Status August 2023

Data protection is a top priority for us at ROSE Bikes. We know that the careful handling of your personal information is important to you. Your data will therefore be treated confidentially by us in strict compliance with the applicable data protection regulations.

Below we explain which data we use on our Instagram page, at what time and for what purpose. Instagram is an online service for sharing photos and videos that belongs to Meta.

We want you to understand how the services work and how we ensure the protection of your personal data, which is very important to us. We only use your personal data if we have your consent or legal permission to do so.

We would like to point out that there has been massive criticism of the way Meta works and its data protection practices. One of the biggest data protection problems is that the NSA has access to Instagram and Meta data through its programmes such as PRISM and XKEYSCORE, according to the prevailing opinion in the specialist literature, and no deletion periods are provided for this data. The idea is to create permanent profiles on every person at the NSA intelligence service. Meta also uses the personal data from Instagram to combine it with Meta and WhatsApp data and other data to enable profiling. At the same time, Meta is one of the most important social media tools and many business people are dependent on working with Instagram (keyword "social proof", for example). We try to make this as data protection compliant as possible by providing transparent information.

Table of contents

I. Principles of joint processing and contact details of the controllers

1. Joint controllers for the processing of personal data

The purposes and means of processing personal data when visiting our Instagram page are jointly determined by us as ROSE Bikes GmbH ("ROSE Bikes") and Meta Platforms Ireland Ltd ("Meta") within the meaning of art. 26 EU General Data Protection Regulation (GDPR). This results from the fact that we, as the operator of the Instagram page, give Meta, as the operator of the Instagram service, the opportunity to process personal data by setting up such an account.

Meta assumes primary responsibility under the GDPR for the processing of Insights data within the framework of joint responsibility and fulfils all obligations under the GDPR with regard to the processing of Insights data (including articles 12 and 13 GDPR, articles 15 to 22 GDPR and articles 32 to 34 GDPR). In addition, Meta makes the essence of this Page Insights Addendum available to the data subjects (governed by the corresponding "Page Insights Controller Addendum").

Below you will find a description of how we and Meta handle personal data when you visit the Instagram account. However, since we generally or to a large extent have no influence on the collection and processing of data by Meta, we cannot provide clear information at this time on the purpose and scope of the processing of your data by Meta. However, we will monitor further developments in this regard and adapt this privacy policy accordingly if necessary.

We would like to point out that you use the Instagram account and its functions on your own responsibility. This applies in particular to the use of interactive functions (such as commenting, sharing, rating).

2. Name and address of the joint controllers

a) The primarily responsible controller is:

Meta Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland


b) Another controller is:

ROSE Bikes GmbH
Schersweide 4
46395 Bocholt
Germany
Phone: +49 2871 2755-55
Email: customerservice@rosebikes.com
Website: https://www.rosebikes.com

II. Contact details of the data protection officer

You can reach our data protection officer at

DataCo GmbH
Nymphenburger Str. 86
80636 Munich, Germany
Germany
Phone: +49 89 7400 45840
Website: www.dataguard.de

You can contact Meta Ireland's data protection officer using the online contact form provided on the Meta platform.

III. General information on data processing at Instagram

1. Data processing by Meta

The Instagram privacy policy specifies the categories of personal data that are processed when using Meta products such as Instagram. The policy generally describes the purposes for which this data is used. And this policy specifies the categories of recipients to whom this data is sent. You will also find information on the legal basis for the processing of this data and information on how you can withdraw your consent to the processing of personal data. The policy provides information on how you can exercise your rights of access, rectification, portability and erasure against Meta Ireland. You can find more information about your control options in the Instagram setting options or on their help pages.

2. Cookies by Meta

If you visit our Instagram page and your browser allows cookies to be stored, Meta stores information in the form of small text files in your browser's memory (hereinafter referred to as "cookies") and can access this information when you visit the Instagram or Meta platform. For more information on the purpose of the cookies used, the integration of these cookies by other websites and your control options in this regard, please refer to Meta's information on Instagram-Cookies.

We would like to point out that Meta is able to track your user behaviour with the help of the cookies used. This applies both to those who are registered on the Instagram platform and to those who are not.

We would also like to point out that we have no influence on Meta's data processing in connection with cookies. It is also possible to visit our Instagram page if you configure your browser so that no cookies are stored by Meta. Information on customising the settings for cookies in your browser can usually be found in the help section of the browser you are using.

If you are registered or logged in to the Instagram or Meta platform and want to prevent Meta from linking your visit to our Instagram page to your Instagram or Meta user account, you should log out of Instagram, delete the cookies on your device, close your browser and restart it.

3. Data processing during interactions on our Instagram page

On our Instagram company page, you have the opportunity to react to our posts, comment on them and send us messages. Please check which personal data you share with us via our Instagram company page. If you wish to prevent Meta from processing the personal data you have provided to us, please contact us using the contact details provided above.

In addition to the content you submit, information about your profile and your posts will be visible to us, depending on your privacy settings. You can change this yourself using the Instagram settings.

As far as we can, your data processed by us will be deleted when our Instagram company page is closed. If this data is further stored by Meta, it is based exclusively on the provisions of the Instagram privacy policy and the Instagram terms of use.

IV. Purposes and legal basis

Your personal data is collected for the purpose of communicating with our customers and business partners, marketing our products and thereby developing better products for our customers.

