PRIVACY POLICY

The following privacy policy contains information on the nature and extent to which your personal data is processed while using our online shop. The EU General Data Protection Regulation (GDPR) serves as the main legal foundation for this privacy policy.

Collection, Processing, and Use of your Data

You can visit our website without providing personal information. We only save access data, such as the name of your internet service provider, the page from which you visited us, or the name of the requested data file. This data is processed exclusively for the purpose of improving our services and cannot be traced back to you.

Personal data, such as your first/last name, address, birthdate, telephone number, and email address, is only collected when you provide such data voluntarily while placing an order, opening a customer account or registering for our newsletter. Your data will only be used without your express permission for the processing of your order and for distributing our catalogues/mailings. When registering for the newsletter, your email address will be used with your consent for our advertising purposes until you unsubscribe from the newsletter.

We store your data insofar as necessary for business and permissible within the framework of the Federal Data Protection Act (BDSG 2018) and the EU General Data Protection Regulation (DSGVO).

Payment options
1. Description and scope of data processing 
We offer our customers various payment options for processing their order. Depending on the payment option, we redirect customers to the platform of the corresponding payment service provider. After completion of the payment process, we receive the customers' payment data from the payment service providers or our bank and process them in our systems for the purposes of invoicing and accounting. 

Credit card payment 
It is possible to complete the payment process by credit card.  If you have chosen payment by credit card, payment data will be passed on to payment service providers for payment processing. All payment service providers comply with the specifications of the "Payment Card Industry (PCI) Data Security Standards" and have been certified by an independent PCI Qualified Security Assessor.
The following data is regularly transferred for credit card payments: 
  • Purchase amount 
  • Date and time of the purchase 
  • First name and name 
  • Address 
  • Email address 
  • Credit card number
  • Expiration date of the credit card
  • Security code (CVC) 
  • IP address 
  • Phone / mobile phone number


  • Payment data is passed on to the following payment service providers: 
  • Visa
  • You can find more information on the data protection guidelines as well as revocation and removal options towards payment service providers here:  https://www.visa.de/legal/privacy-policy.html

    Other payment options
    It is possible to process the payment via PayPal. For this purpose, we use the payment service provider Unzer (formerly Heidelpay). In addition to the PayPal payment method, Unzer also offers credit card payments.  Unzer is Unzer GmbH, Vangerowstraße 18, 69115 Heidelberg. If you choose to pay via PayPal, the payment service provider Unzer will first automatically transfer your data that is required for the payment process to PayPal.  This involves the following data: 
  • Name 
  • Address 
  • Email address 
  • Phone / mobile phone number
  • IP address
  • Bank details 
  • Number of products
  • Product code 
  • Data on goods and services 
  • Transaction amount and tax dues
  • Information about previous purchasing behaviour 

  • The data transferred to Unzer and thus also to PayPal may be transferred to credit reference agencies by PayPal. This transfer is required for the identity and creditworthiness check. 
    PayPal may also pass on your data to third parties if this is necessary for the fulfilment of contractual obligations or if the data is to be processed on behalf. When transferring your personal data within companies affiliated with PayPal, the Binding Corporate Rules approved by the relevant supervisory authorities apply. You can find them here:  https://www.paypal.com/de/webapps/mpp/ua/bcr  Other data transfers may be based on contractual safeguarding provisions. All PayPal transactions are subject to PayPal's privacy policy. You can find it at:  https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.  You can find Unzer's privacy policy here: https://www.unzer.com/de/datenschutz/.

    Payment via bank transfer
    If you wish to pay in advance via bank transfer, we will only process the data transferred by your bank. This data is only used to check the receipt of payment.

    2. Purpose of data processing 
    The transfer of payment data to payment service providers serves to process the payment, e.g. when you purchase a product.

    3. Legal basis for data processing 
    The legal basis for data processing is Art. 6 section 1 sentence 1 lit. b of the EU GDPR, because data processing is indispensable for implementing the closed purchase contract. 

