Privacy Statement Accell Group B.V.

Applicability

This Privacy Statement is effective for the collection, use, and other forms of processing of personal data by Accell Group B.V. (“Accell”) in connection with our services, Accell brand products, and this website.

Who is responsible for processing your personal data?

Accell Group B.V. is the legal entity responsible for all collection and processing of your personal data in connection with Accell brand products, services, and websites.

Accell Group B.V. has several affiliated companies (“Accell affiliates”). Accell and Accell affiliates are committed to respecting and protecting your privacy and the protection of the personal data you share with us.

The company name listed in the imprint is responsible for the processing of data in the context of the provision of this website.

Why do we process your personal data?

Personal data is any information about an identified or identifiable natural person. If you choose to register your personal data, contact us, or visit our websites, we process some of your personal data. We process these personal data for the following purposes:

To communicate with you personally or inform you about Accell brand products and/or services in accordance with your choices;
To provide customer service, including service related to purchasing services and/or products, fulfilling warranty obligations and product recalls for our own services and those of affiliated companies, and handling complaints and inquiries;
To process your purchase of Accell brand products, including financial and logistical handling;
To process your account with Accell and provide you with additive services or provide you with access to purchased services.
To process your participation in contests, promotions, surveys, or website features;
To conduct market research and improve our business operations, services, and Accell brand products or to develop new business operations, services, and products;
To perform statistical analyses and report on them;
To provide services on the internet;
To communicate with stakeholders and provide a loyalty program;
To provide app functionalities, including sending relevant commercial messages;
To communicate future promotional and marketing information with you, including purposes for direct marketing and retargeting;
To aggregate and/or anonymize personal data to generate other data for our use;
To comply with our legal responsibilities, resolve disputes, and enforce our agreements;
To protect your Accell brand product;
As otherwise indicated at or around the time the personal data is collected.

What personal data do we process?

The exact data we process depends on which websites, products, or services you use and how you use them. We process the following personal data:

Data you provide to us:

These are the data you enter yourself when you visit our websites or use our products or services or register for additional services. These data include, for example, your name, address, place of residence, gender, email address, phone number, age, date of birth, Accell products you have purchased, the account name and passwords you create, bank details for paying for Accell products, etc.

Data collected via sensors

Many products are equipped with one or more sensors or use the sensors of the devices on which the products are operated. Examples of sensors are GPS receivers, Wi-Fi or Bluetooth receivers, a camera, and touchscreens. In accordance with the purposes, the data collected via the sensors about you and the devices used are sent to Accell and other external parties that need the data to provide the agreed services to Accell.

Metadata

These are data collected or automatically generated while you use Accell's websites, products, or services. Metadata is often collected or generated when you use a computer device or when you transmit data via a computer network, such as the internet. These data include data you use in the user interface and during other device activities, as well as IP addresses, unique device IDs, MAC addresses of Wi-Fi and Bluetooth devices, cookies, and data from computer activities.

How do we process your personal data?

Below is indicated per method which personal data we process, for which purposes we use them, and which legal basis applies:

Method of processing

Processing by visiting this website

Cloudflare for content delivery

We use the “Cloudflare” service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. (hereinafter referred to as “Cloudflare”).Cloudflare offers a content delivery network with DNS that is available worldwide. As a result, the information transfer that occurs between your browser and our website is technically routed via Cloudflare’s network. This enables Cloudflare to analyze data transactions between your browser and our website and to work as a filter between our servers and potentially malicious data traffic from the Internet. In this context, Cloudflare may also use cookies or other technologies deployed to recognize Internet users, which shall, however, only be used for the herein described purpose.

The use of Cloudflare is based on our legitimate interest in a provision of our website offerings that is as error free and secure as possible (Art. 6(1)(f) GDPR).

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details and further information on security and data protection at Cloudflare can be found here.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

Analysis tools and advertising

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. This data is assigned to the respective end device of the user. An assignment to a user-ID does not take place.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to augment the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR. You may revoke your consent at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here.

