Privacy
1. GENERAL INFORMATION ON THE PROCESSING OF PERSONAL DATA
(1) The protection of your personal data is of particular importance to us. In the following, we would therefore like to inform you in detail which personal data is processed when you use our websites and offers.
(2) The person responsible pursuant to Art. 4 No. 7 of the Basic Data Protection Regulation (“DSGVO”) is
NICOLAI GmbH
Altenbekener Str.2a
D-31008 Elze / Mehle
Phone: +49 (0) 5068-72699-500
E-mail: nicolai@nicolaibike.com (hereinafter “NICOLAI”)
(hereinafter referred to as “NICOLAI”). Further information can be found in our imprint.
(3) We process personal data only in compliance with the relevant data protection regulations. This means that the data will only be processed if legal permission has been obtained. In other words, in particular if data processing is required for the provision of our contractual services and online services, or is required by law, consent has been obtained, as well as on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation and security of our online services within the meaning of Art. 6 Para. 1 lit. f DSGVO, in particular in measuring the range, creating profiles for advertising and marketing purposes and collecting access data and using the services of third parties).
(4) The legal basis for the consents is Art. 6 para. 1 lit. a and Art. 7 DSGVO, the legal basis for the processing for the fulfilment of our services and the implementation of contractual measures is Art. 6 para. 1 lit. b DSGVO, the legal basis for the processing for the fulfilment of our legal obligations is Art. 6 para. 1 lit. c DSGVO, and the legal basis for the processing for the protection of our legitimate interests is Art. 6 para. 1 lit. f DSGVO.
2. DATA PROCESSING WHEN VISITING OUR WEBSITES
(1) When using our web pages for purely informational purposes, i.e. if you do not make an enquiry, log in or otherwise provide us with personal information, we process the data that your browser transmits to our server and which is technically necessary to display our web pages for you and to guarantee stability and security:
– IP address. Date and time of the request,
– Date and time of the request,
– Duration of the website visit,
– Time zone difference to Greenwich Mean Time (GMT),
– Content of the request (concrete page),
– Access status/HTTP status code,
– the amount of data transferred in each case,
– Website from which the request comes,
– Websites that you visit on our site,
– Internet service provider,
– Browser type,
– Server Log Files,
– Operating system and its interface,
– Language and version of the browser software.
(2) The legal basis is Art. 6 Para. 1 S. 1 lit. f DSGVO, i.e. our legitimate interest in the presentation of the websites accessed.
3. DATA PROCESSING THROUGH THE USE OF COOKIES
(1) In addition to the aforementioned data, cookies are stored on your end device when you use our website. Cookies are small text files that are stored on your hard drive and assigned to your browser and provide us with information. They serve to make our website more user-friendly and effective. The legal basis is Art. 6 Para. 1 S. 1 lit. f DSGVO, namely our legitimate interest in improving the user-friendliness of our website and in evaluating our online marketing activities.
(2) You can configure your browser settings according to your wishes and thus, for example, refuse to accept cookies. Please note that in this case you may not be able to use all functions of our website.
3.1 GOOGLE ANALYTICS
(1) We use Google Analytics, a web analysis service provided by Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics also uses cookies. The information generated by the cookie about your use of our website is generally transmitted to and stored by Google on servers in the United States.
(2) If IP anonymisation is activated, Google will, however, shorten your IP address beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. IP anonymization is active in our web service. On our behalf, Google will use this information to evaluate the use of our websites, to compile reports on activities and to provide us with other services related to website and Internet use.
(3) The IP address transmitted by your browser as part of Google Analytics is – according to Google – not combined with other data from Google. In addition, we refer you to Google’s data protection declaration. You can prevent Google from collecting the data generated by the cookie and related to its use (including your IP address) and Google from processing this data by downloading and installing a browser plug-in.
3.2 GOOGLE DYNAMIC REMARKETING
(1) On our websites we use the remarketing or “similar target group” function of Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This feature enables us to target you as a visitor to our Web Sites by placing personalized, interest-based advertisements on your behalf when you visit other Web sites on the Google Display Network.
