Privacy policy

1. Responsible party and scope of validity

Hepha GmbH
Lise-Meitner-Str. 7a, 82216 Maisach, Deutschland
Telephone: +49 (0) 8142 2844480
Registration number: HRB 93696
Value Added Tax Act: DE345156725


2.1 We are Hepha GmbH (hereinafter called HEPHA).We respect your privacy and private life, but sometimes we need your Personal Data. In this privacy policy, we explain which data we use and how we save, protect and process these data. This privacy policy applies to the use of:
2.1.1. Our website (the "Website"),
2.1.2. The services that we offer (the "Services"), for example, the selling of bikes,
2.1.3. Our app (the "App"),
2.1.4. Website, Services and App collectively referred to as our “Platform”.

2.2 We comply with the EU General Data Protection Regulation and other national data protection laws of the member states as well as any other relevant legislation.

3. The Limitation of Age

3.1. If you are younger than sixteen years old, you cannot use our Website, Services and App without the permission of your parents or legal guardian.

4. Type and scope of the data

4.1. To offer our Website, Services and App we process Personal Data and Non Personal Data. "Personal Data" means any information relating to an identified or identifiable natural person as defined in the relevant legislation. “Non- Personal Data” is information that is anonymous, aggregate, de-identified, or otherwise does not reveal your identity.

5. Lawful basis

5.1. We can collect and process your data at various times. For example, when you visit our Web site, create an account via our Web site for making a purchase, use our Services, install and use our App, Rides feature, or when you contact us. The lawful basis for our processing can be:
5.1.1. The necessity for the performance of the contract between you and us,
5.1.2. Compliance with legal obligations,
5.1.3. Your consent,
5.1.4. Our legitimate interests or the legitimate interests of a third party,
5.1.5. A legal requirement to share Personal Data.

6. What data do we collect, and process and how do we use your data?

6.1. When you use our Platform, we need the following contact data. We need these data for your interactions with HEPHA via digital/electronic tools such as email or telephone; for example, to process your order efficiently and correctly, to connect you to your bike, for pre and post-sale services, for the use of your account, to improve our services, for marketing purposes, and for any other business/commercial purposes:
6.1.1. Your name
6.1.2. Your address
6.1.3. Your residence
6.1.4. Your phone number
6.1.5. Your e-mail address
6.1.6. Your IP-address
6.1.7. Your payment details
6.1.8. Your shipping address
6.1.9. Your username and password
6.1.10. Your reference number
6.2. For some orders (for example, for our B2B partners) we also need:
6.2.1. Company name
6.2.2. Date of birth
6.2.3. IBAN number
6.3. We may also collect and process the following Non-Personal Data if you use our Platform:
6.3.1. The type of your browser
6.3.2. The operating system that you use
6.3.3. The internet service provider
6.3.4. Website behaviour

6.4. We may also collect and process the following Non-Personal Data if you use our App. We use these data to provide support and improve our services:
6.4.1. Operating system & version
6.4.2. Type of Device
6.4.3. App version
6.4.4. Firmware version
6.4.5. Bike settings, e.g. Speed Limit, Total distance, Battery Level.

6.5. After your explicit consent, you allow the App to collect and process Non-personal Bike event data from your bicycle, e.g. Distance, Speed, Battery level, Boost Behaviour, when you are using our My Rides feature. We use the data to execute the feature, provide support, improve our services and products, and for marketing purposes. The App does not share the Bike event data with third parties.
6.6. After your explicit consent, you allow the App to access Bluetooth and GPS data (each also called location data). The App allows you to use Bluetooth data locally on your telephone. The App does not share the location data with third parties. HEPHA does not collect the location data on its servers, nor uses it, nor shares it.
6.7. After your explicit consent, you allow the App or the Bike, or both, to use location data for explicitly specified features. The App does not share the location data with third parties. HEPHA collects the location data on its servers and uses it for the execution of the feature.

7. Market research

7.1. We may ask you to participate in market research. In that case, we shall use your data for that market research. We use that statistical data pseudonymised for HEPHA. We do not sell, trade or share your answers with others or make them publicly available. In addition, your answers are not connected to your e-mail address.

