CYCLEFITEUROPE
EN DE

Legal

Privacy Policy

This English version is provided for convenience. The German privacy policy is the legally binding version; German and EU data protection law applies.

We take the protection of your personal data seriously. In this privacy policy we inform you, in accordance with Art. 13 of the General Data Protection Regulation (GDPR), which data we process, for what purpose and on what legal basis.

1. Controller

The controller responsible for data processing on this website is:

CycleFit Europe
Lloyd Thomas
[ENTER FULL BUSINESS ADDRESS – separate correspondence address, not the studio address; required under § 5 DDG]

Email: lloyd@bikefiteurope.com

2. General information

Personal data is any information relating to an identified or identifiable natural person. We only process personal data where this is necessary to provide the website, to communicate with you, and to prepare, carry out and follow up a bike fitting, or where you have given your consent.

Data is transmitted on this website in encrypted form via a secured connection (TLS/SSL).

3. Hosting and server log files

This website is hosted by an external service provider. The personal data collected on this website is stored on the host’s servers.

Hosting provider: [ENTER HOSTING PROVIDER]

When you access the website, the host automatically collects information in so-called server log files that your browser transmits. These are usually:

  • IP address
  • date and time of access
  • page or file requested
  • amount of data transferred
  • browser type and version
  • operating system used
  • referrer URL

This data is required to provide the website technically, to ensure stability and security, and to prevent misuse. The legal basis is our legitimate interest in a secure and functional web presence (Art. 6 (1) (f) GDPR).

Retention period: [ENTER RETENTION PERIOD]

4. Contact by email or form

If you contact us by email or via a contact form, we process the data you provide (e.g. name, email address, content of your message) in order to handle and respond to your enquiry.

The legal basis is the performance of pre-contractual measures or the performance of a contract (Art. 6 (1) (b) GDPR), insofar as your enquiry relates to a booking or service, otherwise our legitimate interest in responding to enquiries (Art. 6 (1) (f) GDPR).

We store this data until your enquiry has been finally dealt with, provided no statutory retention obligations apply.

5. Online appointment booking

Appointments are booked via internal booking pages (/buchen and /en/booking). On these pages the booking system is displayed within an embedded frame (iframe). When this frame loads, connection data (e.g. your IP address) is transferred to the provider of the booking system, and cookies may be set there.

This is currently provided by the Acuity Scheduling booking system. In future, the booking is intended to move to our own booking system at booking.bikefiteurope.com.

Insofar as embedding the booking system is not strictly technically necessary, it only takes place with your consent (§ 25 (1) TDDDG, Art. 6 (1) (a) GDPR). You can withdraw this consent at any time with effect for the future.

The data you enter during the booking process itself (e.g. name, contact details, desired appointment and service) is processed to carry out the booking and prepare the appointment (Art. 6 (1) (b) GDPR).

Booking system provider / contract details: [ENTER HOSTING PROVIDER]
Retention period for booking data: [ENTER RETENTION PERIOD]

6. Bike fitting: intake and body-related information

To prepare, carry out and follow up a bike fitting, we process the information you provide for this purpose. Depending on your input, this may also include body-related information, such as body measurements, mobility, previous riding positions or training habits.

We process this information to provide the service you have booked (Art. 6 (1) (b) GDPR). Providing this information is voluntary; however, without certain details a bike fitting may not be possible or may not be carried out in full.

7. Possible health data under Art. 9 GDPR

In connection with a bike fitting, information may arise that can be classified as health data within the meaning of Art. 9 GDPR. This includes, for example, information about pain, previous injuries, numbness, mobility limitations, saddle pressure or other physical complaints.

We process such information exclusively where you voluntarily provide it to us for the preparation, execution, documentation or follow-up of your bike fitting. The legal basis is your explicit consent (Art. 9 (2) (a) GDPR). You can withdraw this consent at any time with effect for the future.

CycleFit Europe is not a medical provider and does not offer any medical or therapeutic services. A bike fitting does not replace a medical examination, diagnosis or treatment. The information mentioned serves solely to adapt the riding position and equipment to your individual requirements.

If you do not wish to share health-related information with us, that is possible. In that case we carry out the bike fitting based on the information available to us.

8. Photos, videos and movement analysis during bike fitting

During a bike fitting, photos or video recordings may be made and a movement analysis carried out to analyse the riding position. These recordings initially serve solely to carry out and document your appointment (Art. 6 (1) (b) GDPR; where health-related, Art. 9 (2) (a) GDPR on the basis of your explicit consent).

Any use beyond this — in particular publication of photos or videos, for example on the website or on social media — requires separate, explicit consent. This consent is voluntary and can be withdrawn at any time with effect for the future.

9. Cookies and similar technologies

This website uses cookies and similar technologies. Technically necessary cookies are required to operate the website. Non-necessary cookies and comparable technologies are only used with your consent (§ 25 (1) TDDDG, Art. 6 (1) (a) GDPR).

Details of the cookies used, the categories and the option to change or withdraw your consent can be found in our Cookie Policy.

10. External services and embedded content

Individual pages may contain content from external providers (e.g. embedded media or the booking system mentioned above). When such content is accessed, connection data is transferred to the respective provider.

Insofar as this embedding is not technically necessary, it only takes place with your consent (§ 25 (1) TDDDG, Art. 6 (1) (a) GDPR). You can withdraw your consent at any time with effect for the future.

External services used: [ENTER COOKIE SCAN RESULTS]

11. Newsletter

This section only applies if a newsletter is actively offered.

If you subscribe to a newsletter, we process the data provided (e.g. email address) on the basis of your consent (Art. 6 (1) (a) GDPR) in order to send you the newsletter. You can unsubscribe and withdraw your consent at any time.

Newsletter provider: [ENTER NEWSLETTER PROVIDER IF ACTIVE]

12. Payment processing

This section only applies if online payment is actively offered.

If payment is possible via the website or booking system, the data required for payment processing is transmitted to the respective payment service provider. The legal basis is the performance of the contract (Art. 6 (1) (b) GDPR).

Payment provider: [ENTER PAYMENT PROVIDER IF ACTIVE]

13. Retention periods

We only store personal data for as long as is necessary for the respective purposes or as required by statutory retention periods. After that, the data is deleted or anonymised.

Specific retention periods: [ENTER RETENTION PERIOD]

14. Your rights

Within the scope of the legal requirements, you have the following rights:

  • right of access to the data processed about you (Art. 15 GDPR)
  • right to rectification of inaccurate data (Art. 16 GDPR)
  • right to erasure (Art. 17 GDPR)
  • right to restriction of processing (Art. 18 GDPR)
  • right to data portability (Art. 20 GDPR)
  • right to object to processing (Art. 21 GDPR)
  • right to withdraw consent given at any time with effect for the future (Art. 7 (3) GDPR)

An informal message to the contact details above is sufficient to exercise your rights.

15. Right to lodge a complaint with the supervisory authority

Without prejudice to any other legal remedy, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your data infringes the GDPR. The supervisory authority responsible for us is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden
Deutschland
Telefon: +49 611 1408-0
E-Mail: poststelle@datenschutz.hessen.de

16. Currency and changes to this privacy policy

This privacy policy is currently valid and has the date stated below. As our website develops, or due to changed legal requirements, it may become necessary to amend this privacy policy.

Last updated: 15 June 2026