Privacy

Privacy Policy

The German original version is legally binding.

We operate our websites based on the principles outlined below:

We are committed to complying with the legal provisions on data protection and strive to always consider the principles of data avoidance and data minimization.

1. Name and Address of the Responsible Party

The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union, as well as other data protection provisions, is:

Grouprides UG

Bogenallee 10

20144 Hamburg

Germany

Tel.: +491741617703

E-Mail: support@grouprides.cc

Website: www.grouprides.cc

2. Definitions

We have designed our privacy policy based on the principles of clarity and transparency. If there are still ambiguities regarding the use of various terms, the corresponding definitions can be viewed here.

3. Legal Basis for the Processing of Data

a) Processing of Personal Data under the GDPR

We process your personal data, such as your name, first name, email address, IP address, etc., only if there is a legal basis for this. The following regulations are particularly relevant under the General Data Protection Regulation:

  • Art. 6 para. 1 sentence 1 lit. a GDPR: The data subject has given consent to the processing of personal data concerning them for one or more specific purposes.
  • Art. 6 para. 1 sentence 1 lit. b GDPR: The processing is necessary for the performance of a contract to which the data subject is party, or for the performance of pre-contractual measures taken at the request of the data subject.
  • Art. 6 para. 1 sentence 1 lit. c GDPR: The processing is necessary for compliance with a legal obligation to which the responsible party is subject.
  • Art. 6 para. 1 sentence 1 lit. d GDPR: The processing is necessary to protect vital interests of the data subject or another natural person.
  • Art. 6 para. 1 sentence 1 lit. e GDPR: The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible party.
  • Art. 6 para. 1 sentence 1 lit. f GDPR: The processing is necessary for the purposes of the legitimate interests pursued by the responsible party or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, particularly when the data subject is a child.

We will remind you at the respective points in this privacy policy on which legal basis your personal data is processed.

b) Consent of the Legal Guardian under Art. 8 para. 1 sentence 2 alternative 2 GDPR

A legal guardian must consent to all data processing activities on this website for which the consent of a minor who has not yet reached the age of 16 is required.

Information on the individual data processing activities, their purposes, and the affected categories of data for which consent is required can be found in the privacy policy.

You can revoke your consent at any time by sending a declaration of revocation in text form to the contact details of the responsible party. The processing up to the revocation remains lawful.

c) Processing of Information under § 25 para. 1 TDDDG

We also process information according to § 25 para. 1 TDDDG by storing information on your end device or accessing information already stored on your end device. This may include both personal information and non-personal data, such as cookies, browser fingerprints, advertising IDs, MAC addresses, and IMEI numbers. An end device is defined as any device connected directly or indirectly to the interface of a public telecommunications network for sending, processing, or receiving messages, § 2 para. 2 no. 6 TDDDG.

We typically process this information based on your consent, § 25 para. 1 TDDDG.

To the extent that an exception under § 25 para. 2 no. 1 and no. 2 TDDDG applies, we do not require consent. Such an exception applies when we only access or store information to transmit a message over a public telecommunications network or when it is strictly necessary for us to provide a telemedia service that you have explicitly requested. You can revoke your consent at any time.

We inform you that revoking your consent does not affect the lawfulness of processing based on the consent prior to the revocation.

4. Disclosure of Personal Data

The sharing of personal data also constitutes processing under the previous section 3. However, we would like to specifically inform you about the topic of sharing with third parties. Protecting your personal data is very important to us. For this reason, we are particularly cautious when it comes to sharing your data with third parties.

Disclosure to third parties occurs only if there is a legal basis for processing. For example, we share personal data with individuals or companies that act as processors on our behalf in accordance with Art. 28 GDPR. A processor is anyone who processes personal data on our behalf—specifically, in a directive and control relationship with us.

In accordance with GDPR requirements, we conclude a contract with each of our processors to obligate them to comply with data protection regulations and thus provide comprehensive protection for your data.

