Privacy Notice for Pedalo by Holz-Hoerz GmbH

(As at: 25/05/2018)

Protecting our customers’ data is extremely important to us. In this document we will inform you about the processing of personal data carried out by Pedalo by Holz-Hoerz GmbH in accordance with the General Data Protection Regulation (GDPR), see article 13 of the GDPR. Please read our privacy notice carefully. Should you have any queries or comments regarding this information, you can contact us at any time using the contact information listed in section 2.


1. Overview

The following privacy notice informs you about the type and scope of the processing of personal data carried out by Pedalo by Holz-Hoerz GmbH. Personal data are pieces of information that are, or could be, directly or indirectly associated with your person.

The data processing carried out by Pedalo by Holz-Hoerz GmbH can be primarily divided into two categories:

  • For the purpose of contract processing, all data necessary for the fulfilment of a contract with Pedalo by Holz-Hoerz GmbH are processed. If external service providers e. g. logistics companies or payment service providers are also involved in the processing of the contract, your data will be passed on to these to the extent required in each case.
  • When accessing the Pedalo by Holz-Hoerz GmbH website, various pieces of information are exchanged between your end device and our server. These can also be personal data. The information collected in this manner is used, amongst other things, to optimise our website or to display adverts in your end device’s browser.


In accordance with the stipulations of the GDPR, you have various rights that you can assert against us. These include the right to object to selected data processing, in particular data processing for advertising purposes.


2. Name and contact information of the person responsible for processing and of the company data protection officer

This privacy notice applies to data processing carried out by Pedalo by Holz-Hoerz GmbH, represented by Managing Director Martin Moser, Dottinger Straße 71, 72525 Münsingen (‘the person responsible’), and for the website

Pedalo by Holz-Hoerz GmbH’s company data protection officer can be contacted at the above address, ‘for the attention of’ the Data Protection Department, or via


3. Purposes of data processing, legal basis and legitimate interests pursued by Pedalo by Holz-Hoerz GmbH or a third party as well as categories of recipients

3.1. Accessing our website

When accessing our website, information is automatically sent to the server of our website by the browser being used on your end device and is temporarily saved in a so-called log file. We have no control over this. In the process, the following information is collected without any action on your part and stored until it is deleted automatically:

  • the IP address of the requesting web-enabled device,
  • the date and time of access,
  • the name and URL of the retrieved file,
  • the website, from which the file was accessed (referrer URL),
  • the browser you used and, where applicable, your web-enabled computer’s operating system as well as the name of your access provider.


The legal basis for the processing of the IP address is article 6, paragraph 1 (f) of the GDPR. Our legitimate interest ensues from the purposes for data collection listed hereafter. We would like to point out that your identity cannot be directly inferred from the data collected and that no conclusions are drawn by us.

We use your end device’s IP address as well as the other data listed above for the following purposes:

  • to ensure a connection is established smoothly,
  • to ensure our website is user-friendly,
  • to evaluate system security and stability.


The data are saved for a period of 38 months and are subsequently deleted automatically. Furthermore, we use cookies, tracking tools, targeting processes and social media plug-ins for our website. Which processes these are exactly and how your data are used for them is explained in detail in section 3.4.


3.2. Conclusion, execution or termination of a contract

3.2.1. Data processing on conclusion of the contract

Pedalo by Holz-Hoerz GmbH’s business objective is the distance selling of products and services as well as the series production of a portion of the products that are offered. In this context, we process the data necessary for the conclusion, execution or termination of a contract with you. These include:

  • First name, surname
  • Where applicable, corporate name / name of organisation
  • Billing and shipping address
  • Email address
  • Your telephone number for freight shipments
  • Billing and payment information
  • Where applicable, telephone number


The legal basis for this is article 6, paragraph 1 (b) of the GDPR. This means that you provide us with your data on the basis of the contractual relationship or in preparation of a contractual relationship between you and us. Furthermore, we are obliged to process your email address due to the German Civil Code (Bürgerliches Gesetzbuch – BGB), which stipulates that we send an electronic order confirmation (article 6, paragraph 1 (c) of the GDPR). Provided we do not use your contact details for advertising purposes (see 3.3), we store the data collected for contract processing until the expiration of legal and possible contractual warranty and guarantee rights. After the expiration of this period, we retain information from the contractual relationship required under trade and tax laws for the legally specified time period. During this period (normally ten years after the conclusion of the contract), the data will only be processed again in the case of an audit by the tax authorities. Provided that you are entitled to a warranty in compliance with our general terms and conditions, we would like to point out that some products have a warranty period that might exceed the legal retention period.

