HÄNDLER FINDEN
PL/en

Privacy policy

Privacy Statement Accell Global B.V. on www.haibike.com


The protection of Personal Data is important to Accell Global B.V.. We are committed to respecting and protecting your privacy by acting in accordance with all applicable privacy laws and regulations including the General Data Protection Regulation (“GDPR”). Furthermore, we apply the following general principles of privacy and data protection:

  • We limit use and Processing of Personal Data to the purposes we need it for;
  • We only Process Personal Data with a legal basis, which may include the performance of a contract, our legitimate interest, or in limited circumstances your explicit consent;
  • We will be transparent and clear about when, how and where we Process Personal Data;
  • We will apply the standards of “privacy by design” and “privacy by default” and assess any potential impact existing or new products or services may have on the privacy rights of data subjects;
  • Personal Data will not be retained any longer than necessary and we will follow all applicable data retention terms. 

Please read this Privacy Statement carefully. It provides important information about how we use your Personal Data (defined below) and explains your legal rights (in full transparency and in accordance with applicable laws and regulations) when you visit our website www.haibike.com (“Website”) and/or purchase products from us as a customer (“Customer”). When we refer to “Processing” of Personal Data, we mean all use of your Personal Data, such as collecting, storing, modifying, forwarding and deleting.

Who are we?
ACCELL GLOBAL B.V.
4 Industrieweg
8444ar Heerenven
Netherlands

Registered in Netherlands under company registration number 69722536 (“Accell Global”, “Accell Group”, “Accell”, “we”, “us” or “our”).

If you have any questions about this Privacy Statement or want to exercise your rights set out in this Privacy Statement, please contact us by sending an email to: info@accell-group.com.

Accell Global is the controller with regard to the Processing of your Personal
Data.

What information do we collect about you?
For the purpose of this Privacy Statement, Personal Data means any information through which we can directly or indirectly identify you (“Personal Data”). 
The Personal Data we collect about you include the following:
Contact details of you and if applicable. Your name, postal address and other contact details, such as your telephone number and e-mail address. We may also collect from you the contact details of your emergency/insurance contacts. This will include their name, mobile phone number and email address.

  • Automatically collected information. Technical information, including your IP address and browser type and version, that we may collect when we use cookies, web beacons and similar technologies on our website and in our Apps which collect information about the use of our website or Apps. Please see our Cookie Policy to find out more.
  • Information regarding your use of our (online) services or purchase of products. This includes data regarding the pages you visit and the products and services you like.
  • Details regarding contests. The data we collect if you participate in a survey, contest, promotion or competition we organise from time to time.
  • Your reviews. The opinions, experiences, preferences and interests, and product or event reviews that you publish on our website or App or share with us online or through social media.
  • Communication data. Your requests, any complaints you may have and any other data that we receive if we communicate with you via e-mail, by telephone, online or via social media.
  • Information collected from other sources. We may collect information from commercially available sources such as data aggregators and public databases. We may combine this information (e.g. name, interests, publicly observed data) with the information we collect from you to help us tailor our communications to you and to improve our services and products and might request for your explicit consent separately if this is requested by law.
  • When you subscribe to our newsletter, you have the option of giving your social consent. If you give us this consent, we will use your data to maintain interactive contact with you via social media. The legal basis for this data processing is exclusively your voluntary consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time by email.

Collection of your information and how we use it
We use the collected Personal Data for the following purposes:

  • For the performance of our agreement with you. In order to carry out our obligations arising from any contract entered into between you and us and to provide you with the information and services that you request, including handling your requests, inquiries or complaints. In order to develop and manage a contest, competition or promotion which you may have entered into, to conduct the promotion and contact you if you win. In case it is possible to order products online, we Process this data in order to manage and handle your purchases.
  • For our legitimate commercial interests. We may use your Personal Data (both on an aggregated and on an individual basis), such as your contact details, your account and electronic identification data, for the purpose of advertising our products and services and making contact with you for marketing or other commercial purposes if you are an existing Customer. We may also use your Personal Data for analysing and improving the quality of our products and services, as well as to understand you as a Customer and to give you a better user experience. This enables us to create personal profiles and to assess what may interest you, to measure or understand the effectiveness of advertising we serve to you and others and to deliver relevant advertising.

    We may also use your Personal Data for other legitimate commercial interests such as to generate aggregated statistics about the users of our services, to assist in security and fraud prevention, to administer our Website and Apps, and for internal operations (including troubleshooting, data analysis, testing, research, statistical and survey purposes), for system integrity purposes (for example the prevention of hacking, spamming etc.), to allow you to participate in interactive features of our services, to facilitate our business operations, to operate company policies and procedures, to enable us to make corporate transactions such as any merger, sale, divesture, reorganisation, transfer of assets or businesses, acquisition, bankruptcy or similar event, or for other legitimate business purposes permitted by any applicable law.
  • Use of information based on your consent We may use the Personal Data referred to above in subsection ‘Special categories of Personal Data’ (i.e. health data) for the purposes set out in this Privacy Policy but we will only do so after we have received your consent thereto.

    We may use your Personal Data for marketing communications (based on your profiles) via email, SMS or other electronic means but we will only do so after we have received your consent to do so or if we have another legal basis to do so.
  • To comply with our legal obligations. Any information referred to above in section ‘What information do we collect about you' may be used to maintain appropriate business records, to comply with lawful requests by public authorities and to comply with applicable laws and regulations or as otherwise required by law.

Data collection of children: 
We do not allow children to register on our websites and/or Apps when they are under the legal age limit. We will ask for parental consent for children participating in our experiences and events.

Disclosure of your information 
We may share your Personal Data with:

  • Other Accell Group companies or affiliated companies in the context of the provision of our products and services or for internal purposes like IT.
  • Third party service providers, who provide services to us such as Website hosting, data analysis, payment processing, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, CRM, event management, marketing intelligence, auditing, fraud detection and other services of third parties.
  • Permitted third parties subject to your consent or request to do so, for example to send you marketing communications, in line with your choices if you have opted into such sharing.
  • Other parties as we believe to be necessary to comply with applicable laws, to respond to requests from authorities or for other legal reasons and to protect our rights.
  • Additionally, we may use or disclose your Personal Data in the event of any reorganization, merger, sale, joint venture or other disposition of (part) of our business, assets or stock.

Hosting and Content Delivery Networks (CDN)
We are hosting the content of our website at the following provider:

Shopify
The provider is the Shopify International Limited, Victoria Building, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter: “Shopify”).

Shopify is a tool for creating and hosting websites. When you visit our website, Shopify collects your IP address and information about the device and browser you use. Shopify also analyses the number of visitors, visitor sources and customer behavior and compiles user statistics. When you make a purchase on our site, Shopify also collects your name, email address, shipping and billing addresses, payment information and other information related to the purchase (e.g., phone number, number of sales made, etc.). Shopify stores cookies in your browser for the purpose of analysis.

Please see the Shopify privacy policy for details.

The use of Shopify is based on Art. 6(1)(f) GDPR. We have a legitimate interest the most reliable presentation of our website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.


Amazon CloudFront CDN
We use the Content Delivery Network Amazon CloudFront CDN. The provider is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg (hereinafter referred to as “Amazon”).

Amazon CloudFront CDN is a globally distributed Content Delivery Network. During these transactions, the information transfer between your browser and our website is technically routed via the Content Delivery Network. This enables us to boost the global availability and performance capabilities of our website.

The use of Amazon CloudFront CDN is based on our legitimate interest in keeping the presentation of our web services as error free and secure as possible (Art. 6(1)(f) GDPR).

The data transfer to the United States is based on the Standard Contract Clauses of the EU Commission. You can find the details here.

For more information on Amazon CloudFront CDN please follow this link.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link.

Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

Integrated Tools, Plug-In’s and Services on our website

BIDEX BIKELOCAL PLUGIN

For the online reservation function, we use a plugin from BIDEX GmbH, Talsperrenweg 72, 58256 Ennepetal (hereinafter: BIDEX BikeLocal). With the BIDEX BikeLocal plugin, we offer you the opportunity to reserve the products displayed on our website via a convenient reservation function at the nearest dealer in order to be able to buy the item directly in the shop. You can also use a callback service within the plugin to be called back directly by the corresponding merchant. Legal basis for the use of the BIDEX BikeLocal plugin and the following under section 2.) the means described for processing your personal data is Art. 6 para. 1 sentence 1 lit. f GDPR.

