1. Databehandlingsansvarlig
Den databehandlingsansvarlige er CYBEX Retail GmbH med registrert kontor i Bayreuth. Våre kontaktopplysninger er som følger:
CYBEX Retail GmbH
Riedingerstrasse 18
95448 Bayreuth
Tyskland
e-post: service.no@cybex-online.com
Kontaktinformasjonen til vårt personvernombud finner du på slutten av disse retningslinjene for personvern.
2. Begreper og definisjoner
«Personopplysninger» betyr all informasjon relatert til en identifisert eller identifiserbar fysisk person, heretter også kalt «registrert»; en identifiserbar fysisk person er én som kan identifiseres, direkte eller indirekte, spesielt med henvisning til en identifikator som navn, et identifikasjonsnummer, lokasjonsdata, en online-identifikator eller til én eller flere faktorer som er spesifikke for fysisk, fysiologisk, genetisk, mental, økonomisk, kulturell eller sosial identitet av den fysiske personen.
Eksempler på personopplysninger inkluderer datamaskinens IP-adresse, ditt virkelige navn, din postadresse, ditt telefonnummer og din fødselsdato. Personopplysninger omtales også som «opplysninger» heri nedenfor.
3. Kategorier av opplysninger vi behandler
I det følgende ønsker vi å informere deg om hvilke opplysninger vi behandler når du besøker våre nettsider, bestiller varer i vår CYBEX nettbutikk eller bruker andre funksjoner på våre nettsider og tilhørende mobilapplikasjoner.
3.1. Behandling av tilgangsopplysninger knyttet til besøket på våre nettsider
Hvis du kun får tilgang til våre nettsider uten å legge inn en bestilling i vår CYBEX nettbutikk, lagrer vi kun tilgangsopplysninger som dato og tidspunkt for besøket ditt, nettsiden du besøker oss fra, din nettlesers innstillinger for type og språk, nettsidene du besøker på nettstedet vårt, mengden opplysninger som overføres og den forespørrende leverandøren.
3.2. Opplysninger oppgitt til oss av deg
Innenfor omfanget av bestillingen din i CYBEX nettbutikk, når du oppretter en kundekonto, når du abonnerer på vårt nyhetsbrev eller kontakter oss, behandler vi opplysningene oppgitt til oss av deg. Det relevante opplysningsinndataskjemaet vil vanligvis angi hvilken type opplysninger som er involvert. Spesifikt gjelder dette:
- kontaktopplysninger som tittel, ditt navn, e-postadresse og postadresse, samt telefonnummeret ditt der det er aktuelt;
- bestillingsopplysninger som beskrivelsen av varene du har bestilt;
- betalingsopplysninger som betalingsmetoden du har valgt og (der det er aktuelt, pseudonymisert) dine kredittkortdetaljer.
3.3. Opplysninger vi mottar om deg fra tredjeparter
I den grad det er nødvendig for oss og der det er tillatt i henhold til gjeldende datavernlover, kan vi innhente opplysninger om deg fra tredjeparter. Dette skjer spesielt innenfor rammen av en kredittvurdering hvis du velger betalingsmetoden «Faktura». Ytterligere informasjon finnes nedenfor i disse retningslinjene for personvern.
3.4. Informasjonskapsler
Vi bruker informasjonskapsler, teknisk informasjon som lagres på en brukers datamaskin, for å gjøre det mer attraktivt for deg å besøke våre nettsider, for å gjøre det mulig for deg å legge inn en bestilling i vår CYBEX nettbutikk eller for å bruke andre funksjoner. Informasjonskapsler lar oss spesielt tilpasse nettsidene våre til brukerens behov ved å innhente statistisk informasjon om brukeratferd.
Noen av informasjonskapslene vi bruker slettes etter slutten av den respektive nettleserøkten, dvs. etter at brukeren lukker nettleseren («øktinformasjonskapsler»). Andre informasjonskapsler vil forbli på brukerens enhet og gjøre det mulig for oss å gjenkjenne nettleseren ved brukerens neste nettstedstilgang («vedvarende informasjonskapsler»).
Ytterligere informasjon om informasjonskapsler og lignende teknologier som brukes av oss finnes nedenfor i disse retningslinjene for personvern og her i vårt samtykkeverktøy for informasjonskapsler, som også lar deg endre dine preferanser for informasjonskapsler når som helst. Avhengig av dine valgte innstillinger, kan enkelte av funksjonene på nettsidene våre være begrenset.
4. Rettslig grunnlag for behandling av opplysninger
Til enhver tid behandler vi opplysningene dine i samsvar med relevant lovgivning og kun i den grad det er tillatt av en gjeldende juridisk bestemmelse. Avhengig av det respektive formålet med behandlingen av opplysninger (som forklart i avsn. 5), kan behandlingen av dine opplysninger være basert på følgende juridiske prinsipper:
- Samtykke (GDPR artikkel 6 (1) (a), artikkel 7): Vi behandler kun visse opplysninger hvis du har gitt oss ditt uttrykkelige og frivillige samtykke til å gjøre det. Du kan når som helst trekke tilbake ditt samtykke med virkning for fremtiden.
- Gjennomføring av en kontrakt eller pre-kontraktuelle tiltak (GDPR artikkel 6 (1) (b)): Vi behandler visse opplysninger der dette er nødvendig for å oppfylle en kontrakt (f.eks. når du bestiller varer fra oss) eller for å ta skritt på din forespørsel før du inngår en kontrakt (f.eks. når du gjør en forespørsel om ett av våre produkter).
- Overholdelse av juridiske forpliktelser (GDPR artikkel 6 (1) (c)): Vi må behandle noen av dine opplysninger for å overholde våre egne juridiske forpliktelser, for eksempel for å overholde skatteforpliktelser.
- Beskyttelse av vitale interesser (GDPR artikkel 6 (1) (d)): Vi behandler visse opplysninger i tilfeller der behandling er nødvendig for å beskytte dine eller en annen fysisk persons vitale interesser.
- Beskyttelse av legitime interesser (GDPR artikkel 6 (1) (f)): Vi behandler visse opplysninger i tilfeller der behandling er nødvendig for å beskytte legitime interesser som vi eller en tredjepart etterstreber, med mindre slike interesser overstyres av dine interesser som krever beskyttelse av personopplysninger.
5. Formål med behandlingen av opplysninger
Vi behandler opplysningene dine for følgende formål:
5.1. Levering av våre nettsteder
Når vi behandler tilgangsopplysninger som en del av besøket ditt på våre nettsider, gjøres dette for å sikre problemfri drift av nettsidene og for å forbedre våre tilbud og tjenester, spesielt vår CYBEX nettbutikk.
Det juridiske grunnlaget for denne behandlingen av opplysninger er GDPR artikkel 6 (1) (b), da behandlingen er nødvendig for å sikre funksjonaliteten til nettsidene våre og for å levere innholdet riktig. I tillegg tjener opplysningene til å optimalisere våre nettsteder og sikre sikkerheten til våre IT-systemer. I denne sammenheng er behandlingen av opplysninger basert på GDPR artikkel 6 (1) (f).
5.2. Kontakt
Hvis du kontakter oss via telefon, e-post eller via et elektronisk skjema, behandler vi opplysningene du har oppgitt basert på GDPR artikkel 6 (1) (b) i den grad det er nødvendig for å behandle forespørselen din og for å kunne bevise at du har kontaktet oss i samsvar med juridiske krav.
5.3. Kontraktsrelatert behandling av opplysninger
Kundekonto: Hvis du registrerer deg som kunde i vår CYBEX nettbutikk, behandler vi opplysningene du har oppgitt på grunnlag av GDPR artikkel 6 (1) (b). Dette er nødvendig for å etablere og administrere kundekontoen din, og er derfor nødvendig for å oppfylle kontraktens bruk eller for å ta skritt på din forespørsel før du inngår en kontrakt.
