Privacy Policy

The Privacy Policy on this page provides you with information about how we handle your data. We make use of cookies. Detailed information about this can be found in the Privacy Policy. You informed us of your cookie preferences when you first visited this site. If you would like to change them, you can do so at any time.h

[borlabs-cookie type=”btn-cookie-preference” title=”Open cookie settings”/]

Overview:

1. Data Controller

for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

Diamant Fahrradwerke GmbH
Telefon: +49 (0) 180 350 70 10
Telefax: +49 (0) 180 350 70 15
E-Mail: marketing@diamantrad.com

Data Protection Officer

Phillip Herold
Rudolf-Diesel-Straße 10
23617 Stockelsdorf, Allemagne
E-Mail: phillip.herold@m-dsb.de

2. General

What is this policy about?

This Privacy Policy fulfills the legal requirements for transparency on the processing of personal data. Such data refers to all information related to an identified or identifiable natural person. This includes information such as your name, age, address, telephone number, date of birth, email address, IP address and user behavior when visiting a website. Information that we cannot link to your person (or can only do so with disproportionate effort), e.g. through anonymization, is not personal data. The processing of personal data (e.g. collection, request, usage, storage, or transfer) always requires a lawful basis and a defined purpose.

Any personal data stored is erased as soon as the purpose of processing hasi. been achieved and there are no legitimate grounds for further retention of the data. We will inform you about the specific retention periods and criteria for storage in the individual processing operations. Regardless of this, we store your personal data in individual cases for the assertion, exercise, or defense of legal claims and in the case of statutory retention obligations.

Who receives my data?

We only disclose your personal data that we process on our website to third parties if this is necessary for the fulfillment of the purposes and is covered by the lawful basis (e.g. consent or protection of legitimate interests) in individual cases. Furthermore, in individual cases, we disclose personal data to third parties for the assertion, exercise or defense of legal claims. In these cases, recipients may include law enforcement authorities, attorneys, auditors, courts, etc.

If, for the operation of our website, we make use of service providers that process personal data on our behalf under a data processing agreement pursuant to Article 28 GDPR, these service providers may be recipients of your personal data. More information on the use of Data Processors and web services can be found in the overview of individual processing operations.

We use cookies

Cookies are small text files that we send to your device’s browser and are stored there when you visit our website. As an alternative to cookies, information can also be saved in your browser’s local storage. Some features of our website may not be available without the use of cookies (technically necessary cookies). Other cookies enable us to carry out various analyses so we can identify the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies), for example. Cookies allow us, among other things, to make our online service more user-friendly and effective by enabling us to understand how you use our website and to determine your preferred settings (e.g. country and language settings). If third parties use cookies to process information, they collect this information directly through your browser. Cookies do not damage your device. They cannot run programs or contain viruses. Third-party cookies can store the number of times a page is accessed and the time spent on a website, or the path taken by a user via hyperlinks. They allow user behavior to be tracked across different websites. You can delete cookies in your browser’s security settings at any time.

We provide information about the individual services that we use cookies for under the individual processing operations. Detailed information about the cookies used can be found in the “Cookies” section of this Privacy Policy.

 What rights do I have?

Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), you have the following rights as a Data Subject:

  • Access to your stored personal data pursuant to Article 15 GDPR and Section 34 BDSG in the form of meaningful information on the details of processing and a copy of your data;
  • Rectification of incorrect or incomplete data stored by us pursuant to Article 16 GDPR;
  • Erasure of the data stored by us pursuant to Article 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or for the assertion, exercise, or defense of legal claims;
  • Restriction of processing pursuant to Article 18 GDPR, if: the accuracy of the data is contested, or the processing is unlawful, or we no longer require the data and you oppose its erasure because you need it for the assertion, exercise, or defense of legal claims, or you have objected to processing pursuant to Article 21 GDPR.
  • Data portability pursuant to Article 20 GDPR if you have provided personal data to us by way of consent pursuant to Article 6(1)(a) GDPR or on the basis of a contract pursuant to Article 6(1)(b) GDPR and this personal data has been processed by us with the help of automated procedures. You will receive your data in a common, structured, and machine-readable format, or we will transfer the data directly to another Data Controller provided that this is technically feasible.
  • Objection to the processing of your personal data pursuant to Article 21 GDPR if this processing is carried out on the basis of Article 6(1)(e) or (f) GDPR and there are reasons for this arising from your particular situation or the objection is directed against direct advertising. There is no right to object if compelling, legitimate overriding grounds for processing can be demonstrated or if processing is carried out for the assertion, exercise, or defense of legal claims. If there is no right to object for individual processing operations, this is indicated there.
  • Withdrawal of your consent pursuant to Article 7(3) GDPR with future effect.
  • Lodging a complaint with a supervisory authority pursuant to Article 77 GDPR if you believe that the processing of your personal data violates the GDPR. You can generally contact the supervisory authority for your usual place of residence, your place of employment, or our corporate headquarters.