(2) Google uses cookies to perform the analysis of website usage, which forms the basis for the creation of interest-related advertisements. For this purpose, Google stores a small file with a sequence of numbers in your browser. This number is used to record visits to the website and anonymous data on the use of the website. There is no storage of personal data of the visitors of the web pages. If you subsequently visit another website in the Google Display Network, you will see advertisements that are highly likely to include previously accessed product and information areas.
(3) You can permanently disable Google’s use of cookies by downloading and installing a browser plug-in. For more information about Google Remarketing, please see Google’s Privacy Policy.
3.3 FACEBOOK-MARKETING-SERVICES
(1) Due to our legitimate interests in the analysis, optimisation and economic operation of our online services and for these purposes, the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or, if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), is used within our online services.
(2) Using the Facebook pixel, Facebook is able on the one hand to determine the visitors of our online offer as the target group for the presentation of ads (so-called “Facebook ads”). Accordingly, we use Facebook pixels to display Facebook ads placed by us only to Facebook users who have shown an interest in our online offering or who have certain features (e.g. interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Facebook (so-called “custom audiences”). Using Facebook pixels, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not act as a nuisance. Using the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were referred to our website after clicking on a Facebook ad (known as “conversion”).
(3) The Facebook pixel is directly integrated by Facebook when you visit our websites and can store a so-called cookie, i.e. a small file, on your device. If you then log in to Facebook or visit Facebook when logged in, the visit to our online service is noted in your profile. The data collected about you is anonymous to us and does not provide us with any information about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook as well as for its own market research and advertising purposes. If we transmit data to Facebook for comparison purposes, this data is encrypted locally on the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of matching it with data that is equally encrypted by Facebook.
(4) Facebook processes the data in accordance with the Facebook Data Usage Policy. Specific information and details about the Facebook pixel and how it works can be found in the Facebook help section.
(5) You may opt out of Facebook pixel collection and use of your information to display Facebook Ads. To set what types of ads you see within Facebook, you can go to the page set up by Facebook and follow the instructions on the settings for usage-based ads.
4. FACEBOOK – SOCIAL MEDIA PLUGIN
(1) We use plugins from the social network www.facebook.com, operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). You can recognize the Facebook plugins by the Facebook logo and the “Like” button.
(2) When you visit a website that contains such a plugin, your browser establishes a direct connection to the Facebook server. Facebook then transmits the content of the plugin to your browser, which in turn integrates the plugin into the website. In this way, Facebook receives information that a user with a specific IP address, namely the IP address assigned to your Internet access at the time of transmission, has visited the corresponding website. If you are logged into your Facebook account at the same time, Facebook can assign your visit to us to your Facebook account even if you do not click the “Like” button. If you use the plugin by clicking the “Like” button, your browser will also transmit this to Facebook and save it there. If you do not want Facebook to collect data from our websites and associate it with your Facebook account, please log out of Facebook before visiting our websites.
(3) For more information about the purpose and scope of the processing of this data by Facebook, as well as your rights in this regard and the possible settings of your Facebook account to protect your private data, please refer to the Facebook Privacy Policy.
5. DATA PROCESSING DURING THE ESTABLISHMENT OF CONTACT
When you contact us by e-mail, telephone or via a contact form, the data you provide (e.g. e-mail address, name, telephone number or the content of the enquiry) will be processed by us in order to answer your questions and/or process your request. The legal basis is Art. 6 para. 1 lit. b) DSGVO.
6. DATA PROCESSING FOR CONTRACT PROCESSING
(1) If you commission us with the delivery of our products, we process your contact and payment data as well as communication and contract data for the fulfilment, processing and invoicing of the contractual services, which you can find in our General Terms and Conditions. With the exception of the communication data, all the aforementioned data is required for the conclusion of the contract. A conclusion of contract is not possible without their specification. Your data will be passed on to service providers supporting us (hosters, service providers, operators of communication applications, etc.) for the aforementioned purpose if necessary, who we have of course carefully selected and who are bound by our instructions. These are in particular technical service providers who support us in the provision of services.
(2) If you make an appointment for a test drive, we will process your contact details in order to contact you and carry out the test drive with you.