IP anonymization

Google Analytics IP anonymization is active. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. The full IP address will be transmitted to one of Google’s servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google shall use this information to analyze your use of this website to generate reports on website activities and to render other services to the operator of this website that are related to the use of the website and the Internet. The IP address transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in Google’s possession.

Browser plug-in

You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link.

For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration here.

Contract data processing

We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.

Hotjar

This website utilizes Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).

Hotjar is a tool used to analyze your user patterns on this website. Hotjar allows us to for instance record your mouse and scroll movements as well as your click. During this process, Hotjar also has the capability to determine how long your cursor remained in a certain position. Based on this information, Hotjar compiles so-called Heatmaps, that make possible to determine which parts of the website the website visitor reviews with preference.

We are also able to determine how long you have stayed on a page of this website and when you left. We can also determine at which point you suspended making entries into a contact form (so-called conversion funnels).

Furthermore, Hotjar can be deployed to obtain direct feedback from website visitors. This function aims at the improvement of the website offerings of the website operator.

Hotjar uses technologies that make it possible to recognize the user for the purpose of analyzing the user patterns (e.g., cookies or the deployment of device fingerprinting).

If your approval (consent) has been obtained the use of the abovementioned service shall occur on the basis of Art. 6(1)(a) GDPR. Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of Art. 6(1)(f) GDPR; the website operator has a legitimate interest in the analysis of user patterns to optimize both, the web presentation and the operator’s advertising activities.

Deactivation of Hotjar

If you would like to deactivate the recording of data by Hotjar, please click on the link below and follow the instructions provided under the link.

Please keep in mind that you will have to separately deactivate Hotjar for every browser and every device.

For more detailed information about Hotjar and the data to be recorded, please consult the Data Privacy Declaration of Hotjar under the following link.

Data processing

Google AdSense

This website uses Google AdSense, a service for the integration of ads. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the assistance of Google Adsense, we are in a position to place targeted ads by third parties on our site. The contents of the ads are based on your interests, which Google determines based on your past user patterns. Moreover, when choosing compatible ads, context information, such as your location, the content of the visited website or Google search terms you have entered, will be taken into account.

Google AdSense uses Cookies, Web Beacons (invisible graphics) and comparable recognition technologies. As a result, it is possible to analyze information, such as visitor traffic data, on these sites.

The usage information for this website (including your IP address) recorded by Google Adsense and delivery of advertising formats are transferred to a Google server in the United States, where the information is stored. Google may share this information with one of its contracting partners. However, Google will not link your IP address with any other of your stored information.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR. You may revoke your consent at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:.

Google Conversion-Tracking

This website uses Google Conversion Tracking. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the assistance of Google Conversion Tracking, we are in a position to recognize whether the user has completed certain actions. For instance, we can analyze the how frequently which buttons on our website have been clicked and which products are reviewed or purchased with particular frequency. The purpose of this information is to compile conversion statistics. We learn how many users have clicked on our ads and which actions they have completed. We do not receive any information that would allow us to personally identify the users. Google as such uses cookies or comparable recognition technologies for identification purposes.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR. You may revoke your consent at any time.

For more information about Google Conversion Tracking, please review Google’s data protection policy.

Meta Pixel (formerly Facebook Pixel)

To measure conversion rates, this website uses the visitor activity pixel of Meta. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta’s statement the collected data will be transferred to the USA and other third-party countries too.

This tool allows the tracking of page visitors after they have been linked to the website of the provider after clicking on a Meta ad. This makes it possible to analyze the effectiveness of Meta ads for statistical and market research purposes and to optimize future advertising campaigns.

For us as the operators of this website, the collected data is anonymous. We are not in a position to arrive at any conclusions as to the identity of users. However, Meta archives the information and processes it, so that it is possible to make a connection to the respective user profile on Facebook or Instagram and Meta is in a position to use the data for its own promotional purposes in compliance with the Meta Data Usage Policy. This enables Meta to display ads on Facebook or Instagram and other advertising channels. We as the operator of this website have no control over the use of such data.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR . You may revoke your consent at any time.

Within the meta pixel, we are using the expanded alignment function.