    4. Duration of storage 
    All payment data as well as data on possible chargebacks will only be stored for as long as they are needed for payment processing, possible processing of chargebacks, debt collection as well as for combating misuse.  Furthermore, payment data may be stored beyond this if and as long as this is necessary to comply with statutory retention periods or to prosecute a specific case of misuse.  Your personal data will be deleted after the expiry of statutory retention obligations, i.e. after 10 years at the latest. 

    5. Possibility of objection and removal 
    You can revoke your consent to the processing of your payment data at any time by notifying the responsible person or the payment service provider used. However, the payment service provider used may still be entitled to process your payment data if and as long as this is necessary for the contractual processing of payments. 

    The data processing procedures in detail:

    Registration
    On our website, we offer you the opportunity to register by providing personal data. The data is entered in an online form and transmitted to us and stored. The following data is collected as part of the registration process:
  • First name, name
  • Date of birth
  • Email address
  • The following data will also be saved at the time the message is sent:
  • IP address of the user
  • Date and time of the booking
  • The data entered during registration is processed for the purpose of initiating a purchase contract (Art.6 para. 1 lit. b DSGVO).
    The other personal data that are processed during the submission process serve to prevent misuse of the registration form and to ensure the security of our information technology systems.
    The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.
    This is the case for the data collected during the registration process if the registration on our website is cancelled or modified.
    The additional personal data collected during the sending process will be deleted at the latest after a period of 30 days.
    As a user, you have the option of cancelling your registration at any time. You can have the data stored about you changed at any time.

    Order
    On our website, we offer you the opportunity to order products by providing personal data. During the ordering process, data is entered into an online form and transmitted to us and stored. The following data is collected as part of the registration process:
  • First name, name
  • Date of birth
  • Address
  • Phone number (if applicable)
  • Bank details (if applicable)
  • Email address
  • The following data will also be saved at the time the message is sent:
  • IP address of the user
  • Date and time of the booking
  • The data entered during the order is processed for the purpose of establishing and implementing a purchase contract (Art.6 para. 1 lit. b DSGVO).
    The other personal data that are processed during the submission process serve to prevent misuse of the ordering form and to ensure the security of our information technology systems.
    The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.
    After the purchase contract has been fulfilled, your data will be deleted, unless we are obliged to store the data beyond this due to commercial and/or tax law regulations.
    The additional personal data collected during the sending process will be deleted at the latest after a period of 30 days.

    Transfer of Personal Data

    We process your personal data for order processing purposes and transfer the information required for this purpose to other service providers.
    In order for the shipment of your order to be tracked, we use the services of PAQATO GmbH, Johann-Krane-Weg 6, 48149 Münster (“Paqato”). Paqato sends shipping notifications and status updates to the shipment in our name. In accordance with Art. 6 section 1 f) of the EU GDPR, after we ship a package we pass on customer data (mailing address, first and last name and address) and the tracking number to Paqato in accordance with our justified interest in effective and informative customer communication as well as the customer’s interest in transparent and reliable shipping processes. This data will not be passed on to third-parties by Paqato and will be used exclusively for the purposes named above. Paqato’s data protection policies can be read here: https://www.paqato.com/en/datenschutzerklaerung/.

    direct delivery

    Insofar as necessary for the processing of the contract for delivery purposes, the personal data collected by us will be passed on in accordance with Art. 6 para. 1 lit. b DSGVO to our contractual or cooperation partners for direct delivery. For this purpose, the personal data necessary for the shipment information (name, address, order number, etc.) will be passed on. Our contractual partners and cooperation partners may only use the data provided to fulfil their function to process your order.

    Guarantee claim / warranty claim / repair order

    If you contact us with a guarantee or warranty claim, or a repair request, your details and contact data will be processed for the purpose of handling your request. Depending on the product, it could also be forwarded to one of our external service partners or to the manufacturer. The latter will then use the transmitted data exclusively for processing the guarantee or warranty claim or the repair order. Any further transfer and use of the data will only take place with your consent. The purpose of passing it on is to process your order quickly. Your personal information will be retained for as long as is necessary to fulfil the purposes described in this privacy policy or as required by law, for example for tax and accounting purposes. In addition, you can make use of your right to early deletion.

    The legal basis for this required data transfer is based on Article 6 para. 1 lit. b DSGVO.

