Protecting your privacy is of utmost importance to us. Your data is processed transparently and fairly, and we take every precaution to handle your data carefully and responsibly. In doing so, we adhere to the conditions outlined in the General Data Protection Regulation (GDPR).
In this privacy statement, we describe why we process your data, how we process it, and the rights you have in this process. This includes your right to access and object to the processing of your data. This privacy statement applies to the personal data of our customers who visit our website (www.biketotaal.nl) and stores, purchase products, and use our services. This encompasses both data collected offline through stores or customer service and data collected online, such as through the website, the account (Bike Passport/ Fietspaspoort), and our social media pages (Instagram, Facebook, and YouTube).
Most of the personal data we use is necessary to fulfil your purchase. In some cases, we may also use your data for marketing purposes.
Who is responsible for processing my data?
The entity responsible for processing your personal data is Dynamo Retail Group B.V. (DRG). Bike Totaal is part of DRG.
Dynamo Retail Group B.V.
3824 ML Amersfoort
If you have any questions about this privacy statement or the processing of your personal data, please contact us at firstname.lastname@example.org with the subject: Privacy.
What personal data do you collect?
We process your personal data when you use our services and/or provide these data to us yourself. Depending on the services you use, we may process the following personal data:
First and last name
Other personal data actively provided by you, for example, by registering for an account, subscribing to the newsletter, or placing an order, in correspondence, and by phone.
Other personal data provided for your account/Bike Passport, in correspondence, and by phone.
Information you fill in an open field, such as a review or a message in the contact form.
Communication between you and DRG, for example, via service-related emails.
How do we use your data?
We process your personal data to the extent necessary for a functioning website and the execution of our services. This occurs when you visit our website, log into an existing account, or place orders. We use your personal data for the following purposes:
Fulfilment of agreements with you, such as an order, service package, or subscription
Product and service development, such as the website
Diagnosis or resolution of technical issues
Conducting targeted marketing campaigns
Conducting analyses and market research
Compliance with legal obligations
Providing a subscription
Customer satisfaction surveys
Protecting our assets and combating fraud
What are cookies?
Cookies are small text files that websites place on your computer, mobile phone, or tablet after your visit. There is a distinction between necessary or functional cookies and marketing or tracking cookies. The main function of cookies is to distinguish one user from another.
What are necessary cookies?
Necessary or functional cookies are required for our website to function. These may include cookies that keep track of what is in your shopping cart. Additionally, we use analytical cookies to track visitor statistics, gaining better insight into the website's performance. No consent is required for these cookies. During your first visit to the website, we informed you about these cookies.
What are marketing cookies?
Marketing or tracking cookies are used to track your website usage and create a profile to offer you personalised content through advertisements and other targeted marketing actions. This may include your computer's IP address, device type, and the pages you visit. During your first visit to the website, we informed you about these cookies and requested your consent to place them.
You can opt out of cookies by configuring your internet browser not to store them. Additionally, you can delete all previously stored information through your browser's settings.
For what do we use marketing cookies?
We use marketing cookies for various purposes. Below, you can read what we do with marketing cookies:
Conducting Targeted Marketing Campaigns
We use remarketing services to show you personalised content that matches your interests. This helps prevent you from receiving content or offers that are less relevant to you. With the use of Google's DoubleClick Cookie, advertisements can be shown to you based on your visits to our website or other websites. You can opt out of using the DoubleClick Cookie for interest-based advertisements by visiting the Google Ads Settings page.
Additionally, we may use your data to contact you via email. If you receive emails from Bike Totaal, we may use a technique (pixel) to track your click behaviour in emails. We do this to provide you with good service and make communication more relevant to you. For emails that are not necessary for the execution of an agreement with you, you can always unsubscribe via the link at the bottom of the email.
Processing of reviews
For the execution of our services, we may ask for your satisfaction as a customer and request you to write a review about our products or services. When leaving a review, we will request your permission to use your name and place of residence. Your review may then be published on the website. You can also choose to have your review published anonymously on the website. If you want us to remove a review you posted, you can request this through email@example.com with the subject: Privacy.
To whom do you disclose my data?
We share the data you provide with third parties when necessary to fulfil an agreement with you, to protect our legitimate interests, and to comply with any legal obligations. We never share more data than necessary. In the following situations, we share data with third parties:
Transfer within group companies: We share your personal data with companies belonging to our group for the conclusion and execution of agreements with you. For example, we share your data with the store you chose when ordering a bike online or when picking up an online order in-store. When you contact our customer service, they will also have access to your order details.