5. Duration of Storage and Deletion

Your personal data will be deleted by us as soon as it is no longer necessary for the purposes for which it was collected or otherwise processed, or if the processing is not necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

6. SSL and TLS Encryption

This website uses SSL and TLS encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as the website operator. You can recognize an encrypted connection by the address line of the browser changing from “http://” to “https://” and by the lock symbol in your browser’s address bar.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

7. Cookies

We use cookies on our website. Cookies are small data packages that your browser automatically creates and stores on your end device when you visit our website. These cookies serve to store information related to the specific end device used.

When using cookies, a distinction is made between technically necessary cookies and “other” cookies. Technically necessary cookies are those that are absolutely essential for providing a service explicitly requested by you.

a) Technically Necessary Cookies

To make your use of our services more pleasant, we use technically necessary cookies, which may include session cookies (e.g., language and font selection, shopping cart, etc.), consent cookies, cookies to ensure server stability and security, etc. The legal basis for these cookies is based on Art. 6 para. 1 sentence 1 lit. f) GDPR, our legitimate interest in the error-free operation of the website and in providing our services in an optimized manner.

b) Other Cookies

Other cookies include those used for statistical purposes, analysis, marketing, and retargeting. We use these cookies based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

You can revoke your consent for the use of cookies at any time.

We inform you that revoking your consent does not affect the lawfulness of processing based on the consent prior to the revocation.

To do this, you can either edit your cookie settings on our website, disable the use of cookies in your browser settings (note that this may limit the functionality of the online services), or set an opt-out for the respective service on a case-by-case basis.

We will inform you in the privacy policy regarding the legal basis on which this data is processed for the respective services.

Cookie Settings Change

8. Cookie Banner / Consent Management

To obtain consent for the cookies we use, we utilize the cookie banner from the service provider iubenda s.r.l., Via San Raffaele, 1 – 20121 Milan, Italy. This provider sets a so-called consent cookie to query and process the respective consent status. This consent cookie is technically necessary and is therefore used based on our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, § 25 para. 1 TDDDG.

For the use of some services from the Google/Alphabet group, we utilize the so-called Google Consent Mode V2 in Basic Mode. Details about this consent mode can be found on Google’s page at Google Consent Mode. The use of the consent mode is technically necessary and is therefore employed based on our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

9. Collection and Storage of Personal Data and Their Purpose

a) External Hosting

Our website is hosted by Vercel Inc., 440 North Barranca Avenue, Suite 4133 Covina, CA 91723, United States. As a result, all personal data collected on our website is stored on the servers of our host, unless an external third-party service is integrated. This may include the IP address, your email address, communication data, or similar information. Specific personal data types will be detailed in the descriptions of our features and services below. If we use an external third-party service, this will be made clear in the description of the respective service or tool.

The host processes your data only on our instructions and only to the extent necessary to fulfill the services on the website. No processing of data by the host for its own purposes occurs. We have entered into a processing agreement with them.

b) When Visiting the Website

When you access our website, information is automatically sent to the server of our website by the browser you use on your device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which the access occurs (referrer URL)
  • Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

The mentioned data is processed by us for the following purposes:

  • Ensuring a smooth connection to the website
  • Ensuring a comfortable use of our website
  • Evaluating system security and stability
  • Error analysis
  • Other administrative purposes

Data that allow for conclusions about your identity, such as the IP address, will be deleted no later than 7 days after collection. If we store the data beyond this period, they will be pseudonymized, making it impossible to associate the data with you.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest arises from the purposes of data collection listed above. In no case do we use the collected data to draw conclusions about your identity.

c) Registration/Booking

You have the option to register for bike tours offered by third parties on our website.

In the course of registration, the personal data necessary for organizing and processing the event will be processed. This data will be passed on to the respective provider. The participant’s name and email address will be shared with the organizer. This is for identification, information, security, and organizational purposes in the context of the event. Furthermore, an age check will be conducted, and this information will be passed on to the organizer, as the participation of minors in the offered events is excluded.

The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR for providing our mediation services.