    Credit Check

    If you are a resident in Germany and request a purchase via invoice, direct debit or financing, we will request a credit check on the basis of statistical methods from infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden, Germany, and if necessary from Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss, Germany (www.boniversum.de/?lang=en or www.meineauskunft.org) for the protection of our legitimate interests. We transfer all personal data required for the purpose of this creditworthiness check (name, contact details and, if necessary, IP address) and use the information we receive concerning the statistical likelihood of non-payment as the basis for deciding whether to enter a contractual relationship. The legal basis of this processing activity is Art. 6 para. 1 lit. b) and f) GDPR. The credit information may contain score values which are calculated on the basis of approved statistical methods and in the calculation of which address data etc. is also involved. For all information according to Art. 14 of the General Data Protection Regulation see here: https://finance.arvato.com/icdinfoblatt, for Creditreform Boniversum GmbH see: https://www.boniversum.de/eu-dsgvo/.

    If payment is delayed, we will transfer the necessary data to a company commissioned to collect the debt, provided that all other legal requirements are met. The legal basis of this processing activity is Art. 6 para. 1 lit. b) and lit. f) GDPR. Any claim based on a contractual obligation is a legitimate interest as defined by the latter regulation. If the legal requirements are met, we will transmit information about the delay in payment or any bad debt to Axactor Germany GmbH, Am Parkplatz 20 in 69126 Heidelberg, Germany. The legal basis of this processing activity is in particular Art. 6 para. 1 lit.f) GDPR. The legitimate interest required by this results from our interest as well as the interest of third parties in reducing contractual risks for future contracts.

    Your legitimate interests with regard to data protection are taken into account at all times in accordance with legal provisions. If your data is processed by our service partners who help us provide a high level of customer service and delivery, the scope of the data transmitted for this purpose shall be restricted to the necessary minimum. In case we provide your data to contractual partners or cooperation partners (direct delivery) in order to fulfil the contractual obligations with regards to order processing, prize draws or partner offers, we will inform you accordingly. Our contractual partners and cooperation partners have been carefully chosen and have committed themselves to confidentiality in accordance with the legal provisions of Art. 28 of the EU GDPR, as well as to compliance with our own data protection standards. In particular, our contractual partners and cooperation partners are not permitted to pass the data of our customers on to third parties for advertising purposes. Our contractual partners and cooperation partners may only use the data provided to fulfil their function to process your order.

    Appointments Use of eAppointment

    We use the function of eTermin GmbH, Im Wiesengrund 8, 8304 Wallisellen, Switzerland (hereinafter referred to as "eTermin").

    The use of eTermin serves to arrange appointments.

    Basically, the following information is required to book an appointment via eTermin (appointment details (date and time, type of appointment), title, first name, last name, address, telephone number and e-mail address). The specific data required for your appointment may require further information not included in this list. After completing the appointment booking, you will receive a confirmation email to your email address, which you can use to change or cancel the booked appointment. The confirmation email is sent unencrypted and contains recorded appointment data to the extent set by the service provider. The appointment data can be sent in plain text or partially anonymised.

    An order processing contract has been concluded with this service provider. The service provider processes the data on our behalf and is bound by instructions. The processing of the data takes place exclusively in the territory of Switzerland and/or in a member state of the European Union or in another state party to the Agreement on the European Economic Area.

    The processing of the data entered by you via eTermin takes place on the basis of Art. 6 para. 1 lit. b of the EU GDPR, insofar as your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures, e.g. a consultation appointment to prepare an offer or for a workshop appointment/repair order. In all other cases, the processing is based on our legitimate interest in a proper, uncomplicated and quick processing of appointments (Art. 6 para. 1 lit. f of the EU GDPR).

    Your personal information will be retained for as long as is necessary to fulfil the purposes described in this privacy policy or as required by law, for example for tax and accounting purposes. In addition, you can make use of your right to early deletion.

    Further information on data processing by the service provider can be found here: https://www.etermin.net/en/online-appointment-scheduling-privacy-policy.

