About us

Mesaic Technology GmbH
WeWork Stadthausbrücke
Axel-Springer-Platz 3
20355 Hamburg
Germany

mail@veloyo.com

Company representatives:
Sebastian Kellner
Niko Uphoff

Registration court: District court of Hamburg
Registration in the commercial register: HRB 128056
VAT-Reg.Nr: DE 291 057 579

Responsible for content according to § 55 II RStV:
Mesaic Technology GmbH
Schulterblatt 115
20357 Hamburg
Germany

General information about how we handle your data

Veloyo is a service of Mesaic Technology GmbH, WeWork, Axel-Springer-Platz 3, 20355 Hamburg, (hereinafter referred to as "Veloyo", "we" or "us"). Veloyo takes the conscientious and careful handling of your personal data and the protection of your personal data very seriously. According to Art. 4 no. 1 of the General Data Protection Regulation ("GDPR"), personal data are all information which relate to an identifiable natural person (the "Data Subject").
You learn in the following Data Protection Statement which personal data we process when you visit our website (Veloyo.com) and/or make a booking. We additionally explain how you can see, change or erase your data. To the extent not provided otherwise, the use of all personal data which Veloyo stores and uses when its customers used the service are subject to this Data Protection Statement.

Data controller pursuant to Art. 4 No. 7 GDPR

Veloyo is the data controller within the meaning of Art. 4 No. 7 GDPR for the following described data processing.
You can contact our data protection officer via dataprotectionofficer@mesaic.io.

Data processing when accessing Veloyo's website and related functions

Description of the website

When you access our website, your end-device automatically transmits the following data for technical reasons:

  • domain name of the website
  • access time and date
  • browser type and used operating system
  • URL of the previously listed pages
  • IP address

Veloyo stores this information only in anonymized form (e.g. your IP address is abbreviated) and this information cannot be attributed to a specific user at any time.

Cookies

Veloyo uses certain "cookies". Cookies are small text data files on your end-device which can store information which you disclose during your internet visit. Cookies are transmitted to the hard drive of the computer by means of the respective web browser. Cookies cannot transmit any information from the computer system. Cookies make it possible to recognize your end-device again.

Functional cookies, for example, enable the reproduction of your session during the last visit. Cookies can also remain on the hard drive of the computer after visiting our website. We process the data, in order to make the renewed visit to the Veloyo website as simple and comfortable as possible. If you generally reject cookies, you can deactivate them at any time by changing your browser options. However, certain functions are only available when you permit cookies.

These cookies cannot identify you as a person. The described use of cookies is legitimate on the basis of our justified interest in structuring our website appropriately for the needs as well as statistical analysis of our website and the circumstance that your legitimate interests do not outweigh our interests, Art. 6 para. 1 lit. f GDPR.

Google Analytics

Veloyo's website and applications use Google Analytics, a web analysis service of Google Germany GmbH, Hamburg as well as Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") which Veloyo has retained. Google Analytics uses "cookies" text data files which are stored on your end-device and make it possible to analyze how you use the website or the application. The information produced by the cookie concerning your use of the services is normally transmitted to a server of Google in the USA and stored there. Our website uses the service "_anaonymizelp()", with which your IP address, however, is first abbreviated by Google within the Member States of the European Union or in other countries which are members of the Convention on the European Economic Area. The complete IP address is only transmitted in exceptional situations to a server of Google in the USA and abbreviated there. Google uses this information on behalf of the operator of this website, in order to analyze your use of the website and compile reports about website activities and to provide services to the website operator which are related to the use of the website and the use of the internet. The IP address transmitted by your browser is not combined by Google with other data under Google Analytics. You can prevent the storage of the cookies with a corresponding setting in your browser software; however, we wish to inform you that in this event, it is possible that not all functions of this website can be fully used. You can also prevent the transfer to Google of the data produced by the cookie which relate to your use of the website (incl. your IP address) as well as the processing of these data if you download and install the browser plugin which is available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de). You can find more information about this at http://tools.google.com/dlpage/gaoptout and at http://www.google.com/intl/de/analytics/privacyoverview.html (general information about Google Analytics and data protection).

Google Analytics is used on the basis of our legitimate interest in structuring the website appropriately for the needs, statistical analysis as well as the efficient advertising for our website and the circumstance that your legitimate interests do not outweigh our interests, Art. 6 para. 1 lit. f GDPR.

