Protecting your privacy is important to us. Therefore, we urge you to read carefully the following summary of how our website www.fidlock-bike.com works. The data privacy statement included there meets the guidelines of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). You should learn about how and why the website operator, Fidlock GmbH, uses personal data. Although our website is equipped with various security precautions, absolute protection of your data cannot be guaranteed since security flaws in the internet cannot be ruled out. If you have concerns regarding the collection of your data, you will find the appropriate contact information under item 1.
For the purposes of the GDPR, other national data protection laws of the member states, and other data protection provisions, the controller is:
Fidlock GmbH, Kirchhorster Str. 39, 30659 Hannover
Tel.: +49 511 961 593 50, Fax: +49 511 961 593 29
If you have information requests, other requests, complaints or criticism regarding our data protection, you can contact the controller listed here.
An external Data Protection Officer helps to ensure data at our company is properly protected. If you have concerns regarding the processing of your personal data, you have the option of contacting that officer directly.
The controller’s data protection officer is:
Mr Christopher Lenz, employed by backoffice360 GmbH, Gustav-Adolf-Straße 30, 30167 Hannover
Tel.: +49 511 1247 220 , E-Mail: firstname.lastname@example.org
We collect and use personal data from our users only if this is needed for our content and services and to provide a functional website. We normally collect and use our users’ personal data only with their consent. This does not apply if practical circumstances prevent us from obtaining prior consent, or if we may or must process the data under statutory provisions. We will use your personal data only within our company. If personal data are forwarded to service providers as part of commissioned data processing, we will obligate those providers to comply with the GDPR and the BDSG (Federal Data Protection Act). We will pass your data on to agencies entitled to receive such information only if we are obligated to do so by law or a court order.
Legal bases for the data processing:
The data subject’s personal data will be erased or blocked as soon as the purpose of storage no longer applies. We may also store those data if such storage is provided for through the European or national legislature in the form of directives under European Union law, statutes or other provisions to which the controller is subject. The data will also be erased or blocked if a storage period prescribed by the standards mentioned expires, unless the data must be stored for longer to conclude or fulfil a contract.
The employees of Fidlock GmbH are contractually obligated to observe data privacy.
Please note that data is transmitted to us via an encrypted connection which is not fully secure and which might enable unauthorised third parties to gain knowledge of personal data. Fidlock GmbH will not be liable for any improper use of personal data by third parties which results from the encrypted connection. We strive to ensure as safe a transmission path as possible.
If you make a purchase in our online shop, we process the following personal data concerning you in order to execute your order:
– Order number
– Last name, first name
– Address (billing and delivery address)
– E-Mail address
– Telephone number
– Payment details
– Any text entered by the user in the field provided
As part of the order process, we obtain your consent to the processing of your data.
In order to prevent improper conduct, we reserve the right to transmit your data to credit agencies for the purposes of conducting a credit screening. Our objective is to obtain information on your previous payment behaviour which is relevant to creditworthiness, information required to assess default risk based on mathematical-statistical processes using address details (scoring) and data to verify your address (assessment of deliverability). We work with heidelplay GmbH, Vangerowstraße 18, 69115 Heidelberg, Germany. The legal basis for credit screening is Art. 6(1)(f) GDPR. The following data concerning you is transmitted to the credit agency:
– First name, last name
– Address (billing and delivery address)
To the extent permitted by law, we disclose your data to our partner companies, who assist us to properly execute the contract. For their part, these companies are always obliged to comply with the provisions on data protection; in particular, these companies may only process the data for the purpose of performing the tasks we assign to them and according to our instructions.
The legal basis for processing and storing the user’s personal data is Art. 6(1)(b) GDPR.
The collection, processing and storing of personal data is done to identify you as our customer, to process, fulfil and execute your order, for the purposes of correspondence with you, for billing, to settle any liability claims, to ensure our website’s technical administration and to manage our customer’s data.
The personal data which we collect for the purposes of executing your order is stored for the statutory retention period and then deleted, unless you have consented to a longer period of storage pursuant to Art. 6(1)(1)(a) GDPR.
The collection, processing and storage of personal data is absolutely necessary for the operation of the online shop. Consequently, the user is not entitled to object to this.
Whenever our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data will be collected:
– Information on the browser type and the version used
– The user’s operating system
– The user’s internet service provider
– The user’s IP address
– Date and time of access
– Websites from which the user’s system is directed to our internet site
– Websites which are accessed from the user’s system via our website
The data will also be stored in our system’s log files. These data will not be stored together with the user’s other personal data.
