Status October 2023
- Name and address of the responsible party
- Contact details of the data protection officer
- General information on data processing
- Rights of the data subject
- Provision of the website and creation of log files
- Payment options
- Credit assessment
- Fraud prevention and Abuse Detection Measures
- Postal advertising
- Product Reviews / Comments
- Customer Surveys
- Press Portal
- Appointments Use of eAppointment
- Guarantee claim / warranty claim / repair order
- Direct delivery
- Returns processing
- Use of corporate presences in social networks
- Use of the Data Subject Request Tool (DSR) for managing data subject requests
- Use of the whistleblower portal
I. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:
ROSE Bikes GmbH
Management: Erwin Rose, Stefanie Rose, Thorsten Heckrath-Rose.
II. Contact details of the data protection officer
The data protection officer of the responsible party is:
Dachauer Str. 65
80335 Munich, Germany
III. General information on data processing
1. Scope of the processing of personal data
- We only process our users' personal data to the extent necessary to provide a functional website as well as our content and services. The processing of personal data of our users is only carried out with the consent of the user. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is required by law.
2. Legal basis for the processing of personal data
- Whenever we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a GDPR serves as the legal basis. For the processing of personal data necessary for the performance of a contract to which the data subject is party, Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 lit. c GDPR is the legal basis. In the event that vital interests of the data subject or another individual require the processing of personal data, Art. 6 para. 1 sentence 1 lit. d GDPR is the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for processing.
3. Data deletion and retention period
- The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a retention period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
IV. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. Right to information (Art. 15 EU GDPR)
You have the right to request confirmation from us as to whether personal data concerning you is being processed.
If this is the case, you have a right of access to this data and to the following information:
- Processing purposes
- Categories of personal data
- Recipients or categories of recipients
- Planned duration of storage or criteria for determining this duration
- The existence of the rights to rectification, erasure, restriction or objection
- Right of appeal to the competent supervisory authority
- If applicable origin of the data (if collected from a third party)
- If applicable the existence of automated decision-making including profiling with meaningful information about the logic involved, the scope and the expected effects
- If applicable transfer of personal data to a third country or international organisation
2. Right to rectification (Art. 16 EU GDPR)
If your personal data is incorrect or incomplete, you have the right to request immediate correction or completion of the personal data.
3. Right to restriction of processing (Art. 18 EU GDPR)
If one of the following conditions is met, you have the right to request that the processing of your personal data is restricted:
- You contest the accuracy of your personal data for a period enabling us to verify the accuracy of the personal data.
- In the event of unlawful processing, you object to the erasure of the personal data and instead request the restriction of the use of the personal data.
- WWe no longer need your personal data for the purposes of processing, but you need your personal data for the establishment, exercise or defence of legal claims or, after you have objected to processing, for the period necessary to verify whether our legitimate grounds override your grounds.
4. Right to erasure (Art. 17 EU GDPR)
If one of the following reasons applies, you have the right to demand that your personal data be deleted immediately:
- Your data is no longer necessary for the processing purposes for which they were originally collected.
- You withdraw your consent and there is no other legal basis for the processing.
- You object to the processing and there are no overriding legitimate grounds for the processing or you object to the processing pursuant to Art. 21 para. 2 GDPR.
- Your personal data is processed unlawfully.
- The deletion is necessary to fulfil a legal obligation under EU law or the law of the member state to which we are subject.
- The personal data was collected in relation to information society services offered in accordance with Article 8 para. 1 GDPR.
Please note that the above reasons do not apply if the processing is necessary:
- To exercise the right to freedom of expression and information;
- To fulfil a legal obligation or to perform a task that is in the public interest and to which we are subject.
- For reasons of public interest in the area of public health.
- For archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes.
- Assertion, exercise or defence of legal claims.
5. Right to data portability (Art. 20 EU GDPR)
You have the right to receive your personal data in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller.
6. Right to object to certain data processing (Art. 21 GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 sentence 1 lit. e or f of the GDPR. This also applies to profiling based on these provisions. If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
7. Right of appeal to the competent supervisory authority (Art. 77 EU GDPR)
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR. A list of the competent supervisory authorities in Germany can be found on the website of the Federal Commissioner for Data Protection under the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
You have the right to complain to a data protection supervisory authority about the processing of your personal data.
State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia
PO Box 20 04 44
V. Provision of the website and creation of log files
1. Description and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
- Name of your internet service provider
- Visitor source
- Name of the requested file
This data is stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. Storage in log files takes place to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context. These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
3. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 sentence 1 lit. f GDPR.
4. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. When data is collected for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to identify the accessing client.
5. Possibility of objection
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. The user can object to this. Whether the objection is successful must be determined as part of a balancing of interests.