Privacy policy
Privacy Policy
With this Privacy Policy, we inform you about the scope of the processing of your personal data (hereinafter referred to as “data”).
I. Responsible for Data Processing
The entity responsible for data processing in accordance with the provisions of the General Data Protection Regulation (GDPR) is:
CSM Chemnitzer Sportförderungs- und Marketinggesellschaft mbH
Jagdschänkenstr. 48
09117 Chemnitz
Phone number: 0178/6267500
Email address: shop@peace-ride.com
II. General Information on Data Processing
In the course of our business operations and website operation, we process data.
This also includes disclosure through transmission to third parties and possibly to so-called third countries outside the European Union (“EU”) and the European Economic Area (“EEA”). If we transmit data outside the EU or EEA, we have indicated this accordingly below.
III. Data Processing
The specific data concerned, processing purposes, legal bases, recipients, and any transfers to third countries are listed in the following breakdown:
1. Logfile during Website Visits
We log your website visits. In this process, we process the following data:
- Names of the website(s) we retrieved,
- Date and time of retrieval,
- Transferred data volume,
- Browser type and version,
- The operating system you are using,
- The referring URL (the website previously visited),
- Your IP address,
- The requesting provider.
The legal basis for the data processing is, in accordance with Art. 6 (1) f) GDPR, our legitimate interest in the continuous provision and security of our website.
The log file is deleted after seven days unless it is required to demonstrate or investigate specific legal violations that became known during the retention period.
2. Hosting
For the provision of our shop system and the management of our customer data and orders, we use systems of Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"). Therefore, the data we process in connection with providing your customer account and processing your order is processed within Shopify’s systems.
Salesforce is a Canadian company, so data transfers to Canada cannot be excluded. However, there is an adequacy decision from the EU Commission regarding data transfers to Canada, ensuring an adequate level of data protection.
We have entered into a data processing agreement with the provider to ensure the protection of our website visitors' data and to prohibit unauthorized disclosure to third parties.
3. Contacting Us
If you contact us, we process the following data for the purpose of processing and handling your inquiry: name, contact details (if provided by you), and your message.
The legal basis for data processing is our obligation to fulfill the contract and/or to fulfill our pre-contractual obligations in accordance with Art. 6 (1) b) GDPR and/or our legitimate interest in processing your inquiry in accordance with Art. 6 (1) f) GDPR.
4. Contract Processing
We process your order data to fulfill the contractual relationship between you and us.
The legal basis for data processing is, in accordance with Art. 6 (1) b) GDPR, the fulfillment of our contractual obligations and, in individual cases, the fulfillment of our legal obligations in accordance with Art. 6 (1) c) GDPR.
We transmit your address data to the company responsible for delivery. If necessary for contract fulfillment, we also transmit your email address or phone number to coordinate a delivery date (notice) with the delivery company.
When choosing the payment option “Shopify Payments,” several online payment methods of Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, are available to you. When choosing a payment method where you pay in advance (e.g., credit card payment), your payment data (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order is transmitted to Shopify in accordance with Art. 6 (1) b) GDPR. The transmission of your data in this case is solely for the purpose of processing the payment with the provider and only to the extent necessary for this.
When choosing the payment option “PayPal,” you also have the option to use one or more online payment methods of PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. When choosing a payment method where you pay in advance, your payment data (including name, address, bank and card information, currency, and transaction number) as well as information about the content of your order is transmitted to PayPal in accordance with Art. 6 (1) b) GDPR. The transmission of your data in this case is solely for the purpose of processing the payment with the provider and only to the extent necessary for this.
5. Shipping Status Notifications
If you wish to be informed about the status of your shipment by the shipping provider (DHL, Hermes, DPD), we will provide your email address and phone number to the selected shipping company for this purpose. The legal basis for this data processing is your consent in accordance with Art. 6 (1) a) GDPR.
6. Newsletter
To regularly provide you with information about our company and offers, we offer the option to subscribe to our email newsletter. When you register for the newsletter, we process the data you provide during registration (email address and any additional voluntary information). To prevent misuse, we send you a confirmation email after your registration, asking you to confirm your subscription (double opt-in procedure). To ensure the legal compliance of the registration process, your registration is logged, including the registration and confirmation time as well as your IP address.
The legal basis for sending the newsletter is your consent in accordance with Art. 6 (1) a) GDPR. The data processing related to sending the confirmation email and logging the associated data is carried out in accordance with Art. 6 (1) f) GDPR due to our legitimate interest in proving your proper registration.
If you provide us with consent, we may also analyze the newsletters to evaluate whether you opened the newsletter and your scrolling and clicking behavior within the newsletter. This is done to tailor the newsletter to your interests and improve its content. The legal basis for analyzing the newsletter is your consent in accordance with Art. 6 (1) a) GDPR.
For sending the newsletter, we use a service provider based within the EU/EEA to whom we transmit the mentioned data.
7. Email Direct Marketing for Existing Customers
If you have not objected, we may send you direct marketing emails related to the products and services you have purchased from us, to offer similar products and services. For this purpose, we use the email address you provided during the conclusion of the contract.
You can object to this use at any time without incurring any costs other than the transmission costs according to the basic rates.
The legal basis for this direct marketing is § 7 (3) UWG in conjunction with Art. 95 GDPR. We use service providers to send the newsletter to whom we transmit the mentioned data.
8. Customer Account
When you create and use a customer account, we process your master data (name, address, email address, bank details) as well as your usage data (username, password). This allows you to manage your orders and assignments, and enables us to identify you as a customer. The legal basis for this data processing is your consent in accordance with Art. 6 (1) a) GDPR.
IV. Duration of Data Retention
We retain personal data only for as long as necessary to achieve the purposes for which it is processed or until your consent is withdrawn. Where statutory retention obligations apply, certain data may be retained for up to 10 years regardless of the processing purpose.
V. Your Rights as a Data Subject
1. Access
You may request information about all personal data we have stored about you at any time, free of charge.
2. Rectification, Erasure, Restriction of Processing (Blocking), Objection
If you no longer agree to the storage of your personal data or if the data has become inaccurate, we will, upon your instruction, delete, block, or correct your data, as far as this is permissible under applicable law. The same applies if we are to process data in a more limited manner in the future. You have the right to object particularly in cases where your data is required for the performance of a task carried out in the public interest or based on our legitimate interest, including related profiling. Similarly, you have the right to object in cases of data processing for direct marketing purposes.
3. Right to Withdraw Consent with Future Effect
You may withdraw your consent at any time with effect for the future. The lawfulness of processing based on your consent up to the point of withdrawal remains unaffected.
4. Data Portability
If data processing is based on a contract, pre-contractual negotiations, your consent, or automated processing, you have the right to data portability. Upon request, we will provide you with your data in a commonly used, structured, and machine-readable format, allowing you to transfer the data to another controller if desired.
5. Restriction of Processing
Data that cannot be attributed to a specific individual, for example, data anonymized for analysis purposes, is not subject to the aforementioned rights. Access, deletion, blocking, correction, or transfer to another company may only be possible if you provide us with additional information that enables identification.
6. Exercising Your Rights and Right to Complain
If you have questions about the processing of your personal data or wish to request access, rectification, blocking, objection, or deletion of your data, or if you want to transfer your data to another company, please contact us at the email address provided above.
You also have the right to lodge a complaint with a supervisory authority regarding your data subject rights.