If you would like to assert your right to withdraw consent or your right to object, you can simply send an email to marketing@diamantrad.com

How is my data processed in detail?

Below you will find information about the individual processing operations, the scope and purpose of data processing, the lawful bases, the obligation to provide your data, and the applicable retention periods. No automated decision-making in individual cases, including profiling, is carried out.

Purpose of processing and lawful bases of the processing of personal data

We always process your personal data for a specific purpose.

In summary, we process your personal data for the following purposes:

  1. To process your request when you contact us (e.g. email address, first name, last name)
  2. For the technical implementation of our website and to be able to provide you with our information on this website (e.g. IP address, cookies, browser information)
  3. To send a newsletter with information about the services we offer and news on our services (e.g. name, email address)
  4. To receive and process applications from you for our job offers.

The specific purposes are described for the processing stated here (e.g. contact form, web analytics, order process, etc.).

The following applies with regard to the lawful basis for the processing of your personal data:

We process personal data that is required for the establishment, implementation, or processing of the services we offer (contract processing) on the lawful basis of Article 6(1)(b) GDPR. If we obtain your consent to the processing of your personal data, consent pursuant to Article 6(1)(a) GDPR constitutes the lawful basis for data processing. Data processing is also permitted when we process your data to protect our legitimate interests, unless, in so doing, your interests or fundamental rights or freedoms with respect to the processing of your personal data override our interests. If we use external service providers for data processing, this processing is carried out on the lawful basis of Article 28 GDPR.

3. Personal data collected and processed

We collect and process some of your personal data within the scope of our online service. Firstly, you can identify which data is specifically processed on the basis of which data you have to provide when filling out forms on the website (e.g. contact form or order form). Secondly, we inform you about the data processed in each case under the processing operations described here.

In summary, we collect and process the following data relating to you through our website:

General contact data:

  • Last name, first name
  • Email address
  • Content of message

Online application:

  • Last name, first name
  • First name and last name
  • Street address
  • ZIP/postal code
  • City/town
  • Email address
  • Message
  • Application documents

Newsletter registration:

  • Email address

Bicycle registration

  • Last name*
  • First name*
  • Street address
  • ZIP/postal code, city/town
  • Email*
  • Telephone number*

We will only collect and process your data for the purposes listed in this Privacy Policy. Any use beyond the purpose listed requires your express consent. The same applies to the transfer and transmission of your data to third parties.

4. Collection of personal data when visiting our website

When you use our website for informational purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server, If you would like to view our website, we collect the following data that is technically necessary for us to display our website and ensure it is secure and stable (the lawful basis for this is Article 6(1)(f) GDPR):

  • IP address
  • Date and time of request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of request (specific page)
  • Access status/HTTP status code
  • Data volume transferred for each request
  • Website from which the request originates
  • Browser
  • Operating system and interface
  • Browser software language and version

In addition to the aforementioned data, cookies are stored on your computer when you use our website. More information can be found in the “Cookies” section of this Privacy Policy.

5. Integration of services from other providers

Our website uses content and services from other providers. These may include services for statistical analysis of the use of and visits to our website, or to embed videos from video platforms such as YouTube. In order for this data to be accessed and displayed in the user’s browser, the user’s IP address must be transmitted to this third party.

Although we endeavor to exclusively use third-party providers that only require the IP address to deliver content, including ones that work with anonymized IP addresses, we cannot influence whether the IP address may still be stored. Information on the third-party providers used can be found in this Privacy Policy.

6. Contacting us (contact forms, quotation forms, etc.)

You can contact us by email or by using our contact form (quotation form for business customers). In this case, we store the personal data transmitted by you in order to process your request and to contact you to process your request. Where we request information via our contact form, we have marked the mandatory fields required for contacting us accordingly (with an asterisk). Voluntary information is used to specify your request and to improve the processing of your request. The data requested is transmitted to us by you on a purely voluntary basis.

Depending on the type of request, the lawful basis for this processing is Article 6(1)(b) GDPR for requests that you submit yourself as part of the steps prior to entering into a contract, or Article 6(1)(f) GDPR if your request is of a different nature. If personal data is requested that we do not need for the fulfillment of a contract or to protect legitimate interests, it is transmitted to us on the basis of your consent pursuant to Article 6(1)(a) GDPR.

7. Presence on social media platforms

We maintain fan pages, accounts, or channels on the networks listed below in order to provide you with information and offers on social networks and to offer you additional ways to contact us and find out about our offers. Below, we provide you with information on which data of yours we or the respective social network process in connection with accessing and using our fan pages/accounts.

