Privacy Policy

Last modified on: September 1, 2024

Ponomarets Bikes GmbH registered under the laws of Germany and located at Berthold-Haupt Str. 111, 01259 Dresden, Germany, with Commercial register number: HRB 43715 ("we", "Company", "us") is the owner of the www.ponomarets.com and all its related pages ('Website' or 'Services') and is committed to being fully transparent while operating them, as regards our privacy practices.

We developed this Privacy Policy to inform you ("you" or "user") how we may process your personal data when you visit or use our Service in connection with your purchase of our Product. We tried to write this Privacy Policy in clear and plain language for your better understanding. By doing so, we hope you will get all the needed details to be assured your personal data is safe with us.

The Privacy Policy defines:

The personal data we process;
The purposes for such processing;
The rights you have concerning your data;
Any data transfer to third parties;
Our measures to protect personal data;
Other details regarding personal data processing.

This Privacy Policy is an integral part of our Terms of Use.

If you have any questions about the Privacy Policy, the processing of your personal data by the Company, or the exercise of your rights as a personal data subject, send us a request at: info@ponomarets.com.

1. What is Personal Data?

Personal data (or data) is any information relating to you, and that alone or in combination with other pieces of information allows us to collect and process such information to identify you as an individual. In general, these could be your name, email address, location data, etc.

Personal data could also include such technical information as MAC addresses, IMEI, IP-address, both static and dynamic, browser, image, and system information.

Personal data processing means any action with it, for example, collection, recording, organising, structuring, storage, use, disclosure by any means, and so on.

Other terms used in this Privacy Policy have the same meaning as in our Terms of Use and the Regulation (EU) 2016/679, known as General Data Protection Regulation, or GDPR.

The Company is the controller of the personal data collected within the Services.

2. What Data Do We Collect?

1) Data related to purchasing the Products
You may buy the Products both with and without registering the account. The data under this category include the same sets of information as it is in the category "account data", namely your name, surname, email address, login name, shipping address, billing address, and telephone number.

2) Data related to your requests
When you send any request or message to the Company's email address or application form that are placed on the Website, we collect and process the data you voluntarily provide to us (e. g. your name, surname, email address). You can also specify other personal data in the request. We ask you not to provide us with excessive personal data, including the personal data of any third parties or sensitive data.

3) Data related to your warranty claim
If you find a defect or damage to our Product covered by the warranty, you may contact us by email and provide us information that may contain personal data to process your warranty claim. In this case, we process your name, email, telephone number, details of your purchase, photos that you send, as well as other data related to the circumstances of damage to the Product.

4) Newsletters
During the registration of your account, we collect and further process your email address and your name. We could send some marketing communication in the context of our Services to your email addresses. In any case, you can choose to stop receiving our emails at any time. If you want to cease this type of communication, tap on the "Unsubscribe" link in each of our emails.

5) Financial information
Please note that we do not collect your payment credentials (bank credentials, cards numbers, and dates of issuance, etc.). Such information may be collected exclusively by third-party payment providers with the respective licences and security measures with regard to your payment credentials, as it is prescribed in our Terms.

We receive from the third-party providers only Transaction ID and Recipes with the information on the conducted transaction, data and time, and services bought, just to make sure that the transaction relates to you.

6) Automated collection (cookies and similar technologies)
The cookies are tiny pieces of code that may remain on your device after you have our Website. Cookies and similar web technologies help us automatically receive the information from your device and send the information back to improve your interaction with the Services and ensure its effective functioning.

We may also collect information about your activity on the Services, your preferences, and the Products you purchase or browse to run the analytics and provide you with more relevant advertisements.

3. Lawful Basis and Purposes of Processing Your Data

a. Lawful basis

Performance of the contract. Our Services include using the Website, its maintenance, and the user support and information services. We collect and process most of the personal data described in the Section above to fulfil our contractual obligations under our Terms, that is, for the performance of the purchase contract. Namely, the performance of the contract is the lawful basis for the processing of the account data, data related to purchasing the Products, financial information, and data related to your requests.

Your consent. Data collected through the automatic collection is mainly collected on the basis of your consent, except when it is strictly necessary for the mere functioning of the Services.

Legitimate interest.

