook (META) marketing
If we use service providers for the data processing of our Facebook (META) Lead form, we conclude corresponding contracts for order processing (DPA) with them. In the course of this, we regulate to what extent and under what security conditions the processing of the data takes place and determine the necessary authority to issue instructions in accordance with Art. 28 GDPR.

11. PRIVACY POLICY GOOGLE LEAD ADS

11. DATA PROTECTION GOOGLE LEAD ADS

PRIVACY POLICY FOR OUR GOOGLE ADS LEAD FORM EXTENSION

General information on data protection

The protection of your private rights and freedoms is important to us; we will only use your data for the purposes for which it is intended. Since it is important to us that you know at all times to what extent we collect, use and, if necessary, process your data. to third parties, we will inform you in detail below about the processing of your personal data (collected via our lead form).

When processing personal data, we strictly adhere to the requirements of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) and, if necessary, the GDPR. other data protection-relevant provisions.

Scope

This Privacy Policy applies exclusively to our Google Lead Form extension. It does not apply to Google's own content; Google's privacy policy can be found here. here

Name and address of the controller:

GHOST-Bikes GmbH

An der Tongrube 3

95652 Waldsassen

Phone: 09632-92550

E-Mail: info@ghost-bikes.de

Name and address of the data protection officer

 

Dipl.-Ing. Lars Ebertz on behalf of the EBERTZ DATENSCHUTZ GmbH
Ober den Wiesen 17
35756 Mittenaar

eMail: lars(at)ebertz-datenschutz.de

 

If you have any questions about the processing of your personal data, or if you wish to assert your rights as a data subject (such as the right to information, correction, blocking or deletion of data) or if you wish to revoke your consent, please contact our data protection officer directly.

 

About Google Ads (Lead Form Extension Provider)

Google Ireland LimitedGordon House, Barrow StreetDublin 4IrlandTel: +353 1 543 1000
Fax: +353 1 686 5660
E-Mail: support-deutschland(at)google.com

You can find Google's privacy policy here

Google's Data Protection Officer

To contact Google's Data Protection Officer, you can contact them at the following address: This Link fill out a contact form:

Running our Google Ads Lead Form Extension

Within the lead form extension, Google collects personal data for us. In particular, this is all data entered there – by you.

Interacting with our lead form

As soon as you enter data in our lead form, it will be stored in our Google Ads profile. Through our profile, we can download the data in bulk (manually or automatically) and use it for the purpose indicated in the form.  The data will not be passed on to third parties.

We transfer the data to our CRM system (see SALESFORECE SALES CLOUD) and also compare it with any existing data records in order to be able to assign them correctly.

As part of the Function Google Enhanced Conversion Tracking receives a so-called hash of the email identifier - es is not transmitted in plain text – for later recognition and correct assignment. See also the chapter 'GOOGLE (ENHANCED) CONVERSION-TRACKING“ in of the general Privacy policy.

SALESFORCE SALES CLOUD

We use Salesforce Sales Cloud to manage customer data. The provider is salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich (hereinafter referred to as "Salesforce").

Salesforce Sales Cloud is a CRM system and allows us, among other things, to manage existing and potential customers as well as customer contacts – such as the Google LeadAd accounts – and to organize sales and communication processes. The use of the CRM system also enables us to analyze our customer-related processes. Customer data is stored on Salesforce's servers. Personal data may also be transmitted to the parent company of salesforce.com Germany GmbH, salesforce.com inc., Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA.

Salesforce has Binding Corporate Rules (BCR) approved by the French Data Protection Authority. These are binding internal company rules that legitimize the internal transfer of data to third countries outside the EU and the EEA.

Details can be found here. here

Details can be found in the Privacy policy from Salesforce:

 

Salesforce Order Processing

We have concluded a data processing agreement (DPA) with SALESFOREC . This is a contract required by data protection law that ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

Basic information on the deletion or blocking of personal data

We only store your personal data for the period necessary to fulfil the specified purpose. After the purpose has ceased to exist and after expiry, if applicable. existing retention periods, your data will be deleted immediately. If deletion is not possible, the data will be blocked instead.

