Privacy Policy of DiBike Digitize Bike Business Group GmbH & Co. KG

Status: May 2026

1. Controller

The controller responsible for the processing of personal data within the meaning of the General Data Protection Regulation (GDPR) is:

DiBike Digitize Bike Business Group GmbH & Co. KG
Reinhardtstraße 7
10117 Berlin
Germany

E-mail: kontakt@dibike.org
Website: https://dibike.org

Represented by its general partner DiBike Verwaltungs GmbH, represented by Managing Director Nick Becker.

2. General Information on Data Processing

The protection of personal data is important to us. We process personal data exclusively in accordance with applicable data protection laws, in particular the General Data Protection Regulation (GDPR).
We aim to process personal data in a data-minimizing manner and limit processing to the information required for the respective purpose.
Depending on the specific use case, data processing is carried out in particular on the basis of legal permissions, contractual necessity, or granted consent.
Our website and digital services use SSL/TLS encryption to protect confidential information during transmission.

3. Website Usage and Hosting

Hosting

Our website is operated and hosted via Hostinger.

When accessing our website, technical information required for the operation and security of the website is automatically processed. This includes in particular:

• IP address

• date and time of access

• browser type and browser version

• operating system

• referrer URL

• accessed pages

Processing is carried out for the provision of the website, system security, and error analysis.

Cookies and Consent Management

Our website uses cookies and similar technologies.
Some cookies are technically necessary to provide the website. Additional cookies or tracking technologies are only used based on the respective user consent.
Cookie settings are managed via the consent tool CookieYes.

Provider:
CookieYes Limited
Warren Yard, Wolverton Mill, Milton Keynes
England, MK12 5NW, United Kingdom

Further information: https://www.cookieyes.com/privacy-policy/

Google Analytics

We use Google Analytics to analyze and improve our online offering.
Google Analytics uses cookies that enable an analysis of the use of our website. Personal data, in particular IP addresses and usage data, may be processed in this context.

Provider:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland

A transfer of personal data to the United States cannot be excluded. Google relies on appropriate safeguards for such data transfers, in particular Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework.
Google Analytics is used exclusively on the basis of the respective user consent.

Further information: https://policies.google.com/privacy

4. Contact

If you contact us, for example by e-mail, contact form, or chat function, we process the data you provide for the purpose of handling your request.
This includes in particular:

• name

• e-mail address

• telephone number

• company information

• contents of the request or communication

Processing is carried out exclusively for communication purposes and to handle the respective request.

Contact Forms

Our website contains contact forms through which inquiries can be submitted to us.

Brevo Chat

We use a chat function provided by Brevo on our website.
In particular, the following data may be processed:

• name

• e-mail address

• chat contents

• technical connection data

Processing is carried out for handling support or contact inquiries.

Provider:
Brevo (Sendinblue GmbH)
Köpenicker Straße 126
10179 Berlin
Germany

Further information: https://www.brevo.com/legal/privacypolicy/

5. Newsletter and Communication

We use Brevo to send our newsletter.
If you subscribe to our newsletter, we process in particular:

• e-mail address

• optionally name

• technical information regarding registration and confirmation

Registration is carried out using the double opt-in procedure.
Processing is carried out exclusively for sending the newsletter and documenting the subscription.
Unsubscribing from the newsletter is possible at any time.

Provider:
Brevo (Sendinblue GmbH)
Köpenicker Straße 126
10179 Berlin
Germany

Further information: https://www.brevo.com/legal/privacypolicy/

6. Appointments and Forms

Calendly

We use Calendly for certain appointment bookings.
When using Calendly, personal data may be processed, in particular:

• name

• e-mail address

• appointment and communication data

Provider:
Calendly LLC
Atlanta, USA

A transfer of personal data to the United States cannot be excluded. According to Calendly, appropriate safeguards for international data transfers are implemented.

Further information: https://calendly.com/privacy

Microsoft Bookings

We also use Microsoft Bookings for appointment scheduling and management.
The following data may in particular be processed:

• name

• e-mail address

• appointment and communication data

• organizational information related to the booking

Provider:
Microsoft Ireland Operations Limited
Dublin, Ireland

Further information: https://privacy.microsoft.com/en-us/privacystatement

Microsoft Forms

We use Microsoft Forms for certain forms, registrations, and partnership inquiries.
In particular, contact and company information may be processed.