Your data that we process

If you wish to contact us via messenger or direct message on the respective social network, we generally process the username that you use to contact us and may store other data provided by you if this is necessary to process/answer your request.

The lawful basis for this is Article 6(1)(f) GDPR (processing is necessary to protect the Data Controller’s legitimate interests).

(Statistical) usage data that we receive from social networks

We receive automated statistics related to our accounts by way of Insights functionalities. The statistics include the total number of page views, likes, information on page activity and post interactions, reach, video views, and information on the proportion of men/women among our fans/followers.

The statistics contain only aggregated data that cannot be linked to individual persons. This does not allow us to identify you.

What data of yours is processed by social networks

In order to view the content of our fan pages or accounts, you do not have to be a member of the respective social network, and therefore no user account for the respective social network is required.

Please note, however, that the social networks also collect and store data from website visitors without a user account (e.g. technical data in order to be able to display the website to you) and use cookies and similar technologies when the respective social network is accessed; we have no influence over this whatsoever. Details on this can be found in the respective social network’s privacy policy (see the relevant links above).

If you wish to interact with the content on our fan pages/accounts, e.g. comment on, share, or like our posts and/or wish to contact us via messenger functions, you must first register with the respective social network and provide personal data.

We have no influence on the data processing by the social networks when you use them. To the best of our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, as well as for the analysis of user behavior (using cookies, pixels/web beacons and similar technologies) on the basis of which advertising targeted to your interests is displayed both within and outside the respective social network. It cannot be ruled out that your data may also be stored by the social networks outside the EU/EEA and disclosed to third parties.

Information on the exact scope and purposes of the processing of your personal data, the retention period/erasure and guidelines on the use of cookies and similar technologies as part of registration, and use of social networks can be found in the social networks’ privacy/cookie policies, where you will also find information on your rights and options to object.

Facebook page

When you visit our Facebook page, Facebook collects data including your IP address and other information available on your computer in the form of cookies. This information is used to provide us, as the operator of the Facebook page, with statistical information about how our Facebook page is used. More information on this is provided by Facebook at: https://www.facebook.com/help/794890670645072/

Based on the statistical information provided, it is not possible for us to identify individual users. We only use this data to respond to the interests of our users and to continuously improve our online presence and ensure its quality.

We only collect your data via our fan page in order to make it available for communication and interaction with us. This collection generally includes your name, message content, comment content, and the profile information you provide “publicly”.

The processing of your personal data for the above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel pursuant to Article 6(1)(f) GDPR. If you as a user have given your consent to data processing to the respective provider of the social network, the lawful basis for processing extends to Article 6(1)(a) and Article 7 GDPR.

As the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorized to have full access to your data. For this reason, only the provider can directly take and implement appropriate measures to exercise your user rights (request for access, request for erasure, objection, etc.). The most effective way to assert your rights is therefore to contact the respective provider directly.

We are jointly responsible with Facebook for the personal content of the fan page. Data Subject rights can be asserted with Facebook Ireland and with us.

The primary responsibility for the processing of Insights data lies with Facebook pursuant to the GDPR, and Facebook fulfills all obligations under the GDPR with regard to the processing of Insights data. Facebook Ireland provides the essentials of the Page Insights addendum to Data Subjects.

We do not make any decisions regarding the processing of Insights data or any other information resulting from Article 13 GDPR, including the lawful basis, identity of the Data Controller, and storage duration of cookies on user devices.

More information can be found directly on Facebook (addendum agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.

Instagram page

When you visit our Instagram page, Instagram collects data including your IP address and other information available on your computer in the form of cookies. This information is used to provide us, as the operator of the Instagram page, with statistical information about how our Instagram page is used. More information on this is provided by Instagram at the following link: https://www.facebook.com/help/794890670645072/

Based on the statistical information provided, it is not possible for us to identify individual users. We only use this data to respond to the interests of our users and to continuously improve our online presence and ensure its quality.

We only collect your data via our fan page in order to make it available for communication and interaction with us. This collection generally includes your name, message content, comment content and the profile information you provide “publicly”.

The processing of your personal data for the above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel pursuant to Article 6(1)(f) GDPR. If you as a user have given your consent to data processing to the respective provider of the social network, the lawful basis for processing extends to Article 6(1)(a) and Article 7 GDPR.

As the actual data processing is carried out by the provider of the social network, our access to your data is limited. Only the provider of the social network is authorized to have full access to your data. For this reason, only the provider can directly take and implement appropriate measures to fulfill your user rights (request for access, request for erasure, objection, etc.). The most effective way to assert your rights is therefore to contact the respective provider directly.