We collect and process your account data to send you our newsletters on the basis of our legitimate interest. The legitimate interest shall be our business development through sending marketing and promotional emails to keep you informed of all changes, innovations, and improvements we make within the Services. Such information would be only about similar products or services and on the emails you provided in the context of the sale of our Services. You can always choose to stop receiving our emails. If you want to cease this type of communication, simply use the "Unsubscribe" button which is present in each of our emails.
In addition, the legitimate interest is the legal basis for the processing when we store your personal data for some time after you delete the account on the Website. In such a case, the legitimate interest is in avoiding the risks of losing the data within our systems.
We retain financial information to be able to prove the actuality of the transactions in case of dispute emergence. That constitutes our legitimate interest.
In the account data, there is your age requested. This is for our legitimate interest to ensure that the services and Products are provided to capable individuals of a certain age, and we are not required to do any additional actions with regard to the processing of children's data.

Legal obligation. We retain the financial information to comply with our legal obligations as to the taxpaying and reporting and comply with any other legal obligations prescribed by law.

b. Purposes of processing

We collect and process the personal data described in the Section above in order to provide you with all the necessary services within our Services.

In particular, we collect and process different types of data for the following purposes:

data related to purchasing Products – in order to be able to process your purchases and deliver the Products to you;
data related to your requests – to communicate with you at your request, to provide a comprehensive answer to your inquiries, and to make sure that you are satisfied with our Services;
data related to your warranty claim – to communicate with you and process your warranty claim in order to provide you with the solution to your problem related to using our Product covered by warranty;
data provided by you for newsletters subscription – to keep you informed of all changes, innovations, and improvements we make within the Services;
financial data – in order to provide you with the paid Services, be able to prove the relevance of the transactions in case of dispute emergence, and demonstrate the incomes to the tax authorities;
data collected through automated collection – to track how you use our Website as indicated in Section 5 of this Privacy Policy.

Additionally, we may process your data:

for compliance with our legal obligations;
to protect your vital interests or vital interests of another natural person;
for the performance of a task carried out in the public interest or the exercise of official authority vested in us;
for the purposes of the legitimate interests pursued by a third party or by us (e.g., to prevent or investigate possible wrongdoing in connection with the Services or to protect ourselves, our subcontractors, partners, and affiliates against legal liability).

If we decide to change the purposes of processing specified above, we will inform you of such changes prior to using your personal data within the newly set purposes. Where applicable, you will have to provide your consent for the amended purposes (unless the additional purpose of processing is compatible with those listed above).

Please note that we do not sell your data or make any decision based solely on automated processing that may produce legal effects or similarly significant effects.

4. How Long Do We Store Your Data?

a. Retention period

Generally, we will not store any data you provide for longer than the specific Services require. To be more precise, we store your data for such periods:

your account data – as long as you keep your account active, but in any case not more than 2 years after you delete your account;
data related to purchasing Products – not more than 2 years after the transaction;
data related to your warranty claim – until the request described in the warranty claim is resolved;
your email address and name for sending newsletters – until you unsubscribe;
data connected to your requests – during our communication with you and 6 months thereafter to ensure that you are satisfied with our response and you have received all needed information;
financial data – not more than 2 years after the transaction occurs.

data collected through automated collection – until it is needed, allowing the Website to provide you with a personalised experience and the Company with statistics about how you use the Website to improve it as indicated in Section 5 of this Privacy Policy.

b. Other processing

Please note that sometimes we may process your data for a period longer than indicated in this Section. Such processing could be carried out by us only for statistical purposes as it is provided for in Article 5 of the GDPR and subject to the appropriate safeguards in accordance with applicable data protection laws.

Statistical purposes mean collecting and processing personal data necessary for statistical surveys or producing statistical results. The statistical purpose implies that such statistical results do not include personal data but only aggregate data. The statistical results may further be used for various purposes, such as assessing our business development, understanding the market demands, and improving our Services.

In most cases, we will anonymise your data before processing it for statistical purposes. As a result, such data will no longer be considered personal, and its use will not be governed by data protection laws.

5. Cookies Policy

a. What are cookies?

We use the cookies when you visit our Website and all pages related to them. Cookies are small pieces of code that are stored on your browser when you use websites or other services. They are installed on your browser to enable different features, for example, to facilitate navigation on the website, remember your choices, or serve you with the ads that best reflect their interests. Cookies could be placed by the website owner and third parties.

