Privacy policy

With this privacy policy, we inform you about the processing of personal data in connection with the use of these Services and our social media channels.

If you are redirected to other websites via a link, the privacy policy of the respective website operator applies. We recommend that you inform yourself about the handling of personal data on the respective website. We know that the protection of your data is important to you and appreciate the trust placed in us.

BiciTalks strictly adheres to the legal provisions of the applicable data protection law when collecting, processing, and using your data

Overview

  1. Who is responsible for the data processing and whom can I contact?
  2. What sources and data do we use?
  3. For what purpose and on what legal basis do we process your data?
  4. Cookies, Data Tracking Processes
  5. Friendly Captcha
  6. Email marketing
  7. Data Processing via Social Media
  8. Who gets my data?
  9. How long will my data be stored?
  10. Is any data transferred to a third country or to an international organisation?
  11. What data protection rights do I have?
  12. Is there an obligation to provide data?
  13. To what extent is there automated decision making in individual cases?
  14. Data security
  15. Availability of the data protection provisions

1. Who is responsible for the data processing and whom can I contact?

Controller of your personal data within the meaning of Art. 4 (7) of the European General Data Protection Regulation (“GDPR”) is:

Eduardo Puente
Leipziger Platz 1
10117 Berlin
Germany

Email: e.puente@sciopslab.com

2. What sources and data do we use?

2.1 Visiting our Services

When you visit our Services, your device automatically sends information to our server. This information is temporarily stored in a so-called log file. The following information is collected and stored until it is automatically deleted: IP address of the requesting device; date and time of access; Information about your device (the operating system of your device, the app version as well as the name of your access provider), and in addition, when you call up the services via a browser: name and URL of the accessed file; website from which access is made (“referrer URL”); if applicable, the search engine you used; the browser used.

The mentioned data will be processed by us for the following purposes:

  • ensuring a functioning connection to the Services,
  • ensuring comfortable use of the Services,
  • billing,
  • statistical evaluation using a pseudonym in order to optimize our website as well as the quality and range of our offers,
  • evaluation of system security and stability, and
  • for other administrative purposes.

The legal basis for data processing is Art. 6 (1) (b) GDPR, insofar as data processing is required for the provision of the Services or billing purposes. Apart from this, the processing is based on Art. 6 (1) (f) GDPR. Our legitimate interests follow from the purposes listed above for data collection. The log files are deleted after the end of the respective browser session, unless their further storage is required for the above- mentioned purposes.

2.2 Using our Services

In addition, we process personal data that we receive from you in the course of our business relationship. The legal basis for this is Art. 6 (1) (b) GDPR.

For example, we process personal data if you provide it to us when registering as a subscriptor of BiciTalks.

BiciTalks requires the following data for the execution and processing of the subscription offered in BiciTalks: Title, full name, email address, address (billing address, phone number, bank details or credit card data. When registering as a subscriptor of BiciTalks, you must also choose a password to allow future access to the subscriptor area without having to re-enter your personal data. With the registration, a subscriptor account is set up in which the subscriptor's data is stored for further visits in BiciTalks. You can access, correct and delete the data stored there at any time.

We process personal data in accordance with the provisions of the GDPR and the German Federal Data Protection Act (Bundesdatenschutzgesetz – “BDSG”):

3.1 For the performance of contracts and pre-contractual measures (Art. 6 (1) (b) GDPR)

The processing of personal data (Art. 4 (2) GDPR) takes place for the provision of the subscription services offered via our Services, for billing, implementation of pre-contractual measures and for answering your inquiries in connection with our business relationship.

3.2 For legitimate interests (Art. 6 (1) (f) GDPR)

If necessary, we process your data beyond the actual fulfilment of the contract to protect the legitimate interests of us or third parties, for example in the following cases:

  • answering your questions outside of a contract or pre-contractual measures;
  • operation and optimization of the Services;
  • enforcement of legal claims and defence in legal disputes;
  • ensuring our IT security and IT operations;
  • prevention and investigation of criminal offences.

If you have given us your consent to process personal data for specific purposes, this processing is lawful on the basis of your consent. You can withdraw your consent at any time. Please note that the withdrawal will only take effect for the future. The lawfulness of our processing based on your consent which took place before the withdrawal is not affected.

In addition, we are subject to various legal obligations. The purposes of the processing include, inter alia, the fulfilment of retention periods under commercial and tax law.

4. Cookies, Data Tracking Processes

4.1 Websites, technically necessary cookies

The few cookies we use are technically necessary to enable you to use our websites and the services offered on it (e.g. secure login) (“session cookies”). Our legitimate interest in data processing lies in these purposes; the legal basis is Art. 6 (1) (f) GDPR. The data will not be combined with other personal data and will not be used for advertising purposes. Session cookies are deleted after the end of the respective browser session.

6. Email marketing

6.1 Newsletter

If you have expressly consented according to Art. 6 (1) (a) GDPR, we use your email address to inform you in our email newsletter about us, in particular about our concerts. Your consent is recorded and can be called up at any time under “Account” in BiciTalks.com.

To receive the newsletter, it is sufficient to provide an email address.

You can unsubscribe at any time, for example via the link at the end of each email. Alternatively, you may send your request to unsubscribe by email to e.puente@sciopslab.com at any time. In this case your email address will be deleted from our email distribution list and added to our blacklist. The withdrawal of your consent will only take effect for the future. The lawfulness of any processing based on your consent carried out before the withdrawal is not affected by this.

6.1.1 Newsletter tracking

Please note that we evaluate the behavior of the recipients of our emails using usage statistics. For this purpose, the emails contain so-called web beacons or tracking pixels and links, which are each linked with an individual ID. Thus we record the time of opening and forwarding the email as well as the clicking of the links contained therein, the IP address (to determine the country of retrieval) and the email program used. The evaluation is based on usage statistics (delivery rate, opening rate, click rate, number of redirects, number of clicks on the links contained in the email, email programs used, openings and clicks by time of day and date, country of retrieval), that we can associate with your email address. The evaluation of usage behavior serves to check the success of our email marketing and to constantly improve it. The legal basis is Art. 6 (1) (a) GDPR. You can withdraw your consent to the evaluation at any time by unsubscribing from the newsletter (e.g. via the link at the end of each email); an isolated withdrawal of your consent only against the evaluation is (currently) not possible for technical reasons. We store your usage data until you withdraw your consent.

6.1.2 Dispatch and evaluation by Mailgun

We use the external service provider Mail­gun Tech­nologies Inc, 112­ E. Peca­n Stre­et #113­5, San­ Anto­nio, Texa­s, 7820­5 USA (“Mailgun”) as a processor within the meaning of Art. 28 GDPR for the dispatch and the evaluation of emails. The transmission of your information to the USA, a third country outside the EU, is covered by appropriate guarantees within the meaning of Art. 46 GDPR, because we have concluded a data processing agreement with Mailgun including the EU standard contractual clauses.

The service provider processes your data only according to our instructions and for the purposes stated in this privacy policy. A transfer to other third parties only takes place with your consent (Art. 6 (1) (a) GDPR) or where we are legally obliged (Art. 6 (1) (c) GDPR). Within AlveoTalks, only those departments and individuals will have access to your data that need it to carry out email marketing.

7. Data Processing via Social Media

We are represented on several social media platforms with a profile. This is a way for us to provider further opportunities for information and communication. We have profiles on the following social media platforms:

  • Facebook
  • Instagram
  • Twitter

When you visit or interact with a profile on a social media platform, personal data about you may be processed. Information associated with a social media profile in use also regularly constitutes personal data. This also covers messages and statements made while using the profile. In addition, during your visit to a social media profile, certain information is often automatically collected about it, which may also constitute personal data.

7.1 Visit of a Social Media Site

7.1.1 Facebook

For the Facebook information service offered here, we use the technical platform and services of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland.

Please be aware that you use this Facebook page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).

When you visit our Facebook page, Facebook collects, among other things, your IP address and other information that is stored on your device in the form of cookies. This information is used to provide us, as operators of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more detailed information on this at the following link: https://facebook.com/help/pages/insights.

The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. Facebook describes in general terms what information it receives and how it is used in its data usage guidelines. There you will also find information on how to contact Facebook and on the settings for advertisements. The data usage guidelines are available at the following link: https://facebook.com/about/privacy.

Facebook's full data policies can be found here: https://facebook.com/full_data_use_policy.

In what way Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties is not conclusively and clearly stated by Facebook and is not known to us.

When you access a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymised (for "German" IP addresses). Facebook also stores information about the devices of its users (e.g. as part of the "login notification" function); this may enable Facebook to assign IP addresses to individual users.

If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is stored on your device. This enables Facebook to track that you have visited this page and how you have used it. This also applies to all other Facebook pages. Facebook buttons embedded in websites enable Facebook to record your visits to these websites and assign them to your Facebook profile. This data can be used to offer content or advertising tailored to you.

If you wish to avoid this, you should log out of Facebook or deactivate the "stay logged in" function, delete the cookies present on your device and close and restart your browser. This will delete Facebook information that can be used to directly identify you. This allows you to use our Facebook page without revealing your Facebook identifier. When you access interactive features of the page (Like, Comment, Share, Message, etc.), a Facebook login screen will appear. Once you have logged in, you will again be recognisable to Facebook as a specific user.

Information on how to manage or delete information about you can be found on the following Facebook support pages: https://facebook.com/about/privacy. As the provider of the information service, we also collect and process the data mentioned in section 7.2 from your use of our service.

You can find the current version of this data protection declaration under the item "Data protection" on our Facebook page.

If you have any questions about our information service, you can contact us using the contact details listed in section 1.

Facebook provides us with anonymised statistics and insights for our Facebook page, which we use to gain knowledge about the types of actions people take on our page (so- called "Page Insights"). These Page Insights are created based on certain information about individuals who have visited our Facebook Page. This processing of personal data is carried out by Facebook and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our Facebook page and to improve our Facebook page based on these insights. The legal basis for this processing is Art. 6 (1) (f) GDPR. We cannot assign the information obtained via Page Insights to individual Facebook profiles that interact with our Facebook page. We have entered into a joint controller agreement with Facebook, which sets out the distribution of data protection obligations between us and Facebook. Details of the processing of personal data to create Page Insights and the agreement entered into between us and Facebook can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data and https://www.facebook.com/legal/terms/page_controller_addendum. In relation to these data processing operations, you have the possibility to assert your data subject rights (see section 11 "What data protection rights do I have?") also against Facebook. Further information on this can be found in Facebook's privacy policy at https://www.facebook.com/privacy/explanation.

7.1.2 Instagram

For the Instagram information service offered here, we use the technical platform and services of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland.

We would like to point out that you use this Instagram page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).

When you visit our Instagram page, Instagram collects, among other things, your IP address and other information that is present on your device in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. Instagram provides more detailed information on this at the following link: https://help.instagram.com/788388387972460.

The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. Instagram describes in general terms what information it receives and how it is used in its data usage guidelines. There you will also find information on how to contact Instagram and on the setting options for advertisements. You can find Instagram's complete data guidelines here: https://help.instagram.com/519522125107875.

In what way Instagram uses the data from the visit of Instagram pages for its own purposes, to what extent activities on the Instagram page are assigned to individual users, how long Instagram stores this data and whether data from a visit to the Instagram page is passed on to third parties, is not conclusively and clearly stated by Instagram and is not known to us.

When you access an Instagram page, the IP address assigned to your device is transmitted to Instagram. According to Instagram, this IP address is anonymised (for "German" IP addresses). Instagram also stores information about the end devices of its users (e.g. as part of the "login notification" function); this may enable Instagram to assign IP addresses to individual users.

If you are currently logged in to Instagram as a user, a cookie with your Instagram ID is located on your device. This enables Instagram to track that you have visited this page and how you have used it. This also applies to all other Instagram pages. Via Instagram buttons embedded in websites, it is possible for Instagram to record your visits to these websites and assign them to your Instagram profile. Based on this data, content or advertising can be offered tailored to you.

If you want to avoid this, you should log out of Instagram or deactivate the "stay logged in" function, delete the cookies present on your device and close and restart your browser. This will delete Instagram information that can directly identify you. This allows you to use our Instagram page without revealing your Instagram identifier. When you access interactive features of the page (like, comment, share, message, etc.), an Instagram login screen will appear. After any login, you will again be recognisable to Instagram as a specific user.

Information on how to manage or delete information about you can be found on the following Instagram support pages: https://help.instagram.com/519522125107875.

As the provider of the information service, we also collect and process the data mentioned in section 7.2 from your use of our service.

If you have any questions about our information service, you can contact us using the contact details listed in section 1.

Instagram provides us with anonymised statistics and insights for our Instagram page, which we use to gain insights into the types of actions people take on our page (so-called "Page Insights"). These Page Insights are created based on certain information about individuals who have visited our Instagram page. This processing of personal data is carried out by Facebook Ireland Ltd and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our Instagram page and to improve our Instagram page based on these insights. The legal basis for this processing is Art. 6 (1) (f) GDPR. We cannot assign the information obtained via Page Insights to individual Instagram profiles that interact with our Instagram page. We have entered into a joint controller agreement with Facebook Ireland Ltd. which sets out the allocation of data protection obligations between us and Facebook Ireland Ltd. Details of the processing of personal data to create Page Insights and the agreement entered into between us and Facebook Ireland Ltd. can be found at https://www.facebook.com/legal/terms/page_controller_addendum. In relation to these data processing operations, you may also exercise your data subject rights (see section 11 "What data protection rights do I have?") against Facebook Ireland Ltd. Further information on this can be found in Instagram's privacy policy at https://help.instagram.com/519522125107875.

7.1.3 Twitter

Twitter Inc. (USA) or Twitter International Company (Ireland) is the sole responsible party for the processing of personal data when you visit our Twitter profile. Further information about the processing of personal data by Twitter can be found at https://twitter.com/privacy.

7.2 Processing of data you provide to us via our social media pages

We also process information that you have provided to us via our profile on the respective social media platform. Such information may be the username used, contact details or a message to us. We regularly process this personal data only if you have expressly provided us with this information. These processing operations are carried out by us as the sole data controller. We process this data on the basis of our legitimate interest in contacting enquirers. The legal basis for the data processing is Art. 6 (1) (f) GDPR or Art. 6 (1) (b) GDPR if it concerns pre-contractual measures or enquiries in connection with our business relationship.

8. Who gets my data?

Owners of the BiciTalks website get access to your data that need it in order to fulfil our contractual and legal obligations.

Processors (Art. 28 GDPR) may receive data for the purposes mentioned in this privacy policy. These are companies in the categories of IT services, telecommunications, sales and marketing.

We share your personal data with third parties if this is necessary to fulfil an existing contractual relationship between you and BiciTalks or to implement pre-contractual measures (Art. 6 (1) (b) GDPR) or for the purposes of legitimate interests (Art. 6 (1) (f) GDPR).

We only share such information as is required by the respective service provider to perform the task assigned to him. The service provider undertakes to treat the data confidentially in accordance with this data protection declaration and the relevant data protection laws and not to pass it on to third parties.

In addition, your personal data will be disclosed or transmitted if required to do so by law (Art. 8 (1) (c) GDPR) or if you have given your consent (Art. 6 (1) (a) GDPR).

Under these conditions, recipients of personal data may be, for example:

  • Subcontractors (e.g. mail order companies) used by BiciTalks to provide the services offered via the website.
  • Banks for the collection of fees.
  • Public authorities and institutions in the event of a legal obligation or official order.

9. How long will my data be stored?

If necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and processing of a contract. It should be noted that our business relationship is a continuing obligation which – until termination of your registration on our website – is intended for years.

Finally, the storage period also depends on the statutory limitation periods, which, for example, according to Sec. 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch – “BGB”), are generally three years long, but can, in certain cases, also be up to thirty years.

After expiry of the storage and documentation obligations and the relevant limitation periods, we delete the data.

Log files and cookies are deleted after expiry of the above-mentioned storage periods.

10. Is any data transferred to a third country or to an international organisation?

Data is transferred to third countries (countries outside the European Economic Area (EEA)) if this is necessary or legally required for the execution of contracts or if you have given us your consent. We will separately inform you about details if required by law. In addition, the data processors in third countries mentioned in this Privacy Policy (e.g. Campaign Monitor) have access to your data.

11. What data protection rights do I have?

You have the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to limitation of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR). The restrictions according to Sec. 34 and 35 BDSG apply to the right of access and the right of cancellation. You also have the right to object to data processing by us (Art. 21 GDPR). If our processing of your personal data is based on consent (Art. 6 (1) (a) GDPR), you can withdraw this at any time; the legality of data processing based on the consent until withdrawal remains unaffected by this.

To assert all these rights and for further questions on the subject of personal data, please contact e.puente@sciopslab.com at any time.

Regardless of this, you have the right to file a complaint with a supervisory authority – in particular in the EU Member State where you are staying, working or allegedly infringed – if you believe that the processing of personal data concerning you violates the GDPR or other applicable data protection laws (Art. 77 GDPR, Sec. 19 BDSG).

12. Is there an obligation to provide data?

In the context of our business relationship you only have to provide the personal data which is necessary for the establishment, execution and termination of a business relationship or which we are legally obliged to collect. Without this data we will usually have to refuse the conclusion of the contract or the execution of the order or we will no longer be able to execute an existing contract and may have to terminate it. Mandatory information is marked as such in our Services.

13. To what extent is there automated decision making in individual cases?

We do not use fully automated decision making according to Art. 22 GDPR for the establishment and implementation of a business relationship. Should we use these procedures in individual cases, we will inform you separately, where required by law.

14. Data security

We take a variety of security measures to adequately protect personal data to an appropriate extent.

All customer information is stored on secure servers that are protected from access from other networks by a software firewall. Only those who need information to process a specific request or order have access to the data.

Insofar as we collect personal data on our pages, the transmission is encrypted using the industry standard Secure Socket Layer (“SSL”) technology. This applies to all particularly sensitive data such as credit card numbers and account information.

Last updated: 24 June 2024