About us We experience cycling in body and soul

Our privacy policy

Protecting the privacy and personal data of our users is a priority for us. This document first answers basic questions and in the second part describes in more detail the purposes, legal bases and rights of persons whose personal data we process, including registered users..

What data do you collect and what do you do with it?

  • If you aren't registered and logged into your account, you're using the MTBIKER/ MTHIKER website anonymously and apart from your IP address and cookies we don't process any of your data. You can read more about both below.
  • If you are registered, we only process the data that you provide to us, for example when registering or after signing up for an event. This data may also include personal information such as email address, password, first name, last name, address, telephone number or date of birth..
  • For the purposes of improving our content, offer and site functions, we store information about the movement of visitors on the site. We store this data on our server and process part of this anonymous data on Google Analytics, Google BigQuery, Hotjar and Amplitude servers.
  • We store the data in a database on a secure server, to which only a minimal number of people have access. We always store passwords only in hashed form, in which they cannot be used even in the event of a leak. We do not store any sensitive data..

As a registred user, where can I find what information you have about me?

  • All public information and posts can be found in your user profile, which you can access by clicking on the icon in the top right part of the header - you must be logged in of course.
  • You will find you personal information in settings.
  • Information about the processing of your personal data within this portal can be found in the second part of this document..

How can I change or delete my data in my user account?

  • In profile settings you can change all your information or delete it. You can also set up whether your information, like your name, email address or phone number, will be shown to registered users of this site.
  • In account settings if you decide so, you can irretrievably delete your account.

Who has access to my data?

  • Besides to employees and verified subcontractors working for MTBIKER.shop s.r.o. no one has access to Your data. The data never leaves our server (except for the backup to a secure external server).
  • We provide data to third parties only if it is necessary to fulfill the service we provide to you. For example, when registering for an event, we will provide your data to the event organizer, and when ordering through the e-shop, we will provide data to companies that ensure delivery of the order and services necessarily associated with processing the order..
  • We must provide the data to law enforcement authorities if we're asked to do so in writing (with adequate justification).
  • Data is "physically" stored on company servers VSHosting sro. and Amazon Web Services, Inc. exclusively within the EU.

What cookies do you use and why?

  • Cookies are small text files in which different websites store various information needed to display the pages correctly. Cookies are stored in the user's browser, and the browser ensures that they can only be read by the site that created them, and no one.
  • We use cookies to ensure that users remain logged in and can thus use services provided by this site, which we cannot provide without the necessary cookies. If you turn off cookies in your browser, you won't be able to log in as well as contribute to the site or make a purchase.
  • You can remove cookies anytime. The procedure depends on the browser, but the basic instructions you'll find here. Don't worry, we nor any other service below don't save any sensitive data.
  • In addition to our cookies, this page uses Google Analytics, Google BigQuery and Amplitude services, which use cookies for anonymous analysis of access to the page.
  • You can set what types of cookies you allow us to store here: Cookie settings. For visitors, those not logged into an account, this setting is stored in their device and browser cookies. For logged-in users, these settings are saved to their profile and are superior to the settings stored in cookies, so that user settings can be used across devices.

What is an IP address and what do you do with it?

  • Simplified, an IP address is a unique address of your device, on which you access the internet. Our server can communicate with your browser thanks to this address and thus show you this website. The internet, as we know it, operates on the basis of IP addresses.
  • This address must be sent with every request to the server and the server stores it in logs (records) that are archived for 30 days to detect and prevent cyberattacks, errors and problems.
  • An IP address is considered personal information because it is theoretically possible to identify the owner of a device that had a given IP address at a given time. It is possible only with the cooperation of the internet service provider who needs a court order or a request from a law enforcement authority to do so. Therefore, we cannot identify you from your IP address only your internet service provider would be able to do so solely upon adequate request from the police.

Who can I contact if I have a request / complaint?

  • If you have any questions, requests or complaints please contact us at [email protected] and we'll let You know as soon as possible .

Information regarding personal data processing

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27. of April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (GDPR), and in accordance with the relevant personal data protection legislation of the Slovak Republic, we provide you with this information on how we process your personal data in connection with user accounts and community functions on our web platform..

Please, read the following information regarding how we process your personal data. When it comes to processing your data, you are the person concerned, i.e. the person whose personal data we process.

Who is the controller of personal data?

MTBIKER.shop s.r.o.company, 225, 916 33, Hrádok, ID number: 52770222, registered in the commercial register of Trenčín District Court, section: Sro, insert no. 39279/R.

(hereinafter also referred to as “web platform operator”, “we” or “operator”)

If you have any questions, or if you want to exercise your rights regarding the processing of your personal data, please contact the operator via email address [email protected]. You can also exercise your rights in writing delivered to the address of the operator's registered office.

Our web platform also includes a separate e-shop section, which is operated by a different entity depending on the country of delivery. You can find all information about terms and conditions and privacy protection in the e-shop in the section Shopping FAQ.

What personal data do we process and how do we obtain it?