    Fraud prevention and Abuse Detection Measures

    In order to secure the ordering process against fraudulent and/or abusive behaviour, we automatically check during the ordering process whether there are any anomalies in the specific order for the contract. For this reason, the 1) data for the execution of the contract (e.g. object of purchase, name, postal address, email address, delivery address, payment method and bank information) and 2) usage data of the website visits of this online shop (e.g. details on the beginning, end and scope of the visited websites as well as click paths) together with a cookie and/or a visitor ID, each of which may contain anonymous data about the end devices used when visiting the websites (e.g. the screen resolution or the operating system version) and which has some probability of being recognised via the end devices on future visits, are processed by this ROSE BIKES online shop with the purpose of enabling your user account to be used in the future. The ROSE BIKES online shop processes this data for the purpose of managing your user account, the websites that you visit and the services that you use on the website at [https://www. rosebikes.com] against fraud (e.g. through the takeover of user accounts, the automated creation of fake user accounts by bots, the use of stolen identities or payment data or incorrect ratings for services), for product optimisation and further development, or against misuse (e.g. through attacks on the IT infrastructure, "man-in-the-middle" attacks, brute force attacks or the use of malware) on the basis of legitimate interest pursuant to Art. 6 Section 1 f) of the EU GDPR in conjunction with Recital 47. The ROSE BIKES online shop also transmits the previously named data to the Device Transaction Pool (DTP) and stores it there. The purpose of the DTP is to protect the member companies participating in the DTP from abuse and from bad debts due to fraud, which can occur while providing commercial, remunerated telecommunications services or telemedia services to contract partners who are unwilling or unable to pay, especially due to fraud. In the case of a request from a member company to the DTP, only the results of the suspicion check on the request are transmitted to this member company. Positive data can also be used, meaning, for example, that an end device used to make frequent and punctual payments can be rated positively. Results data for individual member companies, beyond the specific case of an particular use, are not stored. The DTP is operated by infoscore Profile Tracking GmbH (IPT), Kaistraße 7, 40221 Düsseldorf, Germany as the data processing company of the member company. The data is automatically deleted after five months. The ROSE BIKES online shop has contracted infoscore Tracking Solutions GmbH, Kaistraße 7, 40221 Düsseldorf, Germany with conducting the fraud prevention and abuse detection measures in accordance with Art. 28 of the EU GDPR. Recipients of the data are exclusively contractual partners of the ROSE BIKES online shop. In this case, the recipients are infoscore Tracking Solutions GmbH, Kaistraße 7, 40221 Düsseldorf, Germany; infoscore Profile Tracking GmbH, Kaistraße 7, 40221 Düsseldorf, Germany; infoscore Tracking Technology GmbH, Kaistraße 7, 40221 Düsseldorf, Germany; as well as data centre service providers that are tasked with storing the data. If fraud or misuse is suspected, a ROSE BIKES employee examines the results and the evidence on which they are based. If a contract is declined, this will be communicated to you and also, if requested, the principal reasons for this decision. You then have the opportunity to make your case by contacting info@rosebikes.com, whereupon a ROSE BIKES employee will reexamine the decision.

    Data Security

    Your personal data is encoded during the online data transfer using SSL, SHA-256 with RSA encryption, RSA with 2048 bit exchange by Symantec Corporation. Our website and other systems are protected by technical and organisational measures to prevent loss, damage, access, modification or distribution of your data by unauthorised persons. Your customer account can only be accessed with your personal password. You should always treat your access data as confidential and close the browser window as soon as you have finished communicating with us, particularly if you share your computer with other persons. Please use your access data for one customer account only and do not use the same password multiple times.

    Cookies

    We use cookies on various pages to make your visit to our website more enjoyable and to facilitate the use of certain functions. These cookies are small text files that are deposited on your computer. Most of the cookies we use are deleted from your hard disk after the end of the browser session (session cookies). Other cookies remain on your computer and enable us to recognise your computer the next time you visit our website (permanent cookies). Our affiliated companies are not permitted to collect, process or use personal data via cookies through our website. You can change the settings of your browser so that you are informed about cookie settings and can individually choose whether or not to accept cookies for specific circumstances or generally not accept them. If cookies are not accepted it can lead to restrictions in the functionality of our website

     


    Your rights

    You have the right at any time, within the framework of the applicable legal provisions and at no extra cost, to receive information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction, blocking or deletion of this data.

