Privacy policy
Privacy Policy
Data controller and contact
Bikable.com (Bikable A/S, VAT no. DK35252002, Industrivej 5, 9575 Terndrup, Denmark, is the data controller for processing your personal data (hereinafter also referred to as "we" or "us").
If you have any questions about the processing or wish to use your rights, as described below, you can contact us at [email protected] or by phone: +45 70 20 93 00.
Processing activities
Below you can read about which personal data we process and for which purposes, the legal basis on which we base the processing and when the data is deleted.
1. Purpose of processing:
Establishment, maintenance and termination of customer and supplier relationships, including entering into and fulfilling orders, contracts, etc.
Categories of personal data that will be processed
Contact information, payment information, signatures, job title.
In addition, our physical stores and warehouse are video monitored, which is why customers and employees of suppliers can be seen on the video recordings.
Basis for processing
General personal data is processed as a starting point because they are necessary in order to enter and fulfill the contract with the customer/supplier, cf. GDPR article 6, subsection 1, letter b.
Surveillance footage is recorded because it is necessary to prevent and investigate criminal activities and to monitor deliveries, in accordance with GDPR Article 6(1)(f). The legitimate interest we pursue is crime prevention (primarily theft). If footage is shared with the police for reporting a criminal offense, this is done in accordance with the Surveillance Act Section 4(c), Subsection 1, No. 3, in conjunction with the Data Protection Act Section 8(5), Section 7(1), and GDPR Article 9(2)(f).
Personal information of potential customers and business partners is processed on the basis of our legitimate interest in being able to contact them, cf. GDPR article 6, subsection 1, letter f.
Deletion deadline
Information is stored for up to 3 years after the end of the business relationship, unless longer storage is necessary, for example according to the rules of the Danish Bookkeeping Act (5 years storage of accounting material), or if the information is necessary for the sake of a claim or guarantee that extends beyond the 3 years. Information regarding potential customers and business partners is deleted after 12 months.
Video surveillance recordings are deleted after 30 days, cf. section 4 c of the TV Surveillance Act., subsection 4, unless they are necessary for a specific dispute, notification of a criminal offence or for crime prevention purposes, cf. TV Surveillance Act section 4 c, subsection 5.
Recipients and potential transfers to third countries
Contact information on customers and suppliers can be left to our data processors when we believe it is necessary for us in connection with operation of our business, or if it follows from a legal obligation which is incumbent on us as data controllers.
We pass on your data in a number of different situations:
• Information that is included in our accounting material or in documentation for a specific agreement is passed on to the relevant authorities when we for example are obliged to do so according to legislation (e.g. accounting material is being passed on to SKAT)
• We use Microsoft Outlook as email software. In this connection, your information is handed over to Microsoft. There are no transfers to third countries, as we only use servers located in the EU.
• Furthermore, we use Zendesk Inc, which is the supplier of our customer chat. Zendesk Inc. will in certain cases transfer data to third countries. Data is only transferred to third countries that are approved by the European Commission as secure.
Finally, we pass on your personal data to our payment service providers as well as our supplier of reading tools for invoices. In certain cases, these data processors use sub-data processors in third countries. This means that your personal data in some cases is transferred to countries outside the EU and EEA. As a starting point, personal data is only transferred to countries that the EU Commission has assessed as safe. In some cases, however, a transfer may take place to unsafe third countries. In that case, the European Commission's standard clauses will always be entered into between our data processor and the recipient. In addition, our data processors have implemented additional technical and organisational measures to ensure a high level of data security.
2. Purpose of processing:
Marketing of Bikable via our website. Including improving our services and products.
Categories of personal data that will be processed:
Identification information. Comprising unique IDs, IP addresses, information about which device and browser the website is opened in as well as information about behaviour on the website.
Basis for processing
We process information about how visitors use our website based on our legitimate interest in improving our website, products, and other services, as well as our legitimate interest in marketing our business, pursuant to GDPR Article 6(1)(f).
It is our assessment that this legitimate interest does not override the visitors' interests, as the information is not directly personally identifiable, is general in nature, not private or intrusive, and is only shared with third parties in a limited and/or encrypted manner.
