Privacy Policies
1. PRIVACY POLICY of Hepha GmbH
1.1. We are Hepha GmbH(hereinafter called HEPHA ) .We respect your privacy and private life, but sometimes we need your Personal Data. In this privacy policy, we explain which data we use and how we save, protect and process these data. This privacy policy applies to the use of:
1.1.2. The services that we offer (the "Services"), for example, the selling of bikes,
1.1.3. Our app (the "App"),
1.1.4. Website, Services and App together are referred to as our “Platform”.
1.2. We comply with the EU General Data Protection Regulation and other national data protection laws of the member states as well as any other relevant legislation.
2. The Limitation of Age
2.1. If you are younger than sixteen years old, you cannot use our Website, Services and App without the permission of your parents or legal guardian.
3. Type and scope of the data
3.1. To offer our Website, Services and App we process Personal Data and Non Personal Data. "Personal Data" means any information relating to an identified or identifiable natural person as defined in the relevant legislation. “Non- Personal Data” is information that is anonymous, aggregate, de-identified, or otherwise does not reveal your identity.
4. Lawful basis
4.1. We can collect and process your data at various moments, for example when you visit our Website, create an account via our Website for example for making a purchase, use our Services, install and use our App or Rides feature, or when you contact us. The lawful basis for our processing can be:
4.1.1. The necessity for the performance of the contract between you and us,
4.1.2. Compliance with legal obligations,
4.1.3. Your consent,
4.1.4. Our legitimate interests or the legitimate interests of a third party,
4.1.5. A legal requirement to share Personal Data.
5. What data do we collect and process and how do we use your data?
5.1. When you use our Platform, we need the following contact data. We need these data for your interactions with HEPHA via digital/electronic tools such as e-mail or telephone; for example to process your order efficiently and correctly, to connect you to your bike, for pre and post sale services, for the use of your account, to improve our services, for marketing purposes, and for any other business/commercial purposes:
5.1.1. Your name
5.1.2. Your address
5.1.3. Your residence
5.1.4. Your phone number
5.1.5. Your e-mail address
5.1.6. Your IP-address
5.1.7. Your payment details
5.1.8. Your shipping address
5.1.9. Your username and password
5.1.10. Your reference number
5.2. For some orders (for example, for our B2B partners) we also need:
5.2.1. Company name
5.2.2. Date of birth
5.2.3. IBAN number
5.3. We may also collect and process the following Non-Personal Data if you use our Platform:
5.3.1. The type of your browser
5.3.2. The operating system that you use
5.3.3.The internet service provider
5.3.4. Website behaviour
5.4. We may also collect and process the following Non-Personal Data if you use our App. We use these data to provide support and improve our services:
5.4.1. Operating system & version
5.4.2. Type of Device
5.4.3. App version
5.4.4. Firmware version
5.4.5. Bike settings, e.g. Speed Limit, Total distance, Battery Level.
5.5. After your explicit consent, you allow the App to collect and process Non-personal Bike event data from your bicycle, e.g. Distance, Speed, Battery level, Boost Behaviour, when you are using our My Rides feature. We use these data to execute the feature, provide support, improve our services and products and for marketing purposes. The App does not share the Bike event data with third parties.
5.6. After your explicit consent, you allow the App to access Bluetooth and GPS data (each also called location data). The App allows you to use Bluetooth data locally on your telephone. The App does not share the location data with third parties. HEPHA does not collect the location data on its servers, nor uses or shares it.
5.7. After your explicit consent, you allow the App or the Bike, or both, to use location data for explicitly specified features. The App does not share the location data with third parties. HEPHA collects the location data on its servers and uses it for the execution of the feature.
6. Market research
We may ask you to participate in market research. In that case, we shall use your data for that market research. We use that statistical data pseudonymised for HEPHA . We do not sell, trade or share your answers with others or make them publicly available. In addition, your answers are not connected to your e-mail address.
7. Newsletter
7.1. HEPHA offers newsletters. That way, you are fully informed of (discount)offers and other news. We use a double opt-in system to be sure of your permission. This means that you verify your permission for any new confirmation. We ask you for this verification via an e-mail that we send to the address you have given us. Every time we send you a newsletter you have the possibility to unsubscribe from the newsletter.
8. Security
8.1. We observe reasonable procedures to prevent unauthorised access to, and the misuse of, Personal Data.
8.2. We use appropriate business systems and procedures to protect and safeguard the Personal Data you give us. We also use security procedures and technical and physical restrictions for accessing and using the Personal Data on our servers. Only authorized personnel are permitted to access Personal Data in the course of their work.