In some cases, cookies are used to collect data that is recognized to be personal data, such as IP addresses and data linked to the IP address (traffic data). The usage of such cookies is regulated by data protection laws. That is why you as a user obtain more rights to control the collection and processing of some data, and in most cases, you are asked for consent.

b. What data do we automatically collect, and which cookies do we use for that?

We may install the following types of cookies:

Necessary cookies
These cookies are strongly required for the error-free operation of the Website and security, including DDOS attacks and accessibility. Without them, we will not be able to provide you with the information services as prescribed in our Terms. You may decline these cookies by changing your browser settings, but this may affect how the Website is functioning.

Analytical cookies
These cookies are used to collect information about how visitors use our Website. We use the information to compile reports and to help us improve the Website. The cookies collect information in a way that does not directly identify anyone, including the number of visitors to the website, where visitors have come to the website from, and the pages they visited. These cookies are set by third-party analytics service Google Analytics. The data collected in such a way is stored in aggregated form, and it does not constitute personally identifiable information.

Marketing cookies
These cookies allow us to show you our advertisements on third-party websites. This tool is called "retargeting". It enables us to provide you with ads based on your previous activity on the Website. It also enables us to limit how many times you see the respective ads. We set such cookies with the help of trusted third-party services listed below.

You may find particular cookies that we use, the purpose of their collection, and the period of their storage below.

Necessary Cookies

Crumb: A Squarespace cookie set to prevent cross-site request forgery (CSRF). This cookie is essential for the security of the website and visitor. It is a session cookie, expiring when the browsing session ends.

Analytical Cookies

ss_cvr & ss_cvt: Cookies used to track unique visitor sessions. These cookies are crucial for understanding visitor behaviour and are stored for the duration of the session.
_ga_LQ69EP4DTW & _ga: Installed by Google Analytics, these cookies are used for tracking visitor, session, and campaign data while analysing site usage anonymously. The _ga_LQ69EP4DTW cookie expires after 30 minutes, and the _ga cookie has a storage period of 2 years.

c. How does the Company deal with data collected through the cookies?

The cookies usage message for the Website was the first message that you were likely to see when you visited our Services. In most cases, we do not ask you for consent to install them if we install cookies that are strictly required for the functioning of the Website in general and some of its features in particular (e.g. the very option to refuse some cookies).

Data that we collect with the cookies where there is personal data. We use this information in aggregate to assess the popularity of the webpages on our Website and how we perform in providing content to you.

If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our Website. For instance, our employees and subcontractors may be able to access this data. Moreover, your data may be processed on our behalf by the third-party service providers mentioned above.

d. Can you regulate your choices as to the automated collection of data?

Yes.

The following links might be useful for you to choose the best option for your browser and OS:

For the users of Internet Explorer
For the users of Firefox
For the users of Chrome
For the users of Safari web and iOS
For the users of Android.

6. Granting Access to Third Parties

We do not sell your personal data. However, to provide qualitative services, support various functions of our Services and ensure their operation, we may hire people, work with service providers, partner companies, and organisations. For these reasons, some of your personal data may be transferred to these persons.

In all cases, we comply with the requirements of data protection legislation and make every effort to ensure that data processing is secure at all stages. Our subcontractors and other third parties will provide the same or equal protection of user data as stated in this Privacy Policy.

To achieve the purposes of data processing, we may provide your data to the following persons:

a. Our employees and independent contractors

We may pass on your data to our employees or verified independent contractors (including private entrepreneurs). We always enter into non-disclosure and confidentiality agreements with those employees and independent contractors who have access to your data to ensure their data protection. In the case of the independent contractors who are private entrepreneurs, we also sign the data processing agreements with them, where applicable.

b. Third-party services providers

The Company may engage a number of trusted third-party service providers in order to support different features of our Services and ensure its overall functioning. We may also use third-party services to organise our work in the most efficient way and provide our clients with the best customer service.

Therefore, we may grant the following third-party service providers (and their subcontractors) with limited access to your personal data:

1) Google Analytics (the USA) is a well-known online business analytics service that helps us understand how our users interact with our Website. As a big transnational corporation, Google engages sub-contractors to carry out its obligations under contracts with customers. The list of Google's sub-contractors engaged in providing Google Ads services (including Google Analytics, Google Tag Manager, and Google Optimise) is provided here.