Additionally, we may use your email address based on a legitimate interest assessment to protect the legitimate interests of us or third parties. This may be for advertising purposes, market research, and opinion polling. Our interest in the respective processing arises from the respective purposes and is otherwise of an economic nature.

Registration/User Account

You have the opportunity to create a user account with us. In addition to your personal data for mediation, we also store and process your voluntary information and past registrations with us. You can access this information at any time, giving you an overview of your registrations with us.

The legal basis arises from your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR.

You have the option to change or delete your data in the user account at any time and to delete the entire account. If you make use of this feature, your user account and all data contained therein will be deleted immediately.

Furthermore, we may use your email address based on a legitimate interest assessment to protect the legitimate interests of us or third parties. This may be for advertising purposes, market research, and opinion polling. Our interest in the respective processing arises from the respective purposes and is otherwise of an economic nature.

d) Newsletter

Content of the Newsletter and Registration Data

The sending of our newsletter, as well as the conduct of statistical surveys and analyses and the logging of the registration process, only occurs if you subscribe to it and have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, § 25 para. 1 TDDDG.

The contents of the newsletter are specifically described at the time of subscription. For newsletter registration, providing your email address is sufficient. If you provide additional voluntary information, such as your name and/or gender, this will be used solely for personalizing the newsletter directed at you.

Double Opt-In and Logging

For newsletter registration, we use a double opt-in procedure for security reasons, ensuring that no one can register with someone else’s email address. After registering for our newsletter, you will first receive an email requesting you to confirm your registration. Only with your confirmation does the registration become effective.

Additionally, your registration for the newsletter is logged. The logging includes storing the registration and confirmation timestamps, your provided data, and your IP address. If you make changes to your data, these changes will also be logged.

Withdrawal

If you no longer wish to receive our newsletter, you can withdraw your consent at any time for the future. You can click the unsubscribe link at the end of each newsletter or send us an email at the following address: support@grouprides.cc

The withdrawal of consent does not affect the lawfulness of processing based on the consent before its withdrawal.

Use of Mailjet

We use the email tool Mailjet (Mailgun Technologies Inc., 112 E Pecan St #1135, San Antonio, TX 78205, USA) for sending our newsletter. Your provided data will be forwarded to Mailjet and processed by them. Through this tool, we can evaluate how the newsletters are opened and used.

We have entered into standard contractual clauses with Mailjet. Mailjet does not have the right to pass on your data.

Further information on Mailjet’s data protection can be found here.

f) Google Tag Manager

We use the Google Tag Manager from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website. The Google Tag Manager is a management tool that allows for centralized management and deployment of other tracking and/or statistics tools.

When visiting our website and upon your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR, the Google Tag Manager collects and processes your IP address, which may also be transferred to the USA. However, the Google Tag Manager does not create user profiles or analyses.

We have entered into a processing agreement with Google.

You can find Google’s privacy policy here.

g) Integration of Routes via Strava

We integrate services from the provider Strava (Strava, Inc., 208 Utah Street, San Francisco, CA 94103, USA) on our website. This is for the interactive display of bike tours and maps.

Strava uses cookies. When visiting our website, Strava collects your IP address, usage data (interactions with the embedded map), device data (e.g., browser and operating system), and possibly location data, as well as information about the displayed routes and activities, processing this data on its own servers in the USA. Strava processes this data for its own purposes, such as improving the service and providing personalized content. Strava is independently responsible for the processing of this data and will not act on our behalf.

Further information can be found in Strava’s privacy policy: Strava Privacy Policy.

Data processing is carried out based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

h) Integration of Routes via Komoot

Our website uses the services of komoot from the provider komoot GmbH (Friedrich-Wilhelm-Boelcke-Str. 2, 14473 Potsdam, Germany) for the interactive display of routes and maps.

Komoot uses cookies and collects and processes your IP address, information about the browser and operating system, and the referrer URL when you visit our website. Komoot is an independent data controller under the GDPR and decides independently on the purposes and means of processing the transmitted data. We do not have a processing agreement with Komoot.