Google Conversion Tracking

Our website uses Google Conversion Tracking. Google AdWords uses Google Conversion Tracking to place a "conversion cookie" (see above with regard to cookies) on your end-device through our website if you have come to our website using a Google AdWords advertisement. These cookies are deleted after thirty days and do not contain any personal data. They serve the purpose of enabling us to verify when a user has come to our website by clicking on an advertising banner. However, we do not receive any information with which we can identify specific individuals.
If you would like to object to the placing of a cookie for conversion tracking, you can use the browser add-on to deactivate Google Analytics (see above). This simultaneously deactivates Google Conversion Tracking. You can also deactivate the use of cookies by third party providers.


Google Conversion Tracking is used on the basis of our legitimate interest in structuring the website appropriately for the needs, statistical analysis as well as efficient advertising of our website and the circumstance that your legitimate interests do not outweigh our interests, Art. 6 para. 1 lit. f GDPR.

Google AdSense

We use Google AdSense, an advertising network of Google Inc. Google AdSense uses cookies which make it possible to analyze the use of the website. Google AdSense also uses so-called "web beacons" (hidden graphics). Information such as the visitor traffic on these pages can be analyzed by using these web beacons. The information produced by cookies and web beacons about the use of this website (including the abbreviated IP address) and the delivery of advertising formats is transmitted to a server of Google in the USA and stored there. This information can be disclosed by Google to contract partners. However, Google does not combine this information with other data stored by you.

You can find further information about data protection at Google here:
http://www.google.com/intl/en/privacy/ads/

You can object at any time to the use of your pseudonym data by installing a browser add-on. You can download this here: https://www.google.com/settings/u/0/ads/plugin?hl=de.

The use of Google AdSense is based on our legitimate interest in refinancing our investments for the operation of our website by advertising and the circumstance that your legitimate interests do not outweigh our interests, Art. 6 para. 1 lit. f GDPR.

Social Media Plugins

Veloyo can use social media plugins ("plugins") of the following social networks on the website:

facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"),
twitter.com, which is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA ("Twitter")
Instagram, which is operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany ("XING")

When you visit our website, the plugins are initially deactivated. In order to protect your privacy, we have decided not to immediately activate the respective plugins when you visit our website and instead we have installed a two-step solution. This solution gives you the possibility to activate the respective plugins as needed by yourself. So long as you have not clicked the respective button, no personal data about you are transmitted to the respective operator. A transfer of your data to the respective social media provider first takes place when you have activated the respective plugins by yourself. You can find more about the two-click solution at www.heise.de/ct/artikel/2-Klicks-fuer-mehr-Datenschutz-1333879.html.

The plugins are marked with a logo of Facebook, Twitter or Instagram and/or the statements Facebook plugin "recommended" / Twitter plugin "Tweet". When you access our internet site containing such a plugin and activate this plugin with a click, your browser establishes a direct connection to the servers of the respective social media provider and transmits data. According to our knowledge, this can include:

date and time of the visit to the website
URL of the website accessed by the visitor
URL of the website which the visitor previously visited
used browser

If you are logged in with Facebook, Google+ and/or Twitter, the respective operator can attribute the visit to your account and can link this to other information they have.

If you interact with the activated plugins, for example, by confirming the "like" or the "tweet" button or by making a comment, the corresponding information is directly transmitted by your browser to the respective provider and stored there.
The purpose and scope of the collection of data and the further processing of use of the data by the operator as well as your corresponding rights and possibilities for setting to protect your privacy can be found in the respective data protection guidelines.

You can find them at:

We have no influence and also no knowledge about the further use of the data by the named operators of the social media portals. If you do not want the respective operators to collect data about you by means of our internet site, you should log out of the social media sites when you visit our internet site, and you should not activate the plugins with a click. It is also possible to block Facebook social plugins with add-ons for your browser, for example, using the Facebook blocker (http://webgraph.com/resources/facebookblocker/).

Contact form

If you submit inquiries to us using our contact form, your information in the contact form, including the contact data you have provided there (name, email address, further inquiry details) are stored and used for the purpose of processing the inquiry.

We collect these data, in order to be able to receive and process your inquiry. The legal basis is accordingly the performance of the contractual relationship resulting from your inquiry pursuant to Art. 6 para. 1 lit. b GDPR.

To the extent that we process your data for the purpose of receiving and processing your inquiries, as described above, you are required under the contract to provide these data to us. Without these data, we are not able to receive and process your inquiries.

Newsletter data

If you would like to receive the newsletter offered on the website, we need your email address as well as, as an option, your first name and last name. We use these data exclusively for sending out the requested information and do not disclose these data to third parties. Hereby we make use of Mailchimp's newsletter services. You can cancel the newsletter at any time. Every newsletter contains the information about how you can cancel the newsletter with effect for the future. You can, for example, use the "cancel" link in the newsletter.