The legal basis for storing the data and the log files temporarily is Art. 6(1)(f) GDPR.
The IP address must be temporarily stored by the system, so the webpage can be delivered to the user’s computer. To do so, the user’s IP address must remain stored during the entire session.
It is stored in log files to ensure the webpage’s functionality. The data also help us optimise the webpage and ensure the security of our IT systems. In this context, the data will not be evaluated for marketing purposes.
These purposes also include our legitimate interest in data processing under Art. 6(1)(f) GDPR.
The data will be erased when they are no longer needed to attain the objective of their collection. If the data were collected to provide the webpage, they will be erased when the respective session is over.
If the data are stored in log files, this will normally last a maximum of seven days. Storage past that point is possible. In this case, the user’s IP address will be deleted or distorted so that it can no longer be allocated to the accessing client.
Data must be collected for the webpage to be provided, and they must be stored in log files for the internet site to be operated. Consequently, the user may not object to this.
In so doing, the following data are stored and transmitted in the cookies:
– Language settings
– Login information
– Screen resolution
The legal basis for using cookies to process personal data is Art. 6(1)(f) GDPR.
We need cookies for the following applications:
– Language settings
– Login information
– Screen resolution
– Cookie accept (information banner)
The user data collected through technically necessary cookies is not used to create user profiles.
These purposes also include our legitimate interest in processing the personal data under Art. 6(1)(f) GDPR.
Our websites allow subscribing to a newsletter free of charge. It informs you regularly about new products, events, fairs and other FIDLOCK related news. Therefore, the data from the input screen will be transmitted to us.
The following data will be collected:
Additionally, the following data will be collected during the registration: Date and time of the registration.
For statistical purposes, for the recognition of reading habits and the personalization of the content, it will be recorded if and at what time the Newsletter is opened and which links are clicked.
To process the data, your consent will be obtained during the registration procedure by a so-called double-opt-in-process and this privacy statement will be referred to. The double-opt-in-process means that you will receive an e-mail after the registration, asking you to confirm your subscription. This confirmation is required to verify whether the owner of an e-mail address was the one who registered for the newsletter.
We use the Google service reCaptcha to determine whether a person or a computer makes a specific entry in our contact or newsletter form. Google uses the following information to determine if you are a human being or a computer: IP address of the terminal device you are using, the website you are visiting and on which the captcha is integrated, the date and duration of the visit, the identification data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks for which you must identify images. The legal basis for the described data processing is Art. 6 para. 1 lit. f GDPR. There is a legitimate interest on our part in this data processing to ensure the security of our website and to protect us from automated input (attacks).
The legal foundation for the data processing after the registration for our newsletter and after receiving the user’s consent is Art. 6 para. 1 lit. f General Data Protection Regulation.
The user’s e-mail address is collected for the sole purpose of sending the newsletter.
The collection of other personal data during the registration process prevents the misuse of the services or the used e-mail address.
For statistical purposes, for the recognition of reading habits and the personalization of the content, it will also be recorded if and at what time the Newsletter is opened, and which links are clicked.
The data (e.g. opening- and click-rates) will be erased as soon as they are no longer required for the purpose they were collected. The other data collected during the registration process will be deleted a week after unsubscribing and/or the revoking one’s consent, provided legal regulations or other justified interests don’t conflict with the deletion according to Art. 6 para. 1 lit. f GDPR. In such a case, the processing of the data will be limited to the purpose of fending off claims. The same applies to personal data collected during the registration process of users who started the double-opt-in-process without completing it. Deletion of the data can be individually requested any time if previous consent is confirmed concurrently.
The subscription to our newsletter can be cancelled by the user at any time. For this purpose, each newsletter contains a corresponding link. This also enables the revocation of consent for the storage of collected personal data during the registration process. Moreover, cancelling the subscription, the revocation of consent, as well as the objection of storage are possible by sending an e-mail to email@example.com.
There are various contact forms on our website which can be used for electronic contact and for the purpose of providing information about product stocks and new product releases. If a user takes advantage of this possibility, the data entered into the input mask will be transmitted to us and stored. These data are:
– Form of address
– Information on whether a company or private person is involved
When the message is sent, the following data will be stored as well: Date and time of dispatch
To process the data, your consent will be obtained during the sending procedure and this data privacy statement will be referred to. In the alternative, contact can be made via the email address provided. In this case, the user’s personal data transmitted along with the email will be stored. The data will be used exclusively to process the conversation.