    You have the right to have data that is automatically processed on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

    You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to the restriction of processing exists in the following cases:

    • If you dispute the accuracy of your personal data held by us, we will usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.

    • If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of erasure.

    • If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.

    • If you have lodged an objection pursuant to Art. 21 (1) DSGVO, then an assessment must be conducted weighing your interests versus our own. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

    • If you have restricted the processing of your personal data, those data may - apart from being stored - only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.


    If the data processing is based on Art. 6 (1) e) or f) DSGVO, you have the right to object in accordance with Art. 21 DSGVO. If you object to your data being processed, this will not take place in the future unless the controller can demonstrate compelling legitimate grounds for further processing that outweigh the data subject's interest in objecting.

    If the data processing is based on consent pursuant to Art. 6 (1) a) DSGVO, you may revoke your consent at any time for future processing without affecting the lawfulness of the previous processing.

    Newsletter

    With our free newsletter you can stay-up-to-date on our latest offers, customer events, prize draws and trade shows.
    We use the ‘double opt-in’ process for newsletter subscription, which means that we will only send you a newsletter, if you click the confirmation link in the confirmation email to confirm your subscription. Please note that we need your email address for subscription. You will only receive a personalised newsletter, if you share your personal data when registering as a new customer. We only ask for your title and name to personally address you in the newsletter. You can unsubscribe at any time. You can find a respective unsubscribe link in every newsletter email. Alternatively, you can get in touch with us using the provided contact data.
    By confirming your newsletter subscription, you also agree to the analysis of your newsletter usage behaviour. For the analysis of such usage data, our emails have an embedded tracking pixel to track open rates. A tracking pixel is an image file measuring one pixel by one pixel and creating a link to our website to allow us to analyse data on the usage of the newsletter. Therefore, we use the data entered for newsletter subscription as well as the tracking pixels that are assigned to your email address and linked to a unique ID. This data is combined with data about your use of our website. To make sure the newsletter is displayed correctly, we collect information about the type of device you use to open the newsletter. Based on the links you click and the open rates of the newsletter emails, we can determine which topics you are interested in. The data collected serves to create personal user profiles. In this way, we try to continuously improve our newsletter and to provide you with more individual topics about ROSE Bikes.
    The information collected is stored by the newsletter provider Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany (“Inxmail”) on their server in Germany. The tracking mechanism is not supported when images are disabled in your emails by default. However in this case, the newsletter is not displayed correctly and you may not be able to use all functions. If you manually click on ‘display images’, tracking is supported, unless you have objected to the analysis of usage data. The legal ground for processing personal data is your consent in accordance with Art. 6 Section 1 a) of the EU GDPR. You may object to the analysis of your newsletter usage data in writing at any time. Simply use the contact information provided.

    For our newsletter, we use software from epoq internet services GmbH, Am Rüppurer Schloß 1, 76199 Karlsruhe, Germany („epoq“). With the software from epoq, we are able to offer you targeted and individual product recommendations within the scope of our newsletter. The product recommendations are displayed on the basis of an analysis of previous and current click and purchase behaviour. Provided the information collected is personally identifiable, it can be processed in accordance with Art. 6 Section 1 f) of the EU GDPR based on our justified interest in displaying personalized advertising and conducting market analysis. You can object to this advertisement at any time in the newsletter by clicking on the opt-out link or by sending us a message. As a result of the opt-out, individual product recommendations will no longer be displayed.

    Advertising Mail

    Our customers automatically receive our customer magazine and further offer mailings by post. You may unsubscribe from receiving advertising mail or magazines by phone or in writing. The legal ground for processing personal data is our legitimate interesting pursuant to Art. 6 Section 1 f) of the EU GDPR.

    To unsubscribe (from receiving newsletters, magazines or offer mailings) you can also contact: ROSE Bikes GmbH, 46393 Bocholt or info@rosebikes.com or call 00 800 22 77 55 55.