PROCESSING OF RESERVATIONS AND CALLBACK SERVICE

You can use the BIDEX BikeLocal plugin for non-binding reservations of our products or a callback service through which the selected specialist dealer can contact you directly. In this case, BIDEX as a service provider provides these services for you and assumes the function of an intermediary in order to forward your reservation request to the corresponding specialist dealer. To reserve an item, it is necessary to enter the following data: first name, last name, e-mail address, telephone number (mandatory fields). This data is required for your reservation to be processed. The indication of the telephone number serves in particular the purpose of being able to reach you at short notice if the reserved article is exceptionally not yet ready for presentation (e.g. in unassembled condition) or, for example, must first be procured from the stock of another branch. In such a case, we would also like to be able to contact you if you have already made your way to one of our dealers and, if necessary, if necessary. by e-mail can no longer be reached in time. Failure to provide your data would mean that you would not be able to use the reservation function of the BIDEX BikeLocal plugin. Via the comment function in the reservation form you still have the possibility to write a message, which we will take into account when making the reservation.

For the callback service, the following data is required: name, telephone number. You can optionally enter a desired date for the callback by the dealer and also a comment in the form. Your data will first be transmitted to BIDEX via the form (SSL encryption) and processed there. Your data will then be sent by BIDEX by e-mail to the dealer you have selected for this purpose. BIDEX also receives, stores and processes the transmitted data for the further processing of the reservation request or callback request

BIDEX is solely responsible for the phases of the collection of your data via the form, their transmission to BIDEX and their forwarding to the selected dealer for the processing of your reservation

In order to protect your personal data for the processing of reservations or callback requests via the BIDEX BikeLocal plugin, we have concluded an agreement with BIDEX on joint responsibility for processing and on the technical and organizational measures for the protection of your personal data. This agreement ensures that your personal data will be processed for the phases of joint responsibility exclusively for the processing of your reservation or callback request and will not be used without your express consent, in particular for advertising and analysis purposes that go beyond the scope described below.

In the agreement, we have also stipulated that BIDEX fulfils the existing information obligations towards you under the GDPR and is the joint contact person for the exercise of your rights. Detailed information on data protection when processing reservations via the BIDEX BikeLocal plugin with detailed information on your rights can be found here: local.bidex.bike/Datenschutz.

The legal basis for the processing of your data in connection with a reservation is Art. 6 para. 1 sentence 1 lit b GDPR. BIDEX processes your data for the processing of your reservation of our products in the selected specialist shop. BIDEX deletes the data processed in this context after storage is no longer necessary or restricts processing if there are statutory retention obligations.

PROVISION OF THE BIDEX BIKELOCAL PLUGIN

Data transmission when calling up the reservation function When the reservation function on our website is called, an automatic connection to the BIDEX servers is established. For technical reasons, your IP address will be transmitted to BIDEX in order to display the reservation function in your browser, but will only be temporarily stored in the log files of the BIDEX server. The data and information collected anonymously in the log files are evaluated by BIDEX only statistically, with the aim of increasing the data protection and data security of the BIDEX BikeLocal plugin and ensuring an optimal level of protection for the personal data processed. For technical reasons, we have no influence on these evaluations.

Use of cookies BIDEX uses session cookies to operate the plugin. Session cookies are small text files that are temporarily stored on your computer system until you leave our website. For technical reasons, we have no influence on the use of these cookies. You can individually configure your browser settings for accepting or rejecting cookies. We would like to point out that in this case you may not be able to use all the functions of the BIDEX BikeLocal plugin.

Google Fonts

To ensure that fonts used on this website are uniform, this website uses so-called Google Fonts provided by Google. When you access a page on our website, your browser will load the required fonts into your browser cache to correctly display text and fonts.
To do this, the browser you use will have to establish a connection with Google’s servers. As a result, Google will learn that your IP address was used to access this website. The use of Google Fonts is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in a uniform presentation of the font on the operator’s website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

If your browser should not support Google Fonts, a standard font installed on your computer will be used.

