Privacy Policy

We, CYBEX Retail GmbH, with registered office in Bayreuth, thank you very much for your interest in our website and our CYBEX Online Shop. The protection of your personal data is very important to us. We process these data in accordance with the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act and other applicable laws on data protection.

In the following, we would like to inform you about the type of personal data processed during your use of our web pages, the associated mobile applications, and as part of your orders in the CYBEX Online Shop.

Table of Contents

1. Data controller
2. Terms and definitions
3. Categories of data we are processing
4. Legal basis for data processing
5. Purposes of the data processing
6. Web analytics by Google Analytics
7. Use of Google Maps
8. Use of Google Tag Manager
9. Use of Google reCAPTCHA V3
10. Use of Google Fonts
11. Use of Google Ads
12. Use of Facebook Social Plugins (Shariff-Solution)
13. Use of Facebook Pixel
14. Use Pinterest Retargeting Pixel
15. Use of Microsoft Advertising
16. Use of Microsoft Clarity
17. Use of Usercentrics Consent Management Platform
18. Live Video Shopping with Bambuser
19. Fraud Prevention by Riskified
20. Booking and scheduling with Appointedd
21. Review Function
22. Data transfer to third parties
23. Period of data storage; data erasure
24. Your data protection rights
25. Automatic processing of personal data
26. Complaints to supervisory authorities
27. Contacting the Data Protection Officer

1. Data controller

The controller for data processing is CYBEX Retail GmbH with registered office in Bayreuth. Our contact details are as follows:

CYBEX Retail GmbH

Riedingerstraße 18

95448 Bayreuth

Germany

Email: service.de@cybex-online.com

The contact details of our Data Protection Officer can be found at the end of this Privacy Policy.

2. Terms and definitions

“Personal data” means any information relating to an identified or identifiable natural person, hereinafter also referred to as “data subject”; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Examples of personal data include your computer’s IP address, your real name, your postal address, your telephone number and your date of birth. Personal data are also referred to as “data” hereinbelow.

3. Categories of data we are processing

In the following we would like to inform you which data we are processing when you visit our web pages, order goods in our CYBEX Online Shop or use other functions of our web pages and associated mobile applications.

3.1. Processing of access data relating to the visit of our web pages

If you only access our web pages without placing an order in our CYBEX Online Shop, we only store access data such as date and time of your visit, the website from which you visit us, your browser’s type and language settings, the web pages you visit on our website, the amount of data transferred and the requesting provider.

3.2. Data provided to us by you

Within the scope of your order in the CYBEX Online Shop, when creating a customer account, when subscribing to our newsletter or contacting us, we process the data provided to us by you. The relevant data input form will usually indicate the type of data involved. In particular, this relates to:

- contact details such as title, your name, email address and postal address, and your telephone number where applicable;

- order data such as the description of the goods you have ordered;

- payment data such as the payment method you have selected and (where applicable, pseudonymised) your credit card details.

3.3. Data that we receive about you from third parties

To the extent necessary for us and where permissible under applicable data protection laws, we may collect data about you from third parties. This occurs in particular within the scope of a credit assessment if you select the “Invoice” payment method. Additional information is found further below in this Privacy Policy.

3.4. Cookies

We use “cookies”, technical information that is stored on a user's computer, to make it more attractive for you to visit our web pages, to enable you to place an order in our CYBEX Online Shop or to use other functions. Cookies allow us in particular to adapt our web pages to user needs by collecting statistical information about user behaviour.

Some of the cookies we use are deleted after the end of the respective browser session, i.e., after the user closes the browser (“session cookies”). Other cookies will remain on the user's device and enable us to recognise the browser upon the user's next site access (“persistent cookies”).

Additional information on cookies and similar technologies used by us is found further below in this Privacy Policy and here in our cookie consent tool, which also allows you to change your cookie preferences at any time. Depending on your selected settings, some functionalities of our web pages may be limited.

4. Legal basis for data processing

At all times we process your data in accordance with the relevant legislation and only to the extent permitted by an applicable legal provision. Depending on the respective purpose of the data processing, the processing of your data may be based on the following legal principles:

- Consent (Article 6 (1) (a), Article 7 GDPR): We only process certain data if you have given us your express and voluntary consent to do so. You may revoke your consent at any time with effect for the future.

- Performance of a contract or pre-contractual measures (Article 6 (1) (b) GDPR): We process certain data where this is necessary for the performance of a contract (e.g., when you order goods from us) or in order to take steps at your request prior to entering into a contract (e.g., when you make an enquiry about one of our products).

- Compliance with legal obligations (Article 6 (1) (c) GDPR): We need to process some of your data for compliance with our own legal obligations, for example to comply with tax obligations.

- Protection of vital interests (Article 6 (1) (d) GDPR): We process certain data in cases where processing is necessary to protect the vital interests of you or of another natural person.

- Protection of legitimate interests (Article 6 (1) (f) GDPR): We process certain data in cases where processing is necessary to protect legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests which require protection of personal data.

5. Purposes of the data processing

We process your data for the following purposes:

5.1. Provision of our websites

Where we process access data as part of your visit of our web pages, this is done to ensure problem-free operation of the web pages and to improve our offerings and services, in particular our CYBEX Online Shop.