9. Storage duration
9.1. We will not retain your Personal Data longer than is legally allowed, and only as long as is necessary to enable you to use our Platform, including maintaining the online user account if created, to comply with applicable laws, resolve disputes with any parties and otherwise as necessary to allow us to conduct our business, including to detect and prevent fraud or other illegal activities.
9.2. All Personal Data we retain will be subject to this Privacy Policy and
10. With whom do we share your Personal Data?
10.1. Processors and other business partners We may share your Personal Data with Processors, within the meaning of the Relevant Legislation. We may also share Personal Data with third parties who are not processors, as per contractual obligation, for example, other Controllers who provide services connected to the use of our Platform. With these parties, we make clear agreements about the use and protection of Personal Data. We may share your Personal Data for example with IT service providers, marketing analytics, advertising platforms, payment platforms, cloud based data warehousing, lease companies and consumer review platforms. They will, for example, store and visualize data, process transactions, and perform marketing activities.
10.2. Others, for legal reasons We may also share data with HEPHA affiliates, subsidiaries, and partners, for legal reasons or in connection with claims or disputes. We may also share Personal Data if we believe it is required by applicable law, regulation, operating license or agreement, legal process or governmental request, or where the disclosure is otherwise appropriate due to safety or similar concerns.
10.3. Others, with your consent We may ask for your voluntary participation in online or offline communication about HEPHA, for marketing or informational purposes.
11. Transfer
11.1. The Personal Data that we collect from you is stored within the European Economic Area (“EEA”), but may also be transferred to and processed in a country outside of the EEA. Any such transfer of your Personal Data will be carried out in compliance with applicable laws.
12. Hyperlinks
12.1. On our website, there are hyperlinks to websites of other suppliers. Upon clicking on these hyperlinks, you are passed from our website directly onto the website of the other suppliers. You recognise this, among other things, by the change of the URL. We can assume no responsibility for the confidential treatment of your data on these websites of third parties, since we have no influence over whether these companies adhere to data protection provisions. Please learn about the treatment of your personal data by these companies directly on these websites.
13. Use of cookies
13.1. HEPHA uses client-side browser storage like cookies. Cookies are text files that your device or browser stores when you visit our website. HEPHA can also use techniques similar to cookies, such as tracking pixels, flash cookies, Java scripts, tags and web beacons. We classify all these techniques under the term Cookies. Cookies are used to send data from a server to your device or browser for the purpose of being stored. On a subsequent visit, this data is sent back to the server. This way the server can recognize your device or browser. We use the Facebook pixel, Twitter pixel, LinkedIn pixel and Google AdWords Remarketing pixel in order to measure the conversion of our advertisements on social media. For general website analytics, we use Google Analytics.
13.2. Cookies can be essential for the operation of our Website, make sure that you can visit our Website safely and track bugs and errors at our Website. We may use cookies to improve your user experience on our Website.
13.3. By storing cookies we make sure that, for example:
13.3.1. Your items are kept in the shopping cart
13.3.2. You are logged in and be able to shop without hindrance
13.3.3. You shop safely at HEPHA
13.3.4. The Website works efficiently
13.3.5. We can test improvements
13.3.6. We can advise you based on your former views and/or purchases
13.3.7. You receive complete local information
13.4. You can change your cookie settings in your browser if you don't want cookies to be sent to your device. Please note that some Website features or services of our Website may not function properly without cookies.
14. Your rights under GDPR
14.1. You have the following rights:
14.1.1. According to Article 15 GDPR, you can request information about your personal data processed by us. In particular, you can request information about the processing purposes, the categories of the personal data, the categories of recipients, to whom your data were or are being disclosed, the planned storage duration, the existence of a right to correction, erasure, limitation of the processing, or objection, the existence of a right of complaint, the origin of your data, if the latter were not collected by us, concerning the transmission to third countries or to international organisations as well as concerning the existence of an automated decision-making including profiling and possibly meaningful information concerning the details thereof.
14.1.2. According to Article 16 GDPR, you can immediately request the correction of your incorrect personal data or completion of your personal data stored with us.
14.1.3. According to Article 17 GDPR, you can request the erasure of your personal data stored with us, if the processing is not necessary for the exercise of the right to free expression of opinion and information, for fulfilling a legal obligation, for reasons of public interest, or for assertion, exercise, or defence of legal claims.
14.1.4. According to Article 18 GDPR, you can request the limitation of the processing of your personal data, if you contest the correctness of the data, the processing is illegal, we no longer need the data, and you deny the erasure thereof because you need these for assertion, exercise, or defence of legal claims. The right pursuant to Article 18 GDPR is also available to you if you have lodged an objection to the processing according to Article 21 GDPR.
14.1.5. According to Article 20 GDPR, you can request to obtain your personal data, which you have provided to us, in a structured, regular, and machine-readable format or you can request the transmission to another controller.
14.1.6. According to Article 7 paragraph 3 GDPR, you can revoke the consent that you once granted to us at any time. The result of this is that, in the future, we may no longer continue the data processing based on such consent.
14.1.7. According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your work place, or your company headquarters for this.
15. Right to object
15.1. In the case of the processing of your personal data on the basis of justified interests according to Article 6, paragraph 1, sentence 1, (f) GDPR you have the right, according to Article 21 GDPR, to lodge an objection against the processing of your personal data, if there are grounds for this, which result from your particular situation or the objection is directed against direct advertising. In the case of direct advertising, you have a general right to object, which shall be implemented by us without indication of a particular situation.
16. Update to this notice
16.1. Since changes in laws or changes in our internal company procedures may make amendments to this privacy policy necessary, we ask you to read through this privacy policy on a regular basis. The privacy policy can be called up on the data protection navigation area on our website and app, and it can be stored and printed out at any time.
16.2. After such notice, the use of our services by users in countries outside the European Union will be understood as consent to the updates to the extent permitted by law.
17. Contact information
17.1. If you have further questions regarding this privacy policy, please contact us via the information below.
Email: info@hepha.com
Cookie Policy
HEPHA is mindful of the protection of the privacy of each user (hereinafter the “User”) of www.hephabike.com (hereinafter the “Website”) and “HEPHA E-bike” mobile application (hereinafter the “Application”), and considers it essential to inform the User in a clear and transparent way about the use of cookies while browsing on the Website and the Application.
1. What is a cookie?
A cookie is an element of data stored on the hard drive of the User’s terminal (computer, tablet, mobile) through a navigation browser when visiting online services. Cookies are widely used by websites. They improve the browsing experience, and supply audience information to the owners of these websites. Cookies set up by HEPHA can appear when the User registers (if applicable). The cookies calculate how long the User stays on the confirmation page in order to redirect him to the HEPHA Website. Cookies can also gather information concerning the online preferences of Users and allow HEPHA to adapt the Website to the User’s centers of interest.
Cookies recorded by HEPHA or by third parties when the User visits the Website or Application do not recognize the User personally, but rather as the device they use. Cookies simply give information about the browsing of the User in order to recognize the terminal later on.
Cookies cause no damage to the terminal, but allow some actions more easily, such as finding preferences, advance filling certain fields and adapting the contents of the services of HEPHA.
2. How accepting or refusing the use of cookies?
The User may set his/her browser to notify him/her when he/she receives a cookie, and can refuse cookies from all websites, if he/she wishes. Please note, however, that if the User rejects cookies, it is possible that some web pages may not properly load or load at all, and his/her access to certain information might be denied or he/she might have to enter information about himself/herself more than once.
If the User does not wish to receive cookies in a general way or wishes to refuse only certain cookies, he/she can modify the parameters of his/her browser accordingly.
Instructions are supplied by each web browser:
For any other browser not mentioned above, the User should not hesitate to consult the cookie management help available on the Internet.
3. How do we use cookies?
Information collected through cookies helps HEPHA analyze the use of its Website and enables Users to benefit from a better experience when visiting the Website. HEPHA also uses cookies to send messages that are customized to Users specific interests.
4. Which kind of cookies are on the website?
Functional cookies
Functional cookies enable the Website:
- to adapt the display of the Website (used language, screen resolution, used operating system, etc.), according to the materials and the software you’re the User’s terminal contains. These cookies expire at the end of each session;
- to facilitate better searches by storing searches previously made by the User. These cookies will be stored for a 13-month period.
Analytics cookies
HEPHA may use analytics cookies to enhance the performance of the Website by collecting connection data such as date, time, Internet address, the IP address, visited and consulted pages and User’s browser version. HEPHA does not share, sell, lease or rent its mailing or customer lists to third parties and does not store them for more than a 13-month period. Thus, HEPHA may use web analytics from a service provider that uses related cookies. Although HEPHA has no control over web analytics from service providers, which are control their own processing, nor on collected data even when transferred outside the European Union since such providers are located in the United States of America, HEPHA considers it necessary to mention this in order to ensure Users have clear and thorough information on such use, which may, if any, require Users’ prior consent.