Data protection declaration and legal notes

We are delighted you have visited our website www.getfinn.com. Smettly GmbH (in the following “we” or “Smettly”) take data protection very seriously. You will find more information about the use of your data here:


Processor

In part, we use external service providers to process personal data (“processors”). These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.


Transfer outside the EEA

In the following cases, we transfer data to recipients based outside the European Economic Area (EEA).

  • Google LLC (“Google“)with offices at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA processes data on our behalf. We transfer device recognition and information about app usage frequency to Google. The legal basis for this transfer is the legitimate interest for purposes of analysis (Art. 6 Para. 1 letter a GDPR) as well as fulfillment of contracts for purposes of communication (Art. 6 Para, 1 letter b GDPR).
  • Payments in the online shop are processed via the service provider Stripe, Inc. as part of contract fulfilment (Art. 6 Para. 1 letter b GDPR).
  • With your consent, Facebook Pixel provides data to Facebook, Inc. (for more information see „Other cookies“).

All companies indicated are based in the USA andcertified under the US-European data privacy agreement “Privacy Shield”, which ensures compliance with the level of data protection in the EU.


Websites and associated data processing


Description and scope of data processing

Every time our website is opened, our system records automated data and information about the computer system of the accessing computer.

The following data is collected here:

  • Information about the browser type and the version used​
  • Language and Version of the browser
  • User’s operating system and interface
  • User’s IP address
  • Date and time of access and time zone difference from Greenwich Mean Time (GMT)
  • The amount of data transmitted
  • Websites from which the user’s system reached our internet pages
  • Websites which are opened by the user’s system via our website
  • Access status/HTTP status code

The data is also stored in the log files of our system.


Legal basis for data processing

The legal basis for the temporary storage of data and log files is the legitimate interest of Smettly as per Art. 6 Para. 1 letter f GDPR.


Purpose of data processing

Temporary storage of the IP address by the system is necessary to facilitate delivery of the website to the user’s computer. For this, the user’s IP address must remain stored for the duration of the session.

Data is saved in log files to ensure full functionality of the website. The data also helps us optimise the website and to guarantee the security of our information technology systems. There is no evaluation of the data for marketing purposes in this regard.

For these purposes, our legitimate interest in data processing is in accordance with Art. 6 Para. 1 letter f GDPR.


Duration of storage

The data is immediately anonymised or deleted.

Where data is saved in log files, this is carried out after 90 days. Data is not stored beyond this in a form which allows identification of the person affected.


Recipients

This data is processed via our server infrastructure service provider.


Use of cookies

Definition of cookies

Cookies are small text files which are stored in your browser. These are downloaded to your browser the first time you visit our website. When you visit the website again with the same device or browser, the cookie and the information saved there are either sent back to the relevant website which created them (first party cookie) or to another website to which it belongs (third party cookie). This is how the system recognises that the website was opened by the browser in question and uses this status to change how content is displayed. Cookies “remember”, for example, your preferences, tell you how to use a page and also partly individually adapt the offers shown.


Functionally necessary cookies

We use cookies for the purpose of communicating messages and provision of the services you desire. The data processing activities resulting from the use of cookies are based on our legitimate interest in provision of a fully functioning website and the services you desire (Art. 6 Para. 1 letter f GDPR, § 96 Para. 3 TKG).


Other cookies

In addition, based on our legitimate interest, we use cookies for purposes of analysis which helps us improve our website and our services (Art. 6 Para. 1 letter f GDPR, § 96 Para. 3 TKG). Here, the IP address is anonymised using abbreviation, which excludes any establishment of a direct relationship to the person. These cookies are not places when the browser setting “do not track” is active.

After your approval, Facebook Pixel is also integrated on this website (see point “Interest-based advertising”).


Your cookies settings on this website

If you would like to limit or completely block cookies, you can change the settings in your browser. Cookies already stored can be deleted at any time. If cookies are de-activated for our website, it is possible that all functions of the website may not be usable to their full extent.

You will find the process for managing and deleting cookies in your browser’s help function. You will find more detailed information about this process at the following links:

Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop

Chrome: https://support.google.com/chrome/answer/114836?hl=en&ref_topic=7437824

Safari: https://support.apple.com/en-gb/guide/safari/sfri35610/mac

Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

Opera: https://help.opera.com/en/latest/web-preferences/


Interest based advertising

With your consent this website and connected websites (getfinn.com) uses the Facebook Pixel of Facebook, Inc. („Facebook“). This Facebook Pixel connects the website directly to the Facebook Servers at the moment of your website visit.