We are jointly responsible with Instagram for the personal content of the fan page. Data Subject rights can be asserted with Facebook Ireland and with us.

The primary responsibility for the processing of Insights data lies with Instagram pursuant to the GDPR, and Instagram fulfills all obligations under the GDPR with regard to the processing of Insights data. Facebook Ireland provides the essentials of the Page Insights addendum to Data Subjects.

We do not make any decisions regarding the processing of Insights data or any other information resulting from Article 13 GDPR, including the lawful basis, identity of the Data Controller, and storage duration of cookies on user devices.

More information can be found directly on Instagram (addendum agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.

8. Integrated service providers/third-party tools

Google Tag Manager

Nature and scope of processing

We use Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags through an interface and enables us to control the precise integration of services into our website.

This allows us to flexibly integrate additional services for evaluating user access to our website.

Purpose and lawful basis

The use of Google Tag Manager is on the lawful basis of our legitimate interests, i.e. our interest in optimizing our services pursuant to Article 6(1)(f) GDPR.

Retention period

We have no influence over the specific retention period of the data processed; this is determined by Google Ireland Limited. More information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

Adobe Typekit

Nature and scope of processing

We use Adobe Typekit from Adobe Inc., San Jose, California, USA as a service to provide fonts for our online service. To retrieve these fonts, you establish a connection to Adobe Inc. servers, whereby your IP address is transmitted.

Purpose and lawful basis

The use of Adobe Typekit is on the lawful basis of our legitimate interests, i.e. our interest in a standardized provision and optimization of our online service pursuant to Article 6(1)(f) GDPR.

Retention period

We have no influence over the specific retention period of the data processed; this is determined by Adobe Inc. More information can be found in the privacy policy for Adobe Typekit: https://www.adobe.com/privacy/policies/adobe-fonts.html.

Bootstrap

Nature and scope of processing

We use Bootstrap CDN to ensure the proper provision of the content of our website. Bootstrap CDN is a service from Bootstrap that acts as a content delivery network (CDN) on our website.

A CDN helps to provide the content of our online service, in particular files such as graphics and scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Bootstrap servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Bootstrap CDN.

Purpose and lawful basis

The use of the content delivery network is on the lawful basis of our legitimate interests, i.e. our interest in a secure and efficient provision and optimization of our online service pursuant to Article 6(1)(f) GDPR.

Retention period

We have no influence over the specific retention period of the data processed; this is determined by Bootstrap. More information can be found in the privacy policy for Bootstrap CDN: https://www.bootstrapcdn.com/privacy-policy/.

CDNJS

Nature and scope of processing

We use CDNJS to ensure the proper provision of the content of our website. CDNJS is a service from Cloudflare, Inc. that acts as a content delivery network (CDN) on our website.

A CDN helps to provide the content of our online service, in particular files such as graphics and scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Cloudflare, Inc. servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of CDNJS.

Purpose and lawful basis

The use of the content delivery network is on the lawful basis of our legitimate interests, i.e. our interest in a secure and efficient provision and optimization of our online service pursuant to Article 6(1)(f) GDPR.

Retention period

We have no influence over the specific retention period of the data processed; this is determined by Cloudflare, Inc. More information can be found in the privacy policy for CDNJS: https://www.cloudflare.com/privacypolicy/.

Google AdWords

Nature and scope of processing

We have integrated Google Ads into our website. Google Ads is a service from Google Ireland Limited that provides users with targeted advertising. Google Ads uses cookies and other browser technologies to evaluate user behavior and identify users.

Google Ads collects information about user behavior on different websites. This information is then used to optimize the relevance of advertising. Furthermore, Google Ads delivers targeted advertising based on behavioral profiles and geographical location. Your IP address and other identifying features such as your user agent are transmitted to the provider.

If you are registered with a Google Ireland Limited service, Google Ads can assign the visit to your account. Even if you are not registered with Google Ireland Limited or have not logged in, it is possible that the provider will find out and store your IP address and other identifying features.

In this case, your data will be disclosed to the operator of Google Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose and lawful basis

We process your data with the help of Google Ads for the purpose of optimizing our website and for marketing purposes on the basis of your consent pursuant to Article 6(1)(a) GDPR.

Retention period

We have no influence over the specific retention period of the data processed; this is determined by Google Ireland Limited. More information can be found in the privacy policy for Google Ads: https://policies.google.com/privacy.

Google Analytics

Nature and scope of processing

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analytics service for the statistical evaluation of our online service. This includes, for example, the number of visits to our website, individual pages visited, and the time spent by visitors.

Google Analytics uses cookies and other browser technologies to evaluate user behavior and identify users.

This information is used, among other things, to compile reports on website activity.