To the extent that you have consented to cookies, we process personal data collected through this for the purposes for which you have consented, e.g. statistics or marketing, cf. GDPR art. 6, piece 1, letter a. You can withdraw your consent in your browser at any time, delete your cookies by following the instructions in our cookie policy or by contacting us.
Deletion deadline
Personal information contained in cookies is deleted when the cookie expires or is deleted by the user (see our cookie policy). We use Google Analytics 4 and data at user and event level is anonymized according to the strictest possible settings (https://support.google.com/analytics/answer/7667196?hl=en). For now, this is 2 months.
In addition, analysis data is only stored in identifiable form for a limited period of time, as the information is automatically aggregated (anonymized) in connection with the preparation of statistics.
Recipients and potential transfers to third countries
When you use our website, your information is handed over to our operating and software suppliers DLX A/S.
Certain analysis data will be passed on to our suppliers, in particular Facebook and Google, if you have agreed to statistical and marketing cookies. This is also evident from the cookie pop-up that was presented to you on your first visit to our website as well as our cookie policy.
3. Purpose of processing:
Sending emails with news, marketing, promotions, etc., hereinafter referred to as: the Newsletter
Categories of personal data that will be processed:
Contact details, including email address, name, the company you are affiliated with, and your phone number.
Basis for processing
The information is processed to fulfil the agreement with you to send you our newsletter, cf. GDPR article 6, subsection 1, letter b, which you have given consent to receive according to the Marketing Act. We pass on your email address or telephone number to Facebook Ireland Ltd. located in Ireland in a non-generally readable (one-way encrypted) format in order to target our marketing on the relevant media to others who have the same interests or profile as you. We do this on the basis of our legitimate interest in marketing our services, cf. GDPR article 6, subsection 1, letter f, because the information is one-way encrypted before passing on, because the information is not used for direct electronic marketing, and because you can unsubscribe from these functions with the media here: Facebook (under the item, "Third-party data").
Deletion deadline
In order to defend ourselves against potential claims made for violations of the Marketing Act, pursuant to Section 37(3) of the Marketing Act and Section 93(1)(1) of the Penal Code, we store your email along with relevant information about your interaction with the Newsletter, such as opens, clicks, etc.
This information is retained for up to 2 years after you have withdrawn your consent, or if it expires automatically after 12 consecutive months during which we have not sent any Newsletters to you.
Recipients and potential transfers to third countries
We use an external supplier to collect consent and to send out newsletters. In this connection, your contact information is handed over to Klaviyo Inc., who in that context acts as data processors. In this connection, your personal data is transferred to third countries, including the United States. The European Commission's standard clauses are always entered into between Klaviyo and the recipient. In addition, additional technical and organizational measures have been implemented to ensure a high level of data security.
4. Purpose of processing:
Ordering via our website.
Categories of personal data that will be processed:
Name, address, phone number, email address and payment information
We also track the purchase process. The majority of this information does not constitute personal data. However, names, telephone numbers, email addresses and countries are collected.
Basis for processing
General personal data is processed as a starting point because they are necessary in order to enter into and fulfil the contract with the customer, cf. GDPR article 6, subsection 1, letter b.
Tracking of the purchase process takes place on the basis of our legitimate interest in being able to improve our marketing efforts, cf. GDPR article 6, subsection 1, letter f.
Deletion deadline
Purchase data is retained for the current year plus 5 years to comply with the requirements of the Accounting Act.
Recipients and potential transfers to third countries
When you as a customer use the option of placing orders via our website, your information is left to our operating and software suppliers DLX A/S, Hotjar and Sentry.
In addition, we pass on your personal data to our payment service providers and logistics companies, as well as relevant manufacturers (when ordering backorder items) in connection with your purchases of items in the webshop.
If you have consented to the use of third-party cookies on the website, we will pass on your information to the relevant third-party providers. However, we will always pass on the information that is obtained in connection with the tracking of the purchase process to our business partner Klaviyo. This is done in order to prepare our marketing efforts.
In certain cases, our data processors use sub-data processors in third countries. This means that your personal data in certain cases will be transferred to countries outside the EU and EEA. As a starting point, personal data is only transferred to countries that the EU Commission has considered safe. In some cases, however, a transfer may take place to unsafe third countries. In that case, the European Commission's standard clauses will always be entered into between our data processor and the recipient. In addition, our data processors have implemented additional technical and organisational measures to ensure a high level of data security.
5. Purpose of processing:
Recruitment and handling of job applications.
Categories of personal data that will be processed:
- Identification and contact information, including name, address, phone number, email address, etc.
- General information specified in applications, CVs and associated documentation, e.g. diplomas, as well as other personal data that are relevant for considering the candidate.
- In connection with the employment process, personality tests are carried out to clarify the employee's preferred behaviour in business activities.
- In addition, publicly available information is collected via the candidate's social media, in particular Facebook and LinkedIn.
Basis for processing
Information is processed and passed on based on our legitimate interests, i.a. because the applicant himself/herself has chosen to apply for the job, cf. GDPR art. 6 pieces. 1, letter f.
Deletion deadline
Information received in connection with unsolicited job applications is deleted after reading the application, if the candidate is not relevant for a current or imminent position within the next 3 months. However, the information can be stored longer if consent is given.
Information received in connection with solicited applications is deleted after the recruitment round is complete, unless the candidate is relevant for a current or imminent position within the next 3 months. However, the information can be stored longer if consent is given.
If you have applied for a position with us via a posting on Jobindex, the information is stored for 3 months after the job posting has become inactive.
Recipients and potential transfers to third countries
Your personal data is handed over to our data processors, when it is necessary in connection with recruitment:
We use IceWarp as email software. In this connection, your information is handed over to IceWarp GmbH. There are no transfers to third countries, as we only use servers located in the EU.
Your rights
You have the following rights, which you can use by contacting us by phone or email. Your request will be answered free of charge, as soon as possible and no later than one month after you contact us. However, it may take up to two months if necessary due to the complexity or number of requests. In case of unfounded or excessive requests, we have the right to refuse it or charge a reasonable fee to answer it.
• Right to withdraw consent: To the extent that the processing is based on your consent, you can withdraw it at any time by contacting us on the contact details above or in another way explained in connection with giving your consent. The withdrawal does not affect the legality of the processing before the consent was withdrawn.
• Right of access: You have the right to gain insight into the personal data that we process about you, as well as a range of information about how the processing takes place. You cannot request access to information that is deemed to have to give way to public or private interests, including consideration for you.
• Right to rectification: You have the right to have incorrect personal data corrected or to have incomplete personal data about you completed.
• Right to erasure: You have the right to have information about you deleted in the specific circumstances listed in GDPR article 17. This may be, for example, if the information is no longer necessary for the fulfilment of our obligations and rights, or if the information is being processed on the basis of your consent, which is withdrawn.
• Right to restriction of processing: Under the circumstances mentioned in Article 18 of the GDPR, you have the right to have the processing of your personal data restricted, e.g. if the accuracy of the data is disputed, during the period until we have had the opportunity to determine whether the personal data is correct or if we no longer need it for the personal data for the processing, but they are necessary for our legal claims to be established, asserted or defended.
• Right to objection: You have the right to object to the processing of personal data that we process on the basis of Art. 6 pieces. 1, letter f (the balancing of interests rule) and always if the processing is for the purpose of direct marketing.
• Right to data portability: If the processing is based on your consent or contract, you have the right to receive the information in a common and readable format and to transmit the information to another data controller. We will transmit the information directly to this data controller if you wish and if it is technically possible.
• Rights with regards to automated decision making: You have the right not to be the subject of an automatic decision that has legal effect or similarly significantly affects you, which is based solely on automatic processing, including profiling.
• Right to file a complaint: You can complain about the treatment at any time by contacting us. In addition, you can always complain to the Data Protection Authority (http://datatilsynet.dk, [email protected], +45 33 19 32 00), or to the authority in the country where you reside or in the country where you believe the violation of the GDPR or the Data Protection Act has occurred.