CYBEX Club-medlemsprogram: Hvis du registrerer deg for deltakelse i CYBEX Club-medlemsprogrammet (CYBEX Club) ved å åpne en medlemskonto, vil vi behandle opplysningene du oppgir eller som oppstår i løpet av din bruk av CYBEX Club på grunnlag av Personvernforordningens Artikkel 6 (1) (b) som del av kontoåpningsprosessen og deretter under din deltakelse i CYBEX Club. Dette er nødvendig for å opprette og administrere medlemskontoen din, for å kredittere CYBEX Club-poengene dine og for å gi deg fordeler tilgjengelige i CYBEX Club og tjener således implementeringen av førkontraktuelle tiltak og oppfyllelsen av brukskontrakten.
Gjestebestilling: Hvis du legger inn en bestilling som gjest, trenger du ikke å registrere deg som kunde før du legger inn en bestilling, men du må legge inn opplysningene dine på nytt for hver påfølgende bestilling. Vi behandler opplysningene du har oppgitt som en del av en gjestebestilling på grunnlag av GDPR artikkel 6 (1) (b) med det formål å utføre bestillingen din, inkludert levering av de bestilte varene og din evne til å overvåke bestillingen og leveringsstatusen.
Utførelse av bestillingen din som registrert kunde: Hvis du har registrert deg som kunde i vår CYBEX nettbutikk og legger inn en bestilling for varer, behandler vi opplysningene oppgitt av deg som en del av bestillingen eller tilgjengelig i din kundekonto på grunnlag av GDPR artikkel 6 (1) (b) med det formål å utføre bestillingen din, inkludert levering av de bestilte varene og din evne til å overvåke bestillingen og leveringsstatusen.
Nyhetsbrev: Hvis du registrerer deg for å motta nyhetsbrevet vårt ved hjelp av den relevante funksjonen, behandler vi opplysningene du har oppgitt for dette formålet, eller opplysningene som er tilgjengelige på kundekontoen din, som et minimum e-postadressen din, for å sende deg nyhetsbrev via e-post fra tid til annen. Det juridiske grunnlaget for denne behandlingen av opplysninger er samtykket du har gitt når du registrerer deg for nyhetsbrevet vårt (GDPR artikkel 6 (1) (a), artikkel 7).
5.4. Kundestøtte og kundeservice
Under eller etter din bestilling i vår CYBEX nettbutikk kan vi kontakte deg via kontaktinformasjonen du har oppgitt, hvor dette bør være nødvendig for å eliminere eventuelle avvik i din bestilling, for å komme med forslag til å optimalisere din bestilling eller på grunn av viktig informasjon i forbindelse med eller etter din bestilling. Det juridiske grunnlaget for denne behandlingen av opplysninger er, som en del av utførelsen av kontrakten, GDPR artikkel 6 (1) (b), for øvrig enten GDPR artikkel 6 (1) (d) eller 6 (1) (f), avhengig av interessene som er involvert.
Du kan når som helst motsette deg behandlingen av dine opplysninger for slike formål. Vi vil da avstå fra videre behandling for slike formål.
5.5. Direkte annonsering etter kjøp av varer
Hvis du har kjøpt varer i vår CYBEX nettbutikk, kan vi sende deg informasjon om våre egne lignende varer til e-postadressen eller postadressen du har oppgitt. Det juridiske grunnlaget for denne behandlingen av opplysninger er GDPR artikkel 6 (1) (f), fordi annonsering av relaterte produkter ved hjelp av direkte annonsering representerer en legitim interesse for oss. Grunnlaget for direkte annonsering via e-post er i tillegg markedsføringspraksislovens avsnitt 15.
Du kan når som helst protestere mot behandlingen av opplysningene dine for direkte markedsføring. Vi vil da avstå fra videre behandling for slike formål.
5.6. Forlatt handlekurv, varer på ønskelisten
Hvis du har foretatt et kjøp i vår CYBEX-nettbutikk, er medlem av vår CYBEX Club eller har godtatt å motta markedsførings-e-poster, vil du motta e-poster som informerer deg om produktene du har lagt til i handlekurven og ikke har kjøpt, eller om produkter du har lagt til en ønskeliste. Det rettslige grunnlaget for denne databehandlingen er art. 6 para. 1 s. 1 lit. b GDPR for å gi fordelene som er tilgjengelige for deg i CYBEX Club; eller samtykke gitt i henhold til art. 6 para. 1 s. 1 lit. en GDPR; eller art. 6 para. 1 s. 1 lit. f GDPR, fordi annonsering av relaterte produkter i form av direkte annonsering representerer en legitim interesse for oss. Grunnlaget for direktereklame via e-post er i tillegg § 7 (3) i den tyske loven om urettferdig konkurranse.
Du kan når som helst motsette deg behandlingen av dine opplysninger for slike formål. Vi vil da avstå fra videre behandling for slike formål.
5.7. Kundetilfredshetsundersøkelser
Hvis du har foretatt et kjøp i vår CYBEX-nettbutikk, kontaktet vår kundeservice, er medlem av vår CYBEX Club eller har godtatt å motta markedsførings-e-poster, vil du motta invitasjoner til å delta i undersøkelser. Det rettslige grunnlaget for denne databehandlingen er art. 6 para. 1 s. 1 lit. b GDPR for å gi fordelene som er tilgjengelige for deg i CYBEX Club; eller samtykke gitt i henhold til art. 6 para. 1 s. 1 lit. en GDPR; eller legitim interesse etter art. 6 para. 1 s. 1 lit. f GDPR for å sikre kundetilfredshet og forbedre kvaliteten på tjenestene våre.
Du kan når som helst motsette deg behandlingen av dine opplysninger for slike formål. Vi vil da avstå fra videre behandling for slike formål.
5.8. Markedsføring, nettanalyse og sosiale medier
Vi bruker informasjonskapsler og lignende teknologier (som f.eks. tagger eller piksler) for markedsførings- og analyseformål, for å gjøre besøk på våre nettsteder så vel som din bestilling i vår CYBEX nettbutikk attraktivt for deg og for å gjøre det mulig for deg å bruke visse funksjoner. Det juridiske grunnlaget for dette er ditt samtykke (GDPR artikkel 6 (1) (a), artikkel 7) eller beskyttelsen av våre legitime interesser (GDPR artikkel 6 (1) (f)).
Detaljert informasjon om alle informasjonskapsler og lignende teknologier finnes her i vårt verktøy for samtykke til informasjonskapsler, som også lar deg endre dine preferanser for informasjonskapsler når som helst og til å tilbakekalle ditt samtykke til bruk av informasjonskapsler med virkning for fremtiden. Avhengig av dine valgte innstillinger, kan enkelte av funksjonene på nettsidene våre være begrenset.
6. Nettanalyse fra Google Analytics
Google Analytics er en tjeneste for nettanalyse fra Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). Google Analytics analysere bruken av nettstedet for å gjøre enkelte funksjoner, tilbud og brukeropplevelsen bedre. Hele tiden. Med den statistiske evalueringen av brukeratferd gjør vi tjenester bedre på nett så de forblir attraktive for deg som en bruker.
Når du besøker nettsiden registreres blant annet følgende opplysninger:
- Nettsider du har hatt tilgang til
- Oppfyllelse av såkalte «mål for nettsted» (f.eks. forespørsler om kontaktopplysninger og registreringer for nyhetsbrev).
- Hva du bedriver på våre nettsider (for eksempel klikk, rulling og tid med stillstand)
- Hva som er omtrentlige geografiske plassering for deg (land og by)
- Hva slags IP-adresse du har (i forkortet form, slik at ingen klar tildeling er mulig)
- Tekniske opplysninger fra deg, som nettleser, internettleverandør, enhet for terminal og skjermoppløsning
- Kilde for opprinnelse til ditt besøk (dvs. via hvilket nettsted eller hvilket annonsemedium du kom til oss)
Opplysningen fra informasjonskapselen om hvordan du bruker dette nettstedet overføres vanligvis til en server fra Google i USA, og den lagres også der. Disse informasjonskapslene inneholder en tilfeldig generert bruker-ID som du kan gjenkjenne på fremtidige besøk av nettstedet. Fordi IP-adressene er anonyme på disse nettstedene blir IP-adressen fra deg likevel forkortet på forhånd av Google. Det skjer innad i medlemsland av Den europeiske union eller i andre kontraherende land som deltar i avtalen om Det europeiske økonomiske samarbeidsområdet. Bare i eksepsjonelle tilfeller blir hele IP-adressen overført til en server fra Google i USA, og den forkortes også der.