The collection and processing of your personal data in this situation is for the purpose of being able to offer the newsletter as you have ordered it, i.e. for the purpose of performing the contractual relationship on the basis of Art. 6 para. 1 lit. b GDPR. The data provided by you and stored with us for the purpose of obtaining the newsletter are stored by us until you cancel the newsletter and are deleted after cancellation of the newsletter. Data which we store for other purposes (e.g. email addresses for the members area) are not affected by this. are not affected by this.

MailChimp
This website uses the service of MailChimp for sending out newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
MailChimp is a service with which, among other aspects, the sending out of newsletters can be organized and analyzed. When you enter data for the purpose of obtaining the newsletter (e.g. email address), these data are stored on the servers of MailChimp in the USA. We collect the following personal data when sending out our newsletter:

  • email address
  • first name and last name (optional)
    MailChimp has a certification in accordance with the "EU-US Privacy Shield". The "Privacy Shield" is an agreement between the European Union (EU) and the USA which is intended to assure compliance with European data protection standards in the USA.
    We can analyze our newsletter campaigns by means of MailChimp. When you open an email sent with MailChimp, a data file contained in the email (so-called counting pixel) is connected to the servers of MailChimp in the USA. This makes it possible to determine whether a newsletter message has been opened and which links might have been clicked. Technical information is also obtained (e.g. time of the accessing, IP address, browser type and operating system). This information cannot be attributed to the respective recipient of the newsletter. These data are used exclusively for statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
    If you do not want any analysis by MailChimp, you must cancel the newsletter
    (https://veloyo.us10.list-manage.com/unsubscribe?u=b4ad2c1c8278b6f6ce6e46725&id=eea4fc099d). We provide a corresponding link in every newsletter message. You can also directly cancel the newsletter on the website.

Data processing for providing our services

We offer you with our services a very simple possibility to have your bicycle repaired. We process your data as described below.

Registration data

In order for you to be able to use our services, you must register. You must provide the following required information:

  • your name
  • your email address
  • your mobile telephone number
  • a password

These data are needed to install and administer a user account for you so that you can use our service. We specifically need these data, in order to be able to receive your order and carry out the requested repairs on your bicycle. We need your mobile telephone number, in order to keep you informed about the progress of the repair and so that the retained mechanic can contact you on the road.

We collect these data, in order to be able to provide our services to you, i.e. perform the contract, on the basis of Art. 6 para. 1 lit. b GDPR.

To the extent we process your data for purposes of providing the functions in our services, you must provide these data. We are not able to provide these functions to you without these data.

Furthermore, you can provide all the following voluntary information when you register or in your profile:

  • payment method and details
  • Billing adress

This information is voluntary and not required when you register. We collect these data in order to process payment, invoicing and communication.

Ordering and performance of our services

As soon as you have established an account, you can order our services and especially order from us mobile repairs and servicing for your bicycle.

We process the following data for this purpose:

  • your account data (see above)
  • the location of your bicycle
  • your bank and payment data (this involves, at your choice, either credit card information or information about your Paypal account)
  • the photographs of your bicycle which you send to us when placing the order
  • information about the need for repairs on your bicycle

These data are needed so that we can perform your order and process payment.
We process your personal data in order to be able to carry out the repair and service you have ordered, Art. 6 para. 1 lit. b GDPR.

Does Veloyo disclose the data it receives?

We use your personal data in general only for those purposes for which you have expressly granted your consent or if this use is permitted by law or if we are required by law to use these data. The data can only be disclosed to third parties in the following situations:

  • Personal data are forwarded to criminal prosecution authorities and, if appropriate, to harmed third parties if this is necessary to investigate illegal use of our services or for purposes of criminal prosecution. However, this only occurs if there are specific indications about illegal or improper conduct. A disclosure also can occur if this serves the purpose of enforcing terms and conditions of use or other agreements. We are also required by law to provide information upon request to certain governmental agencies. These can be criminal prosecution authorities and public authorities which prosecute misdemeanors that are subject to fines and the tax authorities.

  • These data are disclosed on the basis of our legitimate interest in combating misuse, prosecution of criminal acts and securing, asserting and enforcing claims and the fact that your rights and interests in the protection of your personal data do not outweigh these interests, Art. 6 para. 1 lit. f GDPR.

  • To the extent we are required to provide the data, the information is provided in accordance with the respective statutory duty on the basis of Art. 6 para. 1 lit. c GDPR.

  • If you request this, we pass on your data for performing the repair service.

  • We process these data in order to comply with your request and perform the respective contract, Art. 6 para. 1 lit. b GDPR.

  • Offers of third parties (e.g. Vimeo) can be included in the Veloyo website. The IP address is transmitted to the third party provider for this purpose due to necessary technical reasons. We have no influence on how the third party providers store these data.