For more information on Google Fonts, please follow this link and consult Google’s Data Privacy Declaration.

Google Maps

This website uses the mapping service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With the means of this service, we can integrate map material on our website.

To enable the use of the Google Maps features, your IP address must be stored. As a rule, this information is transferred to one of Google’s servers in the United States, where it is archived. The operator of this website has no control over the data transfer. In case Google Maps has been activated, Google has the option to use
Google Fonts for the purpose of the uniform depiction of fonts. When you access Google Maps, your browser will load the required web fonts into your browser cache, to correctly display text and fonts.

We use Google Maps to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. This constitutes a legitimate interest as defined in Art. 6(1)(f) GDPR. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here and here.
For more information on the handling of user data, please review Google’s Data Privacy Declaration.

Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link.

Klaviyo
We have integrated Klaviyo on this website. The provider is Klaviyo Inc., 125 Summer Street, Floor 6, Boston, MA, 02110, USA (hereinafter Klaviyo).

Klaviyo is a marketing automation tool for sending emails, SMS, push messages and collecting customer reviews for eCommerce merchants.

For this purpose, Klaviyo stores consent for email marketing. In this context, the following data may be processed specifically: name, phone number, email address, address data, IP address, device identifiers, usage data (such as interactions between a user and Klaviyo’s online system, website or email, browser used, operating system used, referrer URL).

The use of Klaviyo is based on Art. 6(1)(a) GDPR and § 25 (1) TDDDG. The consent can be revoked at any time.

For further details, please refer to the provider's privacy policy.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link.

Standard contractual clauses for the transfer of personal data to third countries are used by the provider. Details can be found here.

Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

SMARTFIT – Onlinesizing.bike

You can use Smartfit Online Sizing on our website. Smartfit is a solution from Radlabor GmbHHeinrich-von-Stephan-Str. 5c, 79100 Freiburg (https://www.onlinesizing.bike/).
You can download the application on our website.
To get a size recommendation for a specific bike, you can submit the following information through the application:

  1. Gender (mandatory)
  2. Height (required)
  3. Leg length (optional)
  4. Arm length (optional)

Smartfit calculates a specific size recommendation for a bike using algorithms that find the right bike size based on your anthropometric data and gender. In some cases, you can transfer your preferred bike size from the application to your personal shopping cart via a button on the results screen.

USE OF PERSONAL INFORMATION FROM OUR APPLICATION

We will only use your personal data from the Application for the following purposes:

  • Recommendation of bike sizes in real time.
  • Providing fit prediction services in our partners' online stores.
  • Optimizing the overall quality of our referral mechanisms.
  • Statistical analysis of the number of bike sizes over time.

All personal data is processed anonymously and Smartfit never collects or processes personal data (e.g. real name, address data, payment information). All data is stored on servers and databases located either in Frankfurt, Germany, or in Nuremberg, Germany. No data will be transferred outside the European Union. All data is automatically deleted after a certain retention period.

We do not use data for marketing or advertising purposes.

COOKIES

We use a local storage cookie to store the following information:

  1. Gender (mandatory)
  2. Height (required)
  3. Leg length (if specified by the user)
  4. Arm length (if specified by the user)

We store this data along with a session identifier in your local storage. The cookie is considered necessary for technical reasons. Without the cookie, the Online Sizing Widget cannot be used sensibly. The cookie allows us to identify returning users so that you do not have to re-enter your basic information when you use the application again. The token (JWT) is renewed after a user has been inactive for 4 hours.
In some cases, the cookie allows the immediate display of size recommendations on the product detail pages of our partners' webshops without using the application again. In some cases, our application transmits the recommended size to a partner store (i.e. so that the recommended size is automatically selected in a drop-down on the product page). When the Smartfit recommendation engine is enabled, you don't have to re-enter your basic information, with the recommended bikes displayed in new browser tabs.

