Impressum and Privacy

Name
Haibike Design Center GmbH
Address
Kistlerhofstrasse 70 | Gebäude 188
81379 München | Germany
Email Address
info@hdc-m.com
Telephone
+49 151 74506974
VAT ID
DE304950495
Register
Sitz: München // Registergericht München // HRB 223458
Representative
Geschäftsführer: Piers Spencer-Phillips / Hendrik Schaefers
Facebook Profile
https://www.facebook.com/HDCMunich
Instagram Profile
https://www.instagram.com/hdc_m/

We take the protection of your data seriously and generally strive to collect and store as little data as possible. Nevertheless, a certain amount of storage and evaluation of user data is necessary to ensure and improve the operation of this website. In principle, it is possible to use this website without having to provide any personal data. There is also no assignment of data to a specific person - unless you tell us your name, for example, in an email, via one of our forms or as part of an order.

If you use any of the services offered on this website, this regularly also requires the collection, processing and storage of personal data, such as your name, address, email address or telephone number. This collection, processing and storage is generally based either on your previously obtained explicit consent or on a corresponding legal permission and on the basis of the regulations of the European General Data Protection Regulation and the local data protection laws.

We would like to inform you here about the type, scope and purpose of the data collected, processed, stored and used by us via this website, as well as about your existing rights in this context.

1. Name and address of the responsible for the data processing

The person responsible in the sense of the General Data Protection Regulation and the other determinations under data protection law is:
Haibike Design Center GmbH
Kistlerhofstrasse 70 | Gebäude 188
81379 München | Germany


Phone: +49 151 74506974
Email Address: info@hdc-m.com

2. Definitions

The data protection law has specific terminology, which we also use in this privacy policy in accordance with the legal definitions of the European General Data Protection Regulation. Therefore, in this privacy policy the term:

"Personal data"

any information relating to an identified or identifiable natural person ("affected person");

"Affected person"

any identified or identifiable natural person whose personal data are processed; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

"Processing"

any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

"Restriction of processing"

the marking of stored personal data with the aim of limiting their future processing;

"Profiling"

any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location; as a company committed to data protection, we refrain from any form of profiling;

"Pseudonymization"

processing of personal data in such a way that the personal data can no longer be allocated to a specific affected person without the use of additional information, provided that such additional information is stored separately and is subject to technical and organizational measures to ensure that the personal data is not allocated to an identified or identifiable natural person;

"File system"

any structured collection of personal data accessible according to specified criteria, whether such collection is maintained centrally, decentrally, or on a functional or geographic basis;

"responsible person for the processing"

the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law;

"Order processor"

a natural or legal person, public authority, agency or other body which processes personal data on behalf of the responsible person;

"Recipient"

a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients; the processing of such data by the aforementioned authorities shall be carried out in accordance with the applicable data protection regulations pursuant to the purposes of the processing;

"Third party"

a natural or legal person, public authority, agency or other body, other than the affected person, the responsible person, the order processor and the persons authorized to process the personal data under the direct responsibility of the responsible person or the order processor;

"Consent" of the affected person

any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the affected person signifies his or her agreement to personal data relating to him or her being processed;

"Violation of the protection of personal data"

a breach of security resulting in the destruction, loss or alteration, whether accidental or unlawful, or unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed;

"cross-border processing"

a processing of personal data carried out in the context of the activities of establishments of a controller or an order processor in the Union in more than one Member State, where the controller or processor is established in more than one Member State, or a processing of personal data carried out in the context of the activities of a single establishment of a controller or a processor in the Union but which has or is likely to have a significant effect on data subjects in more than one Member State;

"authoritative and reasoned objection"

an objection as to whether or not there is a breach of this regulation or whether the intended measure against the responsible person or the order processor is in compliance with this regulation, clearly indicating the scope of the risks posed by the draft decision in relation to the fundamental rights and freedoms of the affected persons and, where applicable, the free flow of personal data within the Union.