  • These data are disclosed on the basis of our legitimate interest in an attractive and contemporary structuring of our website and the fact that your rights and interests in protection of your personal data do not outweigh these interests, Art. 6 para. 1 lit. f GDPR.

  • We must use third party companies and external service providers ("contract processors") who are bound to us by contracts in order to provide our services. Personal data are forwarded to these contract processors in such situations, in order to enable them to conduct the further processing. We carefully select and regularly examine these contract processors, in order to make sure that your privacy is protected. The contract processors can use the data exclusively for the purposes we determine and are also required by us under contract to handle your data. Exclusively in accordance with this Data Protection Statement as well as German laws on data protection.

  • To the extent we use contract processors outside the European Economic Area ("EEA"), we make sure that the respective recipient assures a reasonable level of data protection within the meaning of the General Data Protection Regulation.

  • The European Commission issued the decision in a resolution dated 12 July 2016 with regard to the USA that a reasonable level of data protection exists under the rules of the EU-US Privacy Shield (resolution on reasonableness, Art. 45 GDPR). We use the following service providers which are certified in accordance with the EU-US Privacy Shield:

MailChimp for sending out newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA

Stripe for payment processing. The provider is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Irland

Amazon Simple Email Service (Amazon SES) for sending out emails. The provider is Amazon Web Services, Inc. 410 Terry Avenue North, Seattle WA 98109, USA.

Twillio for sending out SMS. The provider is Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105, USA.

Facebook Pixel as tracking tool. The provider is Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.

Google Analytics as tracking tool. The provider is Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Conversion Tracking as tracking tool. The provider is Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Cloud Messaging (GCM) for sending out push notifications. The provider is Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA.

Apple Push Notifications (APN) for our native partner app. The provider is Apple Inc, One Apple Park Way, Cupertino, California 95014, USA.

Amazon Web Services (AWS) for website hosting. The provider is Amazon Web Services, Inc. 410 Terry Avenue North, Seattle WA 98109, USA.

Erasing your data

We erase or anonymize your personal data as soon as the data are no longer needed for the purposes described in the above sections. We normally store your personal data for the time in which the website is used plus a period of time of three years in which we retain back-up copies after erasing the data. Data of non registered users are deleted after 14 days.

Your rights as the Data Subject

Right to information:
You have the right to obtain information from us at any time upon request about your personal data that we process in the extent set forth in Art. 15 GDPR. You can submit a request by regular mail or email to the address set forth above.

Right to correction of incorrect data:
You have the right to demand from us the immediate correction of your personal data if these data are incorrect. Please, use the contact address set forth above for this purpose.

Right to erasure:
You have the right, under the prerequisites described in Art. 17 GDPR, to demand that we erase your personal data. These prerequisites especially provide for a right of erasure if the personal data are no longer needed for the purposes for which the data were collected or otherwise processed as well as in situations involving the illegal processing, the existence of an objection or the existence of a duty to erase under the law of the European Union or the law of the Member State which governs us. Reference is also made to point 13 of this Data Protection Statement with regard to the period of time in which the data are stored. In order to assert your above right, please use the contact address set forth above.

Right to limit processing:
You have the right to demand that we limit the processing in accordance with Art. 18 GDPR. This right especially exists if the accuracy of the personal data are disputed between the user and us and for the time which is needed to examine the addressee as well as in the event that the user demands limited processing instead of erasure when a right to erasure exists; you also have the right to demand limited processing in the event that the data are no longer needed for our purposes but the user needs the data in order to assert, exercise or defend claims under the law as well as when the effective exercise of an objection is still in dispute between us and the user. In order to assert your above right, please contact the contact address set forth above.

Right to data transfer:
You have the right to receive your personal data which we have provided in a structured, common, machine-readable format in accordance with Art. 20 GDPR. In order to assert your above right, please contact the above stated contact address.

Right to object:
You have the right to submit an objection in accordance with Art. 21 GDPR at any time against the processing of your personal data that occurs on the basis of Art. 6 para. 1 lit. e or f GDPR for reasons resulting under your specific situation. We will stop processing your personal data, unless we can prove mandatory reasons for the processing deserving of protection which outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend against claims under the law.

Right to submit a complaint:
You also have the right to submit complaints to the supervisory authorities.
You can reach the public authority having jurisdiction through Veloyo Technology GmbH at the following contact address:

The Hamburg Authority for Data Protection and Freedom of Information
[Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit]
Kurt-Schumacher-Allee 4
20097 Hamburg

Tel.: 040 / 428 54-4040
Email: mailbox@datenschutz.hamburg.de

(August 2018)
End of the Data Protection Statement