Sier du nei til at vi innsamling av opplysninger, forhindrer du at det skjer når du én gang installerer nettleserens miniprogram for å deaktivere Google Analytics (https://tools.google.com/dlpage/gaoptout?hl=) eller trekker tilbake samtykket via Verktøy for administrasjon av samtykke.
Da Googles hovedkvarter er i USA, kan vi ikke utelukke at opplysningene også behandles i USA. Vi har inngått en avtale om databehandling (DPA) med Google. EUs standard kontraktsklausuler er en del av denne avtalen. Vi gir deg tilgang til disse klausulene for standard kontrakt etter forespørsel.
For mer informasjon om Google Analytics, går du til Googles retningslinjer for personvern: https://policies.google.com/privacy?hl=en.
7. Bruk av Google Maps
På dette nettstedet bruker vi Google Maps-tjenesten, spesielt for å la deg søke etter forhandlere og planlegge ruten. Google Maps driftes av Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (heretter «Google»). Dette gjør at vi kan vise interaktive kart direkte på nettstedet, og lar deg bruke kartfunksjonen på en praktisk måte. Du finner mer informasjon om Googles databehandling i personvernerklæringen til Google: https://policies.google.com/privacy. Der kan du også endre beskyttelsesinnstillinger for personopplysninger i senteret for databeskyttelse.
Detaljerte instruksjoner om hvordan du administrerer egne data i forbindelse med Google-produkter finner du her: https://www.dataliberation.org
Når du besøker nettstedet, mottar Google informasjon om at du har gått inn på den korresponderende nettsiden på nettstedet vårt. Dette skjer uansett om Google tilbyr en brukerkonto som du er logget inn på eller om det ikke finnes en brukerkonto. Hvis du er logget inn på Google, vil data tildeles kontoen din direkte.
Hvis du ikke vil ha tildelingen i Google-profilen din, må du logge ut av Google før du aktiverer knappen. Google lagrer dataene dine som bruksprofiler og bruker dem til reklameformål, markedsanalyser og/eller etterspørselsorientert utforming av nettstedene deres. En slik evaluering utføres spesielt (også for brukere som ikke er logget inn) for å tilby behovsbasert reklame og for å informere andre brukere av det sosiale nettverket om dine aktiviteter på nettstedet vårt. Du har rett til å motsette deg at slike brukerprofiler opprettes, og du må kontakte Google for å utøve denne rettigheten.
Det finnes en anbefalt løsning som sikrer at brukerdata kun sendes til Google når brukeren aktivt har klikket på kartet eller en lenke.
Siden personopplysninger kun kan overføres til Google etter at brukeren har gitt sitt samtykke, har vi implementert en såkalt «to klikk»-løsning. Dette sørger teknisk sett for at nettstedet kun sender data til Google når brukeren aktivt klikker på kartet eller en lenke.
Tilbaketrekking av samtykke:
Det er ingen alternativer for enkel avregistrering eller blokkering av dataoverføring som tilbys av leverandøren for øyeblikket. Hvis du vil forhindre at aktiviteten din på nettstedet blir sporet, må du trekke tilbake samtykket for den korresponderende kategorien for informasjonskapsler eller alle teknisk unødvendige informasjonskapsler og dataoverføringer. Dette gjør du i verktøyet for samtykke til informasjonskapsler. I så fall vil du imidlertid ikke kunne bruke nettstedet vårt, eller kun i en begrenset grad.
8. Bruk av Google Tag Manager
Vi bruker hjelpetjenesten Google Tag Manager levert av Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For det europeiske området er selskapet Google Ireland Ltd (leverandør av tjenesten), Gordon House, Barrow Street, Dublin 4, Ireland, ansvarlig for alle Google-tjenester.
Vi legger inn taggene («kodebiter») eller skriptene vi trenger på nettstedet vårt via Google Tag Manager, og administrerer dem ved hjelp av verktøyet. Dette lar for eksempel sporingsverktøy vi benytter på nettstedet vårt, og som krever samtykke, bli lastet inn av Tag Manager.
Hvis Tag Manager er lastet, blir brukerens IP-adresse lagret på Googles servere. Google Tag Manager selv behandler kun personopplysninger for teknisk nødvendige formål. Disse dataene kan samles inn og lagres av individuelt integrerte sporingsverktøy, slik at dataene dine kan overføres til leverandøren av det respektive verktøyet. Google Tag Manager selv har ikke tilgang til disse dataene. Les våre tekster om databeskyttelse for de individuelle verktøyene vi bruker på nettstedet vårt.
Du finner mer informasjon om databehandling av Google i Googles personvernerklæring: https://policies.google.com/privacy?hl=en-US.
Vi har inngått en databehandleravtale med Google Ireland Ltd som mottaker av dine data, i henhold til personvernforordningens paragraf 28.
For mer informasjon, se: https://business.safety.google/adsprocessorterms/. Hvis du vil vite mer om Google Tag Manager, les ofte stilte spørsmål på: https://support.google.com/tagmanager/?hl=en#topic=3441530.
Databehandling i USA som et tredjeland kan finne sted. For å sikre nivået av databeskyttelse har Google inngått EUs standard kontraktsklausuler. Du finner mer informasjon om de standard kontraktsklausulene hos Google her: https://policies.google.com/privacy/frameworks?hl=en.
Se vår kobling til verktøyet for samtykke til informasjonskapsler i kapittel 3.4 for lagringsperioden for informasjonskapslene.
Tilbaketrekking av samtykke:
Du kan når som helst trekke tilbake ditt samtykke med virkning for fremtiden. For å utøve tilbakekallingen din kan du deaktivere samtykket ditt for tilsvarende kategori av informasjonskapsler eller alle teknisk unødvendige informasjonskapsler og dataoverføringer her i verktøyet for samtykke til informasjonskapsler. I så fall vil du imidlertid ikke kunne bruke nettstedet vårt, eller kun i en begrenset grad.
9. Bruk av Google reCAPTCHA V3
Vi bruker reCAPTCHA V3-tjenesten til Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA på nettstedet vårt. For det europeiske området er selskapet Google Ireland Ltd (leverandør av tjenesten), Gordon House, Barrow Street, Dublin 4, Ireland, ansvarlig for alle Google-tjenester.
Ved å bruke reCAPTCHA kan vi etter datainntasting på nettstedet vårt (f.eks. i et kontaktskjema), avgjøre om du er et menneske, en robot eller annen spamprogramvare. Brukerens adferdsmønster blir analysert i bakgrunnen og tillagt en captcha-poengsum.
Formålet med bruken av verktøyet er å sikte tilgjengeligheten til nettstedet vårt ved å hindre maskiner eller skadelig programvare i å kommunisere med oss.
Under et besøk på nettstedet samler Google reCAPTCHA V3 følgende personopplysninger ved hjelp av informasjonskapsler:
- Google-informasjonskapsler som allerede er installert, tidligere interaksjoner med nettleseren, antall musebevegelser og tastaturtrykk, varighet på besøket
- IP-adresse, besøksdato, henvisnings-URL, nettleserens programtillegg, nettleser- eller språkinnstillinger eller plassering av brukerenheten, et komplett skjermbilde av nettleservinduet, og operativsystem.
Hvis du er logget inn på din Google-konto når du bruker Google reCAPTCHA-programtillegget, vil personopplysningene bli slått sammen. Du kan hindre dette ved å logge ut av Google-kontoen din før du besøker nettstedet vårt.