Purpose and lawful basis

We process data with the help of Google Analytics for the purpose of optimizing our website and for marketing purposes on the basis of your consent pursuant to Article 6(1)(a) GDPR.

Retention period

We have no influence over the specific retention period of the data processed; this is determined by Google Ireland Limited. More information can be found in the privacy policy for Google Analytics: https://policies.google.com/privacy.

Google CDN

Nature and scope of processing

We use Google CDN to ensure the proper provision of the content of our website. Google CDN is a service from Google Ireland Limited that acts as a content delivery network (CDN) on our website.

A CDN helps to provide the content of our online service, in particular files such as graphics and scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google CDN.

Purpose and lawful basis

The use of the content delivery network is on the lawful basis of our legitimate interests, i.e. our interest in a secure and efficient provision and optimization of our online service pursuant to Article 6(1)(f) GDPR.

Retention period

We have no influence over the specific retention period of the data processed; this is determined by Google Ireland Limited. More information can be found in the privacy policy for Google CDN: https://policies.google.com/privacy.

Google Double Click

Nature and scope of processing

We have integrated components from DoubleClick by Google into our website. DoubleClick is a Google brand under which primarily specialist online marketing solutions are marketed to advertising agencies and publishers. DoubleClick by Google transfers data with every impression as well as with clicks or other activities to the DoubleClick server.

Each of these data transfers triggers a cookie request to the Data Subject’s browser. If the browser accepts this request, DoubleClick places a cookie in your browser.

DoubleClick uses a cookie ID, which is required to carry out the technical procedure. The cookie ID is required, for example, to display advertisements in a browser. DoubleClick can also use the cookie ID to record which advertisements have already been displayed in a browser in order to avoid duplication. The cookie ID also enables DoubleClick to record conversions. Conversions are recorded, for example, if a user has previously been shown a DoubleClick advertisement and subsequently makes a purchase on the advertiser’s website using the same internet browser.

DoubleClick cookies do not contain any personal data, but may contain additional campaign identifiers. A campaign identifier is used to identify the campaigns with which you have already been in contact on other websites. As part of this service, Google obtains knowledge of data that Google also uses to calculate commissions. Among other things, Google can track that you have clicked on certain links on our website. In this case, your data will be disclosed to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. More information and the latest privacy policy for DoubleClick by Google can be found at https://policies.google.com/privacy.

Purpose and lawful basis

We process your data with the help of the DoubleClick cookie for the purpose of optimizing and displaying advertising on the basis of your consent pursuant to Article 6(1)(a) GDPR. You give your consent by selecting cookie settings (cookie banner/consent manager), with which you can also declare your withdrawal at any time with future effect pursuant to Article 7(3) GDPR. The cookie is used, among other things, to place and display user-relevant advertising and to create reports on advertising campaigns or to improve them. The cookie is also used to prevent the same advertisement from being displayed multiple times. Each time you access one of the individual pages of our website into which a DoubleClick component has been integrated, your browser is automatically prompted by that DoubleClick component to transmit data to Google for the purpose of online advertising and billing of commissions. There is no legal or contractual obligation for you to provide your data. If you do not give us your consent, you can visit our website without restriction, but not all features may be fully available.

Retention period

We have no influence over the specific retention period of the data processed; this is determined by Google Ireland Limited. More information can be found in the privacy policy for Google DoubleClick: https://policies.google.com/privacy.

Google Fonts

Nature and scope of processing

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online service. To obtain these fonts, you establish a connection to Google Ireland Limited servers, whereby your IP address is transmitted.

Purpose and lawful basis

The use of Google Fonts is on the lawful basis of our legitimate interests, i.e. our interest in a standardized provision and optimization of our online service pursuant to Article 6(1)(f) GDPR.

Retention period

We have no influence over the specific retention period of the data processed; this is determined by Google Ireland Limited. More information can be found in the privacy policy for Google Fonts: https://policies.google.com/privacy.

Google Maps

Nature and scope of processing

We use the map service Google Maps to create directions. Google Maps is a service from Google Ireland Limited that displays a map on our website.

When you access this content on our website, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google Maps.

Purpose and lawful basis

The use of Google Maps is on the basis of our legitimate interests pursuant to Article 6(1)(f) GDPR, i.e. our interest in simplifying your travel to the locations specified on our website.

Retention period

We have no influence over the specific retention period of the data processed; this is determined by Google Ireland Limited. More information can be found in the privacy policy for Google Maps: https://policies.google.com/privacy .

Google reCAPTCHA

Nature and scope of processing

We have integrated components from Google reCAPTCHA into our website. Google reCAPTCHA is a service from Google Ireland Limited and enables us to distinguish whether a contact request originates from a natural person or is automated by means of a program. When you access this content on our website, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. Google reCAPTCHA also records the user’s dwell time and mouse movements in order to distinguish automated requests from human ones. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google reCAPTCHA.