If the user’s consent has been obtained, the legal basis for processing the data is Art. 6(1)(a) GDPR. The legal basis for processing data transmitted when an email is sent is Art. 6(1)(f) GDPR. If the email contact aims to conclude a contract, an additional legal basis for the processing is Art. 6(1)(b) GDPR.
Processing the personal data from the input mask serves the exclusive purpose of helping us process the contact that is made. Making contact through email also constitutes the required legitimate interest in processing those data. The other personal data processed during the sending procedure serve to prevent misuse of the contact form and ensure the security of our IT systems.
The data will be erased when they are no longer needed to attain the objective of their collection. Personal data from the input mask of the contact form and those which were sent via email will be erased when the respective conversation with the user has ended. The conversation will end when circumstances reveal that the situation concerned has been finally cleared up. The additional personal data collected during the sending procedure will also be erased after the matter has been conclusively cleared up.
The user may at any time revoke their consent to have their personal data processed. If the user contacts us through email, they can object at any time to having their personal data stored. In such a case, the conversation cannot be continued. The withdrawal of consent and objection to storage are enabled by sending an email to firstname.lastname@example.org. In this case, all personal data that were stored when contact was established will be erased.
Whenever you send us an email application, we will process your personal data which you make available electronically for the purposes of the application. All personal data will be treated as strictly confidential and used only to process your email application, in accordance with applicable statutory data protection provisions.
As part of your email application, we will collect and process the following personal data:
– Last name, First name
– Telephone number
– Email address
– Application documents (application letter, curriculum vitae, certificates, photo, etc.)
We will not transmit to any third parties the personal data and files you have transmitted to us, unless you have expressly consented to such transmission in advance or it is mandatory under the statutes.
The legal basis for the data processing after your send your email application is § 26(1) BDSG (Federal Data Protection Act, new version).
Your personal application data are collected and processed only to fill positions within our company. As a general principle, your data will be forwarded only to our company’s in-house offices and departments which are responsible for the specific application procedure. If your application is successful, the data and files you provide can be used for administrative matters as part of your employment.
If your application is not successful, we will store the transmitted personal data and files in our applicant database for six months, so we can answer subsequent questions about the application. The data and files will be erased after six months. This does not apply if statutory provisions oppose erasure, further storage is necessary for evidential purposes, or you have expressly consented to longer storage.
If we are currently unable to offer you a position, but your profile convinces us that your application might be of interest for future job offers, we will store your personal application data for longer than six months if you expressly consent to such storage and use.
We highly value our systems’ security and use modern data storage and security technology to optimally protect your data. All systems in which your personal data are stored are protected against third-party access and accessible to only a certain group of people who are responsible for personnel.
Please note that absolute data security cannot be guaranteed during email communication.
During the email application process, you may demand at any time that individual files or bits of personal data you have transmitted be erased. However, we reserve the right to store a limited quantity of your data for six months to comply with statutory provisions, especially the obligation to provide evidence under the General Equal Treatment Act (AGG). The same applies if you wish to withdraw your application.
The withdrawal of consent and objection to storage are enabled by sending an email to email@example.com.
On our website, we use the software tool Google Analytics to analyse our users’ surfing behaviour. The software places a cookie on the user’s computer (for more on cookies, see above). If individual pages of our website are accessed, the following data are stored:
– Two bytes from the IP address of the user’s accessing system
– The accessed website
– The website from which the user arrived at the accessed website (referrer)
– The subpages which are accessed from the accessed website
– Amount of time spent on the website
– How often the website is accessed
– Information on the browser type and the version used
– The user’s operating system
This website uses Google Analytics reports on demographic features, which use data from interest-based Google ads and visitor data from third-party providers (such as age, gender and interest). Those data cannot be traced to anyone in particular and can be deactivated at any time via the ad settings. The information generated by the cookie regarding your usage of this website (including your IP address) is generally transferred to a Google server in the U.S., where it is stored. Google will use this information to evaluate your use of the website, create reports about website activities for the website operator, and render additional services which are related to website use and internet use. Google might also transmit the information to third parties if this is prescribed by law or if third parties process these data on Google’s behalf. In no case will Google combine your IP address with other Google data. You can prevent the cookies from being stored by adjusting your browser settings accordingly, but we must point out that if you do, you will not be able to use all of this website’s functions to their full extent. The software is set so that IP addresses are not stored in their entirety, but 2 bytes of the IP address are masked (example: 192.168.xxx.xxx). This means that the truncated IP address can no longer be connected to the accessing computer.