Du finner mer informasjon om Googles databehandling i Googles personvernerklæring: https://policies.google.com/privacy?hl=en-US. Hvis du vil vite mer om Google reCAPTCHA, se ofte stilte spørsmål på: https://developers.google.com/recaptcha?hl=en.
Vi har inngått en databehandleravtale med Google Ireland Ltd som mottaker av dine data, i henhold til personvernforordningens paragraf 28. For mer informasjon, se: https://business.safety.google/adsprocessorterms/.
Databehandling i USA som et tredjeland kan finne sted. For å sikre nivået av databeskyttelse har Google inngått EUs standard kontraktsklausuler. Du finner mer informasjon om de standard kontraktsklausulene hos Google her: https://policies.google.com/privacy/frameworks?hl=en.
Se vår kobling til verktøyet for samtykke til informasjonskapsler i kapittel 3.4 for lagringsperioden for informasjonskapslene.
Tilbaketrekking av samtykke:
Du kan når som helst trekke tilbake ditt samtykke med virkning for fremtiden. For å utøve tilbakekallingen din kan du deaktivere samtykket ditt for tilsvarende kategori av informasjonskapsler eller alle teknisk unødvendige informasjonskapsler og dataoverføringer her i verktøyet for samtykke til informasjonskapsler. I så fall vil du imidlertid ikke kunne bruke nettstedet vårt, eller kun i en begrenset grad.
10. Bruk av Google Fonts
Vi bruker den gratis Google Fonts-tjenesten til Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA på nettstedet vårt. For det europeiske området er selskapet Google Ireland Ltd (leverandør av tjenesten), Gordon House, Barrow Street, Dublin 4, Ireland, ansvarlig for alle Google-tjenester.
Vi bruker Google Fonts for å vise skrifttyper på nettstedet vårt. Vi har lastet ned de Google-skrifttypene vi ønsker og lagret dem på vår egen server eller nettlager. Det opprettes dermed ingen forbindelse til Googles server, og ingen opplysninger overføres til Google.
Se vår kobling til verktøyet for samtykke til informasjonskapsler i kapittel 3.4 for lagringsperioden for informasjonskapslene.
1. Data controller
The controller for data processing is CYBEX Retail GmbH with registered office in Bayreuth. Our contact details are as follows:
CYBEX Retail GmbH
Riedingerstraße 18
95448 Bayreuth
Germany
E-mail: service.no@cybex-online.com
The contact details of our Data Protection Officer can be found at the end of this Privacy Policy.
2. Terms and definitions
“Personal data” means any information relating to an identified or identifiable natural person, hereinafter also referred to as “data subject”; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Examples of personal data include your computer’s IP address, your real name, your postal address, your telephone number and your date of birth. Personal data are also referred to as “data” hereinbelow.
3. Categories of data we are processing
In the following we would like to inform you which data we are processing when you visit our web pages, order goods in our CYBEX Online Shop or use other functions of our web pages and associated mobile applications.
3.1. Processing of access data relating to the visit of our web pages
If you only access our web pages without placing an order in our CYBEX Online Shop, we only store access data such as date and time of your visit, the website from which you visit us, your browser’s type and language settings, the web pages you visit on our website, the amount of data transferred and the requesting provider.
3.2. Data provided to us by you
Within the scope of your order in the CYBEX Online Shop, when creating a customer account, when subscribing to our newsletter or contacting us, we process the data provided to us by you. The relevant data input form will usually indicate the type of data involved. In particular, this relates to:
- contact details such as title, your name, e-mail address and postal address, and your telephone number where applicable;
- order data such as the description of the goods you have ordered;
- payment data such as the payment method you have selected and (where applicable, pseudonymised) your credit card details.
3.3. Data that we receive about you from third parties
To the extent necessary for us and where permissible under applicable data protection laws, we may collect data about you from third parties. This occurs in particular within the scope of a credit assessment if you select the “Invoice” payment method. Additional information is found further below in this Privacy Policy.
3.4. Cookies
We use “cookies”, technical information that is stored on a user's computer, to make it more attractive for you to visit our web pages, to enable you to place an order in our CYBEX Online Shop or to use other functions. Cookies allow us in particular to adapt our web pages to user needs by collecting statistical information about user behaviour.
Some of the cookies we use are deleted after the end of the respective browser session, i.e., after the user closes the browser (“session cookies”). Other cookies will remain on the user's device and enable us to recognise the browser upon the user's next site access (“persistent cookies”).
Additional information on cookies and similar technologies used by us is found further below in this Privacy Policy and here in our cookie consent tool, which also allows you to change your cookie preferences at any time. Depending on your selected settings, some functionalities of our web pages may be limited.
4. Legal basis for data processing
At all times we process your data in accordance with the relevant legislation and only to the extent permitted by an applicable legal provision. Depending on the respective purpose of the data processing (as explained in sec. 5), the processing of your data may be based on the following legal principles:
- Consent (Article 6 (1) (a), Article 7 GDPR): We only process certain data if you have given us your express and voluntary consent to do so. You may revoke your consent at any time with effect for the future.
- Performance of a contract or pre-contractual measures (Article 6 (1) (b) GDPR): We process certain data where this is necessary for the performance of a contract (e.g., when you order goods from us) or in order to take steps at your request prior to entering into a contract (e.g., when you make an enquiry about one of our products).
- Compliance with legal obligations (Article 6 (1) (c) GDPR): We need to process some of your data for compliance with our own legal obligations, for example to comply with tax obligations.
- Protection of vital interests (Article 6 (1) (d) GDPR): We process certain data in cases where processing is necessary to protect the vital interests of you or of another natural person.
- Protection of legitimate interests (Article 6 (1) (f) GDPR): We process certain data in cases where processing is necessary to protect legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests which require protection of personal data.
5. Purposes of the data processing
We process your data for the following purposes:
5.1. Provision of our websites
Where we process access data as part of your visit of our web pages, this is done to ensure problem-free operation of the web pages and to improve our offerings and services, in particular our CYBEX Online Shop.
The legal basis for this data processing is Article 6 (1) (b) GDPR, as the processing is necessary to ensure the functionality of our web pages and to deliver their contents correctly. In addition, the data serve to optimise our websites and to ensure the security of our IT systems; in this respect, the data processing is based on Article 6 (1) (f) GDPR.
5.2. Contact
If you contact us by telephone, e-mail or via an online form, we process the data provided by you on the basis of Article 6 (1) (b) GDPR to the extent necessary to process your request and to be able to prove that you have contacted us in accordance with legal requirements.
5.3. Contract-related data processing
Customer account: If you register as a customer in our CYBEX Online Shop, we process the data provided by you on the basis of Article 6 (1) (b) GDPR. This is necessary to establish and manage your customer account and is therefore necessary for the performance of the contract of use or in order to take steps at your request prior to entering into a contract.
CYBEX Club Membership Program: If you register for participation in the CYBEX Club Membership Program (CYBEX Club) by opening a Membership account, we will process the data you provide or that accrues in the course of your use of the CYBEX Club on the basis of Article 6 (1) (b) GDPR as part of the account opening process and thereafter during your participation in the CYBEX Club. This is necessary to set up and manage your membership account, to credit your CYBEX Club Points and to grant you the benefits available within the CYBEX Club and thus serves the implementation of pre-contractual measures and the fulfilment of the usage contract.
Guest order: If you place an order as a guest, you do not need to register as a customer prior to placing an order, but you will then have to re-enter your data for each subsequent order. We process the data provided by you as part of a guest order on the basis of Article 6 (1) (b) GDPR for the purpose of performing your order, including the delivery of the ordered goods and your ability to monitor the order and delivery status.
Performance of your order as a registered customer: If you have registered as a customer in our CYBEX Online Shop and place an order for goods, we process the data provided by you as part of the order or available in your customer account on the basis of Article 6 (1) (b) GDPR for the purpose of performing your order, including the delivery of the ordered goods and your ability to monitor the order and delivery status.
Newsletter: If you register to receive our newsletter using the relevant function, we process the data provided by you for this purpose or the data available in your customer account, at a minimum your e-mail address, to send you our newsletters by e-mail from time to time. The legal basis for this data processing is the consent given by you when registering for our newsletter (Article 6 (1) (a), Article 7 GDPR).