     

    Product Reviews / Comments

    Once you’ve submitted your order, you will receive an email asking you to write a product review (please note that only reviews related to the product can be published). You will receive this email regardless of whether you have subscribed to our newsletter or not. Please note that these emails comply strictly with the legal regulations of the Protection Against Unfair Competition Act (UC). We will use the provided email address to promote own products you’ve already bought from us. By writing a review or leaving a comment, the data is transferred back to us and stored. We may use your email address to assign a product review, contact you for verification or to react to complaints.
    The product review is published with your first name and the first letter of your last name. By submitting a review and/or a comment you grant ROSE BIKES GmbH a non-exclusive, royalty-free, perpetual and irrevocable right to use, reproduce, modify, adapt, translate, distribute, publish, create derivative works from and publicly display such review and/or comment on- or offline. This means, for example, that ROSE BIKES may publish the comment and use the review for advertising/marketing purposes. Please note that all product reviews are analysed to make sure we can offer you new and even better products.

     

    Customer Surveys

    Thank you for your interest in our survey. As part of the survey, you have the opportunity to answer questions about our products and services. Your answers will be evaluated by us in order to optimise the quality of the services provided by Rose Bikes GmbH. We cannot guarantee complete anonymity of the survey due to the possibility of linking the individual answers with each other or, for example, with your IP address, which is processed when you call up the website with the survey. This means that a connection to your person cannot be completely ruled out. However, we would like to assure you that we do not actively make that kind of connection or plan on doing so. Your details will always be processed confidentially and in accordance with the provisions of the German Data Protection Regulation (DS-GVO/GDPR) and the German Federal Data Protection Act (BDSG). If you have any further questions about the protection of your personal data, you can contact us at any time using the contact details provided.

    I. Processing of your personal data within the framework of our survey
    We use Microsoft Forms to conduct the survey. Microsoft Forms is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA and its agent in the European Union: Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P52) (hereinafter: called Microsoft).

    The survey results are evaluated on the basis of the anonymous responses. Nevertheless, we cannot rule out the possibility that the linking of the personal data listed below will enable a connection to your person:

    • IP address
    • Day and time you tried to reach us (optional)
    • Your age
    • Your personal data, which you voluntarily provide in the context of the question (optional information)
    • Microsoft account details (only if you are logged in with a Microsoft account while completing the survey form. To minimise the risk of establishing a personal connection, we recommend that you log out of your Microsoft account before completing the survey questionnaire.)

    We would like to ask you not to enter any personal data in the free text field of our survey. Personal data of the participants entered in the free text field will not be taken into account by us within the framework of the evaluation.

    For more information on how Microsoft processes your personal data, click here:
    https://privacy.microsoft.com/de-DE/privacystatement#mainnoticetoendusersmodule

    II. Purpose and legal basis for data processing
    1. Your personal data will be processed for the following purposes:
    • Our entrepreneurial interest to optimise the quality of our services and products
    • Our entrepreneurial interest in determining the individual needs as well as the general satisfaction of our customers with our services and products
    • For market research

    2. Legal basis for the data processing:
    Processing on the basis of consent. Your participation in our survey is voluntary. Your data will only be evaluated if you give your express consent in advance. The legal basis in this case is Art. 6 para. 1 sentence 1 lit. a in conjunction with Art. 7 GDPR. For the possible transfer of your personal data to other Microsoft locations in third countries (including the USA), we use Art. 49 (1) lit. a GDPR).

    III. Recipients of your personal data
    Within our company, only those departments and employees will have access to your personal data who need it to fulfil the stated purposes.
    An active transfer of your personal data to a third country or to an international organisation does not take place and is not planned. Please note, however, that Microsoft may process your personal data through the Forms application in countries outside the EU/EEA, such as the USA. In particular, this means that it cannot be ruled out that third parties (such as the responsible regulatory authorities in the USA) could have unrestricted access to your personal data. For the data processing in the USA, there is no cooperation agreement with the European Commission pursuant to Art. 45 GDPR. We have concluded an order processing agreement with Microsoft in accordance with Art. 28 GDPR and appropriate safeguards in the form of EU standard data protection clauses, Art. 46 (2) lit. c GDPR.