Purpose and lawful basis

The use of this service is on the basis of our legitimate interests, i.e. to secure the transmission of forms pursuant to Article 6(1)(f) GDPR.

Retention period

We have no influence over the specific retention period of the data processed; this is determined by Google Ireland Limited. More information can be found in the privacy policy for Google reCAPTCHA: https://policies.google.com/privacy?hl=en-US.

JSDelivr CDN

Nature and scope of processing

We use JSDelivr CDN to ensure the proper provision of the content of our website. JSDelivr CDN is a service from Prospect One that acts as a content delivery network (CDN) on our website.

A CDN helps to provide the content of our online service, in particular files such as graphics and scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Prospect One, Krolewska 65a, Krakow, Malopolskie 30-081, Poland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of JSDelivr CDN.

Purpose and lawful basis

The use of the content delivery network is on the lawful basis of our legitimate interests, i.e. our interest in a secure and efficient provision and optimization of our online service pursuant to Article 6(1)(f) GDPR.

Retention period

We have no influence over the specific retention period of the data processed; this is determined by Prospect One. More information can be found in the privacy policy for JSDelivr CDN: https://www.jsdelivr.com/privacy-policy-jsdelivr-net.

Locally

Nature and scope of processing

To facilitate retailer searches for our offers, we use the service of LOCAL GEAR Inc. Attn: Legal Department, 509 N. Carrollton, New Orleans, LA 70199, USA, email: Legal@Locally.com Locally.com.

Each of these data transfers triggers a cookie request to the Data Subject’s browser. If the browser accepts this request, Locally places a cookie in your browser to open the retailer search and make it available to you.

Purpose and lawful basis

We process your data to optimize our website and increase your convenience when searching for retailers in your area. We only process the data if you give us your consent to do so pursuant to Article 6(1)(a) GDPR (opt-in cookie consent tool).

Retention period

The specific retention period of the data processed is 2 hours. More information can be found in the provider’s privacy policy https://www.locally.com/privacy.

Polyfill CDN

Nature and scope of processing

We use Polyfill CDN to ensure the proper provision of the content of our website. Polyfill CDN is a service from The Financial Times Ltd. that acts as a content delivery network (CDN) on our website.

A CDN helps to provide the content of our online service, in particular files such as graphics and scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of The Financial Times Ltd., 1 Southwark Bridge, London, SE1 9HL, United Kingdom, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Polyfill CDN.

Purpose and lawful basis

The use of the content delivery network is on the lawful basis of our legitimate interests, i.e. our interest in a secure and efficient provision and optimization of our online service pursuant to Article 6(1)(f) GDPR.

Retention period

We have no influence over the specific retention period of the data processed; this is determined by The Financial Times Ltd. More information can be found in the privacy policy for Polyfill CDN: https://polyfill.io/v3/privacy-policy/.

Sentry

Nature and scope of processing

We use Sentry from Functional Software, Inc, 132 Hawthorne St, San Francisco, CA 94107, USA as a bug tracker to detect code errors at an early stage and thus ensure the technical functionality of our online service. Anonymous information is collected about the device on which the error occurred and the time at which the error was detected. In some cases, user sessions may also be recorded to make it easier to rectify the error. Functional Software, Inc. does not evaluate this data for advertising purposes.

Purpose and lawful basis

The use of the bug tracker is on the lawful basis of our legitimate interests, i.e. our interest in a secure and error-free provision and optimization of our online service pursuant to Article 6(1)(f) GDPR.

Retention period

The exact retention period varies from case to case. Data is deleted as soon as we have rectified the error and no longer require access to error details. More information on the retention period on the part of Functional Software, Inc. can be found in the privacy policy for Sentry: https://sentry.io/privacy/.

StackPath CDN

Nature and scope of processing

We use StackPath CDN to ensure the proper provision of the content of our website. StackPath CDN is a service from StackPath, LLC that acts as a content delivery network (CDN) on our website.

A CDN helps to provide the content of our online service, in particular files such as graphics and scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of StackPath, LLC, 2021 McKinney Ave. Suite 1100 Dallas, TX 75201, USA, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of StackPath CDN.

Purpose and lawful basis

The use of the content delivery network is on the lawful basis of our legitimate interests, i.e. our interest in a secure and efficient provision and optimization of our online service pursuant to Article 6(1)(f) GDPR.

Retention period

We have no influence over the specific retention period of the data processed; this is determined by StackPath, LLC. More information can be found in the privacy policy for StackPath CDN: https://www.stackpath.com/legal/privacy-statement/.

