About us
We experience cycling in body and soul

Our privacy policy

Protection of privacy and personal data of our users and customers is our priority. This document firstly answers common questions and later describes, in detail, the purposes, legal bases and rights of individuals, whose personal data we process, including registered users.

What data do you collect and what do you do with it?

  • If you aren't registered and logged into your account, you're using the MTBIKER/ MTHIKER website anonymously and apart from your IP address and cookies we don't process any of your data. You can read more about both below.
  • If you are registered, we process only the data you have provided us yourself, e.g. while filling out the registration form, signing up to an event or while ordering through our e-shop. This data might contain personal data such as an email address, password, name, surname, address, phone number and date of birth.
  • For the purposes of improving our content, offer and site functions, we store information about the movement of visitors on the site. We store this data on our server and process part of this anonymous data on Google Analytics, Google BigQuery, Hotjar and Amplitude servers.
  • We store data in a database on a secure server to which only a minimum number of people have access to, and we only store passwords in hashed form, in which they cannot be used even in the event of a leak. We do not store any sensitive data.

As a registred user, where can I find what information you have about me?

  • All public information and posts can be found in your user profile, which you can access by clicking on the icon in the top right part of the header - you must be logged in of course.
  • You will find you personal information in settings and if you purchased from us, so on customer section of the e-shop.
  • Information regarding the processing of your personal data can be found in the second part of this document.

How can I change or delete my data in my user account?

  • In profile settings you can change all your information or delete it. You can also set up whether your information, like your name, email address or phone number, will be shown to registered users of this site.
  • In account settings if you decide so, you can irretrievably delete your account.

Who has access to my data?

  • Besides to employees and verified subcontractors working for MTBIKER.shop s.r.o. no one has access to Your data. The data never leaves our server (except for the backup to a secure external server).
  • Your data is shared with third parties only if it is necessary in order to fulfill the service we provide to you. For example, when registering for an event, we provide your data to the event organizer, and when ordering through the eshop, we provide data to the delivery companies and the services necessarily connected to the processing of the order.
  • We must provide the data to law enforcement authorities if we're asked to do so in writing (with adequate justification).
  • Data is "physically" stored on company servers Hetzner Online GmbH, Amazon Web Services, Inc. exclusively within the EU.

What cookies do you use and why?

  • Cookies are small text files in which different websites store various information needed to display the pages correctly. Cookies are stored in the user's browser, and the browser ensures that they can only be read by the site that created them, and no one.
  • We use cookies to ensure that users remain logged in and can thus use services provided by this site, which we cannot provide without the necessary cookies. If you turn off cookies in your browser, you won't be able to log in as well as contribute to the site or make a purchase.
  • You can remove cookies anytime. The procedure depends on the browser, but the basic instructions you'll find here. Don't worry, we nor any other service below don't save any sensitive data.
  • In addition to our cookies, this page uses Google Analytics, Google BigQuery and Amplitude services, which use cookies for anonymous analysis of access to the page.
  • You can set what types of cookies you allow us to store here: Cookie settings. For visitors, those not logged into an account, this setting is stored in their device and browser cookies. For logged-in users, these settings are saved to their profile and are superior to the settings stored in cookies, so that user settings can be used across devices.

What is an IP address and what do you do with it?

  • Simplified, an IP address is a unique address of your device, on which you access the internet. Our server can communicate with your browser thanks to this address and thus show you this website. The internet, as we know it, operates on the basis of IP addresses.
  • This address must be sent with every request to the server and the server stores it in logs (records) that are archived for 30 days to detect and prevent cyberattacks, errors and problems.
  • An IP address is considered personal information because it is theoretically possible to identify the owner of a device that had a given IP address at a given time. It is possible only with the cooperation of the internet service provider who needs a court order or a request from a law enforcement authority to do so. Therefore, we cannot identify you from your IP address only your internet service provider would be able to do so solely upon adequate request from the police.

What if I visit your store in person?

  • Our stores and business premises are monitored by a camera system without face recognition. A warning that the premises are monitored is located at the entrance to the premises.

Who can I contact if I have a request / complaint?

  • If you have any questions, requests or complaints please contact us at web@mtbiker.shop and we'll let You know as soon as possible .

Information regarding personal data processing

In accordance with Regulation of the European Parliament and of the Council (EU) 2016/679, from April 27th 2016, regarding the protection of individuals in the matter of processing of personal data and regarding the free movement of such data, which annuls Directive 95/46/ES (General Data Protection Regulation) (hereinafter referred to as "GDPR"), we fulfill the information obligation in connection with the processing of your personal data.

Please, read the following information regarding how we process your personal data. When it comes to processing your data, you are the person concerned, i.e. the person whose personal data we process.

Who is the controller of personal data?

MTBIKER.shop s.r.o.company, 225, 916 33, Hradok, ID number: 52770222, registered in the commercial register of Trenčín District Court, section: Sro, insert no. 39279/R.

If you have any questions, or if you want to exercise your rights regarding the processing of your personal data, please contact the operator via email address web@mtbiker.shop. You can also exercise your rights in writing delivered to the address of the operator's registered office.

How do we collect your personal information?

We obtain your personal data directly from you, unless expressly stated otherwise in this document.

We process personal data based on the following legal bases:

  • on the basis of contractual and pre-contractual GDPR relations (Article 6, par. 1, letter b))
  • based on legitimate interests (Article 6 par. 1 letter f) of GDPR)
  • based on fullfilment of legal obligation (Article 6 par. 1 letter c) of GDPR)
  • on the basis of the GDPR agreement (Article 6 par. 1 letter a)).

You are obliged to provide your personal data, if the processing of personal data is necessary for the fulfillment of the legal obligation of the operator. You are also required to provide personal data when it is a contractual requirement to do so, resulting from the contract between you and the operator.

It is necessary for you to provide your personal information in regard to the pre-contractual and contractual relations. Not providing your personal information may result in the inability to form this contract, or may prevent its fulfillment.

If the legal basis for personal information processing is authorization, the consent must be voluntary. In case we're processing your personal information based on your authorization, you have a right to revoke your consent at any time. The withdrawal of consent does not affect the legality of processing based upon the consent given before its withdrawal. Consent withdrawal is not sanctioned, monetarily or otherwise.

If we process your personal data based on a legitimate interest, you have the right to object to the processing of your personal data based on this basis, at any point in time, for reasons related to your specific situation, including an objection to profiling based on a legitimate interest (Article 21 of GDPR). The operator cannot further process personal data in such case, unless proven that the necessary legitimate reasons outweigh your personal interests, rights and freedoms as a data subject, or reasons for proving, enforcing or defending our legal claims.

For what purposes do we process your data?

Here you can find a list of purposes, their legal foundations and the period of storage of your personal data:

  • Account creation and management
    • All registered user have a user account available, which allows them to U the services, which this page offers. All information regarding the creation and management can be found in section terms and conditions. Which personal information will be used for this purpose greatly depends on what personal information you yourself input into the site or allow the site access to.
    • Legal basis: contractual relation
    • Storage period: up to 30 days after contract cancellation
  • E-shop and store order processing
    • In order to process an order from our eshop, or sometimes in our stores, we need to process your common personal information like name and surname, contact and billing information.
    • Legal basis: contractual relation
    • Storage period: 5 years since order completion
  • Order and return delivery
    • In order to deliver orders made on our eshop, or to deliver returned or refunded goods, we need to process your common personal data, such as name and surname, contact information and billing information. This information is also provided to third parties, such as delivery companies, in order to physically deliver the order.
    • Legal basis: contractual relation
    • Storage period: 5 years since order completion
  • Returns processing
    • In order to process a return or a refund, we need to process your common personal information like name and surname, contact and billing information.
    • Legal basis: contractual relation
    • Storage period: 5 years since return completion
  • Accounting and tax agenda
    • Accounting documents issued based off of an order in the eshop are processed by an external accounting firm, and some data is provided to the financial administration to fulfill legal obligations.
    • Legal basis: law
    • Storage period: 10 years since issuing the receipt
  • Customer support
    • Customers can contact us through our customer support line or email address. Their personal data (if provided) is processed for the purpose of answering questions and fulfilling requests. In the case of contacting via telephone, the call will be recorded. If the question or request concerns an existing order, the legal basis for the processing is the contractual relationship resulting from the placed order. Otherwise, legitimate interest is the legal basis and the storage period is shorter.
    • Legal basis: contractual relation or legitimate interest (in offering of good quality customer service and solving potential complaints)
    • Storage period: 5 years or 3 months
  • Email marketing
    • In order to inform the customer, we send occasional emails about promotions, news or interesting offers in the e-shop, based on the customer's consent..
    • Legal basis: agreement
    • Storage period: 3 years since approval
    • Option to withdraw approval: in section E-mail settings
  • Cyber security
    • In order to protect our servers and user accounts from attacks and spam, we have to collect and analyze records regarding site access. Through automatic or manual analysis of these records, we're able to detect and block attack or spam attempts. These records contain no other personal information apart from an IP address..
    • Legal basis: legitimate interest
    • Storage period: 6 months
  • Operation of the loyalty system
    • Our customers, whether in our e-shop or in-store, can participate in the loyalty program, which rewards their activity and shopping with additional loyalty discounts on products. No further information is needed for operation of the loyalty program, other than the information which was processed in order to create and manage the user account.
    • Legal basis: contractual relation
    • Storage period: up to 30 days after contract cancellation
    • Option to object: in section Loyalty discounts it is possible to disable the loyalty system for your account.
  • User behaviour profiling in order to improve product recommendations
    • In order to improve the search and discovery of relevant goods, we generate individual recommendations. More information regarding this method can be found in the "Will your personal data be used for profiling or automated individual decision-making?" section of this document.
    • Legal basis: legitimate interest (in improvement of the shopping process and product search)
    • Storage period: up to 30 days after contract cancellation
    • Option to object: in section Privacy settings it is possible to disable the creation of recommendations
  • Usage reports
    • In order to improve the services provided by this site, we need to access analytical data of platforms such as Google Analytics. The processed data is anonymous, and its only identifier is the cookie, to which you can (but do not have to) allow us access to.
    • Legal basis: agreement
    • Storage period: 1 year or until the cookies are deleted
    • Option to withdraw approval: in section Cookie settings it is possible to withdraw consent for each individual cookies category.
  • Camera system
    • Our stores and premises are monitored by a camera system in order to protect the property and health of our employees and customers. A notice regarding monitoring of premises is located next to the entry..
    • Legal basis: legitimate interest (in protection of property and health)
    • Storage period: 14 days
  • Feedback and order rating
    • We are interested in receiving customer feedback regarding their satisfaction (or dissatisfaction) with our eshop and products, which they have purchased. We contact our customers through email delivered after order delivery, through Heureka third party service (for eshop ratings), and later through our own email (for product ratings). The customer is not required to provide any rating and has an option to object to receiving these emails while creating the order.
    • Lelag basis: legitimate interest (in improvement of e-shop services)
    • Storage period: 6 months
    • Option to object: disagreeing about receiving an email about rating while creating an order
  • Recruitment of employees and associates
    • When recruiting new employees or co-workers, we process personal data to the extent necessary for the needs of the selection process for the position for which the candidate is applying. In case the candidate gives us consent to keep their CV and data, we can contact the candidate and invite them for an interview if a position relevant to their profile opens up in the future.
    • Legal basis: pre-contractual relation/ agreement
    • Storage period: 3 months after the end of recruitment for the position/ 2 years

Who has access to your personal data?

In connection with the fulfillment of the legal obligations of the operator, your personal data may be received by entities specified by law, in particular the tax office, state administration bodies and authorities exercising supervision, courts and law enforcement agencies.

Depending on the purpose of processing and specific circumstances, your personal data may also be received by other persons (in the position of intermediary or independent operator), in particular:

  • payment gateway providers enabling online payments,
  • post and delivery services providers,
  • order processing and e-shop customer support service providers,
  • marketing services providers,
  • external suppliers of programming work and system management ,
  • companies that are external suppliers of accounting, auditing or HR services,
  • companies that are external suppliers of services in the field of health and safety at work, health service and fire protection,
  • companies that provide independent e-shop order ratings ,
  • organisators of events, to which you can sign up through this page,
  • lawyer,
  • executor,
  • Liable person according to GDPR,
  • bank.

In cases when your personal data is processed through intermediaries, as a special category of recipients of personal data, we ensure that they proceed in accordance to valid legal regulations and the conditions agreed to in the contract regarding the processing of personal data, and that they are bound by confidentiality and protect your data in accordance with GDPR requirements.

Will your information be tranferred outside EU?

Your data is never transferred to a third country or any international organization..

Will your personal data be used for profiling or individual automated decision-making?

Your personal data may be used for the profiling of customer behavior in order to improve product recommendations. The data is processed on the basis of legitimate interest, as the result of its processing is the improvement of the functionality of the e-shop for you specifically. Through our own algorithm, based on the products you have previously purchased and the products or content you have visited on this page, we will generate a list of recommended goods that should best meet your requirements. Products from this list are visible in the section Recommended for you, if this list was generated for you. You can object to this information processing at any time, and you can do so by disabling the creation of recommendations in section Privacy settings in your account.

Your data will not be used for automatic individual decision making.

Our page uses cookies. You can find more information in section Cookie settings. Cookies, which are used to improve the functionality of our websites, are processed based upon our legitimate interests, cookies, which are used for marketing purposes, are processed based upon your consent. In case you want to forbid the usage and storage of cookies in your browser, you can do so in your browser settings. How you can block cookies depends on the browser you use.

What are your rights?

The right to access personal data acc. to Article 15 of GDPR:

The person concerned has a right to obtain a confirmation regarding the processing of their personal data by the operator. The person concerned has a right to obtain the access to their personal data (has a right to a copy of their personal data, which is available to the operator), and information regarding how the operator is processing this data in acc. with Article 15 of GDPR.

The right to correct personal data acc. to Article 16 of GDPR:

The person concerned has a right to rectification of their personal data, if it is inaccurate or needs completion, if it is incomplete. The operator must agree to the request for the correction or completion without undue delay.

The right to delete (right to "forget") acc. to Article 17 of GDPR:

The person concerned has a right to obtain that the operator will delete their personal information without undue delay, in case any reason mentioned in Article 17 par. 1 of GDPR is fulfilled (e.g. if personal information acquired by the operator is no longer needed or processed for purposes for which it was acquired for). This right of the person concerned will be judged by the operator, who will consider each party's point of view and based upon relevant circumstances in accordance with Article 17 of GDPR (e.g. the operator will not comply with the request, if the processing is necessary - in order to fulfil a legal obligation of the operator or to prove, enforce or defend any legal rights).

The right to restrict personal data processing acc. ro Article 18 of GDPR:

The person concerned has a right for the restriction of processing of their personal data, if any instance, acc. to Article 18 par. 1 of GDPR, occurs. If the processing has been restricted in accordance with Article 18. par. 1 of GDPR, such personal data is, except for storage, processed : a) only with consent from the person concerned, or b) in order to prove, enforce or defend legal rights, or c) for protection of another individual or legal person, or d) for reasons of essential public interest of the Union or member state.

The right to portability of personal data acc. to Article 20 of GDPR:

If the processing is based upon an agreement or a contract and is performed by automatic means, the person concerned has a right to acquire their personal information, which they provided to the operator, in a structured, commonly used and machine-readable format, and they have a right to transfer this information to another operator. If technologically possible, they have a right to transfer this information from one operator to the other.

The right to object acc. to Article 21 of GDPR:

If processing is based upon legitimate interests (Article 6 par. 1 letter f) of GDPR), person concerned has a right to object, at any point in time, based on reasons connected to their specific situation, against the processing of their personal information, including objecting against profiling based upon said interests. The operator thus cannot process the personal information anymore, unless proven, that there are necessary legal reasons that outweigh the interests, rights and freedoms of the person concerned, or their reasons for proving, enforcing or defending a legal claim. In case the person concerned objects to their personal information being processed for direct marketing purposes, incl. profiling in the extent that is connected to the direct marketing, the personal information cannot be processed for this purpose.

The right to submit a suggestion or complaint to the Office for Personal Data Protection

You can, at any given time, submit a suggestion or a complaint regarding the processing of your personal data to the supervisory authority, i.e. Office for the Protection of Personal Data of the Slovak Republic, Hraničná 12, 820 07 Bratislava, www.dataprotection.gov.sk.