The legal basis for this data processing is Article 6 (1) (b) GDPR, as the processing is necessary to ensure the functionality of our web pages and to deliver their contents correctly. In addition, the data serve to optimise our websites and to ensure the security of our IT systems; in this respect, the data processing is based on Article 6 (1) (f) GDPR.

5.2. Contact

If you contact us by telephone, email or via an online form, we process the data provided by you on the basis of Article 6 (1) (b) GDPR to the extent necessary to process your request and to be able to prove that you have contacted us in accordance with legal requirements.

5.3. Contract-related data processing

Customer account: If you register as a customer in our CYBEX Online Shop, we process the data provided by you on the basis of Article 6 (1) (b) GDPR. This is necessary to establish and manage your customer account and is therefore necessary for the performance of the contract of use or in order to take steps at your request prior to entering into a contract.

CYBEX Club Membership Program: If you register for participation in the CYBEX Club Membership Program (CYBEX Club) by opening a Membership account, we will process the data you provide or that accrues in the course of your use of the CYBEX Club on the basis of Article 6 (1) (b) GDPR as part of the account opening process and thereafter during your participation in the CYBEX Club. This is necessary to set up and manage your membership account, to credit your CYBEX Club Points and to grant you the benefits available within the CYBEX Club and thus serves the implementation of pre-contractual measures and the fulfilment of the usage contract.

Guest order: If you place an order as a guest, you do not need to register as a customer prior to placing an order but you will then have to re-enter your data for each subsequent order. We process the data provided by you as part of a guest order on the basis of Article 6 (1) (b) GDPR for the purpose of performing your order, including the delivery of the ordered goods and your ability to monitor the order and delivery status.

Performance of your order as a registered customer: If you have registered as a customer in our CYBEX Online Shop and place an order for goods, we process the data provided by you as part of the order or available in your customer account on the basis of Article 6 (1) (b) GDPR for the purpose of performing your order, including the delivery of the ordered goods and your ability to monitor the order and delivery status.

Newsletter: If you register to receive our newsletter using the relevant function, we process the data provided by you for this purpose or the data available in your customer account, at a minimum your email address, to send you our newsletters by email from time to time. The legal basis for this data processing is the consent given by you when registering for our newsletter (Article 6 (1) (a), Article 7 GDPR).

5.4. Customer support and customer service

During or after your order in our CYBEX Online Shop we may contact you via the contact data provided by you, where this should be necessary to eliminate any discrepancies in your order, to make suggestions to optimise your order or because of important information in connection with or following your order. The legal basis for this data processing is, as part of the performance of the contract, Article 6 (1) (b) GDPR, otherwise either Article 6 (1) (d) GDPR or Article 6 (1) (f) GDPR, depending on the interests involved.

You may object to the processing of your data for such purposes at any time. We will then refrain from further processing for any such purposes.

5.5. Direct advertising after the purchase of goods

If you have purchased goods in our CYBEX Online Shop, we may send you information about our own similar goods to the email address or to the postal address provided by you. The legal basis for this data processing is Article 6 (1) (f) GDPR, because the advertising of related products by way of direct advertising represents a legitimate interest for us. The basis for direct advertising by email is additionally Section 7 (3) German Unfair Competition Act.

You may at any time object to the processing of your data for the purpose of direct marketing. We will then refrain from further processing for any such purposes.

5.6. Shopping cart abandonments, items on the wish list

If you have made a purchase in our CYBEX Online Shop, are a member of our CYBEX Club or have agreed to receive marketing emails, you will receive emails informing you about the products you have added to your shopping cart and not purchased, or about products you have added to a wish list. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. b GDPR for granting the benefits available to you within the CYBEX Club; or the consent given according to Art. 6 para. 1 p. 1 lit. a GDPR; or Art. 6 para. 1 p. 1 lit. f GDPR, because the advertising of related products by way of direct advertising represents a legitimate interest for us. The basis for direct advertising by e-mail is additionally Section 7 (3) German Unfair Competition Act.

You may at any time object to the processing of your data for such purposes. We will then refrain from further processing for any such purposes.

5.7. Customer satisfaction surveys

If you have made a purchase in our CYBEX Online Shop, contacted us for customer service, are a member of our CYBEX Club or have agreed to receive marketing emails, you will receive invitations to participate in surveys. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. b GDPR for granting the benefits available to you within the CYBEX Club; or the consent given according to Art. 6 para. 1 p. 1 lit. a GDPR; or legitimate interest according to Art. 6 para. 1 p. 1 lit. f GDPR for ensuring customer satisfaction and improving our service quality.

You may at any time object to the processing of your data for such purposes. We will then refrain from further processing for any such purposes.

5.8. Marketing, web analytics and social media

We use cookies and similar technologies (such as tags or pixels) for marketing and analysis purposes, to make visiting our websites as well as your order in our CYBEX Online Shop attractive for you and to enable you to use certain functions. The legal basis for this is your consent (Article 6 (1) (a), Article 7 GDPR) or the protection of our legitimate interests (Article 6 (1) (f) GDPR).