(3) The legal basis is the existing contractual relationship or pre-contractual obligations of NICOLAI (Art. 6 Para. 1 S. 1 lit. b DSGVO).
7. NEWSLETTER
(1) We send e-mails and other electronic notifications with advertising information (hereinafter “Newsletter”) only with your consent or legal permission. The newsletters contain information about our products, offers, promotions and our company. By subscribing to our newsletter, you agree to receive it.
(2) The use of a shipping service provider, the performance of statistical surveys and analyses as well as the logging of the registration procedure are carried out on the basis of our legitimate interests pursuant to Art. 6 Para. 1 lit. f DSGVO. Our interest is directed towards the use of a user-friendly and secure newsletter system that serves both our business interests and your expectations.
(3) You can revoke your consent to receive our newsletter at any time. You will find a link to revoke your consent at the end of each newsletter.
8. YOUR RIGHTS
(1) You have the following rights against us with regard to your personal data:
– Right of access (art. 15 DSGVO),
– Right to rectification and cancellation (Art. 16 and 17 DSGVO),
– Right to limit the processing (Art. 18 DSGVO),
– Right to object to the processing (Art. 21 DSGVO),
– Right to data transferability (Art. 20 DSGVO).
(2) You also have the right to complain to the data protection supervisory authority about the processing of your data by us.
(3) We draw your attention to the fact that you can revoke any consent you may have given us under data protection law at any time with effect for the future. The same applies to your consent to be contacted for advertising purposes. The best way to do this is to send an informal e-mail to: nicolai@nicolaibike.de. The respective revocation can lead to the fact that our offers can no longer be made available to you or only to a limited extent.
(4) If we base the processing of your personal data on a weighing of interests (Art. 6 Para. 1 S. 1 lit. f DSGVO), you may object to the processing. In the event of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out our compelling reasons worthy of protection on the basis of which we will continue the processing.
9. TRANSFER OF DATA TO THIRD PARTIES AND THIRD-PARTY PROVIDERS
(1) We will only pass on your data to third parties if, for example, this is necessary for contractual purposes on the basis of Art. 6 para. 1 lit. b) DSGVO or can be justified on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f) DSGVO. DSGVO can be justified.
(2) Where we use subcontractors to provide our services, we shall take appropriate legal, technical and organisational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.
(3) Insofar as third-party providers are specified in the context of this data protection declaration and their registered office is located in a third country, it is to be assumed that data is transferred to the countries in which the third-party providers are located. We only process your data in a third country if it is necessary to fulfil our (pre)contractual obligations (Art. 6 para. 1 lit. b DSGVO), on the basis of your consent (Art. 6 para. 1 lit. a DSGVO), on the basis of a legal obligation (Art. 6 para. 1 lit. c DSGVO) or on the basis of our legitimate interests (Art. 6 para. 1 lit. f DSGVO). The same applies to the processing by third parties on our behalf, the disclosure of your personal data to third parties and their transfer to third parties.
10. DATA DELETION
(1) The data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.
(2) According to legal requirements, the data is stored for six years in accordance with § 257 para. 1 HGB (German Commercial Code) (commercial books, inventories, commercial letters, accounting records, etc.) and for ten years in accordance with § 147 para. 1 AO (books, records, management reports, accounting records, commercial and business letters, documents relevant for taxation, etc.).
11. FINAL PROVISIONS
(1) We use technical and organizational security measures to protect your data, in particular against accidental or intentional manipulation, loss, destruction or against attacks by unauthorized persons. Our security measures are continuously improved in line with technological developments.
(2) We will update the data protection declaration from time to time due to the technical progress of our offers. If the change to the Privacy Policy does not affect the use of existing data, the new Privacy Policy will apply from the date it is updated on our website. A change to the data protection declaration relating to the use of data already collected will only be made if it is reasonable for you to accept it. In such a case we will inform you in good time by e-mail, on our websites, in our application or in any other form. You have the right to object to the validity of the new data protection declaration within four weeks of receipt of the notification. In the event of objection, we reserve the right to terminate the contractual relationship. If there is no objection within the stated period, the amended data protection declaration shall be deemed to have been accepted by you. We will inform you of your right to object and the significance of the objection period in the notification.