Privacy policy


1.1. We are Hepha GmbH(hereinafter called HEPHA ) .We respect your privacy and private life, but sometimes we need your Personal Data. In this privacy policy, we explain which data we use and how we save, protect and process these data. This privacy policy applies to the use of:

1.1.1. Our website (the "Website"),

1.1.2. The services that we offer (the "Services"), for example, the selling of bikes,

1.1.3. Our app (the "App"),

1.1.4. Website, Services and App together are referred to as our “Platform”. 

1.2. We comply with the EU General Data Protection Regulation and other national data protection laws of the member states as well as any other relevant legislation.


2. The Limitation of Age

2.1. If you are younger than sixteen years old, you cannot use our Website, Services and App without the permission of your parents or legal guardian.


3. Type and scope of the data 

3.1. To offer our Website, Services and App we process Personal Data and Non Personal Data. "Personal Data" means any information relating to an identified or identifiable natural person as defined in the relevant legislation. “Non- Personal Data” is information that is anonymous, aggregate, de-identified, or otherwise does not reveal your identity. 


4. Lawful basis

4.1. We can collect and process your data at various moments, for example when you visit our Website, create an account via our Website for example for making a purchase, use our Services, install and use our App or Rides feature, or when you contact us. The lawful basis for our processing can be: 

4.1.1. The necessity for the performance of the contract between you and us,

4.1.2. Compliance with legal obligations,

4.1.3. Your consent, 

4.1.4. Our legitimate interests or the legitimate interests of a third party,

4.1.5. A legal requirement to share Personal Data. 


5. What data do we collect and process and how do we use your data?

5.1. When you use our Platform, we need the following contact data. We need these data for your interactions with HEPHA via digital/electronic tools such as e-mail or telephone; for example to process your order efficiently and correctly, to connect you to your bike, for pre and post sale services, for the use of your account, to improve our services, for marketing purposes, and for any other business/commercial purposes:

5.1.1. Your name

5.1.2. Your address

5.1.3. Your residence

5.1.4. Your phone number

5.1.5. Your e-mail address

5.1.6. Your IP-address

5.1.7. Your payment details

5.1.8. Your shipping address

5.1.9. Your username and password

5.1.10. Your reference number

5.2. For some orders (for example, for our B2B partners) we also need:

5.2.1. Company name

5.2.2. Date of birth

5.2.3. IBAN number

5.3. We may also collect and process the following Non-Personal Data if you use our Platform:

5.3.1. The type of your browser

5.3.2. The operating system that you use

5.3.3.The internet service provider

5.3.4. Website behaviour

5.4. We may also collect and process the following Non-Personal Data if you use our App. We use these data to provide support and improve our services:

5.4.1. Operating system & version

5.4.2. Type of Device

5.4.3. App version    

5.4.4. Firmware version

5.4.5. Bike settings, e.g. Speed Limit, Total distance, Battery Level.

5.5. After your explicit consent, you allow the App to collect and process Non-personal Bike event data from your bicycle, e.g. Distance, Speed, Battery level, Boost Behaviour, when you are using our My Rides feature. We use these data to execute the feature, provide support, improve our services and products and for marketing purposes. The App does not share the Bike event data with third parties. 

5.6. After your explicit consent, you allow the App to access Bluetooth and GPS data (each also called location data). The App allows you to use Bluetooth data locally on your telephone. The App does not share the location data with third parties. HEPHA does not collect the location data on its servers, nor uses or shares it.

5.7. After your explicit consent, you allow the App or the Bike, or both, to use location data for explicitly specified features. The App does not share the location data with third parties. HEPHA collects the location data on its servers and uses it for the execution of the feature. 


6. Market research

6.1. We may ask you to participate in market research. In that case, we shall use your data for that market research. We use that statistical data pseudonymised for HEPHA .We do not sell, trade or share your answers with others or make them publicly available. In addition, your answers are not connected to your e-mail address.


7. Newsletter

7.1. HEPHA offers newsletters. That way, you are fully informed of (discount)offers and other news. We use a double opt-in system to be sure of your permission. This means that you verify your permission for any new confirmation. We ask you for this verification via an e-mail that we send to the address you have given us. Every time we send you a newsletter you have the possibility to unsubscribe from the newsletter.


8. Security

8.1. We observe reasonable procedures to prevent unauthorised access to, and the misuse of, Personal Data.

8.2. We use appropriate business systems and procedures to protect and safeguard the Personal Data you give us. We also use security procedures and technical and physical restrictions for accessing and using the Personal Data on our servers. Only authorized personnel are permitted to access Personal Data in the course of their work.


9. Storage duration

9.1. We will not retain your Personal Data longer than is legally allowed, and only as long as is necessary to enable you to use our Platform, including maintaining the online user account if created, to comply with applicable laws, resolve disputes with any parties and otherwise as necessary to allow us to conduct our business, including to detect and prevent fraud or other illegal activities.

9.2. All Personal Data we retain will be subject to this Privacy Policy and


10. With whom do we share your Personal Data?

10.1. Processors and other business partners  
We may share your Personal Data with Processors, within the meaning of the Relevant Legislation. We may also share Personal Data with third parties who are not processors, as per contractual obligation, for example, other Controllers who provide services connected to the use of our Platform. With these parties, we make clear agreements about the use and protection of Personal Data. We may share your Personal Data for example with IT service providers, marketing analytics, advertising platforms, payment platforms, cloud based data warehousing, lease companies and consumer review platforms. They will, for example, store and visualize data, process transactions, and perform marketing activities.

10.2. Others, for legal reasons    
We may also share data with HEPHA affiliates, subsidiaries, and partners, for legal     reasons or in connection with claims or disputes. We may also share Personal Data if we believe it is required by applicable law, regulation, operating license or agreement, legal process or governmental request, or where the disclosure is otherwise appropriate due to safety or similar concerns.

10.3. Others, with your consent    
We may ask for your voluntary participation in online or offline communication about HEPHA, for marketing or informational purposes.


11. Transfer

11.1. The Personal Data that we collect from you is stored within the  European Economic Area (“EEA”), but may also be transferred to and processed in a country outside of the EEA. Any such transfer of your Personal Data will be carried out in compliance with applicable laws.


12. Hyperlinks

12.1. On our website, there are hyperlinks to websites of other suppliers. Upon clicking on these hyperlinks, you are passed from our website directly onto the website of the other suppliers. You recognise this, among other things, by the change of the URL. We can assume no responsibility for the confidential treatment of your data on these websites of third parties, since we have no influence over whether these companies adhere to data protection provisions. Please learn about the treatment of your personal data by these companies directly on these websites.


13. Use of cookies

13.1. HEPHA uses client-side browser storage like cookies. Cookies are text files that your device or browser stores when you visit our website. HEPHA can also use techniques similar to cookies, such as tracking pixels, flash cookies, Java scripts, tags and web beacons. We classify all these techniques under the term Cookies.

Cookies are used to send data from a server to your device or browser for the purpose of being stored. On a subsequent visit, this data is sent back to the server. This way the server can recognize your device or browser.

We use the Facebook pixel, Twitter pixel, LinkedIn pixel and Google AdWords Remarketing pixel in order to measure the conversion of our advertisements on social media. For general website analytics, we use Google Analytics.

13.2. Cookies can be essential for the operation of our Website, make sure that you can visit our Website safely and track bugs and errors at our Website. We may use cookies to improve your user experience on our Website.

13.3. By storing cookies we make sure that, for example:

13.3.1. Your items are kept in the shopping cart

13.3.2. You are logged in and be able to shop without hindrance

13.3.3. You shop safely at HEPHA

13.3.4. The Website works efficiently

13.3.5. We can test improvements

13.3.6. We can advise you based on your former views and/or purchases

13.3.7. You receive complete local information

13.4. You can change your cookie settings in your browser if you don't want cookies to be sent to your device. Please note that some Website features or services of our Website may not function properly without cookies.


14. Your rights under GDPR

14.1. You have the following rights:

14.1.1. According to Article 15 GDPR, you can request information about your personal data processed by us. In particular, you can request information about the processing purposes, the categories of the personal data, the categories of recipients, to whom your data were or are being disclosed, the planned storage duration, the existence of a right to correction, erasure, limitation of the processing, or objection, the existence of a right of complaint, the origin of your data, if the latter were not collected by us, concerning the transmission to third countries or to international organisations as well as concerning the existence of an automated decision-making including profiling and possibly meaningful information concerning the details thereof.

14.1.2. According to Article 16 GDPR, you can immediately request the correction of your incorrect personal data or completion of your personal data stored with us.

14.1.3. According to Article 17 GDPR, you can request the erasure of your personal data stored with us, if the processing is not necessary for the exercise of the right to free expression of opinion and information, for fulfilling a legal obligation, for reasons of public interest, or for assertion, exercise, or defence of legal claims.

14.1.4. According to Article 18 GDPR, you can request the limitation of the processing of your personal data, if you contest the correctness of the data, the processing is illegal, we no longer need the data, and you deny the erasure thereof because you need these for assertion, exercise, or defence of legal claims. The right pursuant to Article 18 GDPR is also available to you if you have lodged an objection to the processing according to Article 21 GDPR.

14.1.5. According to Article 20 GDPR, you can request to obtain your personal data, which you have provided to us, in a structured, regular, and machine-readable format or you can request the transmission to another controller.

14.1.6. According to Article 7 paragraph 3 GDPR, you can revoke the consent that you once granted to us at any time. The result of this is that, in the future, we may no longer continue the data processing based on such consent.

14.1.7. According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your work place, or your company headquarters for this.


15. Right to object

15.1. In the case of the processing of your personal data on the basis of justified interests according to Article 6, paragraph 1, sentence 1, (f) GDPR you have the right, according to Article 21 GDPR, to lodge an objection against the processing of your personal data, if there are grounds for this, which result from your particular situation or the objection is directed against direct advertising. In the case of direct advertising, you have a general right to object, which shall be implemented by us without indication of a particular situation.


16. Update to this notice 

16.1. Since changes in laws or changes in our internal company procedures may make amendments to this privacy policy necessary, we ask you to read through this privacy policy on a regular basis. The privacy policy can be called up on the data protection navigation area on our website and app, and it can be stored and printed out at any time.

16.2. After such notice, the use of our services by users in countries outside the European Union will be understood as consent to the updates to the extent permitted by law.


17. Contact information

17.1. If you have further questions regarding this privacy policy, please contact us via the information below.