Detailed information on all cookies and similar technologies used can be found here in our cookie consent tool, which also allows you to change your cookie preferences at any time and to revoke your consent to the use of cookies with effect for the future. Depending on your selected settings, some functionalities of our web pages may be limited.

6. Web analytics by Google Analytics

Google Analytics is a web analytics service provided by Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). Google Analytics serves the purpose of analysing the use of the website in order to be able to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behaviour, it is possible to continuously improve our online services and keep it more attractive for you as a user.

During your visit to the website, the following data, among others, is recorded:

•   Webpages accessed by you
•   The achievement of so called "website goals" (e.g. contact enquiries and newsletter sign-ups).
•   Your behaviour on our webpages (for example clicks, scrolling behaviour and dwell time)
•   Your approximate location (country and city)
•   Your IP address (in shortened form, so that no clear assignment is possible)
•   Your technical information such as browser, internet provider, terminal device and screen resolution
•   Source of origin of your visit (i.e. via which website or via which advertising medium you came to us)

The information generated by the cookie about your use of this website is usually transmitted to a Google server in the US and stored there. These cookies contain a randomly generated user ID with which you can be recognised during future website visits. However, due to the activation of IP anonymisation on these websites, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and shortened there.

If you do not agree to the collection of data, you can prevent it by installing the browser add-on to deactivate Google Analytics (https://tools.google.com/dlpage/gaoptout?hl=) once or revoke your consent via the Consent Management Tool.

As Google's headquarters are in the US, we cannot preclude that the data will also be processed in the US. We have entered into a Data Processing Agreement (DPA) with Google. The EU Standard Contractual Clauses are part of this DPA. We can provide you with these Standard Contractual Clauses on request.

Further information on Google Analytics please see Google's privacy policy: https://policies.google.com/privacy?hl=en.

7. Use of Google Maps

On this website, we use the Google Maps service, in particular to enable you to search for dealers and plan your route. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). This allows us to display interactive maps directly on the website and enables you to use the map function conveniently. You can find more information about data processing by Google in Google’s privacy policy: https://policies.google.com/privacy. There you can also change your personal data protection settings in the data protection centre.

Detailed instructions on how to manage your own data in connection with Google products can be found here: https://www.dataliberation.org

When you visit the website, Google receives information that you have accessed the corresponding sub-page of our website. This occurs regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account.

If you do not want the assignment in your Google profile, you must log out of Google before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its websites. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

A solution is recommended that ensures that the user's data only flows to Google when the user has actively clicked on the map or a link.

Since personal data may only be transferred to Google after the user has given his or her consent, we have implemented a so-called two-click solution. This technically ensures that the website only transmits the data to Google when the user actively clicks on the map or a link.

Withdrawal of consent:

No option for a simple opt-out or blocking of data transmission is currently offered by the provider. If you wish to prevent your activities on our website from being tracked, please revoke your consent for the corresponding cookie category or all technically unnecessary cookies and data transfers in the cookie consent tool. In this case, however, you may not be able to use our website or only to a limited extent.

8. Use of Google Tag Manager

We use the Google Tag Manager help service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. For the European area, the company Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland is responsible for all Google services.

We embed the tags ("code snippets") or scripts we need on our website via the Google Tag Manager and manage them using the tool. This allows, for example, tracking tools requiring consent that we use on our website to be loaded by the Tag Manager.

If the Tag Manager is loaded, the user's IP address is stored on Google servers. The Google Tag Manager itself only processes personal data for technically necessary purposes. This data may be collected and stored by the individually integrated tracking tools so that your data can be transmitted to the provider of the respective tool. The Google Tag Manager itself does not access this data. Please read our data protection texts for the individual tools that we use on our website.
You can find more information about data processing by Google in the Google privacy policy: https://policies.google.com/privacy?hl=en-US.

We have concluded a Data Processing Agreement with Google Ireland Ltd. as the recipient of your data, Art. 28 GDPR.
Please see for more information: https://business.safety.google/adsprocessorterms/. If you would like to learn more about the Google Tag Manager, please read the FAQs at:
https://support.google.com/tagmanager/?hl=en#topic=3441530.

Data processing in the USA as a third country may be possible. To ensure the level of data protection, Google has concluded the EU standard contractual clauses. More information on the standard contractual clauses at Google can be found at: https://policies.google.com/privacy/frameworks?hl=en.

Please refer to our link to the Cookie Consent Tool at Chapter 3.4 for the storage period of the cookies.

Withdrawal of consent:
You can revoke your consent at any time with effect for the future. To exercise your revocation, you can deactivate your consent for the corresponding cookie category or all technically unnecessary cookies and data transfers here in the cookie consent tool. In this case, however, you may not be able to use our website or only to a limited extent.

9. Use of Google reCAPTCHA V3

We use the reCAPTCHA V3 service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA on our website. For the European area, the company Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland is responsible for all Google services.

Using Google reCAPTCHA, we can determine whether you are a human, a robot or other spam software after data entry on our website (e.g. in a contact form). The user's behaviour is analysed in the background and added to a captcha score.
The use of the tool is intended to ensure the accessibility of our website by preventing machines or malware from communicating with us.

