Privacy policy

At CycleBot, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website or make a purchase from us. It complies with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Who We Are

The data controller responsible for your personal data is:

CycleBot Schwarzwaldstraße 9 78609 Tuningen Germany

Email: support@cyclebot.com Phone: [PHONE NUMBER]

2. What Data We Collect

When you browse our website or place an order, we may collect the following personal data:

  • Full name
  • Billing and delivery address
  • Email address
  • Phone number
  • Payment information (processed securely via our payment providers β€” we do not store full card details)
  • IP address and browser/device information
  • Order history and purchase details
  • Communication records (emails, support enquiries)
  • Cookie and tracking data (with your consent)

3. Why We Collect Your Data (Legal Basis)

We process your personal data for the following purposes:

Purpose Legal Basis
Processing and fulfilling your order Art. 6(1)(b) GDPR β€” contract performance
Sending order confirmations and shipping updates Art. 6(1)(b) GDPR β€” contract performance
Fraud prevention and security Art. 6(1)(f) GDPR β€” legitimate interests
Improving our website and services Art. 6(1)(f) GDPR β€” legitimate interests
Sending marketing emails (if opted in) Art. 6(1)(a) GDPR β€” consent
Legal and tax compliance Art. 6(1)(c) GDPR β€” legal obligation

4. How We Share Your Data

We do not sell your personal data. We only share your data with trusted third parties where necessary to fulfil your order or operate our business:

  • Shopify Inc. β€” our eCommerce platform (data may be processed outside the EU under Standard Contractual Clauses)
  • Payment providers (e.g. Stripe, PayPal) β€” for secure payment processing
  • Shipping carriers (e.g. DHL, DPD, UPS) β€” to deliver your order
  • Google LLC β€” for analytics and advertising (with your consent)
  • Email service providers β€” for transactional and marketing emails

All third-party processors are bound by data processing agreements and required to protect your data in accordance with GDPR.

5. International Data Transfers

Some of our service providers are based outside the European Economic Area (EEA). Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

6. How Long We Keep Your Data

We retain your personal data only as long as necessary:

  • Order data: 10 years (German commercial and tax law requirement β€” HGB Β§257, AO Β§147)
  • Customer account data: For the duration of your account, plus 3 years after last activity
  • Marketing consent: Until you withdraw consent
  • Support communications: 3 years from last contact

7. Cookies

Our website uses cookies and similar tracking technologies. You can manage your cookie preferences via our cookie consent banner.

We use the following types of cookies:

  • Essential cookies β€” Required for the website to function (no consent needed)
  • Analytics cookies β€” Help us understand how visitors use our site (consent required)
  • Marketing cookies β€” Used for targeted advertising (consent required)

You can withdraw your cookie consent at any time by adjusting your browser settings or via our cookie preference centre.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access β€” Request a copy of the data we hold about you
  • Right to rectification β€” Ask us to correct inaccurate data
  • Right to erasure β€” Ask us to delete your data ("right to be forgotten")
  • Right to restriction β€” Ask us to limit how we process your data
  • Right to data portability β€” Receive your data in a structured, machine-readable format
  • Right to object β€” Object to processing based on legitimate interests or direct marketing
  • Right to withdraw consent β€” Withdraw marketing consent at any time

To exercise any of these rights, contact us at: support@cyclebot.com

We will respond within 30 days of receiving your request.

9. Right to Lodge a Complaint

If you believe we have handled your personal data unlawfully, you have the right to lodge a complaint with a supervisory authority. The competent authority for CycleBot is:

Der Landesbeauftragte fΓΌr den Datenschutz und die Informationsfreiheit Baden-WΓΌrttemberg Postfach 10 29 32 70025 Stuttgart Germany www.baden-wuerttemberg.datenschutz.de

10. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. All data is transmitted via SSL/TLS encryption.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The most current version will always be available on this page. We will notify you of significant changes by email where appropriate.