    IV. Duration of the storage of your personal data
    We will delete your personal data as soon as the stated purposes for storing it no longer apply. This will be done at the latest with the final evaluation of the results from our survey. Furthermore, we will delete your personal data if you revoke your previously given consent.

     

    Press Portal

    1. Extent of data processing
    On our press portal, we provide press releases and other information and offer users the opportunity to get in touch with us.
    For the hosting of our press portal, we use the following service provider:

    Neovaude GmbH, Hohenzollernstr. 26, 44135 Dortmund, Germany

    2. Legal basis for data processing
    The legal basis for the processing of your data in connection with the use of our corporate presence is Art. 6 para. 1 pg. 1 item f of the GDPR.

    3. Purpose of data processing
    Our press portal serves to inform journalists about our products and services and to offer them the opportunity to get in touch with us.

    4. Duration of storage
    The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

    5. Possibility of objection and removal
    You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 pg. 1 item e or f of the GDPR. 6. Cookies
    Only cookies essential for proper functioning are used for our press portal. The legal basis for the use of these essential cookies is Art. 6 para. 1 pg. 1 item f of the GDPR.

    Responsible for processing

    ROSE Bikes GmbH
    Schersweide 4
    46395 Bocholt
    Germany

    info@rosebikes.com

    Management: Erwin Rose, Stefanie Rose, Thorsten Heckrath-Rose.

    Appointed Data Protection Officer

    DataCo GmbH
    Dachauer Str. 65
    80335 Munich, Germany
    Germany

    Email: datenschutz@dataguard.de
    Phone: +49 (0)89 7400 45840

    Contact information and person responsible for data protection

    If you have questions concerning the collection, processing or use of your personal data, or if you want to provide information, correct, block, delete data or revoke consent, please contact: ROSE Bikes GmbH, Data Protection, Schersweide 4, 46395 Bocholt, phone: +49 2871-275533, email: datenschutz@rosebikes.com or simply click on the "Submit Data Subject Request" button below.

    Use of the Data Subject Request Tool (DSR) for the management of data subject requests

    1. Scope of processing personal data
    We use functionalities of the data protection plug-in „DSR“ of DataCo GmbH, Dachauer Str. 65, 80335, Munich, Bavaria, Germany (hereinafter referred to as: DataCo).

    By using the button „Submit Data Subject Request“, all visitors of our website have the opportunity to make use of their data subject rights. To do so, you specify your relationship to our company, which data subject right you wish to exercise, provide further optional information and, if necessary, identify yourself with further characteristics. The data subject request will then be processed by us.

    The following personal data will be processed by DataCo:

    For further information on the processing of data by DataCo, please click here: https://www.dataguard.com/privacy-policy

    In addition, to ensure technical functionality, logfiles may be forwarded to DataCo GmbH, which include the following:

    2. Purpose of the data processing

    The use of DSR serves to protect the data protection rights of our website visitors. We enable you to make use of your data subject rights and to contact us quickly and easily.

    3. Legal basis for data processing

    The legal basis for the use of the DSR tool and the processing of corresponding data is your declaration of consent in accordance with art. 6 para. 1 s. 1 lit. a GDPR.

    The legal basis for the use of the logfiles is our legitimate interest in ensuring the technical functionality of the tool according to art. 6 para. 1 s. 1 lit. f GDPR.

    4. Duration of storage

    Data will be stored for as long as necessary to fulfil the purposes described in this privacy policy or as required by law.

    5. Objection and removal

    The user has the possibility to revoke the consent to the processing of their personal data or object the processing of logfiles at any time by contacting the data controller by mail or by using the DSR tool.

    Right Of Appeal to the Competent Authority

    You have the right to appeal to the supervisory authority/authorities; e.g. to the
    North Rhine-Westphalia Commissioner for Data Protection and Freedom of Information
    PO Box 20 04 44
    40102 Düsseldorf Germany
    Phone: 0211/38424-0
    Fax: 0211/38424-10
    Email: poststelle@ldi.nrw.de

    Legal Notice

    Terms and Conditions