Data Protection and Privacy Statement: Social Media

We, FOCUS Bikes GmbH, Europa-Allee 26, 49685 Emstek, Germany (“we” or “us”), are providing this data protection and privacy statement to inform you of the processing of your personal data in conjunction with our social media offerings. The term “processing” encompasses the entire process from collection to storage, editing, and/or disclosure through to the erasure of your data (“processing”). “Personal data” means all information relating directly or indirectly to you or other individuals, such as name (profile name), profile picture, e-mail address, etc. 

The social media offerings constitute merely an additional service we provide. We wish to come into contact with you via the platforms that you like to use. Please note that when you use social media services, your personal data are processed not only by us, but also by the operators of the relevant social networks and possibly further third-party companies. This takes place even if you do not yourself have a profile on the relevant social network. FOCUS Bikes also offers interested parties alternative forms of information and communication options, such as the general company website of FOCUS Bikes.

I. Name and contact details of controller; contact details of data protection officer

Unless otherwise stated hereinafter, the controller within the meaning of the EU General Data Protection Regulation (“GDPR”) is:

FOCUS Bikes GmbH

Europa-Allee 26, 49685 Emstek

Germany

e-mail: testrides@focus-bikes.com

You can reach our data protection officer at privacy@pon.com.

II. Meta services (Facebook fan pages, Instagram page)

FOCUS Bikes uses a Facebook fan page (“Facebook page”) and an Instagram presence (“Instagram page”) and, for this purpose, uses the online platforms of Meta Platforms Ireland Ltd. (formerly Facebook Ireland Ltd.), Merrion Road, Dublin 4, D04 X2K5, Ireland (“Meta”); parent company: Meta Platforms, Inc. (formerly: Facebook Inc.), 1 Hacker Way, Menlo Park, CA 94025, USA. 

FOCUS Bikes and Meta Platforms Ireland Ltd. are the controllers responsible for the data processing in conjunction with the aforementioned Meta services, in some cases separately, but in certain areas also jointly within the meaning of Article 4(7) GDPR. For those areas where joint controllership applies, FOCUS Bikes has entered into an agreement with Meta under the law of data protection and privacy concerning joint controllership (the so-called “Page Insights Controller Addendum”). You can access this agreement at: https://www.facebook.com/legal/terms/page_controller_addendum. 

The text below is intended to provide you with information on which personal data are processed by Meta and FOCUS Bikes and how the status of controller for purposes of data protection and privacy law is allocated between Meta and FOCUS Bikes:

1. Data processing by Meta in the case of Meta services (Facebook, Instagram)

If and when you visit Meta services such as Facebook or Instagram, Meta collects information from you on its own responsibility as a controller, as explained in detail in the following Meta documents:

  • Cookie policy

  • Page settings for your own account (where these exist):

Thus, Meta also collects information on how you use Meta services such as our Facebook or Instagram page, including

  • the things you and others do and provide, such as the information and content you provide (e.g., during communication), networks and connections (e.g., information about people, accounts, hashtags), your use (e.g., types of content that you view or with which you interact) and activities of others and information you provide about yourself (e.g., photos, comments, etc.),

  • device information, such as device attributes (e.g., operating system, hardware and software, etc.), processes on the device (e.g., the position of a window, mouse movements, etc.), identifiers (e.g., device IDs), device signals (e.g., Bluetooth, Wi-Fi etc.), data from the device settings (e.g., GPS, camera, photos), network and connections (e.g., name of mobile phone provider, language, time zone, IP address, etc.), and cookie data and

  • information from partners (e.g., advertisers, app developers and publishers, etc.), to the extent that these entities use Meta Business Tools such as social plugins (like the “Like” button), Facebook login, etc.

From the perspective of data protection and privacy law, Meta performs these forms of processing on its own responsibility as a controller in principle. We have included this information here merely to give you a better overall impression of the social media platform and to enhance transparency on the whole with an eye to the processing operations.

2. Joint controllership between Meta and FOCUS Bikes on Facebook pages

In some cases, Meta may also use this information to provide analysis services (“Page Insights”) for operators of Facebook pages, as these entities receive insights into how people interact with their pages and content. Page Insights are aggregated statistics that are created from certain “events” logged by Meta servers when people interact with pages and content. Such events are made up of varying data points such as the following depending on the specific event:

  • An action. This includes actions like the following:

  • Viewing a page, post, video, story or other content associated with a page

  • Interacting with a story

  • Following or unfollowing a page

  • Liking or unliking a page or post

  • Recommending a page in a post or comment

  • Commenting on, sharing or reacting to a page’s post (including the type of reaction)

  • Hiding a page's post or reporting it as spam

  • Hovering over a link to a page or a page's name or profile picture to see a preview of the page's content

  • Clicking on the website button, phone number button, “Get Directions” button or other button on a page

  • Viewing a page’s event, responding to an event including type of reaction, clicking on a link for event tickets

  • Starting a Messenger communication with the page

  • Viewing or clicking on items in a page’s shop

  • Information about the action, the person taking the action, and the browser/app used for it such as the following:

  • Date and time of action

  • Country/city (estimated from IP address or imported from user profile for logged-in users)

  • Language code (from browser’s http header and/or language setting)

  • Age/gender group (from user profile for logged-in users only)

  • Websites previously visited (from browser’s http header)

  • Whether the action was taken from a computer or mobile device (from browser’s user agent or app attributes)

  • Facebook user ID (for logged-in users only)

Meta uses cookies to determine whether you are a logged-in user of Facebook. For information on the use of Facebook cookies by Meta, please see: https://www.facebook.com/policies/cookies/

Joint controllership between Meta and FOCUS Bikes within the meaning of Article 26 GDPR exists to the extent that you visit a FOCUS Bikes Facebook page and trigger the creation of an event for Page Insights for FOCUS Bikes that includes personal data by interacting with the FOCUS Bikes Facebook page or the associated content.

