Effective Date: 28 May 2026
1. Who We Are & Contact Details
WSG GmbH
Emanuel-Lasker-Straße 1
14959 Trebbin
Germany
VAT ID (USt. IdNr): DE360269152
Email: info@cycling-europe.eu
We are the controller of your personal data under the EU General Data Protection Regulation (GDPR / DSGVO). If you have any questions about this Privacy Policy or your rights, please contact us at the email address above.
2. What Personal Data We Collect & Why
We collect personal data only for the purposes described below. We do not sell your personal data to any marketing company or any other third parties.
| Category of Data | Examples of Data Collected | Purpose of Processing | Legal Basis (GDPR Art. 6) |
|---|---|---|---|
| Contact & Order Data | Name, phone number, message content | To respond to your inquiries, process orders placed via WhatsApp, provide customer support, and deliver products you have purchased. | Contract performance (Art. 6(1)(b)) – Necessary to fulfil your purchase request. |
| Communication Data | Any information you provide in emails, contact forms, or WhatsApp messages. | To communicate with you regarding your order, answer questions, and provide technical assistance. | Legitimate interests (Art. 6(1)(f)) – To respond to customer requests and manage business communications. |
| Website Usage Data | IP address, browser type, device information, pages visited, time spent on site, referring website. | To analyse website traffic, improve user experience, understand customer preferences, and optimise our website content. | Consent (Art. 6(1)(a)) – Collected via Google Analytics only after you have given your consent. |
| Cookies & Tracking | Cookie identifiers, session data, and consent preferences. | To enable essential website functions (e.g., shopping cart) and to remember your cookie consent choices. | Legal obligation (Art. 6(1)(c)) – For essential cookies required for website operation. Consent (Art. 6(1)(a)) – For all non-essential cookies (e.g., analytics). |
3. Cookies & Tracking Technologies
Our website uses cookies and similar technologies. Under the German TTDSG/TDDDG and the ePrivacy Directive:
- Essential Cookies: These are strictly necessary for the basic functionality of our website (e.g., to maintain your session or remember products in your shopping cart). These cookies are set automatically and do not require your consent.
- Non-Essential Cookies (including Google Analytics): These are not placed on your device until you have given your explicit, informed, and freely given consent via our cookie banner.
3.1 Your Cookie Choices
You can manage your cookie preferences at any time by:
- Clicking the “Cookie Settings” link in our website footer.
- Adjusting your browser settings to block or delete cookies (please note that blocking essential cookies may prevent the website from functioning correctly).
We document all consent choices you make, including timestamps, to comply with our legal record-keeping obligations.
4. Google Analytics (Website Analysis)
We use Google Analytics 4 (GA4) , a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
- What Data is Collected? GA4 collects your IP address (which is anonymised before storage), browser type, device information, pages visited, time on site, and referral source.
- Legal Basis: Consent. GA4 cookies are non-essential and will only be activated after you have clicked “Accept” or selected “Analytics Cookies” in our cookie banner.
- Data Recipient: The information generated by GA4 may be transmitted to and stored by Google on servers in the United States. Google processes this data on our behalf to evaluate website usage and compile reports.
- IP Anonymisation: We have enabled IP anonymisation to ensure your IP address is truncated and not linked to any other data held by Google.
- Data Retention: User-level data stored by Google Analytics is automatically deleted after 14 months.
- Opt-Out: You can prevent GA4 from collecting your data by rejecting analytics cookies in our cookie banner or by installing the Google Analytics Opt-out Browser Add-on.
For more information, please see Google’s Privacy Policy: https://policies.google.com/privacy.
5. WhatsApp Business (Order Processing & Support)
We use WhatsApp Business to communicate with you, process orders, and provide customer support. This is a manual process – we do not use automated bots or systematically store customer data via third‑party software without your knowledge.
- What Data is Collected? When you contact us via WhatsApp, we process your phone number, your name (if you provide it), and the full content of your messages (including order details, delivery addresses, and any attachments you choose to share).
- Purpose: To handle your purchase order, answer product‑related questions, confirm delivery information, and provide after‑sales support.
- Legal Basis: Performance of a contract (Art. 6(1)(b) GDPR) – the communication is directly linked to the sale of bicycles and accessories you have ordered or intend to order.
- Data Controller Role: For the personal data you share with us via WhatsApp, WSG GmbH is the data controller. WhatsApp LLC (a Meta company) acts as a data processor under a Data Processing Agreement (DPA) and also independently processes certain metadata (e.g., timestamps, device information) as a separate controller based on its legitimate interests (Art. 6(1)(f) GDPR).
- International Transfer: As WhatsApp is operated by Meta (USA), your data may be transferred to the United States. To lawfully facilitate this transfer, WhatsApp LLC participates in the EU‑U.S. Data Privacy Framework (DPF) , which provides an adequate level of data protection under EU law. For more information, see WhatsApp’s DPF Disclosure here.
Important: Do not send sensitive payment information (e.g., credit card numbers, banking passwords) via WhatsApp. For secure payment processing, we will direct you to a separate encrypted payment channel.
6. Data Retention Periods
We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (e.g., tax or commercial retention obligations under German law).
| Type of Data | Retention Period |
|---|---|
| Contact & Order Data (WhatsApp, email, contact form) | Stored for the duration of our customer relationship plus up to 3 years after the last interaction to respond to potential follow‑up questions or warranty claims. |
| WhatsApp Chat History | Stored locally on our business devices. Deleted once the order is fully completed and the statutory warranty period has expired (usually 2 years after delivery), unless you have given consent for longer storage. |
| Google Analytics Data | Automatically deleted 14 months after your last visit. |
| Cookie Consent Records | Stored for 2 years to document your consent choice, as required by German supervisory authorities (e.g., Berlin Commissioner for Data Protection). |
At the end of the applicable retention period, your data will be securely deleted or anonymised.
7. Your Data Protection Rights (GDPR)
Under the GDPR, you have the following rights regarding your personal data:
- Right to Access (Art. 15): You can request a copy of the personal data we hold about you.
- Right to Rectification (Art. 16): You can ask us to correct inaccurate or incomplete data.
- Right to Erasure (Art. 17): You can request the deletion of your data when it is no longer necessary for the purposes for which it was collected.
- Right to Restrict Processing (Art. 18): You can ask us to temporarily stop processing your data in certain situations (e.g., while we verify its accuracy).
- Right to Data Portability (Art. 20): You can request a machine‑readable copy of data you have provided to us and ask us to transmit it to another controller.
- Right to Object (Art. 21): You can object to processing based on our legitimate interests (Art. 6(1)(f)), including any profiling.
- Right to Withdraw Consent (Art. 7): If processing is based on your consent (e.g., analytics cookies), you can withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, please contact us by email at in@cycling-europe.eu. We will respond within one month as required by law.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. The competent authority for our business is:
Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61, 10555 Berlin, Germany
Website: https://www.datenschutz-berlin.de
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. This includes:
- SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using HTTPS.
- Access Controls: Only authorised employees who need to process your order have access to WhatsApp conversations and customer data.
- Regular Backups & Updates: Our systems are regularly updated and maintained to address security vulnerabilities.
Despite these measures, no data transmission over the internet can be guaranteed 100% secure. You share your personal data at your own risk.
9. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States (for Google Analytics and WhatsApp). Where such transfers occur, we ensure an adequate level of data protection by relying on:
- EU-U.S. Data Privacy Framework (DPF): Both Google LLC (for Google Analytics) and WhatsApp LLC have certified their participation in the DPF, which the European Commission has recognised as providing adequate protection for data transferred from the EU to certified US companies.
- Standard Contractual Clauses (SCCs): For any service provider not covered by the DPF, we enter into the EU Commission’s Standard Contractual Clauses to ensure that your data receives equivalent protection to that within the EEA.
10. Children’s Privacy
Our website and services are directed at adults who are at least 16 years old. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us immediately so we can delete it.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. The latest version will always be published on this page with an updated “28 May 2028”. We encourage you to review this page periodically.
12. Product Specifications Disclaimer
Please note that product specifications, images, and prices displayed on cycling-europe.eu are subject to change without prior notice. For the most current information regarding a product, please contact us directly before placing your order.