Our Privacy Policy

Our website collects a range of general data and information each time it is accessed by a data subject. This general data and information are stored in the server’s log files. In particular, the following data is processed: (1) the browser type and version used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (the referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, (8) the email log of the web server: sender, recipient.

As a general rule, the data controller does not use this general data and information to draw conclusions about individual data subjects. Instead, this information is required to (1) correctly deliver the content of our website, (2) optimise the content of our website and its advertising, (3) ensure the ongoing functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

Furthermore, SIMPLON Fahrrad GmbH statistically analyses this data, with no personal reference being made in this regard. The data from the server log files is stored separately from other personal data provided by a data subject.

The legal basis for processing data in the server log is the legitimate interest of the data controller within the meaning of Art. 6(1)(f)GDPR.

In general, the data in the server log is deleted after the following periods, unless an analysis has been carried out in the specific case. In such cases, the data will be processed until the conclusion of the initiated review or any proceedings: Web server/server log: 7 days, web server email log: 4 weeks, email log application: 7 days, order data is deleted after 6 months, customer data is deleted under certain conditions after 14 days without modification.

In connection with the operation of the website, we use the services of the following data processors:

• To host our website, we use the services of Hetzner Online GmbH, Industriestrasse 25, 91710 Gunzenhausen, Germany.
• For processing payments in our online store, we use the services of Unzer GmbH,
  Vangerowstrasse 18, D-69115 Heidelberg, Germany.
• For processing job applications on our career portal we use the services of Everyday Software, S.L., Calle Alaba, 61 5º-2ª, 08005 Barcelona, Spain.
• For sending our email newsletter and managing the underlying subscriber list, we use the services of The Rocket Science Group LLC, 405 N. Angier Ave. NE Atlanta, Georgia 30308, USA.

If, in the course of providing these services, personal data is transferred to third countries, such transfers will be conducted with appropriate safeguards in place in accordance with Art. 46 GDPR.

In addition to the specifically listed recipients, other data processors may be used in the future in connection with the provision of this website.

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ('Google'). Google Analytics uses 'cookies', which are text files stored on the user's device that enable an analysis of the use of the website. The information generated by the cookie about the use of this website (including the truncated IP address) is generally transmitted to a Google server and stored there; this may also involve transmission to the servers of Google LLC in the United States.

This website uses Google Analytics exclusively with the extension '_anonymizeIp()', which ensures anonymisation of the IP address by truncating it and excludes any direct personal reference. By means of this extension, Google will truncate the IP address within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google LLC server in the United States and truncated there.

On behalf of the data controller, Google will use this information to analyse the use of the website, compile reports on website activity, and provide other services related to website use and internet use. In this process, the IP address transmitted by the browser as part of Google Analytics will not be associated with other data from Google.

Google Analytics offers a special function known as 'demographic characteristics', which enables the creation of statistics that provide insights into the age, gender, and interests of website visitors based on an analysis of interest-based advertising and the use of third-party information. This enables the definition and differentiation of user groups for the purpose of optimising marketing measures for specific target groups. However, the data sets collected via the 'demographic characteristics' function cannot be associated with any specific person.

The processing described above, particularly the setting of Google Analytics cookies to read information on the user's device, will only take place if explicit consent is given (in accordance with Article 6(1)(a) GDPR). Otherwise, Google Analytics will not be used during the visit to the website.

Consent that has been given can be withdrawn at any time with effect for the future. Consent can be withdrawn by using the cookie settings on the website. The data controller has entered into a data processing agreement with Google as part of the terms of use for Google Analytics, which obliges Google to protect the data of visitors to the website and not to share this data with third parties.

For the transfer of data from the EU to the United States, Google relies on the so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the United States. These standard data protection clauses can be provided upon request.

More information about Google Analytics can be found in Google's privacy policy, which is available at the following link: https://policies.google.com/privacy?hl=en-UK

We use Hotjar from Hotjar Limited (Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta), on our website to statistically analyse visitor data. Hotjar is a service that analyses your user behaviour and feedback on our website by means of a combination of analysis and feedback tools. We receive reports and visual representations from Hotjar that show us where and how you 'move' on our website. Personal data is automatically anonymised and never reaches Hotjar's servers. This means that you, as a website user, are not personally identified, yet we can still learn a lot about your user behaviour.

What is Hotjar?
As mentioned in the section above, Hotjar helps us to analyse the behaviour of visitors to our website. The tools offered by Hotjar include heatmaps, conversion funnels, visitor recording, incoming feedback, feedback polls and surveys (more information can be found at https://www.hotjar.com/). Hotjar thus helps us to offer you a better user experience and a better service. Hotjar provides a good analysis of online behaviour and also gives us valuable feedback on the quality of our website. Because, in addition to all the technical analysis aspects, we also want to know what your opinion is of our website. And that is exactly what the feedback tool enables us to do.

Why do we use Hotjar on our website?
In recent years, there has been a significant increase in the importance of user experience on websites. And there is good reason for this. Websites should be designed in such a way that you, the visitor, feel comfortable and can easily find your way around. Hotjar's analysis tools and feedback tools help us make our website and our services more attractive. We especially value the heatmaps provided by Hotjar. Heat maps are a form of data visualisation. Hotjar heatmaps, for example, show us exactly what you like to click on, tap and where you scroll to.