Provider:
Microsoft Ireland Operations Limited
Dublin, Ireland

Further information: https://privacy.microsoft.com/en-us/privacystatement

7. User Accounts and Registrations

Certain digital services of DiBike may require user accounts or registrations.
In the context of registrations or user accounts, the following data may in particular be processed:

• company name

• contact person

• e-mail address

• login data

• technical identifiers

• IP address

• registration and access timestamps

Processing is carried out for the provision of protected or registration-based services, user management, and system security.

8. Leasing-Check

General Description

Leasing-Check is a digital service provided by DiBike for service eligibility verification in bicycle leasing.
The service enables registered and authorized dealers and workshops to perform standardized queries of service or contract-related information with connected leasing providers.
Use is permitted exclusively within the context of specific service or workshop processes. Access to Leasing-Check is only possible via registered and authorized user accounts.

Processed Data

Within the context of Leasing-Check, the following data may in particular be processed:

Dealer and User Data

• company name

• contact person

• e-mail address

• retailerId

• userId

• systemId

• login and access data

• IP address

Data of Technical Service Providers and ERP Systems

• company name

• contact person

• system information

• technical endpoints

• integration and registration data

Search Parameters

• end customer e-mail address

• contract number

Technical Log Data

• timestamps

• technical search parameters

• technical access information

• IP address

Purpose of Processing

Processing is carried out in particular for:

• performing service eligibility checks

• technical provision of the service

• authentication and authorization of users

• fraud prevention and system security

• traceability of access

Data Sharing

Within the context of Leasing-Check, required data may be transmitted to connected leasing providers, in particular:

• retailerId

• systemId

• search parameters

The leasing providers remain independently responsible for the contract and eligibility data provided by them.

Data Minimization

Leasing-Check follows the principle of data minimization.
Query results are generally not stored permanently by DiBike.
Processing is carried out exclusively to the extent required for the respective request.

Storage of Logs

Technical logs and security logs are generally stored only for a limited period and are usually deleted after a maximum of 30 days unless longer storage is required for security, fraud prevention, or legal reasons.

Hosting and Technical Service Providers

Leasing-Check is operated on servers within the European Union.
Technical service providers may be used for development, operation, and technical implementation.

The service is operated in particular using:

• Hetzner Online GmbH (hosting)

• Campudus GmbH (technical development and implementation)

9. External Services and Third-Party Providers

External services or content may be integrated into our website or digital services.

Google Maps

We use Google Maps to display maps and location information.
When using Google Maps, IP addresses and technical usage data may in particular be transmitted to Google.

LinkedIn

Our website may contain links or embedded content from LinkedIn.
When accessing such content, personal data may be processed by LinkedIn.

Additional Services Used

• Google Analytics

• Brevo

• Calendly

• Microsoft Bookings

• Microsoft Forms

When using these services, personal data may be processed by the respective providers.

In some cases, personal data may also be transferred to third countries, in particular the United States. Where required, providers rely on appropriate safeguards for such data transfers.

Further information:

LinkedIn: https://www.linkedin.com/legal/privacy-policy
Google: https://policies.google.com/privacy
Brevo: https://www.brevo.com/legal/privacypolicy/
Calendly: https://calendly.com/privacy
Microsoft: https://privacy.microsoft.com/en-us/privacystatement

10. Data Retention

We store personal data only for as long as necessary for the respective purposes or as required by statutory retention obligations.
As soon as personal data is no longer required for the respective purposes, it is deleted or anonymized.

11. Rights of Data Subjects

Within the scope of the applicable legal provisions, data subjects have in particular the following rights:

• right of access

• right to rectification

• right to erasure

• right to restriction of processing

• right to data portability

• right to object to processing

• right to withdraw consent

• right to lodge a complaint with a supervisory authority

To exercise your rights, you may contact us at any time.

12. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy where necessary, in particular in the event of further developments of our website, digital services, or changes in legal requirements.

The current version published on our website shall apply.