8. Third Party Features

We may allow you to connect our Services to a third party service or offer our Services through a third party service (“Third Party Features”). If you use a Third Party Feature, both we and the applicable third party may have access to and use information associated with your use of the Third Party Feature, and you should carefully review the third party’s privacy policy and terms of use. Some examples of Third Party Features include the following:

8.1. Logging-In. You may choose to log in, create an account or enhance your profile on the Services through the Third Parties (eg. Facebook, Twitter, Instagram, etc.) Connect feature. By doing this, you are asking Facebook to send us certain information from your Facebook profile, and you authorize us to collect, store, and use in accordance with this Privacy Policy any and all information available to us through the Facebook interface.
8.2. Brand Pages. We offer our content on social networks such as a Facebook, Twitter, and Instagram. Any information you provide to us when you engage with our content (such as through our brand page) is treated in accordance with this Privacy Policy. Also, if you publicly reference our Services on a third party service (e.g., by using a hashtag associated with us in a tweet or post), we may use your reference on or in connection with our Service.
8.3. YouTube. We use YouTube API Services in relation to certain content that we offer. By using the Services, you agree to be bound by the by YouTube’s Terms of Service, YouTube API Services Terms of Service, and Google’s Privacy Policy. You can modify your Google privacy and security settings at

We take no responsibility for the content or privacy practices of any third parties. We encourage you to carefully review the privacy policies of any third-party services you access.

9. Newsletter

9.1. HEPHA offers newsletters. That way, you are fully informed of (discount)offers and other news. We use a double opt-in system to be sure of your permission. This means that you verify your permission for any new confirmation. We ask you for this verification via an email that we send to the address you have given us. Every time we send you a newsletter, you are able to unsubscribe from the newsletter.

10. Security

10.1. We follow reasonable procedures to protect personal data from unauthorized access and misuse.

10.2. We use appropriate business systems and procedures to protect and safeguard the Personal Data you give us. We also use security procedures, technical and physical restrictions, for accessing and using Personal Data on our servers. Only authorized personnel are permitted to access Personal Data in the course of their work.

11. Storage duration

11.1. We will not retain your Personal Data longer than is legally allowed, and only as long as is necessary to enable you to use our Platform, including maintaining the online user account if created, to comply with applicable laws, resolve disputes with any parties and otherwise as necessary to allow us to conduct our business, including to detect and prevent fraud or other illegal activities.

12. With whom do we share your Personal Data?

12.1. Processors and other business partners
We may share your Personal Data with Processors, within the meaning of the Relevant Legislation. We may also share Personal Data with third parties who are not processors, as per contractual obligation, for example, other Controllers who provide services connected to the use of our Platform. With these parties, we make clear agreements about the use and protection of Personal Data. We may share your Personal Data for example, with IT service providers, marketing analytics, advertising platforms, payment platforms, cloud based data warehousing, lease companies and consumer review platforms. They will, for example, store and visualize data, process transactions, and perform marketing activities.
12.2. Others, for legal reasons
We may also share data with HEPHA affiliates, subsidiaries, and partners, for legal reasons or in connection with claims or disputes. We may also share Personal Data if we believe it is required by applicable law, regulation, operating license or agreement, legal process or governmental request, or where the disclosure is otherwise appropriate due to safety or similar concerns.
12.3. Others, with your consent
We may ask for your voluntary participation in online or offline communication about HEPHA, for marketing or informational purposes.

13. Transfer

The Personal Data that we collect from you is stored within the European Economic Area (“EEA”), but may also be transferred to and processed in a country outside of the EEA. Any such transfer of your Personal Data will be carried out in compliance with applicable laws.

14. Hyperlinks

On our website, there are hyperlinks to websites of other suppliers. Upon clicking on these hyperlinks, you are passed from our website directly onto the website of the other suppliers. You recognise this, among other things, by the change of the URL. We can assume no responsibility for the confidential treatment of your data on these websites of third parties, since we have no influence over whether these companies adhere to data protection provisions. Please learn about the treatment of your personal data by these companies directly on these websites.