The events that Facebook logs in order to create Page Insights are determined exclusively by Facebook and cannot be influenced by FOCUS Bikes. FOCUS Bikes also has no access to those of your personal data that are processed within the scope of events, but rather only to the aggregated Page Insights. Meta provides the information collected by Meta in this way to us in the form of aggregated, anonymized data that we can use to analyze how users interact with our Facebook pages.

This processing of personal data is subject to the joint controllership agreement between Meta and FOCUS Bikes. You can access the content of this agreement at https://www.facebook.com/legal/terms/page_controller_addendum (“Information about Page Insights”). This text also contains further information on the legal basis and purposes of processing within the scope of the joint controllership. A summary is available here: https://www.facebook.com/legal/terms/information_about_page_insights_data 

This joint controllership expressly does not include other processing operations of Meta, for example to the extent that you visit other Facebook pages or events do not trigger any Page Insights for FOCUS Bikes.

3. Data processing by FOCUS Bikes on Meta services (Facebook pages; Instagram pages)

Within the scope of the operation of the FOCUS Bikes Facebook and Instagram pages, FOCUS Bikes processes personal data for communication and interaction with you for the following purposes: 

  • Dialogue and communication, particularly responses to user comments and/or posts that have been published on our Facebook or Instagram pages, responses to direct messages sent to us via our Facebook or Instagram pages, Facebook Messenger, or other communication channels, and interaction with third parties (sharing the content of third-party pages, liking and tagging these pages); where you have a Facebook or Instagram customer account and communicate with us via this account, we may also use the public information during our communications that you yourself have entered as public information and that Meta provides to us during the communication (such as your name and gender so we can address you personally).

  • User analysis in the case of Instagram (anonymous data only): Via the Insights service, Meta also provides us with anonymized statistical data on the users of our Instagram page. To this end, Meta stores a cookie on your device when you visit our Instagram page. If you are logged in as an Instagram user, this cookie can be associated with your user account. If you use Instagram as a user on multiple devices, data may also be collected and analyzed across devices. Meta provides the information collected by Meta in this way to us in the form of aggregated, anonymized data that we can use to analyze how users interact with our Instagram page. We have no access to the data underlying the analyses. We use the information transmitted to us by Meta in this way to optimize the content and functions of our Instagram page and be able to provide you with content and interest-based ads that are relevant to you without directly becoming aware of your identity as a visitor.

The processing of personal data via our Facebook and Instagram pages by us takes place on the basis of our overriding legitimate interests in effective dialogue with the users of our Facebook pages, for purposes of corporate presentation and communication, for user analysis, and for marketing purposes pursuant to point (f) of Article 6(1)1 GDPR. Our overriding legitimate interests lie in these purposes. We use the information transmitted to us by Meta to optimize the content and functions of our Facebook pages and be able to provide you with content and interest-based ads that are relevant to you without directly becoming aware of your identity as a visitor. Our overriding legitimate interests lie in these purposes.

We do not store your personal data outside the social media accounts, and we store them there only as long as necessary for processing purposes. We erase personal data or restrict the processing thereof as soon as the purpose of processing has been fulfilled or ceases to apply (for example, when an inquiry has been answered on a final basis) unless legal or contractual provisions or the specifications of our articles of association or bylaws require that these data be retained.

4. Disclosure of your data; third-country transfers

The provider of the Facebook and Instagram social networks for European customers is Meta Platforms Ireland Ltd. (formerly: Facebook Ireland Ltd.), which has its registered office within the EU. Meta Platforms Ireland Ltd. is a member of the Meta group of companies. The parent company is Meta Platforms, Inc. (formerly: Facebook Inc.), which has its registered office in the United States.

Meta states that it shares its infrastructure, systems, and technology with other Meta companies (including but not limited to WhatsApp and Oculus). In addition, Meta also shares information worldwide, both internally between the Meta companies and externally with partners and third parties with which you connect via Meta services and with which you share something. For details on these transfers and the categories of recipients, please see Meta’s privacy policy at https://www.facebook.com/privacy/policy in the section titled “How do we transfer information?”

For these purposes, the information controlled by Meta Platforms Ireland Ltd. is also transferred to and stored or otherwise processed in the United States or other third countries. Meta has stated that these data transfers are necessary in order to provide the services outlined in the Facebook terms of service and to operate globally and provide you with the Facebook products. To safeguard the data transfers, Meta relies on decisions, where these exist, by the European Commission in which the Commission recognizes that certain countries and territories outside the European Economic Area (EEA) ensure an adequate level of data protection for personal data (so-called “adequacy decisions”). For example, this applies to data transfers to Argentina, Israel, New Zealand, Switzerland, the United Kingdom, and, to the extent that this decision is applicable, Canada. For data transfers to the United States, Meta Platforms, Inc. has joined the EU-US Data Privacy Framework and bases data transfers to the United States on the corresponding adequacy decision by the European Commission. In other cases, Meta bases the safeguarding of data transfers to third countries outside the EU/EEA on the standard contractual clauses approved by the European Commission or on exceptions provided under applicable law. 

For further information

  • on the safeguarding of global data transfers, please see https://www.facebook.com/privacy/policy/?annotations[0]=9.ex.2-MechanismsWeUseFor&subpage=9.subpage.3-HowDoWeSafeguard;

  • on the use of the standard contractual clauses, please see https://www.facebook.com/help/566994660333381?ref=dp; and

on the existing adequacy decisions by the European Commission, please click here.

III. LinkedIn

FOCUS Bikes uses LinkedIn pages, for which it utilizes the LinkedIn online platforms of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn Company”). FOCUS Bikes and LinkedIn Company are the controllers responsible for the data processing in conjunction with the LinkedIn page, in some cases separately, but in certain areas also jointly within the meaning of Article 4(7) GDPR. For those areas where joint controllership applies, FOCUS Bikes has entered into an agreement with LinkedIn Company concerning joint controllership under the law of data protection and privacy (the so-called “Page Insights Joint Controller Addendum”). You can access this agreement at: https://legal.linkedin.com/pages-joint-controller-addendum.