What data is stored by Hotjar?
When you browse our website, Hotjar automatically collects information about your user behaviour. To collect this information, we have embedded our own tracking code on our website. The following data can be collected via your computer or browser:

• Your computer's IP address (collected and stored in an anonymous format)
• Screen size
• Browser information (which browser, which version, etc.)
• Your location (country only)
• Your preferred language setting
• The websites you visit (subpages)
• Date and time of access to one of our subpages (websites)

Cookies also store data that is placed on your computer (usually in your browser). These cookies do not collect any personal data. Hotjar generally does not share the collected data with third parties. However, Hotjar expressly points out that it is sometimes necessary to share data with Amazon Web Services. In this case, some of your data is stored on their servers. Amazon is bound by a confidentiality obligation not to disclose this data.

Only a limited number of people (Hotjar employees) have access to the stored information. Hotjar's servers are protected by firewalls and IP restrictions (access is possible only from approved IP addresses). Firewalls are security systems that protect computers from unauthorised network access. They act as barriers between Hotjar's secure internal network and the internet. Hotjar also uses third-party companies, such as Google Analytics and Optimizely, for its services. These companies may also store information that your browser sends to our website.

Hotjar uses the following cookies. Since, among other things, we refer to the cookie list in Hotjar's privacy policy at https://www.hotjar.com/legal/policies/cookie-information, not all the cookies listed have a defined reference value. The list provides examples of Hotjar cookies but does not claim to be complete.

How long and where is the data stored?
We have embedded a tracking code on our website that transmits data to Hotjar's servers in Ireland (EU). This tracking code contacts Hotjar's servers and sends a script to your computer or device when you access our site. The script collects specfic data about your interaction with our website. This data is then sent to Hotjar's servers for processing. Hotjar retains data for a period of 365 days. This means that all data collected by Hotjar which is older than one year is automatically deleted.

How can I delete my data or prevent my data from being stored?
Hotjar does not store any of your personal data for analysis. The company even advertises itself with the slogan 'We track behaviour, not individuals'. You also always have the option to prevent the collection of your data. To do so, simply go to the opt-out page and click on 'Disable Hotjar'.    Please note that deleting cookies, using your browser in private mode or using a different browser will result in data being collected again. You can also enable the 'Do Not Track' button in your browser. For example, in the Chrome browser, click on the three dots in the top right-hand corner, then go to 'Settings'. There, under 'Privacy and security', click on 'Third-party cookies', and go to 'send a Do Not Track request with your browsing traffic' button. Now just enable this button and Hotjar will not collect any data.

For more details on the privacy policy and what data is collected by Hotjar and how it collects this data, visit https://www.hotjar.com/legal/policies/privacy?tid=231613461361.

The data controller has integrated components from YouTube on this website. YouTube is an online video portal that allows video publishers to upload video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all types of videos, which is why complete film and TV programmes, music videos, trailers or videos made by users themselves can be accessed via the online portal.

YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Googlee Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a YouTube component (YouTube video) has been integrated, the internet browser on the data subject's information technology system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. More information about YouTube can be found at https://about.youtube. As part of this technical process, YouTube and Google receive information about which specific subpage of our website is visited by the data subject.

If the data subject is logged into YouTube at the same time, when the data subject accesses a page containing a YouTube video, YouTube recognises which subpage of our website is being visited. YouTube and Google collect this information and assign it to the data subject's YouTube account.

If the data subject is logged into YouTube when visiting our website, YouTube and Google will receive information through the YouTube component that the data subject has visited our website; this occurs regardless of whether or not the data subject clicks on a YouTube video. If the data subject does not want this information to be transmitted to YouTube and Google, the data subject can prevent the transmission by logging out of their YouTube account before accessing our website.

YouTube's data protection policy, which can be found at https://policies.google.com/privacy, provides information about how YouTube and Google collect, process, and use personal data.

If and to the extent that we process your personal data, you are entitled to the following rights with respect to your data:

• Right of access (Art. 15 GDPR): You have the right to request information at any time about whether and which of your personal data is being processed by us, the purposes of the processing, the source of the data, which recipients the data may be disclosed to, and how long the data will be stored.
• Right to rectification (Art. 16 GDPR): If you determine that your personal data is incorrect, you can request the rectification of your data at any time. If you consider the data to be incomplete, you may also request the completion of your data.
• Right to erasure (Art. 17 GDPR): If you believe that the use of your personal data is no longer necessary or that it is being used without a sufficient legal basis or is being used unlawfully for other reasons, you can request the erasure of your data.
• Right to restrict the use of data (Art. 18 GDPR): Instead of erasing your data, you can also request the restriction of the use of your data if your data is being used unlawfully. In particular, you can request the restriction of the use of data if you dispute the accuracy of the data or have objected to the use of data.
• Right to data portability (Art. 20 GDPR): With regard to the personal data that you yourself have provided and that is used on the basis of a contract or your consent, you can request that this data be provided to you in a structured, commonly used and machine-readable format. You can also request that this data be transmitted directly to another data controller.
• Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): If you believe that your rights regarding your personal data have been violated, you have the right to lodge a complaint with a supervisory authority. In particular, you can contact the supervisory authority that is responsible for your place of residence, place of work, or where the alleged violation took place. In Austria, the competent supervisory authority is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, Austria.

We also specifically inform you of your right to object (Art. 21 GDPR): If your particular situation gives rise to reasons that make the use of your personal data, which we use on the basis of a balance of interests, unlawful, you have the right to object to such use of your data. If your personal data is used for direct marketing, you have the right to object in any case.

If you have any questions or concerns regarding your rights in relation to your personal data, you can contact us at any time at the following email address: datenschutz@simplon.com.

As changes in the law or changes to our internal company processes may require an adjustment to this privacy policy, which we reserve the right to do, we ask you to regularly review this privacy policy for any changes.