15. Use of cookies

15.1. HEPHA uses client-side browser storage like cookies. Cookies are text files that your device or browser stores when you visit our website. HEPHA can also use techniques similar to cookies, such as tracking pixels, flash cookies, Java scripts, tags and web beacons. We classify all these techniques under the term Cookies.
Cookies are used to send data from a server to your device or browser for the purpose of being stored. On a subsequent visit, this data is sent back to the server. This way the server can recognize your device or browser.
We use the Facebook pixel, Twitter pixel, LinkedIn pixel and Google AdWords Remarketing pixel in order to measure the conversion of our advertisements on social media. For general website analytics, we use Google Analytics.

15.2. Cookies can be essential for the operation of our Web site, make sure that you can visit our Web site safely and track bugs and errors on our Web site. We may use cookies to improve your user experience on our Web site.

15.3. By storing cookies we make sure that, for example:
14.3.1. Your items are kept in the shopping cart
14.3.2. You are logged in and be able to shop without hindrance
14.3.3. You shop safely at HEPHA
14.3.4. The Web site works efficiently
14.3.5. We can test improvements
14.3.6. We can advise you based on your former views and/or purchases
14.3.7. You receive complete local information

15.4. You can change your cookie settings in your browser if you don't want cookies to be sent to your device. Please note that some Web site features or services of our Website may not function properly without cookies.

16. Your rights under GDPR

16.1. You have the following rights:
16.1.1. According to Article 15 GDPR, you can request information about your personal data processed by us. In particular, you can request information about the processing purposes, the categories of the personal data, the categories of recipients, to whom your data were or are being disclosed, the planned storage duration, the existence of a right to correction, erasure, limitation of the processing, or objection, the existence of a right of complaint, the origin of your data, if the latter were not collected by us, concerning the transmission to third countries or to international organisations as well as concerning the existence of an automated decision-making including profiling and possibly meaningful information concerning the details thereof.
16.1.2. According to Article 16 GDPR, you can immediately request the correction of your incorrect personal data or completion of your personal data stored with us.
16.1.3. According to Article 17 GDPR, you can request the erasure of your personal data stored with us, if the processing is not necessary for the exercise of the right to free expression of opinion and information, for fulfilling a legal obligation, for reasons of public interest, or for assertions, exercise, or defense of legal claims.
16.1.4. According to Article 18 GDPR, you can request the limitation of the processing of your personal data, if you contest the correctness of the data, the processing is illegal, we no longer need the data, and you deny the erasure thereof because you need these for assertion, exercise, or defense of legal claims. The right pursuant to Article 18 GDPR is also available to you if you have lodged an objection to the processing according to Article 21 GDPR.
16.1.5. According to Article 20 GDPR, you can request to obtain your personal data, which you have provided to us, in a structured, regular, and machine-readable format or you can request the transmission to another controller.
16.1.6. According to Article 7 paragraph 3 GDPR, you can revoke the consent that you once granted to us at any time. The result of this is that, in the future, we may no longer continue the data processing based on such consent.
16.1.7. According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace, or your company headquarters for this.

17. Right to object

In the case of the processing of your personal data on the basis of justified interests, according to Article 6, paragraph 1, sentence 1, (f) GDPR you have the right, according to Article 21 GDPR, to lodge an objection against the processing of your personal data, if there are grounds for this, which result from your particular situation or the objection is directed against direct advertising. In the case of direct advertising, you have a general right to object, which shall be implemented by us without indication of a particular situation.

18. Update to this notice

18.1. Since changes in laws or changes in our internal company procedures may make amendments to this privacy policy necessary, we ask you to read through this privacy policy on a regular basis. The privacy policy can be called upon the data protection navigation area of our website and app, and it can be stored and printed out at any time.

18.2. After such notice, the use of our services by users in countries outside the European Union will be understood as consent to the updates to the extent permitted by law.

19. Contact information

If you have further questions regarding this privacy policy, please contact us via Email to: