Home

Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”).

The terms used are not gender-specific.

Last updated: March 13, 2026

Table of Contents

Controller

Frank Zoechling Kaunitzer Str. 374a Schloss Holte Stukenbrock

E-mail address: frank [@] bike-ly.de

Legal notice: https://bike-ly.de/en/imprint

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects concerned.

Types of Data Processed

  • Inventory data.
  • Employee data.
  • Payment data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta, communication, and procedural data.
  • Log data.

Categories of Data Subjects

  • Recipients of services and clients.
  • Employees.
  • Prospective customers.
  • Communication partners.
  • Users.
  • Business and contractual partners.
  • Third parties.
  • Whistleblowers.

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations.
  • Communication.
  • Security measures.
  • Direct marketing.
  • Reach measurement.
  • Tracking.
  • Office and organizational procedures.
  • Remarketing.
  • Target group formation.
  • Organizational and administrative procedures.
  • Feedback.
  • Marketing.
  • Profiles with user-related information.
  • Provision of our online offering and user-friendliness.
  • Information technology infrastructure.
  • Whistleblower protection.
  • Business processes and operational procedures.

Relevant legal bases under the GDPR: The following provides an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Should more specific legal bases apply in individual cases, we will inform you of these in the privacy policy.

  • Consent (Art. 6 para. 1 s. 1 lit. a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Contract performance and pre-contractual inquiries (Art. 6 para. 1 s. 1 lit. b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 para. 1 s. 1 lit. c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

National data protection regulations in Germany: In addition to the data protection provisions of the GDPR, national data protection regulations apply in Germany. These include in particular the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains specific provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission and automated individual decision-making, including profiling. Furthermore, data protection laws of individual federal states may apply.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, the costs of implementation, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

The measures include in particular safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, securing of availability, and its separation. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, the deletion of data, and responses to data threats. We also take into account the protection of personal data when developing or selecting hardware, software, and processes, in accordance with the principle of data protection by design and by default.

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect the data of users transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), protecting the data from unauthorized access. TLS, as the advanced and more secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator for users that their data is being transmitted securely and in encrypted form.

Transmission of Personal Data

In the course of our processing of personal data, it may happen that data is transmitted to or disclosed to other entities, companies, legally independent organizational units, or persons. Recipients of this data may include, for example, service providers entrusted with IT tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and in particular conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

International Data Transfers

Data processing in third countries: If we transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of using third-party services or the disclosure or transfer of data to other persons, entities, or companies, this is always done in accordance with legal requirements.

For data transfers to the USA, we rely primarily on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the EU Commission on July 10, 2023. In addition, we have concluded standard contractual clauses with the respective providers that comply with the requirements of the EU Commission and establish contractual obligations for the protection of your data.

This dual safeguard ensures comprehensive protection of your data: the DPF forms the primary level of protection, while the standard contractual clauses serve as additional security. Should changes occur within the DPF framework, the standard contractual clauses will serve as a reliable fallback option.

For data transfers to other third countries, appropriate safeguards apply, in particular standard contractual clauses, explicit consent, or legally required transfers. Information on third-country transfers and applicable adequacy decisions can be found in the EU Commission’s information portal: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with legal requirements as soon as the underlying consent is revoked or there are no further legal grounds for the processing. This applies to cases where the original purpose of processing no longer applies or the data is no longer needed. Exceptions apply where legal obligations or special interests require longer storage or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal prosecution or for the protection of the rights of other natural or legal persons, must be archived accordingly.

Retention and deletion of data: The following general retention periods apply under German law:

  • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the working instructions and other organizational documents required for their understanding (§ 147 para. 1 no. 1 in conjunction with para. 3 AO, § 14b para. 1 UStG, § 257 para. 1 no. 1 in conjunction with para. 4 HGB).
  • 8 years – Accounting vouchers, such as invoices and expense receipts (§ 147 para. 1 no. 4 and 4a in conjunction with para. 3 s. 1 AO and § 257 para. 1 no. 4 in conjunction with para. 4 HGB).
  • 6 years – Other business documents: received commercial or business letters, reproductions of sent commercial or business letters, other documents insofar as they are relevant for taxation (§ 147 para. 1 no. 2, 3, 5 in conjunction with para. 3 AO, § 257 para. 1 no. 2 and 3 in conjunction with para. 4 HGB).
  • 3 years – Data required to take into account potential warranty and damage claims or similar contractual claims and rights (§§ 195, 199 BGB).

Rights of Data Subjects

Rights of data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

  • Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
  • Right to withdraw consent: You have the right to withdraw your consent at any time.
  • Right of access: You have the right to request confirmation as to whether data concerning you is being processed and to receive information about this data as well as further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: You have the right, in accordance with legal requirements, to request the completion of data concerning you or the correction of inaccurate data concerning you.
  • Right to erasure and restriction of processing: You have the right, in accordance with legal requirements, to request that data concerning you be deleted without undue delay, or alternatively, in accordance with legal requirements, to request restriction of the processing of the data.
  • Right to data portability: You have the right to receive data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request its transmission to another controller, in accordance with legal requirements.
  • Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.

Business Services

We process personal data of our contractual and business partners, such as customers, clients, prospective customers, suppliers, and other cooperation partners (collectively “contractual partners”), for the purpose of initiating, performing, and settling contractual relationships and comparable legal relationships. This also includes pre-contractual measures taken at the request of the data subject, as well as communication related to the respective contractual relationship.

The processing serves in particular to fulfill our primary and ancillary contractual obligations. This includes the provision of agreed services, any update and information obligations, handling of warranty claims and other service disruptions, processing of revocations, termination of continuing obligations, unwinding of contracts, refunds, and the handling of other contract-related declarations and inquiries.