We primarily process the data you provide to us when creating or managing a user account, when adding content (e.g. discussion posts, comments, advertisements, outings, photos), when using the forum, bazaar or event calendar features or if you contact us in connection with these community features.

In particular:

  • basic identification and contact details (e.g. name, nickname, email address),
  • data about your interaction with the platform (e.g. IP address, cookies, browser information, etc..),
  • data that you upload or publish yourself (e.g. comments, posts, texts, photos, videos, ads in the bazaar, trip records, shared routes or ratings),
  • any other personal data (e.g. phone), only if you have voluntarily and explicitly provided them as part of the use of a specific function (e.g. registration for an event in the calendar, bazaar, etc..).

Providing some data is necessary to create and manage a user account (e.g. unique email address), without which we would not be able to provide you with the requested services.

On what legal basis do we process your personal data?

Contractual relationship (Art. 6 (1) (b) GDPR))

We process your data to the extent necessary to create and manage your user account and to provide community functions (forums, comments, bazaar, calendar, outings, etc.) that are described in the section terms and conditions.

Legitimate interest (Art. 6 ods. 1 písm. f) GDPR)

Based on our legitimate interest, we may:

  • protect our platform and users from abuse (e.g. detecting and blocking SPAM, attacks, inappropriate posts)),
  • store and manage discussion posts, comments, reviews and other uploaded content (to the extent necessary to maintain the structure and logic of discussions),
  • to perform routine analytics and statistics on the use of the platform (except where consent is required by law or other regulation)).

You have the right to object to the processing of your personal data based on legitimate interest at any time (details in the section "Your rights").

Consent (Art. 6 ods. 1 písm. a) GDPR)

In cases where neither a contractual relationship nor a legitimate interest can be applied (e.g. when using analytical or marketing cookies), we may request your consent. Giving consent is voluntary and you can withdraw it at any time without affecting the lawfulness of the processing before its withdrawal..

Legal obligation (Article 6(1)(c) GDPR))

In some cases, we are bound by legal obligations (e.g. if we are requested to provide data by law enforcement authorities based on applicable legal regulations).

For what purposes do we process your data?

Here you can find a list of purposes, their legal foundations and the period of storage of your personal data:

  • Account creation and management
    • All registered users of the web platform have a user account that allows them to use the services provided by this site, respectively. the web platform offers. More comprehensive information about creating and managing an account can be found in the section terms and conditions. What personal data will be processed for this purpose depends largely on what personal data you upload to the site or make available on the site..
    • The basis is a contractual relationship according to terms and conditions. We process e.g. Your email as a unique account identifier, any contact details, account settings, etc..
    • Retention period: up to 30 days after account deletion (except for data that we must archive for other legal reasons).
  • Community features (forum, bazaar, calendar, comments, ratings, trips and other posts))
    • We record and store the content you upload (texts, photos, videos, reactions). These posts may also contain your personal information if you choose to provide it..
    • Based on the contractual relationship (providing the service) and our legitimate interest (conducting discussion and community functions).
    • Storage period: we keep posts to preserve discussions and comment logic. After deleting your account, we usually anonymize your name (nickname) in posts, unless required by another legal obligation or your specific consent..
  • Technical maintenance and cybersecurity
    • In order to protect our servers and user accounts from attacks and spam, we have to collect and analyze records regarding site access. Through automatic or manual analysis of these records, we're able to detect and block attack or spam attempts. These records contain no other personal information apart from an IP address..
    • Based on legitimate interest, we collect access logs, IP addresses, in order to detect and block attacks, unsolicited posts (SPAM) or violations of the rules..
    • Retention period: typically 6 months, or longer if necessary to resolve incidents.
  • Analytics and statistics of web platform usage
    • In order to improve the services provided by this site, we need to access analytical data of platforms such as Google Analytics. The processed data is anonymous, and its only identifier is the cookie, to which you can (but do not have to) allow us access to.
    • It helps us improve features for users. In some cases, the legal basis may be legitimate interest (if it concerns basic statistics), in other cases (e.g. personalization or cookies) consent.
    • Retention period: depending on specific cookies and analytical tools, usually 1 year, or until consent is revoked.
    • Option to withdraw approval: in section Cookie settings it is possible to withdraw consent for each individual cookies category.
  • Email newsletter
    • For the purpose of information, we send, with your consent, occasional emails about planned events or news on the web platform..
    • Legal basis: agreement
    • Retention period: 3 years from the date of consent, or until revoked
    • Option to withdraw approval: in section Email settings
  • Legal agenda
    • If required by law (e.g. providing data to the police, court, other authorities), we process and archive data to fulfil legal obligations..
    • Retention period: according to legal deadlines.

To whom may your data be made available?

  • External providers of programming work, system rights, hosting, or IT services (e.g. servers, cloud, development work) – in the position of our intermediaries pursuant to Art. 28 GDPR, who act on our instructions.
  • Analytics service providers (e.g. Google Analytics) – if you have consented to the use of analytical/marketing cookies.
  • Exceptionally, public authorities, courts, police, tax authorities or other entities, if required by law or necessary to protect our legal claims.