Rights of data subjects

The EU General Data Protection Regulation (GDPR) provides extensive rights for data subjects in Chapter III, which we explain to you below with regard to the processing of your personal data:

1) Right of accessThis requirement applies in particular to information on the following details of data processing:

  • Purposes of processing

  • Categories of data

  • Recipients or categories of recipients, if applicable

  • If applicable, the planned storage period or the criteria for determining this period

  • Note on the respective right to correction, erasure, restriction or objection

  • Existence of the right to lodge a complaint with a supervisory authority

  • If applicable, origin of the data (if not collected from you)

  • If applicable, the existence of automated decision-making, including profiling, including meaningful information about the logic involved, the scope and the expected effects

  • If applicable, (planned) transfer to a third country or international organisation

2) Right to rectificationIf necessary, We will rectify any incorrect data immediately, provided that you inform us of the circumstance accordingly.

3) Right to erasure (right to be forgotten), provided that the processing is no longer necessary and one of the following conditions is met:

  • Cessation of the purpose of processing

  • Withdrawal of your consent and lack of any other legal basis for processing

  • Objection to processing without an important reason to the contrary

  • Unlawful processing

  • Necessary to comply with a legal obligation

  • Data collection was carried out in accordance with Art. 8 (1) GDPR

As part of the deletion request, we will process your request if necessary. to those third parties to whom your data was previously transferred.

4) Right to restriction of processing, provided that one of the following conditions is met:

  • You contest the accuracy of your data (restriction can be made for the duration of the verification on our site)

  • In the event of unlawful processing and if the data is not to be deleted, the deletion will be replaced by a restriction of processing

  • If the processing purposes cease to apply, at the same time you need your data to assert, exercise or defend legal claims

  • After you have objected in accordance with Art. 21 (1) GDPR and for the duration of the examination of whether our legitimate reasons outweigh yours.

5) Right to data portabilityInsofar as it is technically possible and does not affect the rights and freedoms of other persons, we will – at your request – transfer your data to another recipient (controller).

6) Right to objectInsofar as we collect or have collected and process personal data from you (on the basis of Art. 6 para. 1 e or f or Art. 9 para. 2 a GDPR), you have the right to object to data processing (including profiling) at any time (with effect for the future). In exceptional cases, the objection may be invalid, e.g. if we can demonstrate compelling legitimate interests for the processing that outweigh your interests or if the processing serves to assert, exercise or defend legal claims. If we process your personal data for direct marketing purposes, you have the right to object to this processing at any time. This also applies to profiling insofar as it is related to such direct marketing. You also have the right to object to the processing of your data concerning you that is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

7) Automated decision-making in individual cases, including profilingTo the extent that we collect or have collected and process personal data from you, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Exceptions to this requirement apply if the decision is necessary for the conclusion or performance of a contract between you and us or if you have expressly consented to the processing. In any event, we will take reasonable steps to safeguard your rights and freedoms and legitimate interests, including, at a minimum, the right to obtain our intervention, to express one's point of view and to challenge the decision.

8) Right to withdraw consent under data protection lawYou have the right to withdraw your consent to the processing of personal data at any time.

9) Right to lodge a complaint with a supervisory authorityA list of the competent supervisory authorities in Germany can be found on the website of the Federal Commissioner for Data Protection or under the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/AufsBehoerdFuerDenNichtOeffBereich/AufsichtsbehoerdenNichtOeffBereich_liste.html

Legal basis for processing

We process personal data in accordance with the provisions of the GDPR, depending on the type and purpose of the processing, as follows:

Informed Consent

Article 6(1)(a)

Safeguarding our legitimate interest

Article 6(1)(f)

 

Our legitimate interest

Our legitimate interest, as defined in Article 6 (1) (f) of the GDPR, is based on the performance of our business activities to maintain our operational capability and secure the employment of our employees.

Existence of automated decision-making

We do not use automated decision-making and do not use any techniques to carry out profiling measures.

Google Marketing Service Provider

If we use service providers for the data processing of our Google lead forms, we conclude corresponding data processing agreements (DPA) with them. In the course of this, we regulate the extent to which and under what security conditions the processing of the data takes place and determine the necessary authority to issue instructions in accordance with Art. 28 GDPR

 

 

 

GOOGLE (ENHANCED) CONVERSION-TRACKING

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can see whether the user has taken certain actions. For example, we can evaluate which buttons on our website were clicked on and how often, and which products were viewed or purchased particularly often.

Information is used to compile conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information that allows us to personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

If you give your consent, we will transmit the e-mail address provided  in the context of the purchase of one of our products to Google through a secure (hashed) procedure in order to be able to carry out a possible conversion (so-called ENHANCED CONVERSION). This conversion can then generate, for example, statisticsthat provide us with information about the course and development of a purchase in order to optimize our processes.

 

You can find more information about Google Conversion Tracking in the Privacy policy from Google: . The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TTDSG. Consent must be given at any time with effect for the future revocable.

 

 

12. CONDITIONS OF PARTICIPATION SWEEPSTAKES

CHRISTMAS RAFFLE - NIRVANA TOUR MOUNTAIN BIKE
Participation in the raffle implies acceptance of the following conditions of participation. With your participation you accept the following conditions of participation.

1. PARTICIPATION
To participate in the raffle, participants must:

A) register in the "Win a Nirvana Tour" social media campaign.
B) provide their first name, last name, email address and date of birth and confirm that they are 18 years or older and agree to the terms and conditions of this raffle.

The competition will start with the publication of the entry on 27.11.2022 at 12:00 (CET) and will end on 18.12.2022 at 23:59:00 (CET). The winners will be notified by 23.12.2022 at 18:00:00 (CET).

Participation is free of charge and in no way linked to the purchase of products. Subscription to the newsletter can be cancelled at any time. Anyone aged 18 or over and resident in Germany, Austria, Switzerland, Spain, Sweden, Finland or Norway is eligible to participate. Employees of GHOST-Bikes GmbH and their immediate family members may not participate.

2. PRIZE AND RAFFLE
Prize: One Nirvana Tour mountain bike from GHOST-Bikes GmbH.

Prize Drawing: The winner will be selected at random and contacted directly by GHOST-Bikes via email. The selected winner will have 5 days to respond to the email and indicate whether he/she accepts the prize. If he/she does not reply within these 5 days, he/she will lose the possibility to claim the prize. The participant is asked to check the spam folder, as prize emails may be automatically redirected there.
GHOST-Bikes GmbH will arrange the delivery with the winner and pay the shipping costs. The prize will be handed over at a GHOST-Bikes dealer near the winner. The dealer will be determined by GHOST-Bikes.

3. INFORMATION ACC. ART. 13 DSGVO

We - GHOST-Bikes GmbH, An der Tongrube 3, 95652 Waldsassen, Germany - process your personal data in the sense of Art. 4 DSGVO - including surname, first name, date of birth, email address and country - exclusively for the purpose of processing the prize draw as listed here as well as the subsequent dispatch of the GHOST-Bikes newsletter.

The data will not be passed on to third parties - except for the associated commissioned data processors within the meaning of Art. 28 DSGVO or the operator of this network (Facebook / META) - or within the Accell group of companies. Your data will be automatically and irrevocably deleted after expiry of the purpose and any retention periods.

Please note that Facebook (META) and possibly other service providers are located outside the European Economic Area (USA).

WE WOULD LIKE TO POINT OUT THAT THE USA IS NOT A SAFE THIRD COUNTRY WITHIN THE MEANING OF EU DATA PROTECTION LAW.

We have no influence on this data processing.

Furthermore, the Facebook (META) Promotion Guidelines and the terms and conditions of the Facebook (META) Lead Ads apply .

The winner expressly agrees that the organizer may use image material relating to the prize and its implementation for media purposes within their web presences and social media channels. An objection pursuant to Art. 21 DSGVO or further assertion of data subject rights may be addressed to the data protection officer (Dipl.-Ing. Lars Ebertz, lars@ebertz-datenschutz.de) of GHOST-Bikes GmbH at any time.

4. PREMATURE TERMINATION
The organizers reserve the right to terminate or change the competition at any time without prior notice, if for technical reasons (e.g. hardware and software errors, computer viruses or manipulations) or legal reasons a proper execution cannot be guaranteed.

5. ORGANIZER
Organizer of the competition is GHOST-Bikes GmbH.
Imprint: www.ghost-bikes.com/de-en/imprint

6. FACEBOOK(META)/INSTAGRAM DISCLAIMER
The competition is not connected to Facebook and is in no way sponsored, supported or organized by them. Contact person and responsible person are only the organizers as listed in point 5.

Comparación de bicicletas (0)

Seleccione otra bicicleta para hacer la comparación. Puede comparar hasta 3 bicicletas.
Comparar bicicletas