During a website visit, Google reCAPTCHA V3 collects the following personal data by means of cookies:

Google cookies already installed, previous browser interactions, number of mouse movements and keyboard strokes, visit duration
IP address, date of visit, referrer URL, browser plugins, browser or language settings or location of the user device, a complete screenshot of the browser window, operating system.

If you are logged into your Google account while using the Google reCAPTCHA plugin, the personal data will be merged. You can prevent this by logging out of your Google account before visiting our website.
You can find more information about Google's data processing in Google's privacy policy: https://policies.google.com/privacy?hl=en-US. If you would like to learn more about Google reCAPTCHA, please refer to the FAQs at: https://developers.google.com/recaptcha?hl=en.

We have concluded a Data Processing Agreement with Google Ireland Ltd. as the recipient of your data, Art. 28 GDPR. Please see for more information: https://business.safety.google/adsprocessorterms/.

Please refer to our link to the Cookie Consent Tool at Chapter 3.4 for the storage period of the cookies.

10. Use of Google Fonts

We use the free Google Fonts service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA on our website. For the European area, the company Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland is responsible for all Google services.

We use Google Fonts to display fonts on our website. We have downloaded the desired Google Fonts and stored them on our own server or web space. Accordingly, no connection to the Google server is established, so that no information is transmitted to Google.

Please refer to our link to the Cookie Consent Tool at Chapter 3.4 for the storage period of the cookies.

11. Use of Google Ads

Our website uses Google Ads as an online marketing tool. The company operating the Google Ads services is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In Europe, the company responsible for all Google services is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland).

If you have came to our website via an ad placed by Google, Google Ads will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google.

If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognise that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies cannot therefore be tracked across Ads customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have opted in to conversion tracking. Clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

You can find more information about data processing by Google in Google’s privacy policy:
https://policies.google.com/privacy. There you can also change your privacy settings in the privacy center.

Withdrawal of consent:
We have obtained your consent in accordance with Art. 6 (1) (a) GDPR for the processing of your data as described above. No option for a simple opt-out or blocking of data transmission is currently offered by the provider. If you wish to prevent tracking of your activities on our website, please revoke your consent for the relevant cookie category or all technically unnecessary cookies and data transfers in the cookie consent tool. In this case, however, you may not be able to use our website or only to a limited extent.

12. Use of Facebook Social Plugins (Shariff-Solution)

We use social plugins from the social network Facebook on our website, which is operated by Meta Platforms Inc. or, for the European region, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The plugins are marked with a Facebook logo and enable the sharing of content (share, follow or like button) with social groups. We use the plugins to increase the reach of our products.

When you visit a page of our website with an embedded Facebook plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser, which then integrates it into the website. In doing so, Facebook is informed that you have accessed the corresponding page of our website. In addition, Facebook receives information about your IP address, browser type and browser version, which is transmitted via your browser to Facebook servers in the USA and stored.

If you are logged into your Facebook account, Facebook can assign your visit to our website to you personally. You can prevent this by logging out of your Facebook account before visiting our website.

To prevent tracking, we have implemented the Shariff solution on our website so that a connection to the Facebook server is only established when you actively use the plugins. For more information on the purpose and scope of data collection and processing by Facebook, please refer to the provider's privacy policy. There you will also find further information on your rights in this regard and setting options for protecting your privacy under: http://www.facebook.com/policy.php.

Data processing in the USA as a third country cannot be ruled out. Do not use the service if you do not wish your data to be processed within the USA.

Withdrawal of consent:
You can revoke your consent at any time with effect for the future. To exercise your revocation or to prevent tracking of your activities on our website, you can deactivate your consent for the corresponding cookie category or all technically unnecessary cookies and data transfers here in the cookie consent tool. In this case, however, you may not be able to use our website or only to a limited extent. In addition, you can also prevent the loading of Facebook plugins with add-ons for your browser:

for Mozilla Firefox:
https://addons.mozilla.org/de/firefox/addon/facebook-blocker/
for Opera:
https://addons.opera.com/de/extensions/details/facebook-blocker/?display=en
for Chrome:
https://chrome.google.com/webstore/detail/facebookblocker/chlhacbfddknadmnmjmkdobipdpjakmc?hl=de.

13. Use of Facebook Pixel

We use the Facebook Pixel on our website, a service provided by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland. To do this, we have implemented a snippet of JavaScript code on our website that loads a collection of functions that allow Facebook to track your user actions if you came to our website via Facebook ads.

For example, when you purchase a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. This allows Facebook to match your user data (IP address, user ID) with your Facebook account data and then delete it again. The data collected is anonymous for us and cannot be viewed. This data is only used in the context of ad placements. If you are logged into your Facebook account, your visit to our website is automatically assigned to your Facebook account.

If applicable, data collected via the Facebook pixel may be transferred to Meta servers in the USA. We would like to point out that there is currently no adequate level of data protection for the transfer of data to the US. The transfer of your personal data is based on EU Standard Contractual Clauses in accordance to Art. 46 (2) and (3) GDPR. This obliges Facebook to comply with the European level of data protection when processing your relevant data if it is stored, processed and managed in the US. You can find more information about Facebook's standard contractual clauses at
https://www.facebook.com/legal/terms/dataprocessing.

You can find more information on Facebook’s privacy settings here: https://www.facebook.com/policy.php.

Withdrawal of consent:
We have obtained your consent for the processing of your data as described above in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent at any time with effect for the future by deactivating the pixel tracking in the "Cookie Consent Tool" integrated on this website.

14. Use Pinterest Retargeting Pixel

On our website, we use the retargeting pixel of the US service provider Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA. For the EU/EEA area, the Irish company headquarters Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland is responsible for privacy matters.

With the help of the pixel, information about the surfing behavior of website visitors can be collected, stored and evaluated in pseudonymized form . The information can be assigned to the person of the user with the help of further information that Pinterest has stored about the user, e.g. due to the ownership of an account on the social network "Pinterest". Pinterest uses an algorithm to analyze surfing behavior and can then display targeted product recommendations as personalized advertising banners on the user's Pinterest account. Pinterest may also combine the information collected via the pixel with other information that Pinterest has collected via other websites and/or in connection with the use of the social network "Pinterest", and thus create pseudonymized usage profiles. In no case, however, can the information collected be used to personally identify visitors to this website.

If applicable, data collected via the pixel may be transferred to servers of Pinterest Inc. in the US. We would like to point out that there is currently no adequate level of data protection for the transfer of data to the US. The transfer is based on the EU Standard Contractual Clauses in accordance with Art. 46 (2) and (3) GDPR. Through this, Pinterest undertakes to comply with the European level of data protection when processing your relevant data if it is stored, processed and managed in the US. More information on the Standard Contractual Clauses of Pinterest can be found at https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea.

Further information on privacy at Pinterest Europe Limited can be found here: https://policy.pinterest.com/de/privacy-policy.

Withdrawal of consent:
We have obtained your consent for the processing of your data as described above in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by deactivating the pixel tracking in the "Cookie Consent Tool" integrated on this website.

15. Use of Microsoft Advertising

We use the online advertising programme Microsoft Advertising and the associated conversion tracking of the American service provider Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA on our website. For the European Area, the Irish company headquarters Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland is responsible for data protection-relevant aspects.

The online marketing service Microsoft Advertising, which is based on a pay-per-click system, supports us via the Universal Event Tracking (UET) tool to play out targeted advertisements via the Microsoft Bing or Yahoo! search engine.

Alongside this, we have set up Microsoft conversion tracking on our website to track when certain events take place and to better understand the impact of these marketing activities with Bing. This is done using a conversion tracking tag ("code snippet"). If you arrive at our website through a Microsoft ad, we can use this tracking tool to learn more about your user behaviour on our website. We do not receive any personal data that could reveal your identity, but only evaluations of your user behaviour.

If you are logged in via a Microsoft account, the data collected can be linked to your account so that Microsoft also recognises and stores your IP address, for example. If you visit certain sub-pages of our website and the cookie has not yet expired, we and Microsoft can recognise that you have clicked on the advertisement and have been redirected to this page. Each Microsoft Advertising customer receives a different cookie. Cookies therefore cannot be tracked across Microsoft Advertising customers' websites. The information collected using the conversion cookie is only used to create conversion statistics.

For more information on data processing by Microsoft, please refer to Microsoft's privacy policy:
https://privacy.microsoft.com/de-de/privacystatement?tid=331668528662.

We have concluded a Data Processing Agreement with Microsoft Enterprise Service-Privacy as the recipient of your data, Art. 28 GDPR.

Data processing in the USA as a third country may be possible. To ensure the level of data protection, Microsoft has concluded the EU standard contractual clauses. More information on the standard contractual clauses at Microsoft can be found at:
https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses.

Please refer to our link to the Cookie Consent Tool at Chapter 3.4 for the storage period of the cookies.

Withdrawal of consent:
You can revoke your consent at any time with effect for the future. If you do not wish to receive interest-based advertisements from Microsoft Advertising, you can deactivate the function at any time via https://account.microsoft.com/privacy/ad-settings/signedout. In addition, you can deactivate the automatic setting of the cookie for this purpose via browser settings. Furthermore, you can deactivate your consent for the corresponding cookie category or all technically unnecessary cookies and data transfers here in the cookie consent tool.

16. Use of Microsoft Clarity

We use the Web analysis tool Microsoft Clarity of the American service provider Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA on our website. For the European Area, the Irish company headquarters Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland is responsible for data protection-relevant aspects.

Microsoft Clarity is a tool that we use to check the usability of our website based on statistical behavioural analysis of the users on our website. Microsoft Clarity records selected user sessions for this purpose. The tool provides measured values that indicate any usability problems. This allows us to better understand user interaction, identify usability problems more quickly and to improve the functionality of our website.

The data that Microsoft Clarity processes from the users of our website are the following:

IP address
Location
Browser information
Screen resolution
Language settings
Visited website/subpages
Date/time website was accessed
Clicks, scrolls, mouse movements

We have made the appropriate masking settings so that the users personal data collection to and by Microsoft is pseudonymized, in particular in form of IP masking. If you are logged in via a Microsoft account, the data collected can be linked to your account so that Microsoft also recognizes and stores your IP address, for example. You can prevent this by logging out of your Microsoft account before visiting our website.