Furthermore, the following data processing is necessary for executing the sales contract:

Provided that you have chosen a payment method other than prepayment or sale on account, we pass the necessary payment information to a payment service provider commissioned by us.

For the purpose of processing the sales contract, we pass information regarding your shipping address to a logistics company commissioned by us. We only request your telephone number in the order form when you order products that are delivered by freight. Your telephone number is passed on to the logistics company commissioned by us in the case of freight shipments to ensure that the goods are delivered in consultation with you and according to your wishes. The logistics company will contact you prior to delivery to inform you of the delivery time or to agree details of the delivery with you.

Products may be supplied to you directly from the manufacturer (drop shipping). To fulfil your order, the shipping address is passed on to the manufacturer for the purpose of shipping.

The data are only transferred for this purpose and are deleted after successful delivery.

In the event of a delay in payment, we submit the necessary data to a company commissioned with the assertion of the claim, provided the other legal requirements exist. Legal bases for this are both Article 6 (1) (b) and Article 6 (1) (f) GDPR. The assertion of a contractual claim is to be regarded as a legitimate interest within the meaning of the second-named provision.


3.3. Data processing for advertising purposes

The following statements relate to the processing of personal data for advertising purposes. The GDPR describes data processing of this kind based on article 6, paragraph 1 (f), as conceivable in principle and as a legitimate interest. The duration of the retention period for data used for advertising purposes does not follow any strict guidelines and is based on the question of whether storage is required to deliver advertising. At Pedalo by Holz-Hoerz GmbH, we also abide by the principle of ceasing to use your data for advertising purposes no later than five years after your last contact. Please see section 3.3.3. for the process should you object.

3.3.1.Pedalo by Holz-Hoerz GmbH and third-party advertising purposes

If you have concluded a contract with us, we will keep a record of you as an existing customer. In this case, we use your postal address beyond the existence of distinct consent to send you information about new products and services. We occasionally pass on your postal address to contractual partners, carefully chosen by us, from mail-order and telecommunications fields so that they can also inform you about their products. We use your email address beyond the existence of distinct consent to provide you with information about our own, similar products. Following the purchase, you will also receive an automatic email, in which we ask you to rate us and our products. In doing so, you are helping us to adapt and to further develop our products and our product range.

3.3.2. Advertising that reflects your interests

To ensure that you only receive promotional information that might be of interest to you, we categorise your customer profile and add additional information to it. To do this, statistical information and information about you is used (e.g. basic information from your customer profile). Our aim is to only send you advertising that is or might be of interest to you and to not bother you with advertising that is not useful to you.

3.3.3. Right to object

You can object to your data being processed for advertising purposes at any time, separately for the respective communication channels and with effect for the future, without incurring costs other than the transmission costs at the basic prices. To do this, simply send an email to or write to the contact details stated in section 2.

If you object, the contact address in question is blocked from further data processing for advertising purposes. Please note that, in exceptional cases, advertising material could temporarily continue to be sent even after you have lodged your objection. The technical reason for this is the required lead time of advertisements and it does not mean that we are not implementing your objection. Thank you very much for your understanding.