5.4. Customer support and customer service
During or after your order in our CYBEX Online Shop we may contact you via the contact data provided by you, where this should be necessary to eliminate any discrepancies in your order, to make suggestions to optimise your order or because of important information in connection with or following your order. The legal basis for this data processing is, as part of the performance of the contract, Article 6 (1) (b) GDPR, otherwise either Article 6 (1) (d) GDPR or Article 6 (1) (f) GDPR, depending on the interests involved.
You may object to the processing of your data for such purposes at any time. We will then refrain from further processing for any such purposes.
5.5. Direct advertising after the purchase of goods
If you have purchased goods in our CYBEX Online Shop, we may send you information about our own similar goods to the e-mail address or to the postal address provided by you. The legal basis for this data processing is Article 6 (1) (f) GDPR, because the advertising of related products by way of direct advertising represents a legitimate interest for us. The basis for direct advertising by e-mail is additionally Marketing Practice Act Section 15.
You may at any time object to the processing of your data for the purpose of direct marketing. We will then refrain from further processing for any such purposes.
5.6. Shopping cart abandonments, items on the wish list
If you have made a purchase in our CYBEX Online Shop, are a member of our CYBEX Club or have agreed to receive marketing emails, you will receive emails informing you about the products you have added to your shopping cart and not purchased, or about products you have added to a wish list. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. b GDPR for granting the benefits available to you within the CYBEX Club; or the consent given according to Art. 6 para. 1 p. 1 lit. a GDPR; or Art. 6 para. 1 p. 1 lit. f GDPR, because the advertising of related products by way of direct advertising represents a legitimate interest for us. The basis for direct advertising by e-mail is additionally Section 7 (3) German Unfair Competition Act.
You may at any time object to the processing of your data for such purposes. We will then refrain from further processing for any such purposes.
5.7. Customer satisfaction surveys
If you have made a purchase in our CYBEX Online Shop, contacted us for customer service, are a member of our CYBEX Club or have agreed to receive marketing emails, you will receive invitations to participate in surveys. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. b GDPR for granting the benefits available to you within the CYBEX Club; or the consent given according to Art. 6 para. 1 p. 1 lit. a GDPR; or legitimate interest according to Art. 6 para. 1 p. 1 lit. f GDPR for ensuring customer satisfaction and improving our service quality.
You may at any time object to the processing of your data for such purposes. We will then refrain from further processing for any such purposes.
5.8. Marketing, web analytics and social media
We use cookies and similar technologies (such as tags or pixels) for marketing and analysis purposes, to make visiting our websites as well as your order in our CYBEX Online Shop attractive for you and to enable you to use certain functions. The legal basis for this is your consent (Article 6 (1) (a), Article 7 GDPR) or the protection of our legitimate interests (Article 6 (1) (f) GDPR).
Detailed information on all cookies and similar technologies used can be found here in our cookie consent tool, which also allows you to change your cookie preferences at any time and to revoke your consent to the use of cookies with effect for the future. Depending on your selected settings, some functionalities of our web pages may be limited.
6. Web analytics by Google Analytics
Google Analytics is a web analytics service provided by Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). Google Analytics serves the purpose of analysing the use of the website in order to be able to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behaviour, it is possible to continuously improve our online services and keep it more attractive for you as a user.
During your visit to the website, the following data, among others, is recorded:
• Webpages accessed by you
• The achievement of so called "website goals" (e.g. contact enquiries and newsletter sign-ups).
• Your behaviour on our webpages (for example clicks, scrolling behaviour and dwell time)
• Your approximate location (country and city)
• Your IP address (in shortened form, so that no clear assignment is possible)
• Your technical information such as browser, internet provider, terminal device and screen resolution
• Source of origin of your visit (i.e. via which website or via which advertising medium you came to us)
The information generated by the cookie about your use of this website is usually transmitted to a Google server in the US and stored there. These cookies contain a randomly generated user ID with which you can be recognised during future website visits. However, due to the activation of IP anonymisation on these websites, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and shortened there.
If you do not agree to the collection of data, you can prevent it by installing the browser add-on to deactivate Google Analytics (https://tools.google.com/dlpage/gaoptout?hl=) once or revoke your consent via the Consent Management Tool.
As Google's headquarters are in the US, we cannot preclude that the data will also be processed in the US. We have entered into a Data Processing Agreement (DPA) with Google. The EU Standard Contractual Clauses are part of this DPA. We can provide you with these Standard Contractual Clauses on request.
Further information on Google Analytics please see Google's privacy policy: https://policies.google.com/privacy?hl=en.
7. Use of Google Maps
On this website, we use the Google Maps service, in particular to enable you to search for dealers and plan your route. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). This allows us to display interactive maps directly on the website and enables you to use the map function conveniently. You can find more information about data processing by Google in Google’s privacy policy: https://policies.google.com/privacy. There you can also change your personal data protection settings in the data protection centre.
Detailed instructions on how to manage your own data in connection with Google products can be found here: https://www.dataliberation.org
When you visit the website, Google receives information that you have accessed the corresponding sub-page of our website. This occurs regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account.
If you do not want the assignment in your Google profile, you must log out of Google before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its websites. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
A solution is recommended that ensures that the user's data only flows to Google when the user has actively clicked on the map or a link.
Since personal data may only be transferred to Google after the user has given his or her consent, we have implemented a so-called two-click solution. This technically ensures that the website only transmits the data to Google when the user actively clicks on the map or a link.
Withdrawal of consent:
No option for a simple opt-out or blocking of data transmission is currently offered by the provider. If you wish to prevent your activities on our website from being tracked, please revoke your consent for the corresponding cookie category or all technically unnecessary cookies and data transfers in the cookie consent tool. In this case, however, you may not be able to use our website or only to a limited extent.
8. Use of Google Tag Manager
We use the Google Tag Manager help service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For the European area, the company Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland is responsible for all Google services.
We embed the tags ("code snippets") or scripts we need on our website via the Google Tag Manager and manage them using the tool. This allows, for example, tracking tools requiring consent that we use on our website to be loaded by the Tag Manager.
If the Tag Manager is loaded, the user's IP address is stored on Google servers. The Google Tag Manager itself only processes personal data for technically necessary purposes. This data may be collected and stored by the individually integrated tracking tools so that your data can be transmitted to the provider of the respective tool. The Google Tag Manager itself does not access this data. Please read our data protection texts for the individual tools that we use on our website.
You can find more information about data processing by Google in the Google privacy policy: https://policies.google.com/privacy?hl=en-US.
We have concluded a Data Processing Agreement with Google Ireland Ltd. as the recipient of your data, Art. 28 GDPR.
Please see for more information: https://business.safety.google/adsprocessorterms/. If you would like to learn more about the Google Tag Manager, please read the FAQs at:
https://support.google.com/tagmanager/?hl=en#topic=3441530.
Data processing in the USA as a third country may be possible. To ensure the level of data protection, Google has concluded the EU standard contractual clauses. More information on the standard contractual clauses at Google can be found at: https://policies.google.com/privacy/frameworks?hl=en.
Please refer to our link to the Cookie Consent Tool at Chapter 3.4 for the storage period of the cookies.
Withdrawal of consent:
You can revoke your consent at any time with effect for the future. To exercise your revocation, you can deactivate your consent for the corresponding cookie category or all technically unnecessary cookies and data transfers here in the cookie consent tool. In this case, however, you may not be able to use our website or only to a limited extent.
9. Use of Google reCAPTCHA V3
We use the reCAPTCHA V3 service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA on our website. For the European area, the company Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland is responsible for all Google services.
Using Google reCAPTCHA, we can determine whether you are a human, a robot or other spam software after data entry on our website (e.g. in a contact form). The user's behaviour is analysed in the background and added to a captcha score.
The use of the tool is intended to ensure the accessibility of our website by preventing machines or malware from communicating with us.