Further information can be found in Komoot’s privacy policy: Komoot Privacy Policy.

Data processing is carried out based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

10. Analysis and Tracking Tools

We use the following analysis and tracking tools on our website. These serve to ensure the continuous optimization of our website and to tailor it to user needs.

We use these tools based on your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time by changing the cookie settings. Processing until the withdrawal remains lawful.

The respective purposes of data processing and data categories can be found in the corresponding tools. We would like to point out that we have no influence over whether and to what extent the service providers carry out further data processing.

a) Google Analytics

We use Google Analytics on our website, a web analysis service from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”).

Google Analytics uses cookies in this context (see Section 7). The information generated by the cookie about your use of this website, such as:

  • Name and version of the browser used
  • Operating system of your computer
  • Website from which access is made (referrer URL)
  • IP address of the requesting computer
  • Time of the server request

is usually transmitted to a Google server in the USA and stored there.

Your IP address is automatically anonymized by Google before being recorded via EU domains and servers. Therefore, your IP address is not logged or stored.

On our behalf, Google will use this information to evaluate your use of our website, to compile reports on website activities, and to provide further services related to website usage and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

We have entered into a processing agreement with Google.

Please click here for an overview of Google’s data protection: Google Data Protection.

11. Embedding Images, Audio, and Video

a) Cloudinary Image Service

We embed image data on our website through the Cloudinary Image Service provided by Cloudinary Inc., Suite 220, 6201 America Center Dr, San Jose, CA 94089, USA. This embedding is done for the visual design of our website.

When you visit our page, the images are loaded from Cloudinary’s servers. It cannot be ruled out that personal data, such as your IP address, may be transmitted to and processed by Cloudinary’s servers.

We have entered into standard contractual clauses with Cloudinary.

The legal basis arises from the consent you have given according to Art. 6 para. 1 sentence 1 lit. f GDPR. You can withdraw your consent at any time by changing the cookie settings on our website.

Further information can be found in Cloudinary’s privacy policy: Cloudinary Privacy Policy.

b) YouTube

We embed videos from YouTube, which is operated by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), on our website via iFrame and/or a plugin. We have activated the enhanced privacy mode for the embedding of the videos.

If you play a YouTube video during your visit, a connection to YouTube’s servers will be established, and the YouTube server will be informed about which of our pages you have visited. This allows YouTube to assign your browsing behavior directly to your personal profile. You can prevent this by logging out of your account before visiting our website. Additionally, YouTube sets various cookies when starting the service to improve their offered services and to prevent abuse, according to their own statements.

More information on how user data is handled and the cookies set can be found in YouTube’s privacy policy: YouTube Privacy Policy.

By embedding YouTube, Google Fonts are also dynamically loaded without active selection by the website operator or visitor. This integration is done via a server call, usually to a Google server in the USA. This may transmit and store the following information on the server:

  • Name and version of the browser used
  • Website from which the request was triggered (referrer URL)
  • Operating system of your computer
  • Screen resolution of your computer
  • IP address of the requesting computer
  • Language settings of the browser or operating system used by the user

Further information can be found in Google’s privacy notices, accessible here:

The legal basis arises from the consent you have given according to Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time by changing the cookie settings on our website.

c) Vimeo

We embed videos from Vimeo.com, Inc. (330 West 34th Street, 5th Floor, New York 10001, USA) on our website via iFrame and/or a plugin.

If you play a Vimeo video during your visit, a connection to Vimeo’s servers will be established, and the Vimeo server will be informed about which of our pages you have visited. This allows Vimeo to assign your browsing behavior directly to your personal profile. You can prevent this by logging out of your account before visiting our website. Additionally, Vimeo sets various cookies when starting the service to improve their offered services and to prevent abuse, according to their own statements.

More information on data processing and privacy notices by Vimeo can be found at: Vimeo Privacy Policy.

The legal basis arises from the consent you have given according to Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time by changing the cookie settings on our website.

12. Rights of the Data Subject

You have the following rights:

a) Right to Access

According to Art. 15 GDPR, you have the right to request information about your personal data processed by us. This right to access includes information about:

  • The purposes of processing
  • The categories of personal data
  • The recipients or categories of recipients to whom your data has been or will be disclosed
  • The planned storage duration or at least the criteria for determining the storage duration
  • The existence of a right to rectification, erasure, restriction of processing, or objection
  • The existence of a right to lodge a complaint with a supervisory authority
  • The source of your personal data, if it was not collected from you
  • The existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details

b) Right to Rectification

You have the right to obtain the immediate rectification of inaccurate or incomplete personal data stored with us according to Art. 16 GDPR.

c) Right to Erasure

According to Art. 17 GDPR, you have the right to request the immediate erasure of your personal data stored with us, provided that the further processing is not necessary for one of the following reasons:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed
  • To exercise the right to freedom of expression and information
  • To fulfill a legal obligation that requires processing under the law of the European Union or the member states to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller
  • For reasons of public interest in the field of public health according to Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR
  • For archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes according to Art. 89 para. 1 GDPR, insofar as the right mentioned under section a) is likely to make the realization of the objectives of this processing impossible or seriously impair it
  • For the establishment, exercise, or defense of legal claims

d) Right to Restriction of Processing

You may request the restriction of the processing of your personal data for one of the following reasons according to Art. 18 GDPR:

  • You contest the accuracy of your personal data.
  • The processing is unlawful, and you oppose the erasure of the personal data.
  • We no longer need the personal data for the purposes of processing, but you need it for the establishment, exercise, or defense of legal claims.
  • You have lodged an objection to the processing according to Art. 21 para. 1 GDPR.

e) Right to Notification

If you have requested the rectification or erasure of your personal data or a restriction of processing according to Art. 16, Art. 17, or Art. 18 GDPR, we will notify all recipients to whom your personal data have been disclosed unless this proves impossible or involves a disproportionate effort. You can request that we inform you of these recipients.

f) Right to Data Portability

You have the right to receive your personal data provided to us in a structured, commonly used, and machine-readable format.

You also have the right to request the transfer of this data to a third party, provided that the processing is carried out using automated procedures and is based on consent according to Art. 6 para. 1 sentence 1 lit. a or Art. 9 para. 2 lit. a or on a contract according to Art. 6 para. 1 sentence 1 lit. b GDPR.

g) Right to Withdraw Consent

According to Art. 7 para. 3 GDPR, you have the right to withdraw your consent granted to us at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. In the future, we may no longer continue processing based on your withdrawn consent.

h) Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority according to Art. 77 GDPR if you believe that the processing of your personal data violates the GDPR.

i) Right to Object

If your personal data are processed based on legitimate interests according to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data according to Art. 21 GDPR, provided that there are reasons arising from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without providing the specific situation. If you wish to exercise your right of withdrawal or objection, an email to support@grouprides.cc is sufficient.

j) Automated Decision-Making in Individual Cases, Including Profiling

You have the right not to be subjected to a decision based solely on automated processing – including profiling – that has legal effect concerning you or similarly significantly affects you. This does not apply if the decision:

i. is necessary for the conclusion or performance of a contract between you and us

ii. is permissible based on legal provisions of the European Union or the member states to which we are subject, and those legal provisions contain appropriate measures to safeguard your rights and freedoms as well as your legitimate interests

iii. is based on your explicit consent

However, these decisions must not be based on special categories of personal data according to Art. 9 para. 1 GDPR unless Art. 9 para. 2 lit. a or g GDPR applies, and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

In the cases mentioned in i) and iii), we take appropriate measures to safeguard the rights and freedoms as well as your legitimate interests, which at least includes the right to obtain the intervention of a person from our side, to present your point of view, and to contest the decision.

13. Changes to the Privacy Policy

If we change the privacy policy, this will be made known on the website.

Status: October 15, 2024