The processing of your data when contacting or interacting with our Instagram account or its content is carried out by us on the basis of art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in responding to your enquiry or interacting with our customers in the context of social media marketing. If your contact is aimed at concluding a contract, the additional legal basis for processing is art. Art. 6 (1) sentence 1 lit. f of the European General Data Protection Regulation.

We process the data provided by you in this context in order to protect our legitimate interests in customer communication. This also includes our legitimate interests in data processing in accordance with art. 6 para. 1 sentence 1 lit. f GDPR.

V. Categories of data

The information that Meta processes:
• Device attributes: Information such as the operating system, hardware and software versions, battery level, signal strength, available storage space, browser type, app and file names and types as well as plugins.
• Processes on the device: Information about the processes and activities carried out on the device, for example whether a window is in the foreground or background or mouse movements.
• Identifiers: Unique identifiers, device IDs and other identifiers, such as those of games, apps or accounts that are used, and family device IDs.
• Device signals: Bluetooth signals and information about wireless access points, beacons and radio cell towers in the vicinity.
• Data from the device settings: Information from the device settings, such as access to GPS location, camera or photos.
• Network and connections: Information such as the name of the mobile phone or internet provider, language, time zone, mobile phone number, IP address or connection speed and, in some cases, information about other nearby devices.
• Cookie data: Data from cookies stored on the device, including cookie IDs and settings.

VI. Recipients of data

The majority of personal data, such as photo, name or user name, is publicly displayed by Instagram. Only direct Instagram messages to us are data that are not public in the context of this privacy policy. Your personal data will be passed on by our website to internal employees of the marketing and sales department and, if necessary, to processors such as a marketing agency.

The transfer of data to third parties or authorities, such as the NSA, by Meta is to be assumed and is described in their data protection guidelines and specialised literature.

VII. Data transfers

The Instagram Privacy Policy explains the data transfers from Meta to third countries and their legal basis.

There are no plans on our part to transfer data to third countries.

VIII. Data retention period

In the Instagram privacy policy you will also find information on the duration of the storage of personal data as well as information on the criteria for determining this duration and on the possibility of blocking or deleting Instagram accounts.

IX. Automated decisions

Instagram uses automated decisions to display content for you as a user. Instagram recommends content that Instagram thinks you'll like. We do not know the underlying decision-making logic. The scope of the use of Instagram and other similar social media and its implications are vast and can be utilised in systems of mass surveillance and for deepfakes and other facial recognition systems.

X. Business profile

Our Instagram page is a business profile (hereinafter "Instagram company page" or "company presence") and therefore has the Instagram Insights function. This means that part of the data collected by Meta during use is made available to us in anonymised form as a statistical analysis. This statistical analysis only relates to users, content and activities on our Instagram page. The analysis includes the following specific data:

• Number of "likes" on our photos and videos
• Number of comments on our photos and videos
• Number of people who have seen a photo or video
• Number of times a photo or video has been shared
• Number of times a photo or video was reported as spam
• Number of clicks indicating that the user no longer likes the page

This information transmitted to us by Meta is anonymised and cannot be linked by us to you as a user of the Instagram page. However, this does not mean that data collection and data processing at Meta itself is anonymised.

On our Instagram company page, we provide information and offer Instagram users the opportunity to communicate. If you carry out an action on our Instagram company page (e.g. comments, posts, likes, etc.), it is possible that you may thereby disclose personal data (e.g. name or photo of your user profile). However, since we generally or to a large extent have no influence on the processing of your personal data by Meta, we cannot provide any binding information on the purpose and scope of the processing of your data by Instagram or Meta.

Our Instagram company page is used for communication and information exchange with (potential) customers and business partners. In particular, we use the company presence for:

• Products
• Competitions
• Employer branding

The publications on the company presence may contain the following contents:

• Information about products
• Competitions
• Advertising

Every user is free to publish personal data through activities.

The data generated by the company presence is not stored in our own systems.

You can object at any time to the processing of your personal data that we collect during your use of our Instagram company presence and/or exercise your data subject rights as set out in XI. of this privacy policy.

To assert your data subject rights vis-à-vis Meta as set out in XI. of this privacy policy, you must contact Instagram directly.

XI. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. Right to information

If your personal data is processed, you have the right to obtain information from the controller about the data stored about you (art. 15 GDPR).

2. Right to rectification

If inaccurate personal data is processed, you have the right to rectification (art. 16 GDPR).

3. Right to erasure or restriction and objection

If the legal requirements are met, you may request the deletion or restriction of the processing and object to the processing (art. 17, 18 and 21 GDPR).

4. Right to instruction

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged pursuant to art. 19 GDPR, to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

5. Right to data portability

If you have consented to the data processing or if there is a contract for data processing and the data processing is carried out with the help of automated procedures, you may have a right to data portability (art. 20 GDPR).

6. Right of objection

In accordance with art. 21 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on art. 6 para. 1 sentence 1 lit. e or f GDPR; this also applies to profiling.

7. Right to revoke the declaration of consent under data protection law

If you have consented to the processing by the controller by means of a corresponding declaration, you can revoke your consent at any time for the future. The legality of the data processing carried out on the basis of consent until revocation is not affected by this.

8. Automated decision-making in individual cases including profiling

In accordance with art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you.

9. Right of appeal a supervisory authority

Furthermore, there is a right of appeal to a supervisory authority (art. 77 GDPR).

This privacy policy was created with the support of DataGuard.