2) Meta (California, the US‎A) is a company offering online social networking services. The Privacy Policy is available here.

Facebook Insights is an analytics dashboard where you can track user behaviour and post-performance on your Facebook business page. In addition to providing key metrics like page views and post reach for paid and organic posts, the platform also recommends competitor pages to watch and track.
Meta Pixel is a piece of code that is put on the Website that allows measuring the effectiveness of advertising by understanding the actions people take on the Website.

3) Squarespace (New York City, New York) is a website building and hosting company that provides software-as-a-service and allows users to use pre-built website templates and drag-and-drop elements to create and modify webpages. Our Website is based on Squarespace. Their Privacy Policy is available here.

4) Shopify (Ottawa, Canada) provides an e-commerce platform and retail point-of-sale systems. We use Shopify to facilitate online transactions and manage our online store, ensuring a seamless shopping experience for our customers. Shopify processes data as described in their privacy policy, which can be found here.

Most of the services listed above are designed for analytics and marketing purposes described in Section 5 of this Privacy Policy.

If you are interested in more details about how these third-party services process personal data, please refer to their privacy policies available on their websites. However, we want to reassure you that due to their residency of headquarters or affiliates companies, they all are subject to the best worldwide data protection standards. We care about your data security and choose only reliable partners.

As regards the engagement of the above-mentioned service providers, we take all necessary steps to ensure compliance with the applicable data protection laws such as the GDPR. In particular, we make sure that your personal data is being protected and used only for the purposes specified in this Privacy Policy. This is achieved by using only certified services and products, signing agreements on the protection of personal data with contractors and partners, as well as taking technical measures to ensure the information is protected when stored, used, and while being processed and transferred.

Since some of your data may be transferred to third parties outside of the European Economic Area (EEA) and Germany, such data may be transferred on the basis of international data transfer agreements in compliance with the General Data Protection Regulation (GDPR). These agreements ensure that your data receives an adequate level of protection in line with EU and German data protection standards. Should the recipient country not have an adequacy decision from the European Commission, we will use appropriate safeguards such as standard contractual clauses approved by the European Commission.

We may also disclose your personal data to ensure compliance with the law. In other words, we may disclose information necessary for an investigation or trial at the official request of public authorities. If we are forced to disclose your information, we will notify you immediately and provide a copy of the request unless prohibited by law.

7. Your Data Processing Rights

To exercise your rights listed below, you can send a request to the Company to info@ponomarets.com. In order to properly protect your data, the Company may take additional measures to identify you when processing your request. We will provide you with a response to your request no later than 1 month from the date of its receipt, except as provided by law.

Thereby, you have the right to:

1) Know about the sources of collection, the location of their personal data, the purpose of their processing, the location of the owner or controller of personal data.

The Company respects the rights of personal data subjects and provides all necessary information in an accessible and understandable format. The Privacy Policy was created to ensure this right.

2) Receive information on the conditions for granting access to personal data, in particular information on third parties to whom your personal data is transferred.

3) Obtain a copy of the personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another controller without hindrance where the processing is carried out by automated means.

Under the GDPR or UK GDPR, you may exercise this right in terms of your personal data that is processed on the basis of consent or the performance of the contract if the data is collected directly from you and not created by the Company.

4) Access to your personal data and the right to receive an answer as to whether your personal data is processed, as well as to receive the content of such personal data.

You can at any time receive confirmation from us whether we are processing your personal data and receive a full copy of this data. In this case, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and the right to transfer this data to another owner (controller) at its discretion.

5) Submit a reasoned request to us objecting to the processing of your personal data.

If the review of such a request reveals that the Company cannot demonstrate a valid legal basis for the processing of data that overrides your interests, rights, and freedoms, we will stop processing it and inform you about it.

If the request is not satisfied, we will provide you with a reasoned response to the refusal.

6) Make a reasoned request to change or destroy their personal data if such data are processed illegally or are inaccurate, as well as in other cases provided by law.

In particular, in the event of any inaccuracies in the data processed by the Company, the person whose personal data are processed has the right to contact us with a request to make appropriate changes to their personal data. You may also request that your data be destroyed if you believe that the Company no longer needs it for the purposes for which it was collected.