In particular, master data such as name, address, and if applicable company name, contact data such as e-mail address and telephone number, contract and service data, as well as communication content and histories are processed.

Personal data is only disclosed to third parties to the extent necessary for the performance of the contract, for the implementation of pre-contractual measures, for the protection of legitimate interests, or for compliance with legal obligations.

  • Types of data processed: Inventory data; payment data; contact data; contract data.
  • Data subjects: Recipients of services and clients; prospective customers; business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; communication; office and organizational procedures; business processes and operational procedures.
  • Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 s. 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 s. 1 lit. c) GDPR); Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR).

Further notes on processing activities, procedures, and services:

  • Provision of software and platform services: We process the data of our users, registered users, and any test users in order to provide them with our contractual services and on the basis of legitimate interests, to ensure the security of our offering and to further develop it; Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 s. 1 lit. b) GDPR).

Provision of the Online Offering and Web Hosting

We process users’ data in order to be able to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.

  • Types of data processed: Usage data; meta, communication, and procedural data; log data; content data.
  • Data subjects: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness; information technology infrastructure; security measures.
  • Legal bases: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR).

Further notes on processing activities, procedures, and services:

  • Provision of online offering on rented storage space: For the provision of our online offering, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider; Legal bases: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR).
  • Collection of access data and log files: Access to our online offering is logged in the form of so-called “server log files.” Server log files can be used for security purposes, e.g., to avoid server overload (particularly in the case of abusive attacks, so-called DDoS attacks). Log file information is stored for a maximum of 30 days and then deleted or anonymized; Legal bases: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR).
  • E-mail sending and hosting: The web hosting services we use also include the sending, receiving, and storage of e-mails. We cannot accept responsibility for the transmission path of e-mails between the sender and receipt on our server; Legal bases: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR).

Use of Cookies

The term “cookies” refers to functions that store and read information on users’ devices. Cookies can also be used for various purposes, such as for the functionality, security, and convenience of online offerings, as well as for the creation of analyses of visitor flows. We use cookies in accordance with legal requirements.

Storage duration: With regard to storage duration, the following types of cookies are distinguished:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their device.
  • Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, the login status can be saved and preferred content can be displayed directly when the user visits a website again. The storage period can be up to two years.

General information on revocation and objection (opt-out): Users can revoke their consent at any time and also object to processing in accordance with legal requirements, including via the privacy settings of their browser.

  • Types of data processed: Meta, communication, and procedural data.
  • Data subjects: Users.
  • Legal bases: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR); Consent (Art. 6 para. 1 s. 1 lit. a) GDPR).

Further notes on processing activities, procedures, and services:

  • Processing of cookie data on the basis of consent: We use a consent management solution in which users’ consent to the use of cookies is obtained. The storage duration of consent is up to two years; Legal bases: Consent (Art. 6 para. 1 s. 1 lit. a) GDPR).

Blogs and Publication Media

We use blogs or comparable means of online communication and publication. Readers’ data is only processed for the purposes of the publication medium to the extent necessary for its presentation and communication between authors and readers, or for security reasons.

  • Types of data processed: Inventory data; contact data; content data; usage data; meta, communication, and procedural data.
  • Data subjects: Users.
  • Purposes of processing: Feedback; provision of our online offering and user-friendliness; security measures; organizational and administrative procedures.
  • Legal bases: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR).

Further notes on processing activities, procedures, and services:

  • Comments and posts: When users leave comments or other contributions, their IP addresses may be stored on the basis of our legitimate interests. The information communicated in the context of comments and posts is stored by us permanently until users object; Legal bases: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR).

Contact and Inquiry Management

When contacting us (e.g., by post, contact form, e-mail, telephone, or via social media) and within the framework of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to respond to contact inquiries and any requested measures.

  • Types of data processed: Contact data; content data; meta, communication, and procedural data.
  • Data subjects: Communication partners.
  • Purposes of processing: Communication; organizational and administrative procedures; feedback; provision of our online offering and user-friendliness.
  • Legal bases: Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR); Contract performance and pre-contractual inquiries (Art. 6 para. 1 s. 1 lit. b) GDPR).

Further notes on processing activities, procedures, and services:

  • Contact form: When contacting us via our contact form, by e-mail, or other communication channels, we process the personal data transmitted to us in order to answer and process the respective inquiry. We use this data exclusively for the stated purpose of contact and communication; Legal bases: Contract performance and pre-contractual inquiries (Art. 6 para. 1 s. 1 lit. b) GDPR), Legitimate interests (Art. 6 para. 1 s. 1 lit. f) GDPR).

Newsletter and Electronic Notifications

We send newsletters, e-mails, and other electronic notifications exclusively with the consent of the recipients or on a legal basis. Registration for our newsletter normally requires only the provision of your e-mail address.

Deletion and restriction of processing: We may store unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before deleting them, in order to be able to prove that consent was previously given.

Content: Information about us, our services, promotions, and offers.

  • Types of data processed: Inventory data; contact data; meta, communication, and procedural data; usage data.
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g., by e-mail or by post).
  • Legal bases: Consent (Art. 6 para. 1 s. 1 lit. a) GDPR).
  • Opt-out option: You can unsubscribe from our newsletter at any time. You will find a link to unsubscribe from the newsletter at the end of each newsletter, or you can use one of the contact options provided above.

Web Analytics, Monitoring and Optimization

Web analytics (also referred to as “reach measurement”) serves the purpose of evaluating visitor flows to our online offering and may include behavior, interests, or demographic information about visitors as pseudonymous values. With the help of reach analysis, we can, for example, identify at what time our online offering or its functions or content are most frequently used.

In addition, users’ IP addresses are stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. In general, within the scope of web analytics, A/B testing, and optimization, no clear data of users (such as e-mail addresses or names) is stored, but rather pseudonyms.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests.