top of page

MENU

Privacy Policy

Data protection

 

declaration Preamble With the following data protection declaration, we would like to inform you about which types of your personal data (hereinafter also referred to as "data") we process for what purposes and to what extent in the context of providing our application. The terms used are not gender-specific. As of: July 13, 2024

Responsible person


Nihal Celik
Email address: info@fun-ride.eu
Telephone: +34 626 171 204
Imprint: https://www.fun-ride.eu/impressum


Overview of processing
The following overview summarizes the types of data processed and the purposes of their processing and refers to the persons affected.
Types of data processed
Inventory data.
Payment data.
Location data.
Contact data.
Content data.
Contract data.
Usage data.

 


Meta, communication and procedural data.


Categories of persons affected
Service recipients and clients.
Interested parties.
Communication partners.
Users.

 


Business and contractual partners.


Purposes of processing
Provision of contractual services and fulfillment of contractual obligations.
Communication.
Security measures.
Office and organizational procedures.
Organizational and administrative procedures.
Feedback.
Marketing.
Profiles with user-related information.
Provision of our online offer and user-friendliness.
Public relations.
Business processes and business management procedures.
Relevant legal bases
Relevant legal bases according to the GDPR: Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases are also relevant in individual cases, we will inform you of these in the data protection declaration.
Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR) - The data subject has given their consent to the processing of personal data concerning them for a specific purpose or several specific purposes.
Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR) - The processing is necessary for the fulfillment of a contract to which the data subject is a party or for the implementation of pre-contractual measures that are carried out at the request of the data subject.
Legal obligation (Art. 6 Para. 1 Clause 1 Letter c) GDPR) - Processing is necessary to fulfill a legal obligation to which the controller is subject.
Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR) - Processing is necessary to protect the legitimate interests of the controller or a third party, provided that the interests, fundamental rights and freedoms of the data subject which require the protection of personal data do not prevail.
National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations on data protection apply in Germany. This includes in particular the law on protection against misuse of personal data in data processing (Federal Data Protection Act - BDSG). The BDSG contains in particular special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission and automated decision-making in individual cases including profiling. In addition, state data protection laws of the individual federal states may apply.

 


Security measures


We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.
The measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, securing availability and separation of data. Furthermore, we have set up procedures that ensure the exercise of data subjects' rights, the deletion of data and reactions to threats to data. Furthermore, we take the protection of personal data into account when developing or selecting hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
 

Securing online connections through TLS/SSL encryption technology (HTTPS): To protect user data transmitted through our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), protecting the data from unauthorized access. TLS, as the advanced and more secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured by an SSL/TLS certificate, this is signaled by the display of HTTPS in the URL. This serves as an indicator for users that their data is being transmitted securely and encrypted.

Transfer of personal data


As part of our processing of personal data, it may happen that these are transferred to other bodies, companies, legally independent organizational units or persons or disclosed to them. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.
General information on data storage and deletion
We delete personal data that we process in accordance with the legal provisions as soon as the underlying consent is revoked or there are no further legal bases for the processing. This applies to cases in which the original purpose of processing no longer applies or the data is no longer required. Exceptions to this rule exist if legal obligations or special interests require the data to be stored or archived for a longer period.
In particular, data that must be retained for commercial or tax law reasons or whose storage is necessary for legal proceedings or to protect the rights of other natural or legal persons must be archived accordingly.
Our data protection notices contain additional information on the storage and deletion of data that applies specifically to certain processing processes.
If there are several details on the storage period or deletion periods for a date, the longest period is always decisive.
If a period does not expressly begin on a specific date and is at least one year, it automatically starts at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in the context of which data is stored, the event triggering the period is the time at which the termination or other termination of the legal relationship takes effect.
We process data that is no longer stored for the originally intended purpose but due to legal requirements or other reasons only for the reasons that justify its storage.


Further information on processing procedures, methods and services:
Storage and deletion of data: The following general periods apply to storage and archiving under German law:
10 years - retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets as well as the work instructions and other organizational documents required to understand them, accounting documents and invoices (Section 147 Paragraph 3 in conjunction with Paragraph 1 Nos. 1, 4 and 4a AO, Section 14b Paragraph 1 UStG, Section 257 Paragraph 1 Nos. 1 and 4, Paragraph 4 HGB).
6 years - Other business documents: received commercial or business letters, reproductions of sent commercial or business letters, other documents insofar as they are relevant for taxation, e.g. B. Hourly wage slips, operating accounting sheets, calculation documents, price labels, but also payroll documents, insofar as they are not already booking documents and cash register slips (Section 147 Paragraph 3 in conjunction with Paragraph 1 Nos. 2, 3, 5 AO, Section 257 Paragraph 1 Nos. 2 and 3, Paragraph 4 HGB).
3 years - Data that is required to consider potential warranty and compensation claims or similar contractual claims and rights and to process related inquiries based on previous business experience and standard industry practices are stored for the duration of the regular statutory limitation period of three years (Sections 195, 199 BGB).

Rights of the data subjects


Rights of the data subjects under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:
Right of objection: You have the right to object at any time to the processing of personal data concerning you based on Art. 6 (1) (e) or (f) GDPR for reasons arising from your particular situation; this also applies to profiling based on these provisions. If the personal data concerning you are processed in order to conduct direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct advertising.
Right of withdrawal in the case of consent: You have the right to withdraw consent given at any time.
Right to information: You have the right to request confirmation as to whether the data in question is being processed and to information about this data as well as further information and a copy of the data in accordance with the statutory requirements.
Right to rectification: In accordance with the statutory provisions, you have the right to request that the data concerning you be completed or that inaccurate data concerning you be rectified.
Right to erasure and restriction of processing: In accordance with the statutory provisions, you have the right to request that data concerning you be erased immediately or, alternatively, to request that the processing of the data be restricted in accordance with the statutory provisions.
Right to data portability: You have the right to receive data concerning you that you have made available to us in a structured, common and machine-readable format or to request that it be transmitted to another responsible party in accordance with the statutory provisions.
Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you violates the provisions of the GDPR.

Business services


We process data from our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners"), within the framework of contractual and comparable legal relationships and related measures and with regard to communication with the contractual partners (or pre-contractually), for example to answer inquiries.
We use this data to fulfil our contractual obligations. This includes in particular the obligations to provide the agreed services, any updating obligations and remedy in the event of warranty and other service disruptions. In addition, we use the data to protect our rights and for the purposes of the administrative tasks associated with these obligations and the company organization. In addition, we process the data on the basis of our legitimate interests in both proper and commercial business management and security measures to protect our contractual partners and our business operations from misuse and endangerment of their data, secrets, information and rights (e.g. B. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. The contractual partners are informed about other forms of processing, e.g. for marketing purposes, within the framework of this data protection declaration.
We inform the contractual partners which data is required for the aforementioned purposes before or as part of the data collection, e.g. in online forms, by special marking (e.g. colors) or symbols (e.g. asterisks or similar), or in person.
We delete the data after statutory warranty and similar obligations have expired, i.e. generally after four years, unless the data is stored in a customer account, e.g. for as long as it has to be kept for legal archiving reasons (e.g. for tax purposes, usually ten years). We delete data that has been disclosed to us by the contractual partner as part of an order in accordance with the specifications and generally after the end of the order.
Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact data (e.g. postal and email addresses or telephone numbers); contract data (e.g. subject matter of the contract, term, customer category); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved).


Persons affected: service recipients and clients; interested parties. Business and contractual partners.
Purposes of processing: provision of contractual services and fulfillment of contractual obligations; security measures; communication; office and organizational procedures; organizational and administrative procedures. Business processes and business management procedures.
Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion".
Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 lit. b) GDPR); Legal obligation (Art. 6 Para. 1 Clause 1 lit. c) GDPR). Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
Online shop, order forms, e-commerce and delivery: We process our customers' data to enable them to select, purchase or order the selected products, goods and associated services, as well as to pay for and deliver or execute them. If necessary for the execution of an order, we use service providers, in particular postal, forwarding and shipping companies, to carry out the delivery or execution to our customers. We use the services of banks and payment service providers to process payment transactions. The required information is marked as such in the ordering or comparable purchasing process and includes the information required for delivery, provision and billing as well as contact information in order to be able to hold any consultations; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR).

bottom of page