Transfer to service providers processing your data on our behalf: For the operation and optimisation of the website and the execution of agreements, various service providers work on our behalf, such as central IT services or website hosting, payment processing, and product delivery or email dispatch. We enter into data processing agreements with companies processing your data on our behalf to ensure the same level of security and confidentiality of your data. DRG remains responsible for these processes. We will never rent or sell your data to third parties.
Transfer to service providers for product delivery: For certain products and deliveries by specific stores, your order will be shipped through a service provider. This service provider receives information from us, such as your email address, to arrange a delivery time with you.
Transfer to service providers for product payments: We use third parties for payment processing in our stores and on our website. For example, we use MultiSafepay for payments on our website. During payment, we do not collect or store payment information such as bank account numbers or credit card numbers. These are sent directly to the respective payment service provider.
Transfer due to legal provisions: We may access, store, and share your information if required by law. For example, the police may request data from us as part of a fraud investigation. In such cases, we are legally obliged to provide your data.
How long do we retain your personal data?
By the law, we do not retain data longer than necessary to achieve the purposes for which it was collected unless required by a legal provision.
How do we secure your personal data?
We take the protection of your data seriously and implement appropriate measures to prevent misuse, loss, unauthorised access, unwanted disclosure, and unauthorised modification. To protect your data, it is transmitted encrypted via a secure internet connection (TLS, formerly SSL). You can recognise this by the address bar displaying 'https' and the padlock symbol in the address bar. Additionally, we use DKIM and SPF to prevent you from receiving emails on our behalf that contain viruses, spam, or are intended to obtain personal (login) information.
What about the use of my data when I click on a link to a third-party website?
Our website contains links to the websites of other companies. We are not responsible for the data protection measures on external websites you can access through these links. Always read the privacy statement of these websites before using them for more information on how they handle your data.
Personal data of minors
If you are 16 years old or younger, you may only use our website under the supervision of your parents or legal guardians. We do not knowingly collect personally identifiable information from children under the age of sixteen. If you are a parent or guardian and you are aware that your child(ren) has provided us with personal information, please contact us at firstname.lastname@example.org with the subject: Privacy. If we become aware that we have collected personal information from a child under sixteen without verifying parental consent, we will take steps to remove that information.
What happens to my data if I do not live in the Netherlands?
If you do not live in the Netherlands and choose to provide information to us, for example, by placing an order from Belgium, please be aware that we will transfer the information to the Netherlands. We adhere to the data protection laws applicable in the Netherlands. These laws may differ from those in your country. By submitting such information, you agree to the transfer of data as described in this privacy statement.
What happens to my data in the event of a DRG takeover?
Suppose we sell part or all of DRG or our assets or transfer them to another organisation (e.g., in connection with a transaction such as a merger, acquisition, bankruptcy, dissolution, or liquidation). In that case, the information collected through the service may be included in the sold or transferred items. The buyer or transferee will have to comply with the commitments in this privacy statement.
Changes to this privacy statement
We may change this privacy statement from time to time. It is advisable to consult this privacy statement regularly.
How can I access, change, or delete my data?
If you have an account, you can log in to view and change your personal information. Requests for access, correction, changes, and deletion can be submitted to us via email at email@example.com with the subject: Privacy.
To prevent abuse, we ask you to identify yourself when making a written request. We try to establish your identity as much as possible based on the personal data we already have. We do this by asking you a series of control questions.
Additionally, we may ask you to send a redacted copy of a valid ID. We will only request a copy of a redacted ID based on a specific assessment on a case-by-case basis. And only if it is proportionate to the nature and extent of the personal data.
When you submit a request for access, changes, and/or deletion, we ensure that your request is processed within 4 weeks. If we are unable to process your request within this period, we will notify you.
How can I file a complaint about the use of my personal data?
We are here to help if you have complaints about the processing of your personal data. If you are unable to resolve the issue with us, you have the right, under privacy legislation, to file a complaint with the national supervisory authority, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). You can contact the Dutch Data Protection Authority for this purpose.
When did this privacy statement come into effect?
This (revised) privacy statement came into effect on 30 January 2024.
How can I get in touch?
If you have any questions about this privacy statement, please contact us at firstname.lastname@example.org with the subject: Privacy.