YouTube NoCookie

Nature and scope of processing

We have integrated YouTube NoCookie into our website. YouTube NoCookie is a component of the video platform of YouTube, LLC, where users can upload content, share it over the internet, and receive detailed statistics.

YouTube NoCookie enables us to integrate content from the platform into our website.

YouTube NoCookie uses cookies and other browser technologies to evaluate user behavior, identify users, and create user profiles. This information is used, among other things, to analyze the activity of the content played and to create reports. If a user is registered with YouTube, LLC, YouTube NoCookie can assign the videos played to their profile.

When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted.

Purpose and lawful basis

The use of the service is on the lawful basis of our legitimate interests, i.e. our interest in a platform-independent provision of content pursuant to Article 6(1)(f) GDPR.

Retention period

We have no influence over the specific retention period of the data processed; this is determined by YouTube, LLC. More information can be found in the privacy policy for YouTube NoCookie: https://policies.google.com/privacy .

YouTube

Nature and scope of processing

We have integrated YouTube Video into our website. YouTube Video is a component of the video platform of YouTube, LLC, where users can upload content, share it over the internet, and receive detailed statistics.

YouTube Video enables us to integrate content from the platform into our website.

YouTube Video uses cookies and other browser technologies to evaluate user behavior, identify users, and create user profiles. This information is used, among other things, to analyze the activity of the content played and to create reports. If a user is registered with YouTube, LLC, YouTube Video can assign the videos played to their profile.

When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted.

Purpose and lawful basis

The use of the service is on the lawful basis of our legitimate interests, i.e. our interest in a platform-independent provision of content pursuant to Article 6(1)(f) GDPR.

Retention period

We have no influence over the specific retention period of the data processed; this is determined by YouTube, LLC. More information can be found in the privacy policy for YouTube Video: https://policies.google.com/privacy.

9. Newsletter

With your consent, you can subscribe to our newsletter, which we use to inform you about our latest interesting offers. The goods and services advertised are named in the declaration of consent.

The only mandatory information for sending the newsletter is your email address. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we will store your email address for the purpose of sending you the newsletter. The lawful basis is Article 6(1)(a) GDPR.

You can withdraw your consent to the sending of the newsletter and unsubscribe from the newsletter at any time. You can declare your withdrawal by clicking on the link provided in every newsletter email, by sending an email to marketing@diamantrad.com, or by sending a message to the contact details provided in the legal notice.

10. Duties to provide information for applicants pursuant to Article 13 and Article 14 GDPR

Where do we obtain the data we collect?

We only collect and process the personal data transmitted to us by you within the scope of the application procedure.

This concerns the data listed below (nature of data):

Personal detailsName, address and other contact data, place of birth, date of birth, citizenship
Bank account detailsE.g. for the purpose of possible reimbursement of travel expenses
Health dataInformation on (severe) disabilities (voluntarily provided)
Qualification documentsCertificates, assessments, or similar proof of education

For what purpose is the collected data processed (lawful basis)?

The processing is carried out in accordance with the General Data Protection Regulation (GDPR) and the New German Federal Data Protection Act (BDSG-neu) as well as sector-specific data protection standards in the course of the application process, such as the German Social Security Code, German Telecommunications Act, and German Works Constitution Act.

Processing in the context of balance of interests

If necessary, we process your data to protect our legitimate interests or the legitimate interests of third parties. These may include, for example, the assertion of legal claims and defense in legal disputes, as well as measures for business management and further development.

Process on the basis of consent provided

With your consent to the processing of personal data, e.g. for disclosing it to other relevant companies, the lawfulness of the collection and processing of your personal data is based on the consent you have provided us. This consent can be withdrawn at any time. Withdrawal is effective for the future and cannot be granted retroactively. If processing of the collected personal data is withdrawn, the purpose for which the data was collected can no longer be fulfilled or implemented.

Who is the collected personal data shared with?

The data collected is shared within our company (including any subsidiaries) to the departments that have been entrusted with the processing of the application procedure and that require it to fulfill legal obligations. Data Processors working with the company may also receive your data for the aforementioned purposes. In addition to group companies, this also applies to companies in the IT services sector. We also comply with and observe the data protection regulations when disclosing data to third parties in the circumstances described above.

Your data will only be disclosed on the basis of legal regulations, any consent you have given to us, or if we are authorized to provide information about the data. This refers to data recipients such as affiliated companies (application procedure for other advertised positions) for which you have given us your consent to transfer the data.

How long will the data collected during the application procedure be stored for?

If necessary, your personal data will be processed and stored for the duration of the application procedure. We will delete the data after the purpose has been fulfilled, but no more than after 6 months. If the storage of the data is no longer necessary to carry out the application procedure and there is no statutory retention period for this or if we do not have your consent that justifies a longer retention period, the data will be deleted immediately.