SAFETY AND SECURITY

We use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss and/or destruction as well as against access by unauthorised persons. Our security measures are subject to continuous improvement in line with current technological developments.
Further data processing by Radlabor GmbH – in the sense of independent or instruction-bound data processing – does not take place!

Other websites
Our website may, from time to time, contain links to and from third party websites such as the websites of our partner networks  (such as the retailers that sell our products), social media networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these websites or their content. Please consult the relevant third party’s privacy policies before you submit any Personal Data to these websites.

Dealers
Customers largely purchase our products and services via recognised dealers and other resellers. These dealers and resellers are independent controllers. We are not responsible for the handling of customer data by recognised dealers and other resellers. Dealers and resellers do provide us with your Personal Data in connection with the sale of our products and services under their own responsibility (e.g. for warranty purposes), please read their applicable privacy statements for further details.

Transfers of your Personal Data outside the EEA
We store your information within the European Economic Area (EEA) or countries that have received an adequacy decision by the European Commission.

Where we share your information with companies based outside (i) the EEA or (ii) countries that do not have an adequacy decision, we agree upon the Standard Contractual Clauses as approved by the European Commission with the receiving party and ensure to implement additional safeguards as and when required. 

How long do we retain Personal Data?
We Process your Personal Data for as long as necessary to fulfil the purposes we collected it for, unless a longer period is necessary to:

  • comply with a statutory retention period or other applicable legal obligation;
  • Process your Personal Data in relation to a legal procedure. 

To safeguard that your Personal Data is removed within a reasonable term, we use retention overviews per country. 

How do we secure Customer data?
Protecting your Personal Data is very important to Accell Group. We have implemented appropriate technical and organisational measures to ensure that your Personal Data is properly secured against unauthorised or unlawful use, access, disclosure or accidental or wrongful destruction and loss.

We take steps to limit access to your Personal Data only to those persons who need to have access to it for one of the purposes listed in this Privacy Statement. Furthermore, we contractually ensure that any third party Processing your Personal Data equally protect your Personal Data in line with applicable Data Protection laws and in line with this Privacy Statement. 

Your rights 
You have the following rights in relation to the Personal Data we hold about you:

Your right of access
You have the right to request access to your Personal Data. For example, the right to be provided with certain information about the Processing of Personal Data and access to that data. Please note this right is subject to exceptions.

Your right to rectification
If the Personal Data we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified. 

Your right to erasure
You can ask us to delete or remove your Personal Data in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable). 

Your right to restrict Processing
You can ask us to restrict the Processing of your Personal Data in certain circumstances, such as where you contest the accuracy of that Personal Data or you object to us. 

Your right to data portability
You have the right, in certain circumstances, to obtain Personal Data you've provided us with (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.

Your right to object
You can ask us to stop Processing your Personal Data, and we will do so, if we are:

  • relying on our own or someone else's legitimate interests to Process your Personal Data, except if we can demonstrate compelling legal grounds for the Processing; or
  • Processing your Personal Data for direct marketing purposes.

Your right to withdraw consent
If we rely on your consent (or explicit consent) as our legal basis for Processing your Personal Data, you have the right to withdraw that consent at any time. However, please note that the withdrawal of your consent does not impact the legality of any Processing prior to such withdrawal. 

Your right to lodge a complaint with the supervisory authority
If you have a concern about any aspect of our privacy practices, including the way we have handled your Personal Data, you can report it to your local supervisory authority.
Please note that some of the abovementioned; rights may be limited where we have an overriding interest or legal obligation to continue to Process the Personal Data.

Contact and Complaints 
The primary point of contact for all queries in relation to this Privacy Statement, including a request to exercise data subject rights, is our Country Privacy Ambassador. The Country Privacy Ambassador can be contacted in the following way: 
Via e-mail: info@accell-group.com
By phone: + 31 513 63 8703
Postal address:
Accell Group B.V.
Industrieweg 4
NL-8440 AK Heerenveen, the Netherlands

If you have a complaint or concern about how we use your Personal Data, please contact us in the first instance and we will endeavour to resolve the issue as soon as possible. 

Status of this privacy statement
This Privacy Statement may be revised from time to time.  Any change will be applicable at the time of posting on the Website.