The text below is intended to provide you with information on which personal data are processed by LinkedIn Company and FOCUS Bikes and how the status of controller for purposes of data protection and privacy law is allocated between LinkedIn Company and FOCUS Bikes:

1. Data processing by LinkedIn Company

When you visit our LinkedIn page, LinkedIn Company performs its own processing operations, over which FOCUS Bikes has no influence. Please note that you use the LinkedIn platform and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., sharing, commenting, etc.).

For information on which data are processed by LinkedIn Company and used for which purposes, please see

Accordingly, LinkedIn Company may process the following information in particular:

  • Data you provide to LinkedIn Company when registering, such as username, password, e-mail address, or phone number 

  • Data you publish in your profile, such as education, professional experience, skills, photo, location or area

  • Data you publish or upload, e.g., if and when you fill out a form or survey on LinkedIn, submit a résumé or CV, or fill out an application; if you import your address book or list of contacts, LinkedIn Company receives your contacts (including contact information automatically added by your service providers or app when you have contacted addresses or numbers that were not already on your list)

  • Third-party contact and calendar information (including employers, higher education institutions or vocational schools), if and when third parties synchronize their contact or calendar data with services, associate their contacts with member profiles, scan and upload business cards, or use LinkedIn services to send messages

  • Usage data if and when, for example, you view or click content or ads, (within or outside our websites and apps), perform a search, install or update one of our mobile apps, share articles or apply for a job; for this purpose, LinkedIn Company uses login data, cookies, device information, and IP addresses to identify you and log your use 

  • Cookies and similar technologies to collect data (e.g., device IDs) to recognize you and your device or devices within and outside of and across various services and devices; LinkedIn Company also allows certain third parties to use cookies

  • Device and location data, such as the URL of the website from which you have accessed the page along with URL of the website to which you navigate next, along with the time of your visit; in addition, information about your network and device (e.g., your IP address, proxy server, operating system, Web browser and add-ons, device ID and functions, cookie IDs and/or Internet or wireless service provider); if you access LinkedIn services from a mobile device, this device transmits data about your location based on your phone settings (depending on the individual settings in your device)

  • Communication data, for example if and when you send or receive messages or interact with messages in conjunction with LinkedIn services

From the perspective of data protection and privacy law, LinkedIn Company performs these forms of processing on its own responsibility as a controller in principle. We have included this information here merely to give you a better overall impression of the social media platform and to enhance transparency on the whole with an eye to the processing operations.

2. Joint controllership between LinkedIn Company and FOCUS Bikes on our LinkedIn page

When you visit our LinkedIn page, follow this page, or engage with the page, LinkedIn Company processes personal data, including to provide us with statistics and insights in anonymized form. This gives us insight into actions that users take on our LinkedIn page (so-called “Page Insights”). To this end, LinkedIn Company processes, in particular, data that you have already provided to LinkedIn Company via the information in your profile, such as data on your professional position, country, and industry, where you work, the size of your company, and your employment status. Beyond that, LinkedIn Company will process information about how you interact with our LinkedIn page, e.g., whether you follow our LinkedIn page. 

FOCUS Bikes does not receive any personal data with the Page Insights, but rather only aggregated data sets. Nor does FOCUS Bikes have any way to trace the information in the Page Insights to individual visitors. 

The processing takes place on the basis of our overriding legitimate interests in effective dialogue with the users of our LinkedIn pages and to improve our corporate presentation and communication in accordance with point (f) of Article 6(1)1 GDPR. We have entered into an agreement with LinkedIn Company regarding the processing of data as joint controllers; this agreement provides for the distribution of the obligations under data protection and privacy law between us and LinkedIn Company. This agreement is accessible at https://legal.linkedin.com/pages-joint-controller-addendum.

3. Data processing by FOCUS Bikes on LinkedIn

In addition, FOCUS Bikes may use the data you have entered with LinkedIn, particularly your username and the content published under your account, to the extent that we share or reply to your posts or also write posts on our own that refer to your account. In this way, the data you freely publish and distribute on LinkedIn are incorporated into our offerings and also made accessible to our followers. Otherwise, FOCUS Bikes processes personal data of the visitors to the LinkedIn account only to the extent necessary to process an inquiry or comment.

The recipient of the data is LinkedIn Company in its capacity as the operator of the social media platform, where the data may be disclosed to third parties for LinkedIn Company’s own purposes and on its responsibility. The recipient of publications is also the public, meaning potentially anyone.

The processing of personal data via our LinkedIn pages takes place on the basis of our overriding legitimate interests in effective dialogue with the users of our LinkedIn pages, for purposes of corporate presentation and communication, and for marketing purposes pursuant to point (f) of Article 6(1)1 GDPR. 

We do not store your personal data outside the social media accounts in principle, and we store them there only as long as necessary for processing purposes.

4. Disclosure of your data; third-country transfers

The provider of the social network LinkedIn for European customers is LinkedIn Ireland Unlimited Company, which has its registered office within the EU. The parent company is LinkedIn Corporation, which has its registered office in the United States. 

LinkedIn has stated that its services require a flow of data from the EU to the United States and back. This means that when you visit our LinkedIn page, your data will also be disclosed to LinkedIn companies outside the EU. To ensure that personal data are protected in the case of such transfers, LinkedIn bases certain data transfers on the standard contractual clauses approved by the European Commission. In addition, LinkedIn Corporation and the U.S. subsidiaries controlled by it are certified under the EU-US Data Privacy Framework. LinkedIn’s participation in the Data Privacy Framework applies to personal data provided by LinkedIn members, customers, and business partners and to personnel data where these personal data originate in the EU/EEA. 