During a website visit, Google reCAPTCHA V3 collects the following personal data by means of cookies:
- Google cookies already installed, previous browser interactions, number of mouse movements and keyboard strokes, visit duration
- IP address, date of visit, referrer URL, browser plugins, browser or language settings or location of the user device, a complete screenshot of the browser window, operating system.
If you are logged into your Google account while using the Google reCAPTCHA plugin, the personal data will be merged. You can prevent this by logging out of your Google account before visiting our website.
You can find more information about Google's data processing in Google's privacy policy: https://policies.google.com/privacy?hl=en-US. If you would like to learn more about Google reCAPTCHA, please refer to the FAQs at: https://developers.google.com/recaptcha?hl=en.
We have concluded a Data Processing Agreement with Google Ireland Ltd. as the recipient of your data, Art. 28 GDPR. Please see for more information: https://business.safety.google/adsprocessorterms/.
Data processing in the USA as a third country may be possible. To ensure the level of data protection, Google has concluded the EU standard contractual clauses. More information on the standard contractual clauses at Google can be found at: https://policies.google.com/privacy/frameworks?hl=en.
Please refer to our link to the Cookie Consent Tool at Chapter 3.4 for the storage period of the cookies.
Withdrawal of consent:
You can revoke your consent at any time with effect for the future. To exercise your revocation, you can deactivate your consent for the corresponding cookie category or all technically unnecessary cookies and data transfers here in the cookie consent tool. In this case, however, you may not be able to use our website or only to a limited extent.
10. Use of Google Fonts
We use the free Google Fonts service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA on our website. For the European area, the company Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland is responsible for all Google services.
We use Google Fonts to display fonts on our website. We have downloaded the desired Google Fonts and stored them on our own server or web space. Accordingly, no connection to the Google server is established, so that no information is transmitted to Google.
Please refer to our link to the Cookie Consent Tool at Chapter 3.4 for the storage period of the cookies.
11. Use of Google Ads
Our website uses Google Ads as an online marketing tool. The company operating the Google Ads services is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In Europe, the company responsible for all Google services is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland).
If you have came to our website via an ad placed by Google, Google Ads will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google.
If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognise that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked across Ads customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. Clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
You can find more information about data processing by Google in Google’s privacy policy:
https://policies.google.com/privacy. There you can also change your privacy settings in the privacy center.
Withdrawal of consent:
We have obtained your consent in accordance with Art. 6 (1) (a) GDPR for the processing of your data as described above. No option for a simple opt-out or blocking of data transmission is currently offered by the provider. If you wish to prevent tracking of your activities on our website, please revoke your consent for the relevant cookie category or all technically unnecessary cookies and data transfers in the cookie consent tool. In this case, however, you may not be able to use our website or only to a limited extent.
12. Use of Facebook Social Plugins (Shariff-Solution)
We use social plugins from the social network Facebook on our website, which is operated by Meta Platforms Inc. or, for the European region, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
The plugins are marked with a Facebook logo and enable the sharing of content (share, follow or like button) with social groups. We use the plugins to increase the reach of our products.
When you visit a page of our website with an embedded Facebook plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser, which then integrates it into the website. In doing so, Facebook is informed that you have accessed the corresponding page of our website. In addition, Facebook receives information about your IP address, browser type and browser version, which is transmitted via your browser to Facebook servers in the USA and stored.
If you are logged into your Facebook account, Facebook can assign your visit to our website to you personally. You can prevent this by logging out of your Facebook account before visiting our website.
To prevent tracking, we have implemented the Shariff solution on our website so that a connection to the Facebook server is only established when you actively use the plugins. For more information on the purpose and scope of data collection and processing by Facebook, please refer to the provider's privacy policy. There you will also find further information on your rights in this regard and setting options for protecting your privacy under: http://www.facebook.com/policy.php.
Data processing in the USA as a third country cannot be ruled out. Do not use the service if you do not wish your data to be processed within the USA.
Withdrawal of consent:
You can revoke your consent at any time with effect for the future. To exercise your revocation or to prevent tracking of your activities on our website, you can deactivate your consent for the corresponding cookie category or all technically unnecessary cookies and data transfers here in the cookie consent tool. In this case, however, you may not be able to use our website or only to a limited extent. In addition, you can also prevent the loading of Facebook plugins with add-ons for your browser:
for Mozilla Firefox:
https://addons.mozilla.org/de/firefox/addon/facebook-blocker/
for Opera:
https://addons.opera.com/de/extensions/details/facebook-blocker/?display=en
for Chrome:
https://chrome.google.com/webstore/detail/facebookblocker/chlhacbfddknadmnmjmkdobipdpjakmc?hl=de.
13. Use of Facebook Pixel
We use the Facebook Pixel on our website, a service provided by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland. To do this, we have implemented a snippet of JavaScript code on our website that loads a collection of functions that allow Facebook to track your user actions if you came to our website via Facebook ads.
For example, when you purchase a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. This allows Facebook to match your user data (IP address, user ID) with your Facebook account data and then delete it again. The data collected is anonymous for us and cannot be viewed. This data is only used in the context of ad placements. If you are logged into your Facebook account, your visit to our website is automatically assigned to your Facebook account.
If applicable, data collected via the Facebook pixel may be transferred to Meta servers in the USA. We would like to point out that there is currently no adequate level of data protection for the transfer of data to the US. The transfer of your personal data is based on EU Standard Contractual Clauses in accordance to Art. 46 (2) and (3) GDPR. This obliges Facebook to comply with the European level of data protection when processing your relevant data if it is stored, processed and managed in the US. You can find more information about Facebook's standard contractual clauses at
https://www.facebook.com/legal/terms/dataprocessing.
You can find more information on Facebook’s privacy settings here: https://www.facebook.com/policy.php.
Withdrawal of consent:
We have obtained your consent for the processing of your data as described above in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating the pixel tracking in the "Cookie Consent Tool" integrated on this website.
14. Use Pinterest Retargeting Pixel
On our website, we use the retargeting pixel of the US service provider Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA. For the EU/EEA area, the Irish company headquarters Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland is responsible for privacy matters.
With the help of the pixel, information about the surfing behavior of website visitors can be collected, stored and evaluated in pseudonymized form . The information can be assigned to the person of the user with the help of further information that Pinterest has stored about the user, e.g. due to the ownership of an account on the social network "Pinterest". Pinterest uses an algorithm to analyze surfing behavior and can then display targeted product recommendations as personalized advertising banners on the user's Pinterest account. Pinterest may also combine the information collected via the pixel with other information that Pinterest has collected via other websites and/or in connection with the use of the social network "Pinterest", and thus create pseudonymized usage profiles. In no case, however, can the information collected be used to personally identify visitors to this website.
If applicable, data collected via the pixel may be transferred to servers of Pinterest Inc. in the US. We would like to point out that there is currently no adequate level of data protection for the transfer of data to the US. The transfer is based on the EU Standard Contractual Clauses in accordance with Art. 46 (2) and (3) GDPR. Through this, Pinterest undertakes to comply with the European level of data protection when processing your relevant data if it is stored, processed and managed in the US. More information on the Standard Contractual Clauses of Pinterest can be found at https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea.
Further information on privacy at Pinterest Europe Limited can be found here: https://policy.pinterest.com/de/privacy-policy.
Withdrawal of consent:
We have obtained your consent for the processing of your data as described above in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by deactivating the pixel tracking in the "Cookie Consent Tool" integrated on this website.
15. Use of Microsoft Advertising
We use the online advertising programme Microsoft Advertising and the associated conversion tracking of the American service provider Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA on our website. For the European Area, the Irish company headquarters Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland is responsible for data protection-relevant aspects.
The online marketing service Microsoft Advertising, which is based on a pay-per-click system, supports us via the Universal Event Tracking (UET) tool to play out targeted advertisements via the Microsoft Bing or Yahoo! search engine.