In cases when your personal data is processed through intermediaries, as a special category of recipients of personal data, we ensure that they proceed in accordance to valid legal regulations and the conditions agreed to in the contract regarding the processing of personal data, and that they are bound by confidentiality and protect your data in accordance with GDPR requirements.

Will your information be tranferred outside EU?

Under normal circumstances, we do not transfer your personal data outside the European Union. If we use services or tools based or servers in third countries, we will do so in accordance with the GDPR (e.g. based on the decision on the adequate level of protection, standard contractual clauses, etc.) and we will inform you about it.

Will your personal data be used for profiling or individual automated decision-making?

We do not perform automated individual decision-making (with legal effects) or profiling within the community and content sections of the web platform..

How long do we store the data?

We have described the storage periods for each purpose above. In case you decide to delete your account (terminate the contract according to the section terms and conditions), We will delete or anonymize your personal data associated with your account within 30 days (unless we are bound by other legal deadlines).).

The content you have added to the platform (discussion posts, comments, articles, etc.) will in most cases be anonymized to maintain the continuity of discussions (without it being possible to identify you through this content).).

What are your rights?

The right to access personal data acc. to Article 15 of GDPR:

The person concerned has a right to obtain a confirmation regarding the processing of their personal data by the operator. The person concerned has a right to obtain the access to their personal data (has a right to a copy of their personal data, which is available to the operator), and information regarding how the operator is processing this data in acc. with Article 15 of GDPR.

The right to correct personal data acc. to Article 16 of GDPR:

The person concerned has a right to rectification of their personal data, if it is inaccurate or needs completion, if it is incomplete. The operator must agree to the request for the correction or completion without undue delay.

The right to delete (right to "forget") acc. to Article 17 of GDPR:

The person concerned has a right to obtain that the operator will delete their personal information without undue delay, in case any reason mentioned in Article 17 par. 1 of GDPR is fulfilled (e.g. if personal information acquired by the operator is no longer needed or processed for purposes for which it was acquired for). This right of the person concerned will be judged by the operator, who will consider each party's point of view and based upon relevant circumstances in accordance with Article 17 of GDPR (e.g. the operator will not comply with the request, if the processing is necessary - in order to fulfil a legal obligation of the operator or to prove, enforce or defend any legal rights).

The right to restrict personal data processing acc. ro Article 18 of GDPR:

The person concerned has a right for the restriction of processing of their personal data, if any instance, acc. to Article 18 par. 1 of GDPR, occurs. If the processing has been restricted in accordance with Article 18. par. 1 of GDPR, such personal data is, except for storage, processed : a) only with consent from the person concerned, or b) in order to prove, enforce or defend legal rights, or c) for protection of another individual or legal person, or d) for reasons of essential public interest of the Union or member state.

The right to portability of personal data acc. to Article 20 of GDPR:

If the processing is based upon an agreement or a contract and is performed by automatic means, the person concerned has a right to acquire their personal information, which they provided to the operator, in a structured, commonly used and machine-readable format, and they have a right to transfer this information to another operator. If technologically possible, they have a right to transfer this information from one operator to the other.

The right to object acc. to Article 21 of GDPR:

If processing is based upon legitimate interests (Article 6 par. 1 letter f) of GDPR), person concerned has a right to object, at any point in time, based on reasons connected to their specific situation, against the processing of their personal information, including objecting against profiling based upon said interests. The operator thus cannot process the personal information anymore, unless proven, that there are necessary legal reasons that outweigh the interests, rights and freedoms of the person concerned, or their reasons for proving, enforcing or defending a legal claim. In case the person concerned objects to their personal information being processed for direct marketing purposes, incl. profiling in the extent that is connected to the direct marketing, the personal information cannot be processed for this purpose.

The right to submit a suggestion or complaint to the Office for Personal Data Protection

You can, at any given time, submit a suggestion or a complaint regarding the processing of your personal data to the supervisory authority, i.e. Office for the Protection of Personal Data of the Slovak Republic, Hraničná 12, 820 07 Bratislava, www.dataprotection.gov.sk.

Exercising your rights is free of charge. If you wish to exercise any of your rights or have any questions, please do not hesitate to contact us at [email protected].

Cookies

Our web platform uses cookies to ensure basic functionality, analytical purposes and possibly to display relevant information or target content. For more detailed information about what cookies we use and for what purpose, please see the section Cookie settings or in a separate document on our website. We use personalization cookies only with your consent. We process cookies that serve to ensure better functionality of the web platform based on our legitimate interests. If you want to prohibit the use and storage of cookies in your browser, you can do so through the settings in your browser. The procedure for setting up cookie blocking depends on the browser you are using..

Final provisions

  • This document enters into force and effect on 31.12.2024.
  • We reserve the right to update this document, e.g. in the event of legislative changes or changes in the scope of services provided.
  • The version currently published on the web platform always applies..
keyboard_arrow_up