Privacy Policy
Updated: November 2024
Cycling ’74, 440 N Barranca Ave #4074 Covina, CA 91723 USA, herewith informs you about the processing of personal data for which Cycling ’74 is responsible in the sense of the EU General Data Protection Regulation (GDPR).
Apart from sending us a letter, you may contact us at any time via privacy@cycling74.com
You can reach our data protection officer by sending an e-mail to cycling74@daspro.de or by sending a letter to Cycling‘74 DPO, daspro GmbH, Kurfürstendamm 21, 10719 Berlin, Germany.
Below you can find the most important information on typical processing of your data, organized by affected user groups (groups of data subjects). For certain data processing operations, which only concern specific groups, the information requirements are fulfilled separately. Where the term "data" is used, we refer to personal data within the meaning of the GDPR only.
1. Website Visitors
1.1 Server-log data
When using our websites, certain information is sent to the server of our websites by the browser used on your device for technical reasons. This data is stored and processed on our server.
(i) We process the following data for the purpose of providing the contents of the website that you have visited, to ensure the security of the IT infrastructure used, to correct errors, to enable and simplify searches on the website and to manage cookies.
(ii) The data processed is HTTP data: HTTP data is protocol data that is generated when the Websites is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons: This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit. HTTP(S) data also accumulates on the servers of service providers (for example: when requesting third-party content).
(iii) The legal basis for the processing of the above mentioned data is our legitimate interest in the operation of an online presence, communication with communication partners and internal compliance reporting (Article 6 para. (1) (f) GDPR).
(iv) The data is automatically transmitted by the browser of the user.
(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.
(vi) IP addresses are anonymized after 24 hours at the latest. Pseudonymous usage data will be deleted after six months.
(vii) Without disclosure of personal data such as the IP address, the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.
1.2 Technically required cookies
We use cookies on our websites. Cookies are small text files containing information that can be stored on the user's device via the browser when visiting a website. The information stored in cookies can be read out and processed when the website is visited again using the same device. In doing so, we use processing and storage functions of the browser of your device and collect information from the storage of the browser of your device.
In the structure of our privacy policy, we differentiate between technically required cookies and tracking cookies. Cookies that are technically required for the functioning of the websites cannot be deactivated via the cookie management function of the websites. However, you can generally deactivate cookies at any time in your browser. Different browsers offer different ways to configure the cookie settings in the browser. However, we would like to point out that some functions of the websites may not or no longer function properly if you generally deactivate cookies in your browser settings.
a) Consent Cookies
We use so-called Consent Cookies to store your consent, possible right to withdraw your consent and opt-out of the use of cookies on our websites.
(i) The purpose of data processing is the storage of the user decisions on cookies (consent, withdrawal, opt-out).
(ii) The processed data are:
HTTP data:
HTTP data is protocol data that is technically generated when the website is visited via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.User decision on cookies:
User's decision on individual cookies or groups of cookies. Time of the decision and of the last visit.
(iii) The legal basis for the processing is our legitimate interest of easy and reliable control of cookies settings in accordance with the respective user decisions and improving of user experience (legal basis: Article 6 para. (1) (f) GDPR).
(iv) The data is actively provided by the user (decision on cookies) or automatically transmitted by the user's browser (protocol data, time stamp).
(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.
(vi) Information about your decision rejecting cookies is deleted at the end of the session. The remaining other data will be deleted after one year.
(vii) Without disclosure of personal data, the use of the website is not possible. Communication via the website without the disclosure of data is technically not possible.
b) Session Cookies
We use Session Cookies on our websites. This enables us to save information about your customer account, individual settings and certain user actions for the duration of your visit (for example: login, language settings, shopping basket function).
(i) The purpose of data processing is to enable the login, user-specific settings (for example: language) and the technical provision of a shopping cart function.
(ii) The processed data are data concerning the customer account, language selection, country, cookie settings and shopping cart.
(iii) The legal basis for the processing is the usage contract for visiting the website and our legitimate interest in the provision of the individual sessions for the users, including the cookies accepting/rejecting function, or shop function, each in accordance with Article 6 para. (1) (f) GDPR.
(iv) The data is automatically transmitted by the browser of the user.
(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.
(vi) The data is deleted after one year the latest.
(vii) Without disclosure of personal data the use of the website is not possible. Communication via the website without disclosure of data is technically not possible
c) IT Security Cookies
We use IT Security Cookies on our websites to protect our websites and also our website visitors against IT Security attacks, like for example so-called cross-site request forgery attacks or other attacks by malicious visitors. Some attackers attempt to display fake requests to website visitors.
(i) The purpose of the data processing is to increase the IT Security of the website and of our website visitors and to prevent IT Security attacks.
(ii) The data processed are the IT Security test results and the HTTP log data. Wherever it is possible we use one-way hashes of certain test result values.
(iii) The legal basis for the processing is our legitimate interest in protecting our website and our website visitors from IT Security attacks (Article 6 para. (1) (f) GDPR).
(iv) The data is automatically transmitted by the browser of the user.
(v) Recipients of the personal data are IT service providers which we use as processors within the framework of a data processing agreement.
(vi) The data is usually deleted at the end of the session.
(vii) Without disclosure of personal data the use of the website is not possible. Communication via the website without disclosure of data is technically not possible.
1.3 Tracking Cookies
We use cookies on our websites. Cookies are small text files containing information that can be stored on the user's device via the browser when visiting a website. The information stored in cookies can be read out and processed when the website is visited again using the same device. In doing so, we use processing and storage functions of the browser of your device and collect information from the storage of the browser of your device.
In the structure of our privacy policy, we differentiate between technically required cookies and tracking cookies. Depending on their function and purpose, the use of certain cookies may require the user's consent. Your consent is given through a so-called "cookie banner": When you visit our websites, we display our cookie banner. In our cookie banner you can declare your consent to the use of all cookies requiring consent on this website by clicking on the "Accept" button. Without such consent, the cookies requiring consent are not activated. By clicking the "Close" button, you can also completely reject the use of cookies requiring consent. Your decision will be saved in a cookie. Alternatively, you have the possibility to access our "cookie settings section" by clicking on the "More information" button. In the cookie settings section, you can make an individual selection of cookies and customize them at a later time. We store your cookie settings in the form of a cookie on your device in order to determine whether you have already made cookie settings the next time you visit the websites.
a) Matomo (on-premise version)
We use the web analysis tool Matomo on our websites. We only process data generated by Matomo on our own servers (on-premise). With the help of Matomo, we can analyze the usage behavior of visitors to our websites in pseudonymized and anonymized form. Your IP address is anonymized because we have enabled this function.
You can deactivate the data processing by Matomo at any time in our “cookie settings section”.
(i) The purpose of data processing is to analyze user behavior and to measure the reach of our website and advertisements to optimize our website.
(ii) The processed data or information are:
HTTP data: HTTP data are information generated for technical reasons when using the web analysis tool Matomo via the Hypertext Transfer Protocol (Secure) (HTTP(S)) used on the website: Such data include anonymized IP address, type and version of your Internet browser, operating system used, the page visited and URL, the page previously visited (referrer URL), date and time of the visit.
Location data (based on anonymized IP address): Such data may include country, region, city.
Data generated for web analysis and assigned to your device: This includes the User ID. Such User ID is a feature in Matomo that lets us connect together a given user’s data collected from multiple devices and multiple browsers.
Ecommerce data (only when you purchase Cycling ’74 products): transaction value, product purchased, product price purchased.
Customer account data (only when you are logged in your Cycling ’74 Account): Such data may include current licenses, date of first activation of a license, date of last product purchase.
Interaction and event tracking data: Such data are generated from your interactions with functions on our website. Such data include newsletter subscription, form interactions, video and audio interactions, shop interactions, links (internal and external) and downloads.
Analytics measurement and report data: Data contained in aggregated segment and device-related reports by the Matomo web analysis tool based on a heatmap analysis and session recordings. These data include information where on a page you as website visitor tried to click, where you moved the mouse and how far down you scrolled as well as clicks, mouse movements, scrolls, window resizes, form interactions, and changes to the website.
(iii) The legal basis for the processing of the above mentioned data is your consent (Article 6 para. (1) (a) GDPR).
(iv) The data is automatically transmitted by the browser of the user.
(v) We use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems.
(vi) The data will be deleted after 6 months at the latest.
(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the data subject to provide the data. If the data is not provided, we cannot perform web analysis using Matomo.
b) Zendesk (on Cycling ’74 Knowledge Base and Support Website)
We use the help desk software tool Zendesk on our Cycling ’74 Knowledge Base and Support Website. Zendesk is acting as our processor within the framework of a data processing agreement. With the help of Zendesk we can answer your questions and help requests in a better way. When Zendesk is used, cookies are used to improve the user experience. If you do not want us to process your data with specific requests through the Zendesk tool and thereby process your usage data, you can alternatively use our other communication channels: https://support.cycling74.com/hc/en-us/
(i) The purpose of data processing is to answer help requests of our users on our Cycling ’74 Knowledge Base and Support Website, to analyze user help requests and to improve the user experience.
(ii) The processed data are:
Zendesk HTTP data:
This is protocol data that is generated for technical reasons when using the help desk software Zendesk via the Hypertext Transfer Protocol (Secure) (HTTP(S)) used on the website: This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.Zendesk identifiers
These are pseudonymized identifiers such as external IDs or hashed email addresses for cases where customers are logged in (chat widget authentication).
(iii) The legal basis for the processing is your consent (Article 6 para. (1) (a) GDPR).
(iv) The data is automatically transmitted by the browser of the user.