Alongside this, we have set up Microsoft conversion tracking on our website to track when certain events take place and to better understand the impact of these marketing activities with Bing. This is done using a conversion tracking tag ("code snippet"). If you arrive at our website through a Microsoft ad, we can use this tracking tool to learn more about your user behaviour on our website. We do not receive any personal data that could reveal your identity, but only evaluations of your user behaviour.
If you are logged in via a Microsoft account, the data collected can be linked to your account so that Microsoft also recognises and stores your IP address, for example. If you visit certain sub-pages of our website and the cookie has not yet expired, we and Microsoft can recognise that you have clicked on the advertisement and have been redirected to this page. Each Microsoft Advertising customer receives a different cookie. Cookies therefore cannot be tracked across Microsoft Advertising customers' websites. The information collected using the conversion cookie is only used to create conversion statistics.
For more information on data processing by Microsoft, please refer to Microsoft's privacy policy:
https://privacy.microsoft.com/de-de/privacystatement?tid=331668528662.
We have concluded a Data Processing Agreement with Microsoft Enterprise Service-Privacy as the recipient of your data, Art. 28 GDPR.
Data processing in the USA as a third country may be possible. To ensure the level of data protection, Microsoft has concluded the EU standard contractual clauses. More information on the standard contractual clauses at Microsoft can be found at:
https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses.
Please refer to our link to the Cookie Consent Tool at Chapter 3.4 for the storage period of the cookies.
Withdrawal of consent:
You can revoke your consent at any time with effect for the future. If you do not wish to receive interest-based advertisements from Microsoft Advertising, you can deactivate the function at any time via https://account.microsoft.com/privacy/ad-settings/signedout. In addition, you can deactivate the automatic setting of the cookie for this purpose via browser settings. Furthermore, you can deactivate your consent for the corresponding cookie category or all technically unnecessary cookies and data transfers here in the cookie consent tool.
16. Use of Microsoft Clarity
We use the Web analysis tool Microsoft Clarity of the American service provider Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA on our website. For the European Area, the Irish company headquarters Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland is responsible for data protection-relevant aspects.
Microsoft Clarity is a tool that we use to check the usability of our website based on statistical behavioural analysis of the users on our website. Microsoft Clarity records selected user sessions for this purpose. The tool provides measured values that indicate any usability problems. This allows us to better understand user interaction, identify usability problems more quickly and to improve the functionality of our website.
The data that Microsoft Clarity processes from the users of our website are the following:
- IP address
- Location
- Browser information
- Screen resolution
- Language settings
- Visited website/subpages
- Date/time website was accessed
- Clicks, scrolls, mouse movements
We have made the appropriate masking settings so that the users personal data collection to and by Microsoft is pseudonymized, in particular in form of IP masking. If you are logged in via a Microsoft account, the data collected can be linked to your account so that Microsoft also recognizes and stores your IP address, for example. You can prevent this by logging out of your Microsoft account before visiting our website.
For more information on data processing by Microsoft, please refer to Microsoft's privacy policy:
https://privacy.microsoft.com/de-de/privacystatement?tid=331668528662. If you would like to learn more about Microsoft Clarity, please read the FAQs at: https://learn.microsoft.com/en-us/clarity/faq.
We have concluded a Data Processing Agreement with Microsoft Ireland Operations Limited as the recipient of your data, Art. 28 GDPR.
Data processing in the USA as a third country may be possible. To ensure the level of data protection, Microsoft has concluded the EU standard contractual clauses. More information on the standard contractual clauses at Microsoft can be found at:
https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses.
Please refer to our link to the Cookie Consent Tool at Chapter 3.4 for the storage period of the cookies.
Withdrawal of consent:
You can revoke your consent at any time with effect for the future. You can deactivate your consent for the corresponding cookie category or all technically unnecessary cookies and data transfers here in the cookie consent tool.
17. Use of Usercentrics Consent Management Platform
We use the Consent Management Platform or the Cookie Consent Tool of the company Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany on our website.
Usercentrics' Consent Management Platform collects, manages, documents and transmits the data processing consents of our website users.
In the course of your visit to the website, the following usage data is transmitted to Usercentrics:
- Consent data (e.g. consent ID, consent number, consent timestamp, opt-in or opt-out data, banner language, customer setting, template version).
- Device information (e.g. HTTP agent, HTTP referrer), IP address, geolocation data
In addition, Usercentrics stores a cookie in your browser in order to be able to allocate the consent granted to you or its revocation.
Data processing by Usercentrics is carried out to comply with a legal obligation pursuant to Art. 6 (1)(c) GDPR: Obtaining and managing consent under data protection law for the use of certain technologies/cookies/pixels. Further information on data processing by Usercentrics can be found in the Usercentrics data protection notices: https://usercentrics.com/privacy-policy/.
We have concluded a Data Processing Agreement with Usercentrics GmbH as the recipient of your data, Art. 28 GDPR.
Please refer to our link to the Cookie Consent Tool at Chapter 3.4 for the storage period of the cookies.
Within the framework of the fulfilment of our legal obligations, the processing of the above-mentioned data is necessary. Without the provision of your personal data, we cannot guarantee the functionality of the website. In addition, individual services may not be available or may be limited.
Withdrawal of consent:
You have the option to revoke your consent via an embedded button to correct your decision afterwards. The function can be switched on and off in our "Privacy settings" by checking the checkbox.
18. Fraud Prevention by Riskified
We use the fraud prevention software Riskified by the Israeli company Riskified Ltd, 30 Kalisher St., Tel-Aviv, 6525724, Israel on our website for the US market.
Riskified helps detect and analyse fraud in online transactions, including dispute resolution (chargeback protection) in relation to payments made by our customers. This enables us to prevent fraudulent activity or misuse of the website (for potentially criminal purposes) when shopping online on our website.
When you purchase products on our website, your purchase data is transmitted to Riskified for verification. Riskified collects the following personal data as part of the ordering or purchasing process:
- First name, last name, billing and delivery address, e-mail address, telephone number
- Riskified only receives the credit card's BIN and the last 4 digits of the payment method used in connection with the transaction
- IP address, IPS location data, user agent strings identifying the device's operating system and browser, computer IDs, or other device identifiers.
Other similar information provided in connection with the purchase may be transferred to Riskified. If Riskified assesses a payment as risky, we may decide to offer customers an alternative payment method or decline the booking request. If Riskified has given an approval notice and we have fulfilled the order, but that order is subject to a chargeback, Riskified will provide the chargeback guarantee.
The data processing by Riskified is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR in the prevention of fraud in order to verify the legitimacy of payments made via the webshop.
For more information on data processing by Riskified, please refer to the Riskified privacy policy: https://www.riskified.com/privacy/.
We have entered into a Joint Controllership Agreement with Riskified Ltd., Art. 26 GDPR.
Riskified's data processing is carried out in Israel in accordance with the EU Commission's adequacy decision.
The data is deleted as soon as it is no longer required for the purposes of processing. This is usually the case after payment has been processed.
The provision of your data is neither legally nor contractually required. However, the purchase of our products is not possible without the disclosure of your data.
Opposition:
Please read the information about your right to object according to Art. 21 GDPR below.
19. Booking and scheduling with Appointedd
We use the online booking and appointment scheduling software Appointedd of the British company SALOCA LTD (t/a Appointedd), Suite 2, Ground Floor Orchard Brae House, 30 Queensferry Road, Edinburgh, United Kingdom, EH4 2HS on our website.
Appointedd enables our customers to see the availability of live video shopping appointments in our Cybex stores in real time, regardless of opening hours or location, and to book live video shopping appointments via an online calendar on our website. This enables us to provide our customers with an enhanced customer experience. Appointedd is linked to our live video shopping tool Bambuser.
During the appointment booking process, the following personal data is processed by Appointedd: First name, last name, email address, telephone number if applicable, IP address.
Data processing by Appointedd takes place exclusively on the basis of your consent, Art. 6 (1) (a) GDPR. You can find more information about data processing by Appointedd in the privacy policy: https://www.appointedd.com/privacy-policy.