3.3.4. Newsletter distribution

You can sign up for our newsletter on our website. To make sure that there are no mistakes in the email address you have provided us with, we use a double opt-in system: Upon submitting your email address in the sign-up field, we will send you a confirmation link. Only once you have clicked on this confirmation link will your email address be added to our distribution list. The newsletter we send to you provides us with information including confirmation of receipt and whether it has been read or not, as well as which links you have clicked on in the newsletter. Your user behaviour with regards to the newsletters you receive from us and our website is analysed and assigned to your email address / user profile stored within our database. By creating a personalised user profile, we wish to tailor our advertising to your interests and optimise the offerings on our website for you. The processing of your electronic contact data and its analysis as described occurs solely on the basis that you have given your consent (article 6, paragraph 1 (a) of the GDPR) at this point. You can withdraw your consent at any time with effect for the future. To do this, simply send a short note via email to or click on the ‘Unsubscribe’ button, located at the bottom of every newsletter.


3.4. Online presence and website optimisation

3.4.1. Cookies – General information

We use so-called cookies on our website. If as these cookies are personal data, they are used based on article 6, paragraph 1 (f) of the GDPR. Our interest to optimise our website is to be considered as justified in accordance with the aforementioned provision. Cookies are small files which your browser generates automatically, and which are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not harm your end device in any way, they do not contain viruses, Trojans or other malicious software. Information is stored in the cookie, which stems from the connection with the specific end device used in each case. However, this does not mean that we immediately get to know your identity. On the one hand, cookies are used to make the use of our offering more convenient for you. We use so-called session cookies, for example, to recognise that you have already visited individual pages on our website or that you have already logged in to your customer account. These are automatically deleted when you have left our site. In addition, also for user friendliness, we use temporary cookies that are stored on your end device for a specific period of time. If you visit our site again to use our services, the system automatically recognises that you have already visited us and remembers the inputs and settings you have entered, so you do not have to re-enter them.

If you have a customer account with Pedalo by Holz-Hoerz GmbH and you are logged in or you activate the ‘Stay logged in’ function, the information stored in cookies will be saved to your customer account.

On the other hand, we use cookies to statistically record the use of our website and to evaluate the optimisation of our offering for you as well as to display information tailored to you. These cookies allow us to automatically recognise that you have already been on our site when you visit our site again. These cookies are automatically deleted after a defined period of time. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that you are always notified before a new cookie is generated. Disabling cookies completely, however, may mean that you cannot use all of the features of our website. The storage period for cookies depends on their purpose and is not the same for all of them.

3.4.2. Google Analytics

Based on article 6, paragraph 1 (f) of the GDPR we use Google Analytics, a web analysis service provided by Google Ireland Ltd (‘Google’), for the purpose of the needs-oriented design and continuous optimisation of our pages. In this context, pseudonymised usage profiles are created and cookies are used. The information generated by the cookie about your use of this website, such as

  • browser type/version,
  • operating system used,
  • referrer URL (the page visited previously),
  • host name of the accessing computer (IP address),
  • time of the server request,

will be transmitted to a Google server in the USA and saved there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and Internet usage for the purpose of market research and tailor-made website design. This information is also transmitted to third parties, if necessary, provided this is stipulated by law or third parties have been commissioned to process these data. On no account will your IP address be linked to any other data provided by Google. The IP addresses are anonymised, so that an association is not possible (so-called IP masking).

You can disable the installation of cookies by setting your browser software accordingly; however, please note that in this case you might not be able to make full use of this website’s features. In addition, you can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) as well as Google’s processing of such data by downloading and installing this browser add-on. As an alternative to the browser add-on, in particular for browsers on mobile end devices, you can also prevent the collection of data by Google Analytics by clicking this link. An opt-out cookie will be generated which prevents future collection of your data when you visit this website. The opt-out cookie is only valid for this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must generate the opt-out cookie again. More information about privacy regarding Google Analytics is available on the Google Analytics website.

3.4.3. Doubleclick

Doubleclick by Google is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (‘Google’). Doubleclick by Google uses cookies to show you advertisements which are relevant to you. Your browser is assigned a pseudonymous identification number (ID) to check which adverts have appeared in your browser and which adverts have been viewed. The cookies do not contain personal information. Using the DoubleClick cookie allows Google and its affiliate websites to only display adverts based on previous visits to our or other websites on the Internet. The information generated by the cookies is transferred to a Google server in the USA and saved there. Google only transfers the data to third parties due to legal stipulations or in the context of contract data processing. On no account will Google link your data to any other data collected by Google. By using our web pages, you agree to the processing of the data collected about you by Google and the way in which the data are processed as described above as well as to the stated purpose. You can prevent the storage of cookies by setting your browser software accordingly. However, please note that, in this case you might not be able to make full use of this website’s features. Furthermore, you can also prevent Google’s collection of the data generated by cookies and relating to your use of the website as well as Google’s processing of such data by Google by downloading and installing the browser plug-in available at the following link under the header DoubleClick deactivation extension. Alternatively, you can disable Doubleclick cookies on the Digital Advertising Alliance website at the following link.

3.4.4. Google AdWords

We use Google AdWords to draw attention to our attractive offers with the help of advertising materials (so-called Google AdWords) on external websites. We can determine how successful the individual advertising measures are in relation to the advertising campaign’s data. With this, we aim to show you advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.

These advertising materials are delivered by Google via so-called ‘ad servers’. To this end, we use ad server cookies which measure certain performance assessment parameters such as display of the ads and user clicks. If you access our website through a Google ad, Google AdWords will store a cookie on your PC. These cookies normally expire after 30 days and they are not intended to identify you personally. Normally, the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant to post-view conversions) and opt-out information (sign that the user does not wish to be addressed anymore) are stored as analysis values with this cookie.

These cookies enable Google to recognise your web browser. If a user visits certain pages of an AdWords customer’s website and the cookie stored on their computer has not yet expired, Google and the customer can see that the user clicked on the ad and was redirected to that page. Each AdWords customer is allocated a different cookie. Therefore, cookies cannot be tracked through the AdWords customers’ websites. We ourselves do not collect and process any personal data in the aforementioned advertising measures. Google only provides us with statistical evaluations. Based on these evaluations we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material, in particular we cannot identify the users based on this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the extent and the further use of the data, which are collected by Google using this tool and therefore we inform you according to our current knowledge: by including AdWords Conversion, Google receives the information that you have accessed the relevant part of our Internet presence or have clicked on one of our ads. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or not logged in, it is possible that the provider will find out and store your IP address.

3.4.5. Option to object /opt out

In addition to the disabling methods described above, you can generally stop the outlined targeting technologies through relevant cookie settings in your browser (see also 3.4.1). Furthermore, you have the option to disable preference-based advertising using the Preference Manager, which is available here.

3.4.6. Social-Media-links

We use links to Facebook, Google+, Youtube, Instagram on our site. These are pure links that lead you to our corporate pages on the respective platforms. From our website no user data will be transferred to the respective social media platform.


3.5. Customer account

In order to provide you with the greatest possible comfort during your purchase, we offer you the permanent storage of your personal data in a password-protected customer account. The installation of the customer account is voluntary and takes place on the basis of your consent within the meaning of Article 6 paragraph 1 letter a) GDPR. After setting up a customer account, no re-entry is required. In addition, you can view and change the data stored in your customer account at any time. In addition to the data requested during an order, you must provide a self-selected password to set up a customer account. This serves together with your e-mail address for access to your customer account. Please treat your personal access data confidentially and in particular do not make it accessible to unauthorized third parties. We can not accept liability for misused passwords unless we are responsible for the abuse. Please note that even after leaving our website, you will automatically be logged in, unless you actively log out. You have the option of submitting your customer account at any time by sending a message to us, e.g. to be deleted by email to
Please note, however, that this does not mean that the data in the customer account can be deleted. 


3.6. Establishing contact, contact forms, evaluation functions and ‘queries about the product’

The following processing is carried out at least on the basis that you have given your consent in keeping with article 6, paragraph 1 (a) of the GDPR by actively contacting us or leaving a product review. Depending on the content of your request, your data can also be processed based on article 6, paragraph 1 (b) (processing to fulfil a contract, e.g. your order or to carry out pre-contractual activities at your request, e.g. requesting an offer) or article 6, paragraph 1 (c) (processing to fulfil a legal obligation from us, e.g. as part of a warranty claim).

You can send general queries to us using the contact form provided on our website. You must provide your name, an email address and a telephone number to enable us to contact you. You can choose to provide further information.

We collect these data so that we know who a request is coming from and so that we are able to respond to this as effectively as possible using the method that you have specified.

When you review a product in our online shop we ask you to provide a name and an email address. Names and email addresses are not published. In this case, another legal reason is our legitimate interest in being able to react, for example, in the event of prohibited or illegal assessments, in keeping with article 6, paragraph 1 (f) of the GDPR.

You can edit or delete your published opinion at any time. To do so, please write to us at

If you contact us by telephone, we ask you to provide data necessary for processing your request as part of the content of your request.


4. Recipients outside of the EU

With the exception of the processing described in sections 3.4.2., 3.4.3., 3.4.4., we do not give your data to recipients based outside of the European Union or European Economic Area. The processing mentioned in sections 3.4.2., 3.4.3., 3.4.4. cause data to be transmitted to the servers of suppliers of tracking or targeting technologies commissioned by us. These servers are located in the USA. The data are transmitted in accordance with the guidelines of the so-called Privacy Shield and on the basis of the so-called standard contractual clauses of the EU Commission. 


5. Your rights

5.1. Overview

In addition to the right to withdraw the consent you have given us, you also have the following rights if the respective legal requirements are met:

The right to be informed about your personal data that we keep as per article 15 of the GDPR; in particular, you can request information about the purposes of the processing, the category of personal data, the categories of recipient to whom your data has been or will be disclosed, the envisaged period for which your data will be stored or the source of your data if these were not directly collected from you,

  • The right to rectification of inaccurate data and to complete incomplete data as per article 16 of the GDPR,
  • The right to erasure of your data that we store as per article 17 of the GDPR, provided no legal or contractual periods of retention or other legal requirements or legislation to retaining your data have to be met,
  • The right to restriction of processing your data as per article 18 of the GDPR, provided you contest the accuracy of your data or that the processing is unlawful but you oppose to your data being erased; the person responsible no longer needs the data but you require them for establishing, exercising or defending a legal claim, or if you have objected to the processing of your personal data as per article 21 of the GDPR,
  • The right to data portability as per article 20 of the GDPR, i.e. the right to receive certain personal data we store concerning you in a commonly used and machine-readable format, or to request the transmission of those data to another person responsible,
  • The right to lodge a complaint with a supervisory authority. As a general rule, please contact the supervisory authority of your usual place of residence, place of work or the place of our headquarters.


5.2. The right to object

Provided that the conditions of article 21, paragraph 1 of the GDPR are met, data processing can be objected to on grounds resulting from the particular situation of the person concerned.

The aforementioned general right to object applies to all purposes for the processing of personal data described in this privacy notice which are processed based on article 6, paragraph 1 (f) of the GDPR. Unlike with the special right to object to data processing for advertising purposes (see 3.3.3. above), as per the GDPR we are only obliged to implement any such general objection if you provide us with reasons of an overriding interest (e.g. risk to life or health). Furthermore, you have the option to contact the supervisory authority responsible for Pedalo by Holz-Hoerz GmbH, the state representative of Lower Saxony for data protection: Landesbeauftragte für den Datenschutz Baden-Württemberg, Königstraße 10A, 70173 Stuttgart, Germany, Tel. +49 711-615541 0, Fax -15, email:


6. Data security

All of the data submitted by you personally, including your payment details, are transmitted using the standard and secure SSL (Secure Socket Layer) protocol. SSL is a secure and reliable protocol, which is also used for secure data transfer in online banking, for example. Amongst other things, you can identify a secure SSL connection if the ‘http’ in the browser address ends in an ‘s’ (i.e. https://....) or if your browser displays a lock symbol.

Apart from that, we apply suitable technical and procedural security measures to safeguard your personal data we are storing from manipulation, partial or total loss or unauthorised third-party access.