3. Legal basis for data processing

For processing operations where we obtain consent for a specific processing purpose, the processing is based on art. 6 para. 1 lit. a of the General Data Protection Regulation.

As far as the processing of personal data is necessary for the performance of a contract to which the affected person is a party (such as the delivery of goods or the provision of any other service or consideration) or for the performance of pre-contractual measures (such as inquiries about our products or services), the processing is based on art. 6 para. 1 lit. b of the General Data Protection Regulation.

As far as a processing of personal data is necessary due to a legal obligation affecting us, such as the fulfillment of tax obligations or commercial law retention requirements, the processing is based on art. 6 para. 1 lit. c of the General Data Protection Regulation.

As far as the processing of personal data should exceptionally be necessary in order to protect the vital interests of the affected person or another natural person, the processing would be performed on the basis of Art. 6 para. 1 lit. d of the General Data Protection Regulation.

The processing of personal data necessary for the purposes of a legitimate interest of our company or a third party is performed on the basis of art. 6 para. 1 lit. f of the General Data Protection Regulation, unless such interests are overridden by the interests or fundamental rights and freedoms of the affected person which require the protection of personal data. Such a legitimate interest also constitutes the conduct of our business for the benefit of the well-being of all our employees and our shareholders.

4. Cookies and usage profiles

Within the scope of the legal regulations, we may

  • to provide user-friendly services that would not be possible without the cookie setting,
  • for the purposes of advertising, market research and
  • to improve our services and websites

evaluate usage profiles under a pseudonym, but only as far as you have not exercised your legal right to object to this use of your data. Some of our services require that we use so-called cookies.

Cookies are small amounts of data (text files) that your internet browser stores on your computer. Cookies can store information about your visit on our website, which allows us to recognize your browser and distinguish it from the browsers of other affected persons.

Most browsers are set to accept cookies by default. However, you can reconfigure your browser at any time so that it rejects cookies or asks for your confirmation beforehand. If you reject cookies, however, this may mean that not all offers and functions of this website will work or be usable for you without interruption.

5. Email and contact forms

As far as you send us an email or get in touch with us via a contact form, the personal data voluntarily transmitted to us will be automatically stored and possibly processed for the purpose of processing or contacting you. This includes - as far as provided by you - in particular your name, your address or email address, your telephone number and any other information you provide voluntarily. If you contact us via a form provided on this website, the IP address used by you will also be stored. As a matter of principle, we only use the personal data collected in this process to the extent necessary to process your requests and orders. A transfer of this data to third parties is not performed in any case, unless we would be legally obliged to do so.

6. Use of the comment function

As far as you leave a comment on one of our articles, the data collected will be stored. This includes the name you provide (which may also be a pseudonym), the email address you provide and the IP address you use for this activity.

The storage of this data, in particular also the IP address, is performed

  • to protect us from spam
  • for tracking purposes and for our protection in cases where comments are submitted that infringe third party rights or contain other illegal content.

A transfer of the personal data collected in this way to third parties will only be performed if it serves the legal defense of the responsible person or another of our employees or helpers, if it is necessary to protect our rights against an abusive use of our website or if we are legally obligated to do so.

If you do not agree with the collection of this data, do not use the comment function!

7. Google Fonts

This website uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google's servers. This enables Google to know that our website has been accessed via your IP address. The use of Google Web Fonts is performed in the interest of a uniform and appealing presentation of our online offers. If your browser does not support web fonts, a standard font from your computer will be used.

For more information about Google Web Fonts, see https://developers.google.com/fonts/faq and Google's privacy policy: https://policies.google.com/privacy?hl=en.

8. Google Maps

This site uses the map service Google Maps via an API. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. The use of Google Maps is performed in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website.

For more information on how Google handles user data, please see Google's privacy policy: https://policies.google.com/privacy?hl=en.

9. Duration of storage, deletion and blocking of personal data

Personal data of the affected persons shall be processed or stored by the responsible person, unless other legal regulations apply, only for the period of time necessary to achieve the purpose of storage. Another determining criterion for the duration of the storage of personal data is the respective legal retention period.

After the purposes of storage no longer apply and existing legal storage periods have expired, the responsible person shall block or delete the personal data in accordance with the legal regulations and requirements, even without a corresponding request from the affected person.

10. Your rights as an affected person

Below we describe the rights that any person affected by the processing of personal data has against the responsible person.

If you wish to perceive any of these rights, you can contact the responsible person at any time. We recommend that you notify us of your request either in writing or by email at info@hdc-m.com.

Responsible person for data protection is:
Haibike Design Center GmbH
Kistlerhofstrasse 70 | Gebäude 188
81379 München | Germany


Phone: +49 151 74506974
Email Address: info@hdc-m.com

Any person affected by the processing of personal data shall have the following rights vis-à-vis the responsible person for the processing

  1. the right to confirmation,
    i.e. the right to obtain confirmation from the responsible person as to whether personal data concerning them are being processed;
  2. the right to information,
    i.e. in case of processing of personal data, a right of access to such personal data and to the following information:
    1. the purposes of processing;
    2. the categories of personal data processed
    3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations
    4. if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
    5. the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or to obtain the restriction of processing by the responsible person, or a right to object to such processing
    6. the existence of a right of appeal to a supervisory authority
    7. if the personal data are not collected from the affected person, any available information on the origin of the data
    8. the existence of automated decision-making, including profiling, pursuant to art. 22 para. 1 and 4 of the General Data Protection Regulation and, at least in those cases, meaningful information about the logic involved and the scope and intended effects of such processing for the affected person. (Note: We do not use profiling or other methods of automated decision making.)
  3. in case of transfer of personal data to a third country or to an international organization, the right to be informed of the appropriate safeguards pursuant to art. 46 of the General Data Protection Regulation in connection with the transfer;
  4. the right to provide
    a copy of the personal data that are subject of the processing. For any additional copies requested by the affected person, the responsible person may charge a reasonable fee based on the administrative costs. If the affected person makes the request electronically, the information shall be provided in a commonly used electronic format, unless otherwise specified by the affected person. This right to receive a copy shall not affect the rights and freedoms of other persons;
  5. the right to correction
    i.e. the right to obtain the rectification from the responsible person without delay of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the affected person has the right to request the completion of incomplete personal data – also by means of a supplementary declaration;
  6. the right to deletion ("right to be forgotten")
    i.e. the right to require the responsible person to delete personal data concerning them without undue delay, and the responsible person is obliged to delete personal data without undue delay if one of the following reasons applies:
    1. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
    2. The affected person withdraws the consent on which the processing was based pursuant to art. 6 para. 1 lit. a or art. 9 para. 2 lit. a of the General Data Protection Regulation and there is no other legal basis for the processing.
    3. The affected person objects to the processing pursuant to art. 21 para. 1 of the General Data Protection Regulation and there are no overriding legitimate grounds for the processing or the data subject objects to the processing pursuant to art. 21 para. 2 of the General Data Protection Regulation.
    4. The personal data have been processed unlawfully.
    5. The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the responsible person is subject.
    6. The personal data have been collected in relation to information society services offered pursuant to art. 8 para. 1.
    If the responsible person has made the personal data public and is obliged to erase it in accordance with para. 1, he or she shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform responsible persons of the processing that a data subject has requested that they erase all links to or copies or replications of that personal data.
    This does not apply as far as the processing is necessary
    1. for the exercise of the right to freedom of expression and information
    2. for compliance with a legal obligation which requires processing under Union or Member State law to which the responsible person is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible person
    3. for reasons of public interest in the area of public health pursuant to art. 9 para. 2 lit. h and i and art. 9 para. 3 of the General Data Protection Regulation
    4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to art. 89 para. 1 of the General Data Protection Regulation, as far as the said right is likely to make impossible or seriously prejudice the achievement of the purposes of such processing; or
    5. for the assertion, exercise or defense of legal claims.
  7. the right to limit the processing
    i.e. the right of a person affected by the processing of personal data to obtain from the responsible person the erasure without delay of personal data concerning him or her, and the responsible person is obliged to erase personal data without delay if one of the following grounds applies:
    1. the accuracy of the personal data is contested by the affected person for a period enabling the responsible person to verify the accuracy of the personal data,
    2. the processing is unlawful and the affected person objects to the erasure of the personal data and instead requests the restriction of the use of the personal data;
    3. the responsible person no longer needs the personal data for the purposes of processing, but the affected person needs them for the establishment, exercise or defense of legal claims; or
    4. the affected person has objected to the processing pursuant to art. 21 para. 1 of the General Data Protection Regulation, as long as it has not yet been determined whether the legitimate grounds of the responsible person override those of the affected person.
    Where processing has been restricted hereunder, such personal data may be processed, except for storage, only with the consent of the affected person or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. An affected person who has obtained a restriction of processing shall be informed by the responsible person before the restriction is removed.
  8. the right to data portability
    i.e. the right of the data subject affected by the processing of personal data to receive the personal data concerning him or her that he or she has provided to a responsible person in a structured, commonly used and machine-readable format, and he or she has the right to transmit such data to another responsible person without hindrance from the responsible person to whom the personal data have been provided, if
    1. the processing is based on consent pursuant to art. 6 para. 1 lit. a or art. 9 para. 2 lit. a of the General Data Protection Regulation or on a contract pursuant to art. 6 para. 1 lit. b of the General Data Protection Regulation and
    2. the processing is performed with the aid of automated procedures.

    When exercising his or her right to data portability, the affected person has the right to obtain that the personal data be transferred directly from one responsible person to another responsible person, as far as technically feasible. This right may not affect the rights and freedoms of other persons.

    The exercise of this right to data portability shall be without prejudice to the right to deletion ("right to be forgotten"). This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible person.

  9. the right to object,
    i.e. the right of the person affected by the processing of personal data to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is performed on the basis of art. 6 para. 1 lit. e or f of the General Data Protection Regulation, including to any profiling based on those regulations. The responsible person shall no longer process the personal data unless he can demonstrate compelling legitimate reasons for the processing which override the interests, rights and freedoms of the affected person, or for the establishment, exercise or defense of legal claims.

    If personal data are processed for direct marketing purposes, the affected person has the right to object at any time to processing of personal data concerning him or her for such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

    If the affected person objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

    In connection with the use of information society services, notwithstanding Directive 2002/58/EC, the affected person may exercise his or her right to object by means of automated procedures using technical specifications.

    The affected person has the right to object, for reasons relating to his or her particular situation, to the processing of personal data concerning him or her which is performed for scientific or historical research purposes, or for statistical purposes pursuant to para. 89 of the General Data Protection Regulation, unless the processing is necessary for the performance of a task carried out in the public interest.

  10. The right not to be subject to an automated decision on a case-by-case basis (including profiling) which produces legal effects vis-à-vis her or similarly significantly affects her.
    This does not apply if the decision
    1. is necessary for the conclusion or performance of a contract between the affected person and the responsible person,
    2. is permitted by legal provisions of the Union or the Member States to which the responsible person is subject, and these legal provisions contain appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the affected person, or
    3. is performed with the explicit consent of the affected person.

    In the cases mentioned in lit. a and c above, the responsible person shall take reasonable steps to safeguard the rights and freedoms as well as the legitimate interests of the data subject, which shall include, at least, the right to obtain the intervention of an affected person, to express his or her point of view and to contest the decision.

    Automated decisions shall not be based on special categories of personal data unless the affected person has consented or the processing is necessary for reasons of substantial public interest on the basis of Union law or the law of a Member State which is proportionate to the aim pursued, respects the essence of the right to data protection and provides for adequate and specific measures to safeguard the fundamental rights and interests of the affected person.