We have concluded a Data Processing Agreement with SALOCA LTD (t/a Appointedd) as the recipient of your data, Art. 28 GDPR.
Appointedd's data processing in the UK is carried out in accordance with the EU Commission's adequacy decision.
The data will be deleted as soon as they are no longer necessary for the purposes of processing, therefore after the booked appointment ended.
Your personal data is provided solely on the basis of your consent. However, appointment bookings are not possible without the provision of the data.
Withdrawal of consent:
You can revoke your consent at any time with effect for the future.
20. Data transfer to third parties
Your data will only be transferred to our carefully selected service providers and partner companies who are contractually obligated to comply with requirements of data protection laws. Otherwise, your data will only be transmitted in the event of an existing legal obligation. In the following you will find information about the companies to which we transfer data.
20.1. Transfer within affiliated companies
We may transfer your data to our affiliated companies for storage in central databases and for internal group billing and accounting purposes in connection with the conclusion and performance of the contract. The legal basis for this data processing is either Article 6 (1) (b) GDPR or Article 6 (1) (f) GDPR.
20.2. Transfer to service companies
Use of service companies: We use several service companies – hereinafter referred to as “service providers” – that are working on our behalf to operate and optimise our websites, to perform contracts and to process payment transactions. This relates, for example, to the hosting of our websites, the placement of advertising, the delivery of ordered goods, the assessment of default risks, the processing of payment transactions, the sending of newsletters as well as customer service and support. We transfer data to these service providers to the extent necessary for the provision of our websites or the performance of contracts or where it serves to protect our legitimate interests. The legal basis for this data processing operations is usually Article 6 (1) (b) GDPR or Article 6 (1) (f) GDPR.
These service providers mainly work for us as “processors” on our behalf and may therefore use the data provided exclusively in accordance with our instructions. We are legally responsible for appropriate data protection policies at the service providers which are processing data on our behalf and have agreed appropriate data protection and data security regimes with the service providers.
In the following cases, we may also transfer data to third parties for independent use as part of the contract performance:
Transport companies: The transport companies we use receive from us the data required for the delivery of the ordered goods to you, i.e., in particular your name and the delivery address provided by you. If necessary, the transport company may also receive your contact details so as to arrange an individual delivery date with you. The legal basis for the respective data processing is Article 6 (1) (b) GDPR.
Payment transactions: The respective payment service provider or bank receives the necessary payment data for the processing of payment transactions. The legal basis for the data processing is Article 6 (1) (b) GDPR. Generally, however, you enter this information directly in the input window of the respective payment service provider or bank. In these cases, we do not receive and store any payment data.
Creditworthiness check: If you choose the “Invoice” payment method, we transfer the necessary data to Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss, Germany or other credit based payment provider (see General terms and conditions and store check-out pages), to obtain creditworthiness information on your previous payment history and information for assessing the risk of non-payment based on mathematical-statistical procedures using address data (“scoring”). The legal basis for this data processing is Article 6 (1) (b) GDPR and Article 6 (1) (f) GDPR.
20.3. Transfer to third countries
Data are only transferred to bodies in states outside the European Union or the European Economic Area where
- you have consented thereto,
- this is necessary to perform your orders,
- this is required by law, or
- this occurs as part of order processing.
In the case of order processing, the service providers are contractually bound to our instructions and obligated to guarantee the strict technical and organisational measures. The processors are located both in countries that are the subject of an adequacy decision by the European Commission and in countries that protect personal data to an extent not comparable with EU standards. In the latter cases, we ensure a level of data protection comparable to that of the EU by way of contractual agreements and by agreeing the EU standard data protection clauses.
20.4. Transfer to other third parties
Otherwise, we only transfer your data to third parties or to official authorities if we are legally obligated to do so under existing laws, such as due to official or court orders, or if we are entitled to do so, e.g., because it is necessary for the prosecution of criminal offences or for the exercise or enforcement of our rights or claims. The legal basis for the respective data processing in these cases is Article 6 (1) (c) GDPR or Article 6 (1) (f) GDPR.
21. Period of data storage; data erasure
We only store your data until the purposes for which they were collected cease to apply (e.g., upon termination of the contractual relationship or by the last activity if there is no continuing obligation, or in the event of a revocation of your consent for the specific data processing). Storage beyond this only takes place insofar as and as long as
- there are legal obligations to retain the data,
- the data is still required for the assertion or exercise of legal claims or for the defense against legal claims, e.g. due to technological and forensic requirements for the defense against possible attacks on our web servers, and their prosecution,
- deletion would be contrary to the legitimate interests of the data subjects, or
- another exception pursuant to Article 17 (3) GDPR applies.
22. Your data protection rights
As a visitor of our web pages and as a customer in our CYBEX Online Shop, you are entitled to various rights granted by the GDPR. Please use the information in the Contact section to assert your rights against us and make sure that we are able to clearly identify your person.
In the following we explain your essential rights as a data subject.
22.1. Rights of confirmation, access, to rectification or erasure of data
In accordance with the GDPR, as a data subject you may obtain information in writing upon request, and free of charge, about which data about your person (e.g., name, address) have been stored. In addition, as a data subject, you have the right to have these data corrected or erased as granted by the GDPR, provided that the legal requirements are met. Excluded from the right to erasure are, for example, stored data relating to business processes that are subject to the legal obligation to retain data.
In detail:
- Right of confirmation and access: A data subject has the right, granted by the GDPR, to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed; where that is the case, the data subject has a right of access to the personal data and to further information to the extent provided for by law.
- Right to rectification: A data subject has the right, granted by the GDPR, to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. In this respect, taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to erasure (“right to be forgotten”): A data subject has the right granted by the GDPR to obtain from the controller the erasure of personal data concerning him or her without undue delay; the controller has the obligation to erase personal data without undue delay where one of the grounds provided for by law applies and where the processing is not any longer necessary.
22.2. Right to restriction of data processing
As a data subject, you have the right, granted by the Community legislature, to obtain from the controller restriction of processing where one of the conditions provided by law is met. We must restrict the processing of personal data especially when you deny the accuracy of your personal data, when you need the data being processed without legal basis for your protection, or when your objection is being investigated.
22.3. Right to object
As a data subject, you have the right, granted by the GDPR, to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you by us as controller; we will then no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms as a data subject or for the establishment, exercise or defence of legal claims.
22.4. Right to data portability
As a data subject, you have the right, as granted by the GDPR, to receive the personal data concerning you which you have provided to us as controller in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us as controller to which the personal data have been provided, subject to the conditions provided for by law.
22.5. Revocation of consent
Where you may have given us your consent to process your data within the scope of your use of our web pages or as part of your order in our CYBEX Online Shop, you may withdraw such consent at any time with effect for the future. The lawfulness of the processing of your data before your withdrawal remains unaffected.
After receipt of your withdrawal by us, we will stop the relevant use of the data without delay. Withdrawal of consent will not affect the processing of personal data carried out on other legal bases pursuant to Article 5 above.
23. Automatic processing of personal data
Exclusively automatic processing of your data is only performed where necessary for the conclusion or performance of a contract and where such does not have any legal or similar effect on you.
24. Complaints to supervisory authorities
In the event of complaints regarding the processing of your data, you have the right to lodge a complaint with the competent supervisory authorities. You may do so by contacting the data protection authority responsible for your place or state of residence or the data protection authority responsible for us, which is:
The Bavarian Data Protection Commissioner (Bavarian DPC)
PO Box 22 12 19
80502 Munich, Germany
E-mail: poststelle@datenschutz-bayern.de
25. Contacting the Data Protection Officer
In case of exercising your data protection rights or any questions regarding the processing of your data, suggestions or complaints, please contact our Data Protection Officer. We recommend that you send confidential information exclusively by postal mail.
Contact details of the Data Protection Officer of CYBEX Retail GmbH:
activeMind.legal Rechtsanwaltsgesellschaft m.b.H.
Potsdamer Straße 3, 80802 Munich, Germany
Tel: +49 (0) 89 919 294 – 900
E-mail: dataprotection@cybex-online.com