For more information on data processing by Microsoft, please refer to Microsoft's privacy policy:
https://privacy.microsoft.com/de-de/privacystatement?tid=331668528662. If you would like to learn more about Microsoft Clarity, please read the FAQs at: https://learn.microsoft.com/en-us/clarity/faq.
We have concluded a Data Processing Agreement with Microsoft Ireland Operations Limited as the recipient of your data, Art. 28 GDPR.

Please refer to our link to the Cookie Consent Tool at Chapter 3.4 for the storage period of the cookies.

Withdrawal of consent:
You can revoke your consent at any time with effect for the future. You can deactivate your consent for the corresponding cookie category or all technically unnecessary cookies and data transfers here in the cookie consent tool.

17. Use of Usercentrics Consent Management Platform

We use the Consent Management Platform or the Cookie Consent Tool of the company Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany on our website.

Usercentrics' Consent Management Platform collects, manages, documents and transmits the data processing consents of our website users.

In the course of your visit to the website, the following usage data is transmitted to Usercentrics:

Consent data (e.g. consent ID, consent number, consent timestamp, opt-in or opt-out data, banner language, customer setting, template version).
Device information (e.g. HTTP agent, HTTP referrer), IP address, geolocation data

In addition, Usercentrics stores a cookie in your browser in order to be able to allocate the consent granted to you or its revocation.

Data processing by Usercentrics is carried out to comply with a legal obligation pursuant to Art. 6 (1)(c) GDPR: Obtaining and managing consent under data protection law for the use of certain technologies/cookies/pixels. Further information on data processing by Usercentrics can be found in the Usercentrics data protection notices: https://usercentrics.com/privacy-policy/.

We have concluded a Data Processing Agreement with Usercentrics GmbH as the recipient of your data, Art. 28 GDPR.

Please refer to our link to the Cookie Consent Tool at Chapter 3.4 for the storage period of the cookies.

Within the framework of the fulfilment of our legal obligations, the processing of the above-mentioned data is necessary. Without the provision of your personal data, we cannot guarantee the functionality of the website. In addition, individual services may not be available or may be limited.

Withdrawal of consent:
You have the option to revoke your consent via an embedded button to correct your decision afterwards. The function can be switched on and off in our "Privacy settings" by checking the checkbox.

18. Live Video Shopping with Bambuser

On our website we offer interactive, live videos with a shopping function, so called "Live Video Shopping", with the help of the company Bambuser AB Malmskillnadsgatan 13, 111 57 Stockholm https://bambuser.com.

We offer Live Video Shopping to ensure easy contact and a better shopping experience for our customers. You can use this service to get real-time personalized advice via video call, make your purchase, attend product presentations, make appointments for a video call and give your feedback about the presented products. During live video shopping, the following personal data are stored, in particular:

- First name, last name
- Personal data in the video
- Content of the exchanged messages (video chat history),
- IP address,
- Date and time of the video call,
- Email address, phone number (if provided by the end user), and
- Geographic location as well as time zone (if provided by the end user).

Depending on what you share with us, other personal data that you provide in the video or chat may be stored.

If you agree to the storage of your live video shopping experience, this will be used for training purposes as well as for quality control. If you no longer wish your live video shopping experience to be stored, you can inform us by using the contact details below and the stored video and associated chat will then be deleted immediately. Otherwise, your data will be deleted six months after the Live Video Shopping.

The provision of your data and the storage of the video and chat is voluntary, based on your consent pursuant to Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future. Without the storage of the video and chat, you can of course also use the live video shopping option. The provision of your personal data is necessary to be able to use the live video shopping option. The storage of the video and chat is not necessary for the use.

The data processing by Bambuser takes place only if you have given your consent through your registration for Live Video Shopping. The legal basis is therefore your consent pursuant to Art. 6 (1) (a) GDPR, which you can withdraw at any time with effect for the future.

The terms of use of Bambuser as well as the privacy policy can be viewed under the following links:

- https://bambuser.com/terms-of-service
- https://bambuser.com/privacy-policy

19. Fraud Prevention by Riskified

We use the fraud prevention software Riskified by the Israeli company Riskified Ltd, 30 Kalisher St., Tel-Aviv, 6525724, Israel on our website for the US market.

Riskified helps detect and analyse fraud in online transactions, including dispute resolution (chargeback protection) in relation to payments made by our customers. This enables us to prevent fraudulent activity or misuse of the website (for potentially criminal purposes) when shopping online on our website.

When you purchase products on our website, your purchase data is transmitted to Riskified for verification. Riskified collects the following personal data as part of the ordering or purchasing process:

First name, last name, billing and delivery address, e-mail address, telephone number
Riskified only receives the credit card's BIN and the last 4 digits of the payment method used in connection with the transaction
IP address, IPS location data, user agent strings identifying the device's operating system and browser, computer IDs, or other device identifiers.

Other similar information provided in connection with the purchase may be transferred to Riskified. If Riskified assesses a payment as risky, we may decide to offer customers an alternative payment method or decline the booking request. If Riskified has given an approval notice and we have fulfilled the order, but that order is subject to a chargeback, Riskified will provide the chargeback guarantee.

The data processing by Riskified is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR in the prevention of fraud in order to verify the legitimacy of payments made via the webshop.
For more information on data processing by Riskified, please refer to the Riskified privacy policy: https://www.riskified.com/privacy/.