During this connection, the Facebook Pixel sends – when acitvated – technical traffic data, together with the Facebook cookie, the Pixel ID, the URL of the visited page and occasionally, the information on clicked buttons.
Facebook Pixel serves for analytial purposes that helps us optimise our website and our offer. It also helps to provide our users with advertisement that fits their interests.

More information on the collection and the processing of data by Facebook as well as your rights and privacy protection are available in the privacy policy of Facebook:  https://www.facebook.com/about/privacy/.  You can change the settings for advertising analytics on Facebook at. https://www.facebook.com/help/109378269482053?helpref=hc_global_nav .


Comment function at getfinn.com

Purpose

You have the option of leaving comments on getfinn.com. For this purpose, Smettly collects and processes name, email address and comment. Alternatively, you can log into the app with your user account to enter this data.


Legal basis

Your data is processed based on your consent (Art. 6 Para. 1 letter a GDPR). You have the right to withdraw your consent at any time, free of charge (information about legal remedies and contact data below). After unsubscribing, your data will continue to be processed based on the legitimate interests with regard to purposes of documentation (Art. 6 Para. 1 letter f GDPR).


Saving and deletion

Fundamentally, your data will be saved until revoked and thereafter for a period of two years, unless deletion is prevented by a statutory storage period, and we do not need the data in an individual case to defend or assert legal claims.


Recipients

Your data is processed via our server infrastructure service provider and our email provider.


Online shop

Purpose

Smettly collects and processes the data provided when ordering products such as name, delivery/collection and invoicing address, shopping basket, order content, invoice data, payment data and so on, which facilitates purchase of our products.


Legal basis

Your data must be processed for conclusion and fulfilment of online purchase contracts (Art. 6 Para. 1 letter b GDPR) as well fulfilment of statutory storage obligations (Art, 6 Para. 1 letter c GDPR).


Saving and deletion

Fundamentally, your data will be saved until you unsubscribe and thereafter for a period of two years, unless deletion is prevented by a statutory storage period, and we do not need the data in an individual case to defend or assert legal claims.

Data regarding individual orders and transactions will be stored in accordance with the statutory storage obligations and always for a period of seven years.


Recipients

The data is processed via our server infrastructure service provider and our email provider.

Data is not passed on to any third parties, with the exception of a transfer of payment information to the processing bank institute / payment service provider for purposes of booking the purchase price, to the transport company/shipping company we engage for delivering the goods, as well as our tax advisors for fulfilment of our statutory tax obligations.


Newsletter

Purpose

The email address you provided will be processed by Smettly for the purpose of sending the subscribed newsletter.

We process any information you voluntarily provide to us in order to supply you with targeted information, for example,

  • Personalized Addressing in the Newsletter (Salutation, Name)
  • Delivery of content specifically relevant to you through segmentation by language, country or city, gender, and interests.

Furthermore, we measure the newsletter's performance by tracking newsletter opens (yes/no) ("open rate"), information about which newsletter articles were clicked ("click behavior"), and information regarding the technical deliverability of the newsletter ("bounces," e.g., undeliverability due to incorrect email addresses). These data are generated automatically by the system.


Legal basis

The processing of your email address is based on your provided consent in accordance with § 107 Telekommunikationsgesetz and Article 6(1)(a) of the General Data Protection Regulation (DSGVO). You have the right to withdraw your consent at any time, free of charge. To withdraw your consent, please click on the unsubscribe link in the respective newsletter or contact Smettly (for legal instructions and contact information, please see below).

We base the processing of the information you voluntarily provide and the collection of data for performance measurement on Smettly's legitimate interests (marketing purposes; Article 6(1)(f) of the General Data Protection Regulation (DSGVO)).We base the processing of the information you voluntarily provide and the collection of data for performance measurement on Smettly's legitimate interests (marketing purposes; Article 6(1)(f) of the General Data Protection Regulation (DSGVO)).​

After unsubscribing from the newsletter, your consent will continue to be stored on the basis of legitimate interests (Article 6(1)(f) of the General Data Protection Regulation (DSGVO)). Smettly's legitimate interests include the necessary documentation of your provided consent for evidentiary purposes.

You provide your data to Smettly voluntarily, without any legal or contractual obligation. However, the processing of your email address is necessary in order to send the respective newsletter. Failure to provide your email address will result in Smettly being unable to send you the newsletter. Not providing 'voluntary information' means that we will not be able to provide you with targeted information, but we will still send you the newsletter.


Saving and deletion

Your request to unsubscribe from the newsletter is automatically noted in the newsletter database. This note ensures that you will not receive any further newsletters from the moment of you unsubscribing. The final deletion of your data will occur within three months from the date of you quitting your subscription, provided that legal retention obligations do not prevent deletion, and we do not need the data in individual cases to defend or enforce legal claims.

The consent provided for receiving the newsletter is stored for a period of 3 months from the date of unsubscribing from the newsletter.

Data for performance measurement is stored for a period of 3 months and then anonymized.

Recipients

The data is processed through our server infrastructure provider and our email service provider. Additionally, we utilize a specialized provider for newsletter delivery.


Contact questions using forms,
email or telephone

Purpose

If you contact us via the contact form, email, or by telephone, in each case we collect and process your name, contact data, the issue you have raised with us and any data which you give us by uploading or attaching documents. The purpose of data processing is the response to your contact question.


Legal basis

The data is processed based on the legitimate interest of Smettly in communication with websites and app users (art. 6 Para. 1 letter f GDPR).


Saving and deletion

Smettly deletes or anonymises your personal data once the achieving the purposes for which it was collected and processed are no longer required, and where there are no other statutory obligations for continued storage. Obligations for proof and storage arise, in particular from company, share and tax law as well as money laundering regulations. In addition, Smettly stores that personal data which is required for any assertion, resistance or defense of legal claims and their implementation in official or legal proceedings. This storage is carried out until expiry of the relevant applicable period of limitation or conclusion of the legally applicable process.


Recipients

The data is processed via our server infrastructure service provider and our email provider.


How do we process and store data?

We use all possible measures to ensure that your data is stored securely, and unauthorised access to data is excluded. The passwords you enter are never saved as plain text, rather they are saved in accordance with best practice directives. All information recorded is stored on the servers we designate for this.


Your rights with regard to data processing

The Data Protection Directive (EU-VO 2016/679) gives you certain rights as an affected person, to which we would like to draw your attention in the following. Please note that these complement each other, so that you may request either only correction or completion of your data, or deletion of it.


Withdrawal of consent

In the event that Smettly stores and processes personal data based on your consent, you are entitled to revoke this consent at any time. The legality of the processing carried out up to that point remains unaffected.


The right to be informed

You may request information about the origin, categories, duration of storage, recipients, or purpose of the personal data processed by Smettly and the nature of this processing.


The right to correction or deletion

If Smettly processes personal data about you, which is incorrect or incomplete, you may request correction or completion at any time. You may also request that illegally processed data is deleted.


The right to limitation of processing

If it is not clear whether your personal data which has been processed is incorrect or incomplete, or it has been processed illegally, you may request a limitation of processing of your data until this matter is resolved conclusively.


Right of objection

Even when your personal data is correct and complete, and has been processed legally, you may object to the processing of this data. However, this is only possible in special situations justified by you.


The right to data portability

You may receive your personal data processed by Smettly which Smettly has received from you in a defined, machine-readable format, or engage Smettly to transfer this data directly to a third party selected by you, where this recipient facilitates Smettly from a technical point of view, and the data transfer does not involve either an unreasonable effort or infringe legal or other secrecy obligations or confidentiality obligations on the part of Smettly or other third parties.


Right of complaint

Ultimately, you are entitled to lodge a complaint with the data protection authorities if you believe that the processing of personal data relating to you infringes the data protection directives (EU-VO 2016/679).


Who can you contact to apply your rights as an affected person?

To assert the rights above, please contact (in writing by letter or email) the contact named at the start of this statement, or the following email address directly: info@bikecitizens.net.

General

We reserve the right to amend this data protection declaration at any time with consideration of the applicable data protection regulations. Please visit this page regularly to keep informed about possible changes. If you have any questions relating to this data protection declaration, or you want to get in touch with us with regard to this data protection declaration, please contact us at ​ info@bikecitizens.net.


Use of non-personal data

We use non-personal data for research purposes, for statistical purposes and to improve your user experience. In addition, we reserve the right to use non-personal data which is associated technically with the use of our goods or services (meta-data) at our sole discretion.


Third party websites

This data protection declaration does not apply to third party website which we do not operate and control. For example, clicking on a link on this website can take you to the services of a third party such as Paypal, Facebook or Google+. We recommend you read the data protection notes on their websites to find out how they handle your personal data.




Date: 23rd March 2023