(v) The recipient of the data is Zendesk, Inc., 1019 Market Street, San Francisco, CA 94193, USA, which we use as processor within the framework of a data processing agreement. We have concluded the EU standard contractual clauses with Zendesk, Inc., so that Zendesk, Inc may only process your data for our purposes. In addition, Zendesk, Inc., is part of the US-EU Data Privacy Framework and has also established Binding Corporate Rules (Article 42 para. (2) (b), 47 GDPR), which have been approved by the Irish data protection supervisory authority. If the aforementioned measures are not considered sufficient the data processing in the USA is based on your consent (Article 49 para. (1) (a) GDPR). It is possible that US authorities may access personal data without us or you being informed.
(vi) The majority of data is deleted at the end of the session. The support preference settings are stored for one year. Aggregated data will not be deleted.
(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the data subject to provide the data. If the data is not provided, we cannot answer your questions and help requests via Zendesk help desk software.
1.4 Audio and other content from third parties
There are links on our websites to audio files that are stored and accessible on external music content platforms. As soon as you click the button to play a content from such music content platform, the file is loaded by such platform. Technically, the same thing happens as if you would go to the respective platform website via a link: The external music content platform receives all information that your browser automatically transfers (including your IP address). Such external music content platform also sets its own cookies on your device. This also happens if you do not have an external music content platform user account. If you are logged in to such account, your data is directly associated with your account. If you do not want your profile to be associated with such external platform you must log out of your account there before clicking on the audio file content.
Please find more details about the external music content platforms below and in their respective privacy information linked on the external music content platforms.
a) Soundcloud Embedding
The collection and processing of this data is the sole responsibility of SoundCloud Global Limited & Co. KG, Rheinsberger Str. 76/77, 10115 Berlin, Germany, or SoundCloud Inc, 71 5th Avenue, 5th Floor, New York 10003, NY, USA (if you are located in the US). Cycling ’74 has no influence on the data processing of Soundcloud.
For information about the processing of personal data by Soundcloud, please refer to the Soundcloud Privacy Policy: https://soundcloud.com/pages/privacy
b) YouTube Embedding (Privacy Enhanced Mode)
The collection and processing of this data is the sole responsibility of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as its service provider. Cycling ’74 has no influence on the data processing of Google. For information about the processing of personal data by Google, please refer to the Google Privacy Policy: https://policies.google.com/privacy
c) Spotify Embedding
The collection and processing of this data is the sole responsibility of Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden. Cycling ’74 has no influence on the data processing by Spotify. For information about the processing of personal data by Spotify please refer to the Spotify Privacy Policy: https://www.spotify.com/de/legal/privacy-policy/
d) Bandcamp Embedding
The collection and processing of this data is the sole responsibility of Bandcamp, Inc., USA. Cycling ’74 has no influence on the data processing of Bandcamp. For information about the processing of personal data by Bandcamp please refer to the Bandcamp Privacy Policy: https://bandcamp.com/privacy
e) Facebook Video and Instagram Embedding
The collection and processing of this data is the sole responsibility of Facebook (if user is located in the EU: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). Cycling ’74 has no influence on the data processing of Facebook. For information about the processing of personal data by Facebook or Instagram please refer to the Facebook products Privacy Policy: https://www.facebook.com/about/privacy
f) Vimeo Embedding
The collection and processing of this data is the sole responsibility of Vimeo.com, Inc., 555 West 18th Street, New York, New York 10011, USA. Cycling ’74 has no influence on the data processing of Vimeo. For information about the processing of personal data by Facebook or Instagram please refer to Vimeo Privacy Policy: https://vimeo.com/privacy
g) Algolia Searching
We use the search tool Algolia on our website. Algolia is acting as our processor within the framework of a data processing agreement. With the help of Algolia we can process your searches in a better way. If you do not want us to process your data with specific requests through the Algolia tool and thereby process your usage data, you can refrain from using the search function.
(i) The purpose of data processing is to process searches of our users on our website.
(ii) The processed data are:
information that can personally identify the user, such as name or IP addresses;
information about the user’s internet connection, the equipment used to access our Websites, and your use of the service.
information that you provide when you fill in forms on our Websites.
(iii) The legal basis for the processing is contract fulfillment(Article 6 para. (1) (b) GDPR).
(iv) The data is transmitted by the browser of the user.
(v) The recipient of the data is Algolia, Inc., 3790 El Camino Real, Unit #518, Palo Alto, CA 94306 USA, which we use as processor within the framework of a data processing agreement. We have concluded a data processing agreement with Algolia, , Inc., so that Algolia may only process your data for our purposes.. If the aforementioned measures are not considered sufficient the data processing in the USA is based on your consent (Article 49 para. (1) (a) GDPR). It is possible that US authorities may access personal data without us or you being informed.
(vi) The majority of data is deleted at the end of the session. .
(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the data subject to provide the data. If the data is not provided, we cannot answer your search queries via Algolia.
h) Gravatar
The website uses the Gravatar service of Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA. Gravatar is a service where users can register and store profile pictures and their e-mail addresses. If users leave contributions or comments with the respective e-mail address on other online presences (especially in blogs), their profile pictures can be displayed next to the contributions or comments. For this purpose, the e-mail address provided by the users is transmitted to Gravatar in encrypted form for the purpose of checking whether a profile is stored for it. This is the only purpose of transmitting the email address and it will not be used for other purposes, but deleted thereafter. By displaying the images, Gravatar knows the IP address of the user, as this is necessary for communication between a browser and an online service. Further information on the collection and use of data by Gravatar can be found in Automattic's privacy policy.
The legal basis for the processing is contract fulfillment (Article 6 para. (1) (b) GDPR).
If you do not want a user image linked to your e-mail address to appear in the comments at Gravatar, you should use an e-mail address which is not stored at Gravatar for commenting. We would also like to point out that it is also possible to use an anonymous e-mail address or no e-mail address at all if users do not wish their own e-mail address to be sent to Gravatar. Users can completely prevent the transmission of data by not using our comment system.
2. Cycling ‘74 Account User, Cycling ‘74 Product Customer
(i) We process your data for the purpose of performing the obligations stemming from our contractual relationship, for credit checks prior to purchases and for license checks. This includes setting up and using your Cycling ‘74 Account for interactions with Cycling ‘74 as well as consulting, support, fault analysis, and the information about new features in the product and new products and the analysis of the usage behavior of the software for product improvement. We also process your data for verification and authentication purposes and for storing such authentication information. A change of these purposes is not planned.
(ii) The processed data are
IP address, name and contact data, user name, language settings, data of the registration of the Cycling ‘74 account, account events, device data, communication data and usage data, content preferences, user-generated data
and if you acquire a Cycling ‘74 product:
billing address and details, data of the registration of the license, type of Cycling ‘74 Product (for example: Demo License, Max, RNBO, Cycles, Mira, Max for Live), order history, download data, account events including validation, data on your eligibility for educational discounts, timestamp and the payment confirmation from Fastspring and details on your usage behavior related to the Cycling ‘74 products.
For fraud prevention purposes, we may also request evidence from you verifying your billing address (e.g. utility bill or telephone bill (feel free to black out any personal account numbers or balances on these) and request confirmation of your billing address, shipping address and the full name on the credit card you use.
You can change the contact data, account settings and content preferences in your user account at any time.
(iii) The legal basis for processing the data of account users and customers who are natural persons is the contract with you (Article 6 para. (1) (b) GDPR), legal obligations (Article 6 para. (1) (c) GDPR) and, if applicable, their consent (Article 6 para. (1) (a) GDPR). The legal basis for the processing of contact data for account users or customers who are not natural persons is the legitimate interest, namely communication with the customer (Article 6 para. (1) (f) GDPR). The legal basis for information on products is the legitimate interest, namely advertising (Article 6 para. (1) (f) GDPR). The legal basis for the analysis of the usage behavior of the software is the legitimate interest, namely product and service improvement and fault analysis (Article 6 para. (1) (f) GDPR) and, if applicable, their consent (Article 6 para. (1) (a) GDPR). The legal basis for the transfer of payment information to payment providers is the fulfillment of contract or legitimate interest of performing payments of our purchase transactions (Article 6 para. (1) (b) or (f) GDPR). The legal basis for querying the data for fraud prevention in case of suspicion is the legitimate interest in the protection against fraud (Art. 6 para. (1) (f) GDPR). The legal basis for the transfer of historic order and payment information to payment providers is your consent (Article 6 para. (1) (a) GDPR). The legal basis on keeping your data – which might be relevant for certain legal disputes – usually for three years (statutory limitation period) is the legitimate interest to defend us against possible claims (Article 6 para. (1) (f) GDPR). The legal basis for processing your data related to the skipping authentication cookie is your consent (Article 6 para. (1) (a) GDPR).
(iv) The IP address, the download data, the account events and details on your usage behavior of the Cycling ‘74 software are transmitted automatically by your browser. The payment confirmation is provided via Fastspring. The other data is provided by you.
(v) We use service providers as processors within the framework of a data processing agreement for the provision of services, such as a service provider, which enables installment payments, as well as other services providers for verification purposes or the provision, maintenance and servicing of IT systems. Banks and payment providers may be recipients of data for the processing of payments and credit worthiness checks. In individual cases, data may be transferred to debt collection service providers, lawyers and courts.
(vi) All data relevant to contracts and book keeping shall be stored for a period of ten calendar years after the contract’s end in accordance with tax and commercial law retention periods. Data that become relevant for a defense against possible claims are stored for three years (statutory limitation)..
(vii) The provision of data is obligatory for account users to create an Cycling ‘74 account and for product customers based on statutory and contractual regulations. The contractual relationship cannot be established and carried out without providing data. r.
3. Newsletter Recipients
If you subscribe to a newsletter, we will send you information about Cycling ’74 and our products and partners. We also occasionally invite you to participate in surveys as part of our newsletter. If you participate in such surveys, the information in Section 4 applies, and we also monitor the reach and success of the newsletter.
If we have an existing contractual relationship with you and you did not opt-out, we may send you information about similar Cycling ’74 products and services.
(i) In these events we process your data for the purpose of sending the newsletter. We may also use your usage data to send you more relevant content.
(ii) The processed data are:
name, email address, account verification status, current licenses, beta testing participation, last account login date
HTTP data:
This is protocol data that is technically required for opening the newsletter via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page visited, the page previously visited (referrer URL), date and time of the visit.Opening and reading times of the newsletter and clicking on contained links
(iii) If you subscribed for our newsletter the legal basis for the processing of newsletter data is Article 6 para. (1) (a) GDPR (consent). If we have an existing contractual relationship with you and you did not opt-out the legal basis for processing of newsletter data is Article 6 para. (1) (b) (contract with you, legitimate interest about keeping you updated about our products). We may also process your usage data based on our legitimate interest of improving our newsletters, verifying mailing lists and showing you more relevant content (Article 6 para. (1) (f) GDPR).
(iv) You provide your contact details yourself when you engage into a contractual relationship with us or subscribe to the newsletter; the further data for analysis is transmitted automatically by your browser and email client.
(v) We use service providers as processors within the framework of a data processing agreement for the provision and improvement of services, especially for the provision, maintenance and servicing of IT systems. In particular, we use Brevo by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. . We may also use the CRM (= customer relation management) service “Capsule CRM” by Zestia Limited, 20 Dale Street, Manchester, M1 1EZ, England. We have concluded a data processing agreement with Zestia and Zestia may only process your data for our purposes.
(vi) Data regarding newsletters will be deleted when you unsubscribe from the newsletters (for example via using the unsubscribe button in a newsletter or via the settings in your Cycling ‘74 Account). Data with regard to opening and reading times, and link clicks is collected anonymously.
(vii) Data is required to receive newsletters. Without providing data, they cannot be sent. A withdrawal of your consent is possible at any time. Please use the unsubscribe function in the newsletter.
4. Survey, interview and usability test participants
(i) We process your data for the purpose of conducting surveys, interviews and usability tests and the evaluation of the respective results.
(ii) Processed data are name (if it is provided), survey and interview content, time stamp of participation and technical metadata of participation.
(iii) The legal basis for data processing for the conduction and evaluation of surveys, other interviews and usability tests is your consent (Article 6 para. (1) (a) GDPR) or, if you are a frequent tester, a contract (Article 6 para. (1) (b) GPDR). We may also process your mostly aggregated data with our legitimate interest of aligning and improving our products, services and customers’ needs (Article 6 para. (1) (f) GDPR). The legal basis on keeping your data – which might be relevant for certain legal disputes - for three years (statutory limitation period) is Article 6 para. (1) (f) GDPR (legitimate interest to defend us against possible claims).
(iv) You provide your name and the survey, interview and usability test content yourself when you take part in the survey, interview or usability test; the further data is transmitted automatically by your browser.
(iv) We use service providers as processors within the framework of a data processing agreement for conducting and evaluating surveys, interviews and usability tests, as well as for the provision, maintenance and servicing of IT systems. A data transfer to the USA takes place, when we use the software of our service providers. Such service providers include Zoom Video Communications Inc., Zendesk, Inc. to conduct surveys and usability tests and improve Cycling ’74 products and support service. The basis for data processing in the USA is your consent (Art. 49 para. (1) (a) GDPR). In the USA, there is no level of data protection entirely equivalent to the provisions of the GDPR. It is possible that US authorities may access personal data without us or you being informed. An enforcement of your rights is probably possible only to a limited extent in the USA. You can withdraw your given consent at any time with effect for the future. The providers Zoom Video Communications Inc., Zendesk, Inc. are bound by EU Standard Contractual Clauses as well as be the US-EU Data Privacy Framework, so that Zoom Video Communications Inc., Zendesk, Inc. may only process your data for our purposes. We also use the CRM (= customer relation management) service “Capsule CRM” by Zestia Limited, 20 Dale Street, Manchester, M1 1EZ, England. We have concluded a data processing agreement with Zestia the EU standard contractual clauses with salesforce.com and salesforce.comZestia may only process your data for our purposes. (v) If we are not required to keep your data for follow up questions or compliance with our legal retention obligations, the data regarding surveys, other interviews or usability tests will usually be deleted once the user testing contract with you has ended or one year after having taken part in a survey, interview or test, at the latest. Data that become relevant for a defense against possible claims are stored for three years (statutory limitation). If you no longer wish to participate in surveys, you can use the unsubscribe button in the emails.
(vi) Taking part in surveys, interviews and usability tests is voluntary and not obligatory. The use of all Cycling ’74 products and services is possible without taking part in surveys, interviews and usability tests.
5. Job Candidates
(i) Personal data may be collected and used during the employment application process and the selection of job candidates. In addition, at the conclusion of an unsuccessful application procedure, we may store your applicant data in our applicant pool for the purpose of contacting you again. In this case, we may also contact you in the future with suitable job offers that match your profile. Data is also collected when individuals enquire about current openings and attach application materials such as resumes.
(ii) This data may include name, contact information, communication details, job application documents (including cover letters, resumes, certificates, and curriculum vitae), time stamps of communication as well as technical metadata of communication.
(iii) The legal basis is the applicable local law. .
(iii) Personal data and communication details may be generated when application data is provided in the process of applying for jobs at Cycling ‘74 or contacting Cycling ‘74 about employment opportunities; This data is transmitted automatically by your browser.
(iv) Applicant data may be transferred internally to responsible employees in charge of hiring.
(v) The provision of personal data is required for the examination of job applications and, if applicable, the subsequent conclusion of an employment contract. Without personal data, a job application cannot be considered. However, Cycling ‘74 cannot make job decisions based on race, color, religion, sex (including pregnancy, sexual orientation and gender identity), national origin, disability, or genetic information, and will therefore never require this data to be collected, as put forth by Title VII of the Civil Rights Act of the United States of America. If you do not give your consent to the inclusion of your applicant data in our applicant pool, this will not result in disadvantages for you in future application procedures.
6. Help and Support Requesters
(i) The purpose of the processing is to provide you with a knowledge base and contact support regarding sales questions and technical support requests.
(ii) The data processed are:
Login data of the Cycling ‘74 Account
Name and contact data (email, phone, fax, and, as applicable, social media information)
Description of your support request including corresponding data files and meta data
Cycling ‘74 Products you are using: To provide you with the relevant information we need to know which Cycling ‘74 Products you are using.
(iii) The legal basis is the existing contract with you relating to the Cycling ‘74 account and products (Article 6 para. (1) (b) GDPR) and our legitimate interest to provide our users with a knowledge base, a support contact and our legitimate interest in analyzing and evaluating support requests (Article 6 para. (1) (f) GDPR). We may also process your pseudonymous data with our legitimate interest of aligning and improving our products, services and customers’ needs (Article 6 para. (1) (f) GDPR). The legal basis on keeping your data – which might be relevant for certain legal disputes - for three years (statutory limitation period) is the legitimate interest to defend us against possible claims (Article 6 para. (1) (f) GDPR).
(iv) You provide the data yourself, if you send us an inquiry.
(v) We use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems. For online support requests the recipients of the data is Zendesk, Inc., which we use as processor. We have concluded the EU standard contractual clauses with Zendesk, Inc., so that Zendesk, Inc may only process your data for our purposes. In addition, Zendesk, Inc., is part of the US-EU Data Privacy Framework and has also established Binding Corporate Rules. If the aforementioned measures are not considered sufficient the data processing in the USA is based on your consent (Article 49 para. (1) (a) GDPR). With your consent in individual cases, we may also use the service provider Zoom Video Communications, Inc.; see the details in section 4. It is possible that US authorities may access personal data without us or you being informed.
(vi) Your data will be deleted after you deleted your Cycling ‘74 Account. All contractual data and data relevant for accounting are stored for 10 calendar years. Data that become relevant for a defense against possible claims are stored for three years (statutory limitation).
(vii) The processing of the data is necessary to help you with your inquiries. If the data is not provided, we cannot provide you with the service of our help center.
7. Cycling ’74 Forum members
(i) The purpose of the processing is to provide a forum on the website of Cycling ’74 for users of the Cycling ’74 products as a platform for general exchange of information and experience reports.
(ii) The data processed are: Cycling ‘74 Account data, Forum name, contact data, location, Forum registration date, URLs, usage data of the forum (for example: number of posts, replies, moderators and administrators, online status), input in Forum content (for example: posts, replies or search box), website usage data
(iii) The legal basis for processing the data is the contract relating to the use of the Forum (Article 6 para. (1) (b) GDPR).
(iv) You mainly provide the data yourself. Further data is transmitted automatically by your browser.
(v) All data besides the registration data are public to other logged in Forum visitors. We also use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems.
(vi) Your data will be deleted after you deleted your Cycling ‘74 Account.
(vii) The processing of the data is necessary to execute the contract. If the data is not provided, a participation in the Cycling ’74 Forum is not possible.
8. Cycling ’74 Social Media Pages Visitors
Cycling ’74 operates social media sites. Social media pages are run by service providers who process data for providing such sites.
(i) The purpose for data processing on our social media sites is providing you with interesting content and to interact with you on social media platforms. Depending on the social media service usage data may also be analyzed to improve our social media presence.
(ii) The data processed are content and usage data on such social media pages.
(iii) Information and data displayed or shared on Cycling ’74 social media sites may be accessible to the applicable provider of the social media platform, its users and Cycling ’74 (or engaged service providers).
(iv) Further details on data processing on the respective social media sites can be found on the respective social media pages and this Privacy Policy.
Facebook:
We and Facebook (for users in the EU/EEA: Facebook Ireland Ltd. (Facebook), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) are joint controllers of the processing of personal data via the Cycling ’74 Facebook page. The agreement on joint controllership is available under: https://www.facebook.com/legal/terms/page_controller_addendum. According to the agreement, Facebook is responsible to inform data subjects about the processing activities. Facebook’s Privacy Policy is available under: https://www.facebook.com/privacy/explanation. Data subjects may exercise their rights in respect of and against each of the controllers, Cycling ’74 and/or Facebook. For more information on the data Facebook shares with Cycling ’74 please visit https://www.facebook.com/business/learn/facebook-page-insights-basics. The legal basis for the processing of data by Cycling ’74 is the legitimate interest in the analysis of usage data in order to improve the Facebook Page (Article 6 para. (1) (f) GDPR).
Instagram:
We and Instagram (for users in the EU/EEA provided by Facebook Ireland Ltd. (Facebook), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) are joint controllers of the processing of personal data via the Cycling ’74 Instagram page. The agreement on joint controllership is available under: https://www.facebook.com/legal/terms/page_controller_addendum. According to the agreement, Instagram (provided by Facebook) is responsible to inform data subjects about the processing activities. Instagram’s Privacy Policy is available under: https://help.instagram.com/519522125107875. Data subjects may exercise their rights in respect of and against each of the controllers, Cycling ’74 and/or Instagram (provided by Facebook). For more information on the data Instagram shares with Cycling ’74 please visit https://facebook.com/help/instagram/788388387972460?helpref=related. The legal basis for the processing of data by Cycling ’74 is the legitimate interest in the analysis of usage data in order to improve the Instagram Page (Article 6 para. (1) (f) GDPR).
YouTube:
We operate a social media page on the Youtube platform. The collection and processing of this data is the sole responsibility of Google (for EU/EEA Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as its service provider). We have no knowledge of further details of the processing of personal data in the area of data controllership of Google or a possible data processing in the USA. Cycling ’74 has no influence on the data processing of Google. For information about the processing of personal data by Google, please refer to the Google Privacy Policy: https://policies.google.com/privacy. As applicable, the legal basis for the processing of data by Cycling ’74 is the legitimate interest in the analysis of usage data in order to improve the Youtube Page (Article 6 para. (1) (f) GDPR).
Twitter:
We operate a social media page on Twitter (by Twitter, Inc., 1355 Market Street, Suite 900
San Francisco, CA 94103, USA). For users in the EU/EEA the controller to controller data protection addendum between Twitter and Cycling ’74 applies: https://gdpr.twitter.com/en/controller-to-controller-transfers.html. According to the agreement the collection and processing of this data is the sole responsibility of Twitter. Twitter’s Privacy Policy is available under: https://twitter.com/en/privacy. As applicable, the legal basis for the processing of data by Cycling ’74 is the legitimate interest in the analysis of usage data in order to improve the Twitter Page (Article 6 para. (1) (f) GDPR).
LinkedIn:
We and LinkedIn (for users in the EU/EEA: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland) are joint controllers of the processing of personal data via the Cycling ’74 LinkedIn page. The agreement on joint controllership is available under: https://legal.linkedin.com/pages-joint-controller-addendum. According to the agreement, LinkedIn is responsible to inform data subjects about the processing activities. LinkedIn’s Privacy Policy is available under: https://www.linkedin.com/legal/privacy-policy. Data subjects may exercise their rights in respect of and against each of the controllers, Cycling ’74 and/or LinkedIn. For more information on the data LinkedIn shares with Cycling ’74 please visit https://www.linkedin.com/help/linkedin/answer/4499/viewing-company-page-analytics?lang=en. The legal basis for the processing of data by Cycling ’74 is the legitimate interest in the analysis of usage data in order to improve the LinkedIn Page (Article 6 para. (1) (f) GDPR).
9. Communication Partners, Artists, Certified Trainers, other Externals
(i) The purpose of the processing is the preparation and execution of a contractual relationship or other communication, improving our services and quality management and other relationships.
(ii) The data processed are: contact data (name, contact details), communication details, usage data (such as: technical metadata of the communication, usage data of Cycling ‘74 products), other interaction data
(iii) The legal basis for processing the data is a starting or existing contractual relationship (Article 6 para. (1) (b) GDPR, for contracts with legal persons Article 6 para. (1) (f) GDPR with legitimate interest, namely communication with contact persons relevant to the contract). We may also process your data based on statutory obligations, such as tax and commercial law (Article 6 (1) (c) GDPR) and legitimate interests, including the documentation of the communication, improving Cycling ‘74 products, relationship building and services as well as quality management (Article 6 para. (1) (f) GDPR).
(iv) You provide data by yourself when you communicate with us. Further data is transmitted automatically by your browser or collected from publicly available resources.
(v) Contact and contract data can be transmitted to other service providers, business partners as well as offices and authorities if necessary for the execution of the contract or request. We also use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems. In particular, this includes the CRM (= customer relation management) service “Capsule CRM” by Zestia Limited, 20 Dale Street, Manchester, M1 1EZ, England. We have concluded a data processing agreement with Zestia and salesforce.com, so Zestia may only process your data for our purposes.
(vi) Data of contract partners and service providers will be deleted ten calendar years after termination of the contract.
(vii) The processing of contact data on part of the service providers and business partners is necessary to execute the contract. If the data is not provided, the communication may be considerably disturbed.
10. Development Partners
(i) The purpose of the processing is the preparation and execution of a contractual relationship, other communication or improving Cycling ’74 products.
(ii) The data processed are: contact data (name, contact details, GitHub name, organization, Cycling ‘74 Account information), data about development activities, license contract data, usage data (such as: usage data of Cycling ’74 products).
(iii) The legal basis for processing the data is a starting or existing contractual relationship (Article 6 para. (1) (b) GDPR, for contracts with legal persons Article 6 para. (1) (f) GDPR with legitimate interest, namely communication with contact persons relevant to the contract). We may also process your data based on statutory obligations, such as tax and commercial law (Article 6 (1) (c) GDPR) and legitimate interests, including the verification of your contact data, documentation of the communication and improving Cycling ’74 products (Article 6 para. (1) (f) GDPR).
(iv) You provide data yourself. Further data is transmitted automatically by your browser.
(v) Contact and contract data can be transmitted to other service providers, business partners as well as offices and authorities if necessary for the execution of the contract. We also use service providers as processors within the framework of a data processing agreement for the provision of services, especially for the provision, maintenance and servicing of IT systems. In particular, this includes the CRM (= customer relation management) service Capsule by Zestia Ltd.. We have concluded the EU standard contractual clauses with salesforce.com and salesforce.com may only process your data for our purposes. In addition, salesforce.com has established Binding Corporate Rules. Some of our service providers (like Github) offer the possibility to register directly to their platform. If you enter into such a direct contractual relationship with one of our service providers the service provider is the independent controller for all data processing under such contract. More information regarding the data processing within the independent controllership of Github may be found here: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement
(vi) Data of contract partners and service providers will be deleted ten calendar years after termination of the contract.
(vii) The processing of contact data on part of the service providers and business partners is necessary to execute the contract. If the data is not provided, the communication may be considerably disturbed.
11. Rights of Data Subjects and Further Information
(i) We do not use any methods of automated individual decision-making.
(ii) You have the right to request information at any time about all your personal data which we are processing.
(iii) If your personal data is incorrect or incomplete, you have the right to have it rectified and completed.
(iv) You can request the erasure of your personal data at any time, as long as we are not bound by legal obligations that require or allow us to continue processing your data.
(v) If the applicable legal requirements are met, you can request a restriction to the processing of your personal data.
(vi) You have the right to object to the processing, insofar as the data processing is based on profiling or direct marketing purposes.
(vii) If the processing is carried out on the basis of the balancing of interests, you may object to the processing by stating reasons arising from your particular situation.
(viii) If the data processing takes place on the basis of your consent or a contract, you have the right to a transfer of the data provided by you, insofar as the rights and freedoms of others are thereby not impaired.
(ix) If we process your data on the basis of a declaration of consent, you have the right to withdraw your consent at any time with future effect. The processing carried out prior to a withdrawal remains unaffected by such withdrawal.
(x) Moreover, you have the right to file a complaint at any time with a data protection supervisory authority, if you believe that data processing has been carried out in violation of the applicable law.
12. Information for Non-EU and US Residents
Cycling ’74 generally falls within the scope of the GDPR, which is why we have aligned the drafting of the entire Privacy Policy with the provisions of the GDPR. However, other local privacy law may be additionally applicable in individual cases, if you are a non-EU/EEA resident and visit the Cycling ’74 websites or online presences, interact with Cycling ’74 products, services or communities. We will provide you with additional information on such local laws via separate information where required.
Information regarding the processing of personal data from children under 13 years (under Children’s Online Privacy Protection Act, COPPA)
Cycling ’74 does not knowingly collect or use personal data from children under 13 years without containing verifiable consent from their parents. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce this privacy policy by instructing their children never to provide personal data without their permission.