We have entered into a Joint Controllership Agreement with Riskified Ltd., Art. 26 GDPR.

Riskified's data processing is carried out in Israel in accordance with the EU Commission's adequacy decision.

The data is deleted as soon as it is no longer required for the purposes of processing. This is usually the case after payment has been processed.

The provision of your data is neither legally nor contractually required. However, the purchase of our products is not possible without the disclosure of your data.

Opposition:
Please read the information about your right to object according to Art. 21 GDPR below.

20. Booking and scheduling with Appointedd

We use the online booking and appointment scheduling software Appointedd of the British company SALOCA LTD (t/a Appointedd), Suite 2, Ground Floor Orchard Brae House, 30 Queensferry Road, Edinburgh, United Kingdom, EH4 2HS on our website.

Appointedd enables our customers to see the availability of live video shopping appointments in our Cybex stores in real time, regardless of opening hours or location, and to book live video shopping appointments via an online calendar on our website. This enables us to provide our customers with an enhanced customer experience. Appointedd is linked to our live video shopping tool Bambuser.

During the appointment booking process, the following personal data is processed by Appointedd: First name, last name, email address, telephone number if applicable, IP address.

Data processing by Appointedd takes place exclusively on the basis of your consent, Art. 6 (1) (a) GDPR. You can find more information about data processing by Appointedd in the privacy policy: https://www.appointedd.com/privacy-policy.

We have concluded a Data Processing Agreement with SALOCA LTD (t/a Appointedd) as the recipient of your data, Art. 28 GDPR.

Appointedd's data processing in the UK is carried out in accordance with the EU Commission's adequacy decision.
The data will be deleted as soon as they are no longer necessary for the purposes of processing, therefore after the booked appointment ended.

Your personal data is provided solely on the basis of your consent. However, appointment bookings are not possible without the provision of the data.

Withdrawal of consent:
You can revoke your consent at any time with effect for the future.

21. Review Function

There is a review function on our website that allows you to review our products and their features, give feedback and recommend a product.

In order to submit a review, we ask you to provide a nickname and a valid e-mail address, answer some mandatory questions and submit certain ratings. All other information is voluntary.

The following data is also stored at the time the review is given:

- Date and time
- Country
- Metadata of uploaded photos

Based on your consent, we will publish your review and process your personal data. We use the service provider Bazaarvoice Inc. to provide the review function, which acts as our processor.

Since the headquarters of Bazaarvoice Inc. is in the United States, data is transferred to the United States of America. We have an data processing agreement with Bazaarvoice Inc. Part of this data processing agreement are the EU standard contractual clauses. We will provide you with the standard contractual clauses upon request.

The provision of your personal data is voluntary and based solely on your consent. Unfortunately, we cannot process and publish your review without your consent.

In this context, the data will only be processed as long as the corresponding consent is available. Afterwards they will be deleted.

You can revoke your consent to the processing of your personal data and its use for the publication of your reviews at any time. Please contact us to revoke your consent and we will delete all your reviews.

22. Data transfer to third parties

Your data will only be transferred to our carefully selected service providers and partner companies who are contractually obligated to comply with requirements of data protection laws. Otherwise, your data will only be transmitted in the event of an existing legal obligation. In the following you will find information about the companies to which we transfer data.

22.1. Transfer within affiliated companies

We may transfer your data to our affiliated companies for storage in central databases and for internal group billing and accounting purposes in connection with the conclusion and performance of the contract. The legal basis for this data processing is either Article 6 (1) (b) GDPR or Article 6 (1) (f) GDPR.

22.2. Transfer to service companies

Use of service companies: We use several service companies – hereinafter referred to as “service providers” – that are working on our behalf to operate and optimise our websites, to perform contracts and to process payment transactions. This relates, for example, to the hosting of our websites, the placement of advertising, the delivery of ordered goods, the assessment of default risks, the processing of payment transactions, the sending of newsletters as well as customer service and support. We transfer data to these service providers to the extent necessary for the provision of our websites or the performance of contracts or where it serves to protect our legitimate interests. The legal basis for this data processing operations is usually Article 6 (1) (b) GDPR or Article 6 (1) (f) GDPR.

These service providers mainly work for us as “processors” on our behalf and may therefore use the data provided exclusively in accordance with our instructions. We are legally responsible for appropriate data protection policies at the service providers which are processing data on our behalf and have agreed appropriate data protection and data security regimes with the service providers.

In the following cases, we may also transfer data to third parties for independent use as part of the contract performance:

Transport companies: The transport companies we use receive from us the data required for the delivery of the ordered goods to you, i.e., in particular your name and the delivery address provided by you. If necessary, the transport company may also receive your contact details so as to arrange an individual delivery date with you. The legal basis for the respective data processing is Article 6 (1) (b) GDPR.

Payment transactions: The respective payment service provider or bank receives the necessary payment data for the processing of payment transactions. The legal basis for the data processing is Article 6 (1) (b) GDPR. Generally, however, you enter this information directly in the input window of the respective payment service provider or bank. In these cases, we do not receive and store any payment data.

Creditworthiness check: If you choose the “Invoice” payment method, we transfer the necessary data to Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss, Germany, to obtain creditworthiness information on your previous payment history and information for assessing the risk of non-payment based on mathematical-statistical procedures using address data (“scoring”). The legal basis for this data processing is Article 6 (1) (b) GDPR and Article 6 (1) (f) GDPR.

22.3. Transfer to third countries

Data are only transferred to bodies in states outside the European Union or the European Economic Area where

- you have consented thereto,

- this is necessary to perform your orders,

- this is required by law, or

- this occurs as part of order processing.

In the case of order processing, the service providers are contractually bound to our instructions and obligated to guarantee the strict technical and organisational measures. The processors are located both in countries that are the subject of an adequacy decision by the European Commission and in countries that protect personal data to an extent not comparable with the EU. In the latter cases, we ensure a level of data protection comparable to that of the EU by way of contractual agreements and by agreeing the EU standard data protection clauses.

22.4. Transfer to other third parties

Otherwise, we only transfer your data to third parties or to official authorities if we are legally obligated to do so under existing data protection laws, such as due to official or court orders, or if we are entitled to do so, e.g., because it is necessary for the prosecution of criminal offences or for the exercise or enforcement of our rights or claims. The legal basis for the respective data processing in these cases is Article 6 (1) (c) GDPR or Article 6 (1) (f) GDPR.

23. Period of data storage; data erasure

We only store your data for the period required to serve the purpose of storage or where provided for by law or regulations. We will erase or block your data once the purpose has been served or has ceased to apply. In the case of blockage, the data will be erased as soon as there are no legal or contractual retention periods, there is no reason to expect that erasure would impair your legitimate interests and erasure would not cause disproportionately high costs due to the special type of storage.

24. Your data protection rights

As a visitor of our web pages and as a customer in our CYBEX Online Shop, you are entitled to various rights granted by the Community legislature. Please use the information in the Contact section to assert your rights against us and make sure that we are able to clearly identify your person.

In the following we explain your essential rights as a data subject.

24.1. Rights of confirmation, access, to rectification or erasure of data

In accordance with the GDPR, as a data subject you may obtain information in writing upon request and free of charge about which data about your person (e.g., name, address) have been stored. In addition, as a data subject, you have the right to have these data corrected or erased as granted by the Community legislature, provided that the legal requirements are met. Excluded from the right to erasure are, for example, stored data relating to business processes that are subject to the legal obligation to retain data.

In detail:

- Right of confirmation and access: A data subject has the right, granted by the Community legislature, to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed; where that is the case, the data subject has a right of access to the personal data and to further information to the extent provided for by law.

- Right to rectification: A data subject has the right, granted by the Community legislature, to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. In this respect, taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

- Right to erasure (“right to be forgotten”): A data subject has the right granted by the Community legislature to obtain from the controller the erasure of personal data concerning him or her without undue delay; the controller has the obligation to erase personal data without undue delay where one of the grounds provided for by law applies and where the processing is not necessary.

24.2. Right to restriction of data processing

As a data subject, you have the right, granted by the Community legislature, to obtain from the controller restriction of processing where one of the conditions provided by law is met.

24.3. Right to object

As a data subject, you have the right, granted by the Community legislature, to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you by us as controller; we will then no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms as a data subject or for the establishment, exercise or defence of legal claims.

24.4. Right to data portability

As a data subject, you have the right, as granted by the Community legislature, to receive the personal data concerning you which you have provided to us as controller in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us as controller to which the personal data have been provided, subject to the conditions provided for by law.

24.5. Revocation of consent

Where you may have given us your consent to process your data within the scope of your use of our web pages or as part of your order in our CYBEX Online Shop, you may withdraw such consent at any time with effect for the future. The lawfulness of the processing of your data before your withdrawal remains unaffected.

After receipt of your withdrawal by us, we will stop the relevant use of the data without delay. Where the use of the data was necessary for the provision of our web pages or for your order in the CYBEX Online Shop, there may be restrictions in the future use of the respective web pages or they may even be unavailable. In addition, there may also be restrictions in relation to your order in the CYBEX Online Shop or it may be impossible to place an order.

25. Automatic processing of personal data

Exclusively automatic processing of your data is only performed where necessary for the conclusion or performance of a contract and where such does not have any legal or similar effect on you.

26. Complaints to supervisory authorities

In the event of complaints regarding the processing of your data, you have the right to contact the competent supervisory authorities. You may do so by contacting the data protection authority responsible for your place or state of residence or the data protection authority responsible for us, which is:

The Bavarian Data Protection Commissioner (Bavarian DPC)

PO Box 22 12 19

80502 Munich, Germany

Email: poststelle@datenschutz-bayern.de

27. Contacting the Data Protection Officer

If you have any questions regarding the processing of your data, suggestions or complaints, please contact our Data Protection Officer. We recommend that you send confidential information exclusively by postal mail.

Contact details of the Data Protection Officer of CYBEX Retail GmbH:

activeMind.legal Rechtsanwaltsgesellschaft m.b.H.
Potsdamer Straße 3, 80802 Munich, Germany
Tel: +49 (0) 89 919 294 – 900
E-mail: dataprotection@cybex-online.com