The legal basis for processing the user’s personal data is Art. 6(1)(f) GDPR.
The processing of the user’s personal data allows us to analyse that user’s surfing behaviour. By evaluating the data obtained, we can compile information about how individual components of our website are used. And this helps us to continually improve our website and its user-friendliness. These purposes also include our legitimate interest in processing the data under Art. 6(1)(f) GDPR. Anonymising the IP address takes the user’s interest in protecting their personal data adequately into account.
After the IP address is masked or dissociated from personal reference, the data are no longer personal. Therefore, these masked IP addresses will not be erased automatically.
You can also keep Google from collecting and processing the data which the cookie generates regarding your use of the website (including your IP address) by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=de). An opt-out cookie will be placed, which prevents your data from being recorded when you visit our website in the future. In addition, you have the option to disable the collection of your data by Google by clicking on this link: Disable Google Analytics. This will set a special opt-out cookie that will prevent Google from collecting your information in the future. Please note that you will have to click the link again if you have deleted the set cookie.
You will find more detailed information under http://tools.google.com/dlpage/gaoptout?hl=de or http://www.google.com/intl/de/analytics/privacyoverview.html (general information about Google Analytics and data privacy). We wish to point out that on this website Google Analytics is extended by the code “gat._anonymizeIp();” to guarantee that IP addresses are collected in anonymised form (known as “masking”).
Within our online services, due to our legitimate interest in analysing, optimising and economically operating those services, and for those purposes, we use the “Facebook pixel” of the social network Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you reside in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
The processing is based on our legitimate interest in the aforementioned purpose under Art. 6 (1)(f) GDPR.
Facebook is certified under the Privacy Shield Treaty and hereby offers a guarantee that European data privacy laws will be complied with (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
The Facebook pixel enables Facebook to specify the visitors to our online services as a target group for the presentation of ads (known as “Facebook ads”). Accordingly, we use the Facebook pixel to show the Facebook ads we place only to those Facebook users who have shown an interest in our online services or exhibit the particular characteristics (such as interest in certain topics or products determined using the visited websites) which we transmit on Facebook (known as “custom audiences”). The Facebook pixel also allows us to ensure that our Facebook ads match the user’s potential interests and aren’t annoying. The Facebook pixel also allows us to determine how effective Facebook ads are for statistical and market research purposes, in that we see whether users are directed to our website after clicking on a Facebook ad (known as “conversion”). Whenever our website is accessed, the Facebook pixel is directly integrated through Facebook and can place a cookie (small file) on your device. If you then log into Facebook or visit Facebook while logged in, the visit to our services will be noted in your profile. The data collected about you are anonymous to us and cannot be used to identify the user. However, Facebook will store and process those data, making it possible to connect them to the user profile in question. Facebook will process the data within the restrictions of Facebook’s data use guidelines. Accordingly, those guidelines contain additional information about how the marketing pixel works and about the presentation of Facebook ads in general: https://www.facebook.com/policy.php.
You can object to having your data collected through the Facebook pixel and used to show Facebook ads here. To control the types of ads shown to you within Facebook, you can call up the site set up by Facebook and follow the instructions on how to change your ad preferences: https://www.facebook.com/settings?tab=ads. The settings do not depend on platform and will be taken over on all devices, such as a desktop computer or mobile devices.
Our internet presence uses plug-ins from various social networks (“Facebook”, “Twitter”, “Instagram”, “YouTube”, and “Xing”). The buttons bear the logo of the social network in question. When you visit our website, the buttons are deactivated, or merely linked, so that no data will be sent to the social networks unless you click a button. Doing so will establish a direct connection to the server of that social network. If you are logged into a social network, that network provider can assign this website visit to your user account. If you don’t want this to happen, we recommend that you log out of your account in advance. Even if you are not a member of a social network, that network’s provider might learn your IP address and store it. If you don’t want this to happen, don’t click the button. Fidlock cannot influence how or to what extent social networks will collect, process or use data. Those networks’ data privacy statements will reveal their data privacy regulations and your rights in this regard.
As the content provider, Fidlock GmbH is legally responsible for our “own content” which we keep ready for use. And that content must be differentiated from cross-referencing links to content held by other providers. Through such cross-referencing, Fidlock GmbH holds “external content” ready for use which is identified on this website. Links are dynamic references. When the external content was first linked, Fidlock GmbH checked it for whether it might trigger responsibility under civil or criminal law. However, the content is not periodically checked for changes which could justify any new responsibility.
If additional programmes such as Java Script or Flash® (Adobe) are necessary to correctly display the website or media service, you must install such programmes yourself, as a user of the website or media service. No required software will be automatically installed without permission. However, Fidlock GmbH reserves the option of offering the visitor such additional programmes, but without having to obtain any consent for their installation on the visitor’s computer. Fidlock GmbH is not obligated to display the website correctly.
If your personal data are processed, you are the data subject as defined by the GDPR and are entitled to the following rights toward the controller:
You can demand that the controller confirm whether we are processing personal data concerning you. If this is the case, you can demand access to the following information from the controller:
You have the right to demand whether the personal data concerning you are transmitted to a third country or international organisation. In this context, you may demand to be informed about the appropriate guarantees under Art. 46 GDPR in connection with such transmission.
If the processed personal data that concern you are incorrect or incomplete, you have the right against the controller to have them corrected, deleted, or both. The controller must undertake such correction without undue delay.
You may demand that the processing of the personal data concerning you be restricted, under the following conditions:
if the processing of the personal data concerning you has been restricted, those data—regardless of their storage—may be processed only (1) with your consent, (2) to assert, exercise or defend against legal claims, (3) to protect the rights of another natural person or legal entity, or (4) for reasons of an important public interest of the EU or a member state. if the processing has been restricted according to the aforementioned conditions, the controller will inform you before that restriction is lifted.
You may demand from the controller that the personal data concerning you be erased without undue delay, and the controller will be obligated to do so provided one of the following grounds applies:
If the controller has publicised the personal data but is obligated under Art. 17(1) GDPR to erase them, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure does not exist if the processing is necessary:
If you have asserted your right to rectification, erasure or restriction of the processing toward the controller, that controller is obligated to communicate such correction or deletion of the data or restriction of its processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or would entail a disproportionate effort. You have the right to be informed by the controller about those recipients.
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit these data to another controller without hindrance from the controller to which the personal data were provided, as long as
In exercising this right, you may also have the personal data concerning you transmitted directly from one controller to another, insofar as this is technically feasible. Doing so must not impair the rights and freedoms of others. The right to data portability does not apply if personal data must be processed to carry out a task in the public interest or in the exercise of public authority vested in the controller.
You have the right to object at any time, for reasons arising from your particular situation, if personal data concerning you are processed based on Art. 6(1)(e or f) GDPR. This also applies to profiling based on these provisions. The controller will cease processing the personal data concerning you unless the controller can verify compulsory legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is done to assert, exercise or defend against legal claims. If the personal data concerning you are processed for direct marketing purposes, you may object to that processing at any time. This also applies to any profiling connected to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. In connection with the use of information society services, you may exercise your right to object using an automatic procedure in which technical specifications are used (regardless of Directive 2002/58/EC).
You have the right to withdraw your declaration of consent under data protection laws at any time. Withdrawing your consent will not affect the legality of processing that has already occurred based on your consent.
You have the right not to be subject to a decision based exclusively on automated processing—including profiling—which legally affects or otherwise significantly impairs you. This does not apply if that decision
However, these decisions may not be based on special categories of personal data under Art. 9(1) GDPR unless Art. 9(2)(a or g) GDPR apply and reasonable measures have been taken to protect your rights, freedoms and legitimate interests. Regarding the cases mentioned in (1) and (3), the controller must take reasonable measures to guard your rights, freedoms and legitimate interests, which must include at least the right to obtain human intervention on the part of the controller, to present your own point of view, and to contest the decision.
If you believe that the processing of the personal data concerning you breaches the GDPR, you have the right to complain to a supervisory authority—especially in the member state of your abode, your workplace, or the place of the suspected breach—without prejudice to other administrative rights or judicial remedies. The supervisory authority to which the complaint is submitted will inform the complainant about the status and results of that complaint, including the possibility for judicial remedy under Art. 78 GDPR.
Competent supervisory authority:
Data Protection Authority of the State of Lower Saxony
Barbara Thiel, Prinzenstraße 5, 30159 Hannover
Tel.: +49 511 120 45 00, Fax: +49 511 120 45 99, Email: firstname.lastname@example.org
As the controller, we reserve the right to amend the data privacy statement at any time regarding applicable data protection provisions.
Last revision: November 2018