Is any data transferred to third countries?

Data disclosure within the group

As an international company, our company manages its employees on a global level, and authorized employees can access your data from any country in which our company operates. As a result, as part of the application procedure, your application data may be transferred to a relevant office within the corporate group that is outside your home country or the country for which you are applying. Our company guarantees data protection for data transfers to third countries by creating a uniform level of data protection.

What rights can I assert?

Within the scope of the legal requirements of the GDPR and the BDSG-neu, every Data Subject has: the right to access information about the processing of their personal data; the rights to rectification, erasure, and restriction of processing; the right to object to processing and the right to data portability. When asserting the rights to access information and erasure, the restrictions of Sections 33 and 34 BDSG-neu must be taken into account. Furthermore, you have the right to lodge a complaint with the competent supervisory authority pursuant to Article 77 GDPR in conjunction with Section 19 BDSG-neu.

Is it mandatory to provide data?

You only have to provide the data required for the application procedure. There is no obligation to provide us with certain data. However, without providing the necessary data on your part, it is generally not possible to carry out the application procedure properly.

To what extent is automated decision-making carried out in individual cases?

No automated decision-making processes are used within our application procedure.

Is the data collected used to create a profile (scoring)?

We do not use data to create a profile to justify or carry out the application procedure.

11. Disclosure of your personal data

Your personal data will be disclosed as described below.

The website is hosted by an external service provider in Germany. In this context, we ensure that data processing only takes place in Germany. This is necessary for the operation of the website, as well as for the establishment, implementation, and processing of the existing user contract, and is also possible without your consent.

Data will also be disclosed if we are entitled or obliged to disclose data due to legal provisions and/or official or court orders. In particular, this may involve providing information for the purposes of criminal prosecution, averting danger, or enforcing intellectual property rights.

If your data is disclosed to service providers to the extent necessary, these will only have access to your personal data to the extent necessary to fulfill their tasks. These service providers are obliged to treat your personal data in accordance with the applicable data protection laws, in particular the GDPR.

Beyond the aforementioned circumstances, we will not transfer your data to third parties without your consent. In particular, we will not disclose any personal data to any body in a third country or to an international organization.

12. References and links

When accessing web pages referred to on our website, you may again be asked for information such as your name, address, email address, browser properties, etc. This Privacy Policy does not regulate the collection, disclosure, or handling of personal data by third parties.

Third-party service providers may have different and separate provisions regarding the collection, processing, and use of personal data. It is therefore advisable to seek information on the websites of these third parties about their practices regarding the handling of personal data before entering any personal data.

13. Joint controllers pursuant to Article 26 GDPR

Why are there joint controllers?

Trek Bicycle Corporation and Diamant Fahrradwerke GmbH operate in a joint group of companies. This also concerns processing of your personal data. The parties have jointly determined the order in which this data is processed in the individual stages. They are therefore jointly responsible as Data Controllers for the protection of your personal data within the stages described below (Article 26 GDPR).

For which stages do joint controllers exist?

  • Application portal
  • Processing of employee data pursuant to Article 26 GDPR

What have the parties agreed?

As joint controllers under data protection law, Trek Bicycle Corporation and Diamant Fahrradwerke GmbH have agreed which of them fulfills which obligations under the GDPR. This concerns in particular the exercise of the rights of Data Subjects and the fulfillment of the duties to provide information pursuant to Articles 13 and 14 GDPR.

This agreement is necessary because personal data is processed in different stages and systems operated as part of shared systems by either Trek Bicycle Corporation or Diamant Fahrradwerke GmbH.

What does this mean for Data Subjects?

Even if there are joint controllers, the parties fulfill data protection obligations in accordance with their respective responsibilities for the individual stages as follows:

  • In the context of joint controllership,
  • Trek Fahrrad GmbH is responsible for the processing of personal data within the scope of providing the website content and related services, and
  • Trek Bicycle Corporation is responsible for the processing of personal data within the scope of the provision of the internal IT infrastructure.
  • Diamant Fahrradwerke GmbH shall provide Data Subjects with the information required pursuant to Articles 13 and 14 GDPR in a precise, transparent, intelligible, and easily accessible form, using clear and plain language, free of charge. Each party shall provide the other party with all necessary information from its sphere of activity.
  • The parties shall inform each other immediately of any legal positions asserted by Data Subjects. They shall provide each other with all information necessary for responding to requests for information.
  • Data protection rights can be asserted with Diamant Fahrradwerke GmbH. Data Subjects will generally receive the information from Diamant Fahrradwerke GmbH.

14. Changes to the Privacy Policy

We are continuously developing our website in order to provide you with a constantly improving service. We keep this Privacy Policy up to date at all times and make changes to it if and when such changes are necessary.