7) Protect your personal data from unlawful processing and accidental loss, destruction, damage due to intentional concealment, non-provision, or untimely provision, as well as protect against the provision of information that is inaccurate or discredits the honour, dignity, and business reputation.

8) Complain about the processing of your personal data to the supervisory authorities or to the court and apply legal remedies in case of violation of the legislation on personal data protection.

9) Make reservations about the restriction of the right to process your personal data while giving consent.

10) Withdraw consent to the processing of personal data.

You can withdraw your consent to the processing of your personal data at any time in case of the legal basis for the processing was the consent. In this case, we must stop processing, i.e., destroy or delete your personal data and notify you of the results.

There may be exceptions to this right. For example, if the law requires the Company to retain this data, or when it is necessary for the protection in litigation, or when the Company has other grounds for the processing, etc.

11) Know the mechanism of automatic processing of personal data and the right to protection against an automated decision that has legal consequences for you.

This provision is intended to protect the data subject from decisions made by the algorithm without human involvement or control. For example, if a computer program decides on the basis of certain collected information who needs help and who does not. To protect you against such a decision, if we implement one, we will explain the subject of the rules and logic of decision-making by the algorithm and the ability to require a review of the decision by a person.

However, as of now, the use of the Services does not provide any solely automated solutions that would have legal consequences for you.

8. Your Age

The privacy of children is one of our concerns. Generally, we do not collect personal data of the users under the legal age since mostly they are not allowed to enter into such agreements under the applicable law. Nonetheless, you can solely give your consent to data collection and processing if you are at least at the age of 13 to 16 years. The exact age depends on the particular country of your residence.

However, our Services do not address anyone underaged on purpose. We do not knowingly collect personal data from children. In the case we discover that such a child has provided us with personal data, we immediately delete it from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us so that we are able to take the necessary actions.

9. Personal Data Location

All data are stored in databases and file repositories hosted by Squarespace and Shopify. Our service providers utilise global server networks to ensure secure data management and storage.

10. Personal Data Security

As the website is hosted by Squarespace and Shopify, their comprehensive security measures apply to safeguard personal data. Both platforms are equipped with dedicated security teams and implement a range of administrative, technical, and physical safeguards. These measures include firewalls to deter intruders, network redundancies for resilience, and continuous testing against vulnerabilities, ensuring a robust defence against various forms of data breaches and unauthorised access.

We also take our own security measures to protect your personal data from accidental loss or destruction, from unlawful processing or access to it.

Confidentiality. All personnel are subject to full confidentiality, and all subcontractors and sub processors must sign a confidentiality agreement or have confidentiality obligations in their contracts. Also, any access by authorised personnel is logged.

We use verified contractors who might have access to the data specified in this Privacy Policy and with whom relevant data processing agreements are concluded. Moreover, we guide and train our personnel to process your data securely.

Protection from unauthorised access. With regard to protection from unauthorised access to personal data, we have implemented passwords hashing and multi-factor authentication.

Securing credentials and access tokens. Firewall is installed on all servers, which prohibits access from all computers on the network except the corporate network. Tracking Data Transfer is ensured through a comprehensive solution based on the analysis of the system server logs and their current state.

Disclaimer. While taking the necessary steps to secure your data, we have no choice but to admit that no method of transmission over the Internet or method of electronic storage is 100% secure. If it happens that any of your personal data is under breach and if there is a high risk of violation of your rights as a data subject, we would inform you and the respective data protection authorities as to the accidents without undue delay. We will also do our best to minimise any such risks.

11. Changes to This Privacy Policy

We may amend or update this Privacy Policy from time to time. If we decide to do so, and the amendments will substantially affect your rights and legitimate interests, we will notify you of any changes via email and/or prominent notice within the Website when you use the Website for the first time after the amendments. We will also indicate the "Last modified" date at the top of this Privacy Policy.

12. Contact Information

If you have any questions about the Privacy Policy or your data being processed by us, you are welcome to contact us:

Company name:
Ponomarets Bikes GmbH
Berthold-Haupt Str. 111
01259 Dresden, Germany
Email: info@ponomarets.com

Back to Home ⟩