For further information on safeguards for third-country transfers when using LinkedIn, please see https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=en.

IV. TikTok

FOCUS Bikes uses the TikTok platform of TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok”). For the TikTok channel, we have disabled the TikTok analytics function, meaning that TikTok does not provide us with page statistics, nor does the TikTok Analytics Joint Controller Addendum apply.

The text below is intended to provide you with information on which personal data are processed by TikTok and FOCUS Bikes:

1. Data processing by TikTok

When you visit our TikTok channel, TikTok performs its own processing operations, over which FOCUS Bikes has no influence. 

For information on which data are processed by TikTok and used for which purposes, please see the TikTok privacy policy at https://www.tiktok.com/legal/page/eea/privacy-policy/de

According to this information, TikTok may process the following information in particular:

  • Profile information, such as your date of birth, username, e-mail address and/or phone number, and password 

  • User content, such as photographs, videos, audio recordings, livestreams, comments, hashtags, feedback, reviews, and the associated metadata (such as when, where, and by whom the content was created)

  • Direct messages, if you communicate with others using direct messages, and the associated metadata (such as the time the message was sent, received and/or read, as well as the participants in the communication)

  • Your contacts, if you synchronize your contacts, such as names, phone numbers, and e-mail addresses

  • Purchase information, if you make a purchase or payment on or through the platform

  • Data associated with surveys, research, and promotions, if you choose to participate

  • Communication data, if you contact TikTok, including information from forms and functions you use

  • Technical information, such as certain device and network connection information, if you access the platform (such as your device model, operating system, keystroke patterns or rhythms, IP address, and system language, including service-related, diagnostic, and performance information, crash reports and performance logs)

  • Device ID and user ID; if you log in from multiple devices, TikTok uses data such as your device ID and user ID to identify your activity across devices

  • Location information, such as country, state, or city, based on your technical information

  • Usage information, including information about the content you view, the duration and frequency of your use, your engagement with other users, your search history and your settings

  • Content characteristics and features, such as characteristics and features about the videos, images, and audio recordings that are part of your user content, for example, by identifying objects and scenery, the existence or location within an image of a face or other body parts; and the text of words spoken in your user content 

  • Inferred information, such as age group and gender or interests 

  • Cookies and similar tracking technologies, to operate and provide the services 

  • Data from other sources, such as advertising, measurement, and data partners 

From the perspective of data protection and privacy law, TikTok performs these forms of processing on its own responsibility as a controller in principle. We have included this information here merely to give you a better overall impression of the social media platform and to enhance transparency on the whole with an eye to the processing operations.

2. No joint controllership between TikTok and FOCUS Bikes on our TikTok channel

For the TikTok channel, we have disabled the TikTok analytics function, meaning that TikTok does not provide us with page statistics, nor does the TikTok Analytics Joint Controller Addendum apply. Accordingly, we do not process any data with TikTok as joint controllers.

3. Data processing by FOCUS Bikes on TikTok

If you comment on, share, or otherwise interact with a post on our TikTok channel, we process your TikTok user data (such as username and profile picture), the content of your comments, and the associated metadata (such as the date on which you have posted the relevant comment). If you follow our channel, we also process that information. In addition, we may use the data you have entered with TikTok to the extent that we share or reply to your posts or also write posts on our own that refer to your account. In this way, the data you freely publish and distribute on TikTok are incorporated into our offerings and also made accessible to our followers. 

The processing of personal data via our TikTok channel takes place on the basis of our overriding legitimate interests in effective dialogue with users, for purposes of corporate presentation and communication, and for marketing purposes pursuant to point (f) of Article 6(1)1 GDPR. Our interests override yours here, as the TikTok channel is a voluntary additional service offered in addition to our other communication channels and we use this platform to address persons who wish to use the platform.

We do not store your personal data outside the social media accounts in principle, and we store them there only as long as necessary for processing purposes.

4. Disclosure of your data; third-country transfers

The recipient of the data is TikTok Technology Limited in its capacity as the operator of the social media platform, where the data may be disclosed to third parties for TikTok companies’ own purposes and on their responsibility. In the process, personal data are also transferred out of the EU to third countries such as the United States, Malaysia, and Singapore. The recipient of publications is also the public, meaning potentially anyone.

To safeguard the data transfers, TikTok relies on decisions, where these exist, by the European Commission in which the Commission recognizes that certain countries and territories outside the European Economic Area (EEA) ensure an adequate level of data protection for personal data (so-called “adequacy decisions”). In other cases, TikTok bases the safeguarding of the data transfers to third countries outside the EU/EEA on the standard contractual clauses approved by the European Commission. 

For further information on safeguards for third-country transfers when using TikTok, please see https://www.tiktok.com/legal/page/eea/privacy-policy/de.

V. YouTube

FOCUS Bikes uses the YouTube video platform of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”); parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The text below is intended to provide you with information on which personal data are processed by Google and FOCUS Bikes when you use the YouTube channels (“YouTube channel”):

1. Data processing by YouTube

When you visit our YouTube channel, Google performs its own processing operations, over which FOCUS Bikes has no influence. Please note that you use the YouTube platform and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., sharing, commenting, etc.).

For information on which data are processed by Google and used for which purposes, please see: 

According to this information, Google may process the following information in particular:

  • Data that you provide to Google when using Google services (such as name, e-mail address, phone number, etc.)

  • Data that Google collects when its services are used (such as information on apps, browsers, devices, etc.)

  • Data on your activities (such as videos you watch, terms you search for, content and ads that you watch and with which you interact, speech and audio data, etc.)

  • Location information (such as GPS and other transmission data, information on objects near you, etc.)

If you are logged in to YouTube when you visit our YouTube page, Google can associate the visit directly with your user account. Google can use this information to offer you personalized content or ads. If you interact with content on our YouTube page, the relevant information is transferred directly to a Google server and stored there. The information may be published in your user account with Google and displayed to your contacts there. If you do not wish for Google to associate the data collected via our YouTube page directly with your user account, you need to log out of YouTube and may need to clear cookies present on your device before visiting our YouTube page.

From the perspective of data protection and privacy law, Google performs these forms of processing on its own responsibility as a controller in principle. We have included this information here merely to give you a better overall impression of the social media platform and to enhance transparency on the whole with an eye to the processing operations.

2. Data processing by FOCUS Bikes

FOCUS Bikes uses its YouTube channel to provide you with videos about the company and/or its goods and services and to interact with you. Within the scope of operating its YouTube account, FOCUS Bikes processes personal data for the following purposes:

  • Dialogue and communication, particularly responses to user comments published underneath videos and interaction with third parties (sharing the content of third-party pages, liking and tagging these pages); where you have a YouTube account and communicate with us via this account, we also use the public information during our communications that you yourself have entered as public information and that Google provides to us during the communication (such as your name and gender so we can address you personally). You can influence the processing of your data to a significant degree yourself; to do this, simply click this link when logged in to your YouTube account: https://myaccount.google.com.

  • User analysis in the case of YouTube (anonymous data only): YouTube provides us with anonymized statistical data on the visitors to our YouTube page (so-called “analytics”). This information serves for us to be able to better analyze our page and/or adapt it to your needs and interests. YouTube itself processes these data in a further manner; for more detailed information about this, please see the Google privacy policy at the following link: https://policies.google.com/privacy?hl=de&gl=de.

The processing of personal data via our YouTube channel takes place on the basis of our legitimate interests in effective dialogue with users of our YouTube channel, for purposes of corporate presentation and communication, and for marketing purposes pursuant to point (f) of Article 6(1)1 GDPR. Our overriding legitimate interests lie in these purposes. We use the information transmitted to us by Google to optimize the content and functions of our YouTube account and be able to provide you with content that is relevant to you without becoming aware of your identity as a visitor. 

We do not store your personal data outside the social media accounts, and we store them there only as long as necessary for processing purposes.

3. Disclosure of your data; third-country transfers

The provider of YouTube for European customers is Google Ireland Limited, which has its registered office within the EU. Google Ireland Limited is a part of the Google group of companies. The parent company is Google LLC, which has its registered office in the United States. However, Google states that it operates servers all over the world. Therefore, it is not impossible that your data may also be processed on servers outside the EU/EEA. This applies, in particular, to transfers of data to the U.S. parent company, Google LLC, which has its registered office in the United States. For details on the overall conditions that apply to data transfers, please see Google’s privacy policy at https://policies.google.com/privacy/frameworks?hl=de.

Google states that it bases possible transfers to third countries on adequacy decisions by the European Commission. Google bases transfers of data to the United States on the EU-US Data Privacy Framework. Google also relies on the standard contractual clauses as needed. A copy of the standard contractual clauses can be requested from Google at https://support.google.com/policies/troubleshooter/7575787?hl=de.

For further information

  • on Google’s use of mechanisms to safeguard transfers between the EU/EEA and third countries, please see https://policies.google.com/privacy/frameworks?hl=de

  • on the existing adequacy decisions by the European Commission, please click https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en?prefLang=de

VI. Pinterest

FOCUS Bikes uses the online bulletin board platform Pinterest of Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”); parent company: Pinterest, Inc., 651 Brannan St., San Francisco, CA 94107, USA. The text below is intended to provide you with information on which personal data are processed by Pinterest and FOCUS Bikes when you use the virtual bulletin board for graphics and photographs (“Pinterest page”):

1. Data processing by Pinterest

If you use Pinterest, Pinterest collects information from you on its own responsibility as explained in detail in the following Pinterest documents. Please note that you use the Pinterest platform and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., sharing, commenting, etc.).

According to this information, Pinterest may process the following information in particular:

  • Account data (such as name, e-mail address, date of birth, gender, language)

  • Content that you provide (such as pins, photos, comments) 

  • Location data (such as exact location, where activated within the device accessing Pinterest)

  • Communication data (such as contact data, messages)

  • Device and log data that Pinterest collects during the use of the services (such as type of device, IP address, log data)

  • Cookies and similar technologies (e.g., to store language settings and create log files)

  • Usage data and inferences (such as which pins you click on, which terms you search for, boards you create, and text that you write in a comment or description) and other data that you have provided when registering, along with data from partners and advertisers to generate inferences concerning you and your preferences 

  • User decisions (such as settings that you have adjusted for things like privacy or notifications)

If you are logged in to Pinterest when you visit our Pinterest page, Pinterest can associate the visit directly with your user account. Pinterest can use this information to offer you personalized content or ads. If you interact with content on our Pinterest page, the relevant information is transferred directly to Pinterest and stored there. The information may be published in your user account with Pinterest and displayed to your contacts there. If you do not wish for Pinterest to associate the data collected via our Pinterest page directly with your user account, you need to log out of Pinterest and may need to clear cookies present on your device before visiting our Pinterest page.

From the perspective of data protection and privacy law, Pinterest performs these forms of processing on its own responsibility as a controller in principle. We have included this information here merely to give you a better overall impression of the social media platform and to enhance transparency on the whole with an eye to the processing operations.

2. Data processing by FOCUS Bikes

FOCUS Bikes uses its Pinterest page to provide you with content on an online board and to interact with you. Within the scope of operating its Pinterest page, FOCUS Bikes processes personal data for the following purposes:

  • Dialogue and communication, particularly responses to user comments and/or posts that have been published on our Pinterest pages, responses to direct messages sent to us via our Pinterest pages or other communication channels; where you have a Pinterest customer account and communicate with us via this account, we may also use the public information during our communications that you yourself have entered as public information and that Pinterest provides to us during the communication (such as your name and gender so we can address you personally).

  • User analysis in the case of Pinterest (anonymous data only): Via the “Audience Insights” or “Pinterest Analytics” service, Pinterest also provides us with anonymized statistical data on the users of our Pinterest page. To this end, Pinterest stores, among other things, a cookie on your device when you visit our Pinterest page. If you are logged in as a Pinterest user, this cookie can be associated with your user account. If you visit Pinterest as a user on multiple devices, data may also be collected and analyzed across devices. Pinterest provides the information collected by Pinterest in this way to us in the form of aggregated, anonymized data that we can use to analyze how users interact with our Pinterest page (such as which categories have been viewed, what the age distribution and gender of the target group is, what devices were used). We have no access to the data underlying the analyses. We use the information transmitted to us by Pinterest in this way to optimize the content and functions of our Pinterest page and be able to provide you with content and interest-based ads that are relevant to you without directly becoming aware of your identity as a visitor.

The processing of personal data via our Pinterest pages by us takes place on the basis of our overriding legitimate interests in effective dialogue with the users of our Pinterest pages, for purposes of corporate presentation and communication, for user analysis, and for marketing purposes pursuant to point (f) of Article 6(1)1 GDPR. We use the information transmitted to us by Pinterest to optimize the content and functions of our Pinterest pages and be able to provide you with content and interest-based ads that are relevant to you without directly becoming aware of your identity as a visitor. Our overriding legitimate interests lie in these purposes.

We do not store your personal data outside the social media accounts, and we store them there only as long as necessary for processing purposes. Pinterest states that your public profile and boards on Pinterest are removed immediately and your personal data are erased if you delete your account.

3. Disclosure of your data; third-country transfers

The provider of Pinterest for European customers is Pinterest Europe Limited, which has its registered office within the EU. Pinterest Europe Limited is a part of the Pinterest group of companies. The parent company is Pinterest Inc., which has its registered office in the United States. Pinterest states that it is a worldwide service in whose case data are transferred to areas outside the user’s home country when the service is used. Therefore, it is not impossible that your data may also be processed on servers outside the EU/EEA. This applies, in particular, to transfers of data to the U.S. parent company, Pinterest Inc., which has its registered office in the United States.

Pinterest states that it bases transfers to third countries on adequacy decisions by the European Commission. Pinterest bases transfers of data to the United States on the EU-US Data Privacy Framework. Where necessary, Pinterest also bases its actions on the standard contractual clauses or approvals granted in isolated instances under data protection and privacy law. You can request the adequacy decisions or standard contractual clauses from Pinterest directly at https://policy.pinterest.com/de/privacy-policy#section-contact-us

For further information on the safeguards used, please see https://policy.pinterest.com/de/privacy-policy#section-transferring-your-information.

VII. Komoot

FOCUS Bikes uses the Komoot platform of komoot GmbH, Friedrich-Wilhelm-Boelcke-Straße 2, 14473 Potsdam (“Komoot”). The text below is intended to provide you with information on which personal data are processed by Komoot and FOCUS Bikes when the platform is used:

1. Data processing by Komoot

If you use the Komoot platform, Komoot collects information from you on its own responsibility as explained in detail in the following Komoot documents. Please note that you use the Komoot platform and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., sharing, commenting, etc.).

According to this information, Komoot may process the following information in particular:

  • Log files, such as browser type and version, operating system used, IP address, etc.

  • Registration data, such as e-mail address, username and password, and information provided voluntarily, like photos

  • Registration data for a Facebook or Apple account where login takes place via these services

  • Data in the case of use of community functions such as comments, highlights, etc.

  • Location data via live tracking if this function is used for a trip recording

From the perspective of data protection and privacy law, Komoot performs these forms of processing on its own responsibility as a controller in principle. We have included this information here merely to give you a better overall impression of the social media platform and to enhance transparency on the whole with an eye to the processing operations.

2. Data processing by FOCUS Bikes

Our Komoot page offers you the ability to interact with our posts and trips, especially commenting on them. If you follow our Komoot page, this is shared with other Komoot users. The same applies if we follow you. Please note that depending on your privacy settings, we – like all other users – may be able to access the information stored in your profile (such as pictures, movement profiles, etc.). 

We base the processing of personal data on our Komoot page on our overriding legitimate interests in effective dialogue with our community, for purposes of corporate presentation and communication, and for marketing purposes pursuant to point (f) of Article 6(1)1 GDPR. Our Komoot page is also intended to give you a simple, easy way to share your training and/or activity data.

We do not store your personal data outside the social media accounts, and we store them there only as long as necessary for processing purposes. Komoot states that it may take up to 30 days before your personal data and backups have been erased from the Komoot platform if you delete your Komoot account.

3. Disclosure of your data; third-country transfers

The provider of the Komoot platform is komoot GmbH, Friedrich-Wilhelm-Boelcke-Straße 2, 14473 Potsdam, to which data are transferred when the website is accessed.

VIII. Strava

FOCUS Bikes uses the Strava platform of Strava, Inc. 208 Utah Street, San Francisco, CA 94103, USA (“Strava”). The text below is intended to provide you with information on which personal data are processed by Strava and FOCUS Bikes when the platform is used:

1. Data processing by Strava

If you use the Strava platform, Strava collects information from you on its own responsibility as explained in detail in the following Strava documents. Please note that you use the Strava platform and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., sharing, commenting, etc.).

According to this information, Strava may process the following information in particular:

  • Account, profile, activity and usage information such as name, e-mail address, date of birth, gender, weight, username and password

  • Profile, activity and usage information if you share a photo, video, post, or activity (including date, time and geo-location information as well as your speed and pace and perceived exertion)

  • Contact information (if provided)

  • Location information when you sign up for or use the services

  • Shared content such as photos, videos, posts, comments, kudos, ratings, reviews, critiques, and other content

  • Connected devices and apps, such as watches

  • Health information such as that inferred from heart rate or other measurements, including performance, cadence, and weight or other indicators

  • Payment information such as credit card or other payment details

  • Third-party accounts, for example with Meta, Google, or Apple, where you access Strava via these accounts

  • Technical information and log files, such as device and network information, cookies, log files, and analytics information. 

From the perspective of data protection and privacy law, Strava performs these forms of processing on its own responsibility as a controller in principle. We have included this information here merely to give you a better overall impression of the social media platform and to enhance transparency on the whole with an eye to the processing operations.

2. Data processing by FOCUS Bikes

Our FOCUS Bikes Strava club offers you the option to interact with our posts, particularly commenting on them. If you join our Strava club, your activities will also be shared with other club members. This gives you a chance to be ranked in our lists of the best athletes. In this case, your performance data (such as profile name, distance, number of bike trips, altitude gain, average speed) are shared on the publicly visible Strava club board. Please note that depending on your privacy settings, we – like all other users – may be able to access the information stored in your profile (such as pictures, movement profiles, etc.). 

We base the processing of personal data in our Strava club on our overriding legitimate interests in effective dialogue with our virtual club members, for purposes of corporate presentation and communication, and for marketing purposes pursuant to point (f) of Article 6(1)1 GDPR. Our Strava club is also intended to give you a simple, easy way to share your training and/or activity data.

We do not store your personal data outside the social media accounts, and we store them there only as long as necessary for processing purposes. Strava states that it may take up to 45 days before your personal data and system logs have been erased from the Strava platform if you delete your Strava account.

3. Disclosure of your data; third-country transfers

The provider of Strava is Strava, Inc. 208 Utah Street, San Francisco, CA 94103, which has its registered office in the United States. Data transfers to the United States are thus also associated with the use of the Platform.

Strava uses legal mechanisms such as standard contractual clauses to safeguard the data transfers in order to ensure that the transfer of data complies with applicable laws.

For further information on the safeguards used, please see https://www.strava.com/legal/privacy#full_policy.

IX. Recipients of personal data; transfers between the EU and third countries

1. Disclosure of data within the Pon group of companies

FOCUS Bikes GmbH belongs to Pon Holding B.V. and its affiliates and subsidiaries (“Pon”). Certain departments within Pon, such as marketing and IT, work together. As a result, it is possible that your personal data may be shared worldwide with the other business group companies or other Pon corporate units and/or transferred to them. For a listing, including the locations of our business operations and our partner companies, please visit http://www.pon.com/nl-nl/our-business/bedrijven. Where it is necessary to transfer your personal data to perform a contract, we base the transfer thereof on point (b) of Article 6(1)1 GDPR. This is the case, for example, where we cannot perform a purchase or service agreement except with the participation of another company or you directly utilize a service from such company. In all other respects, we base the possible transfer on our overriding legitimate interests (point (f) of Article 6(1)1 GDPR) in procedures involving division of labor within a group of affiliated companies and with partner companies. 

It is also possible for FOCUS Bikes GmbH or Pon to carry out a restructuring or merger or otherwise sell or spin off a company (or part of a company) to another business. If such company is an affiliate of FOCUS Bikes, such a transfer of ownership may also encompass the transfer of your personal data to the new owner and its consultants or advisors. We base such data processing on our overriding legitimate interests (point (f) of Article 6(1)1 GDPR), in this case meaning our interest in cost-effective restructuring of individual companies.

2. Data transfers to service providers

FOCUS Bikes utilizes the HubSpot CRM system of service provider HubSpot Germany GmbH (“HubSpot”) as a central customer management system. We use HubSpot to manage customer data and for customer communications. We have agreed with HubSpot that the data are permitted to be hosted in Germany (Frankfurt am Main) and that as a basic principle, they are also only permitted to be processed in the EU. However, aside from hosting, there may also be individual cases in which data are transferred to countries outside the EU (including the United States), for example in the area of customer and product development support, security and abuse prevention, and the use of sub-service providers. In these cases, a transfer from the EU to third countries is safeguarded through the use of suitable measures within the meaning of Articles 44 et seqq. GDPR. We have entered into the current standard contractual clauses with HubSpot. We are happy to send you a copy of the data protection agreement upon request. HubSpot is also subject to the EU-US Data Privacy Framework. In addition, HubSpot has taken further measures to adequately safeguard a third country transfer in the individual case. 

We may also share your personal data with other service providers so that they can perform services on behalf of FOCUS Bikes GmbH. These may be services in the areas of website hosting, data analysis, payment processing, order processing, infrastructure services, customer service, or communication, among others. FOCUS Bikes GmbH may also share your personal data with third parties so that the latter can send you advertising information in accordance with the preferences you have entered. FOCUS Bikes GmbH requires these external third parties to process and protect your personal data with care and enters into processing agreements with them where required.

3. Data transfers to courts, other government agencies, and other parties to legal disputes

Your data are not disclosed to courts, supervisory authorities, law enforcement agencies, or other parties to legal disputes except within the scope of the statutory provisions, where we are under a legal obligation of disclosure or can invoke our overriding legitimate interests (such as our interest in the assertion, exercise, or defense of legal claims, prevention or investigation of criminal offenses, or to ensure the security of our data processing systems). In these cases, the legal bases for data transfers are, depending on the individual case, point (c) (compliance with legal obligations) or point (f) (safeguarding legitimate interests) of Article 6(1)1 GDPR.

4. Transfers between the EU/EEA and third countries

Where personal data are processed in a third country outside the EU, a comparable level of data protection is ensured through appropriate safeguards in accordance with Articles 44 et seqq. GDPR. As a general rule, you receive further information on this within the individual sections of this data protection and privacy statement.

In all other respects, the following applies: We base our practices on decisions, where these exist, by the European Commission in which the Commission recognizes that certain countries and territories outside the EU/EEA ensure an adequate level of data protection for personal data (so-called “adequacy decisions”). At present, for example, this applies to data transfers to Argentina, Israel, New Zealand, Switzerland, the United Kingdom, and, to the extent that this decision is applicable, Canada. For transfers of data to the United States, we base our practices on the EU-US Data Privacy Framework where the data recipient has joined this framework. In other cases, we base the safeguarding of data transfers to third countries outside the EU/EEA on the standard contractual clauses approved by the European Commission (see point (c) of Article 46(2) GDPR) or on exceptions provided under applicable law.

If you wish to request a copy of one of our safeguards, please write to us using the contact details mentioned in Sec. I.

X. Your rights

1. General rights as a data subject

You have the following rights toward us with regard to the personal data concerning you:

  • Right of access to information: You can request information on whether we process personal data concerning you. If this is the case, you have the right of access to information concerning these personal data and the right to further information associated with the processing (see Article 15 GDPR). 

  • Right to rectification: In the event that personal data concerning you are not (or no longer) accurate or are incomplete, you can request rectification and, where applicable, completion of these data (see Article 16 GDPR).

  • Right to erasure or restriction: If the statutory prerequisites are met, you can request the erasure of your personal data (see Article 17 GDPR) or the restriction of processing of these data (Article 18 GDPR), for example if the processing of these personal data is no longer necessary for the purposes for which we collected them.

  • Right to data portability: Under certain conditions, you have the right to receive the personal data concerning you that you have provided to us in a certain format or to have these data transferred to another controller (see Article 20 GDPR).

Certain legal prerequisites must be met in order to exercise your rights as enumerated above. if you have any questions, please feel free to contact us using the contact details mentioned in Sec. I.

2. Right to Object (Article 21 GDPR)

You also have the right to object at any time to our processing of your personal data, specifically: 

  • in the case of direct marketing, at any time; and 

  • in all other cases on grounds relating to your particular situation, where we process your personal data for the purposes of our legitimate interests on the basis of point (f) of Article 6(1)1 GDPR (Article 21(1) and (2) GDPR). 

Where you have filed an objection, we will discontinue processing of your personal data for direct marketing in all cases and data processing for other reasons as a general rule unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or the processing serves for the assertion, exercise, or defense of legal claims.

3. Complaint with a supervisory authority

You can lodge a complaint regarding our processing of your personal data with a data protection authority, particularly in the EU Member State of your habitual residence, place of work or place of the alleged infringement of applicable data protection and privacy laws (see Article 77 GDPR).

4. Particularities in the case of Meta

Where data processing in connection with Meta services (Facebook or Instagram pages) is concerned, you can also use the form provided by Meta at https://m.facebook.com/help/contact/1994830130782319?_rdr

In the case of rights of data subjects in conjunction with the use of Facebook fan pages, it is expedient to address requests for access to information and assert other rights of data subjects directly toward Meta to the extent that these concern processing undertaken in a joint controllership role (see above). As the operator of the social network, Meta alone has the ability to access the necessary information and is able to take the relevant measures to accommodate your rights as a data subject and to provide information. If necessary, we will, of course, assist you with this. You are also welcome to contact us for this. Our contact details are set out in Sec. I.

In particular, pursuant to our contractual arrangements with Meta, Meta is the controller responsible for the processing of personal data for the “Insights” service. In this context, Meta has undertaken to assume all obligations under the GDPR, particularly those associated with notifying data subjects and accommodating the rights of data subjects (Articles 15 through 21 GDPR). Meta uses various online forms for the individual rights of data subjects (access to information, objection, portability, etc.), which can be accessed at https://www.facebook.com/legal/terms/information_about_page_insights_data (see the section titled “Responsibility for your information used to create Page Insights”).

Meta also takes suitable technical and organizational measures pursuant to Article 32 GDPR to ensure the security of processing. Further information on these measures is available at https://www.facebook.com/legal/terms/page_controller_addendum (Annex: Security).

In addition, Meta and FOCUS Bikes have agreed that the Irish Data Protection Commission is the lead supervisory authority monitoring the processing of data for Page Insights (see above). This means you also have the right to lodge a complaint with the Irish Data Protection Commission (see https://www.dataprotection.ie/).

5. Particularities in the case of LinkedIn

In the case of rights of data subjects in conjunction with the use of LinkedIn, it is expedient to address requests for access to information and assert other rights of data subjects directly toward LinkedIn Company to the extent that these concern processing undertaken in a joint controllership role (see above). As the operator of the social network, LinkedIn Company has the ability to access the necessary information and is able to take the relevant measures to accommodate your rights as a data subject and to provide information. You can assert your rights as a data subject within your account or via the following form: https://www.linkedin.com/help/linkedin/solve.

If necessary, we will, of course, assist you with this. You are also welcome to contact us for this. Our contact details are set out in Sec. I.

In particular, pursuant to our contractual arrangements with LinkedIn Company, LinkedIn Company is the controller responsible for the processing of personal data for the “Page Insights” service. In this context, LinkedIn Company has undertaken to assume all obligations under the GDPR, particularly those associated with notifying data subjects and accommodating the rights of data subjects (Articles 12 through 22 GDPR). 

LinkedIn Company also takes suitable technical and organizational measures pursuant to Article 32 GDPR to ensure the security of processing. Further information on these measures is available at https://security.linkedin.com/.

In addition, LinkedIn Company and FOCUS Bikes have agreed that the Irish Data Protection Commission is the lead supervisory authority monitoring the processing of data for LinkedIn as a joint controller (see above). This means you also have the right to lodge a complaint with the Irish Data Protection Commission (see https://www.dataprotection.ie/).

XI. Adjustments to this data protection and privacy statement

We will revise this data protection and privacy statement from time to time to adjust it to reflect the state of the art or changes in overall legal conditions. We therefore recommend that you check back regularly to see whether there have been any changes to this page.

Last updated: June 2024