The expanded alignment allows us to transfer to Meta different types of data (e.g., place of residence, federal state, zip code, hashed email addresses, names, gender, date of birth or phone number) of our customers and prospects we collect through our website. Herewith, we can tailor the offers presented in our advertising campaigns on Facebook and Instagram to individuals interested in what we offer even more precisely. Moreover, this expanded alignment optimizes the allocation of website conversions and expands custom audiences.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Meta. The processing by Meta that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us have been jointly set out in a joint processing agreement. The wording of the agreement can be found here:

According to this agreement, we are responsible for providing the privacy information when using the Meta tool and for the privacy-secure implementation of the tool on our website. Meta is responsible for the data security of Meta products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook or Instagram directly with Meta. If you assert the data subject rights with us, we are obliged to forward them to Meta.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here and here.

In Meta’s Data Privacy Policies, you will find additional information about the protection of your privacy at.

You also have the option to deactivate the remarketing function “Custom Audiences” in the ad settings section here. To do this, you first have to log into Facebook.

If you do not have a Facebook or Instagram account, you can deactivate any user-based advertising by Meta on the website of the European Interactive Digital Advertising Alliance.

TikTok Pixel

We have integrated TikTok pixel on this website. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter TikTok).

With the help of TikTok Pixel, we can display interest-based advertisements on TikTok to website visitors who have viewed our offers (TikTok Ads). At the same time, TikTok Pixel allows us to determine how effective our advertising is on TikTok. This allows us to evaluate the effectiveness of the TikTok Ads for statistical and market research purposes and to optimize them for future advertising efforts. For this purpose, various usage data are processed, such as IP address, page views, time spent, operating system used and origin of the user, information about the ad on which a person clicked on TikTok or an event that was triggered (timestamp). This data is summarized in a user ID and assigned to the respective end device of the website visitor.

The use of this tool is based on Art. 6(1)(a) GDPR and § 25 (1) TDDDG. This consent can be revoked at any time.

Data transfer to third-party countries is based on the standard contractual clauses of the EU Commission. Details can be found here and here.

Data processing

Vimeo Without Tracking (Do-Not-Track)

This website uses plugins of the Vimeo video portal. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

Whenever you visit one of our pages featuring Vimeo videos, a connection with the servers of Vimeo is established. In conjunction with this, the Vimeo server receives information about which of our sites you have visited. Vimeo also receives your IP address. However, we have set up Vimeo in such a way that Vimeo cannot track your user activities and does not place any cookies.

We use Vimeo to make our online presentation attractive for you. This is a legitimate interest on our part pursuant to Art. 6(1)(f) GDPR. If a respective declaration of consent was requested (e.g. concerning the storage of cookies), processing shall occur exclusively on the basis of Art. 6(1)(a) GDPR; the given consent may be revoked at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission and, according to Vimeo, on “legitimate business interests”. Details can be found here.

For more information on the handling of user data, please consult Vimeo’s data privacy policy.

Convert

We use Convert to make our online presentation stable and to log software problems . This is a legitimate interest on our part pursuant to Art. 6(1)(f) GDPR. If a respective declaration of consent was requested (e.g. concerning the storage of cookies), processing shall occur exclusively on the basis of Art. 6(1)(a) GDPR; the given consent may be revoked at any time.

You can find additional information inside the privacy policy of convert.

Unpkg

On our website, a web service of the company Npm, Inc., 1999 Harrison Street #1150, CA 94612 Oakland, United States of America (hereinafter: Unpkg) is loaded. If you have activated JavaScript in your browser and have not installed a JavaScript blocker, your browser may transmit personal data to Unpkg. Further information on the handling of the transmitted data can be found in Unpkg's privacy policy.

You can prevent the collection and processing of your data by Unpkg by deactivating the execution of script code in your browser or installing a script blocker in your browser.

Edge Processing (on the bike itself)

A microcontroller can carry out initial analyses directly on the bicycle:

Fall detection and emergency notification
Theft alarm (e.g. movement when locked)
Optimization of motor assistance according to driving style

Cloud Processing (via server/backend)

Via a mobile app or an integrated LTE/Bluetooth module, the data is sent to a cloud platform where:

Trips are saved and visualized
Analyze long-term usage data (e.g., wear patterns)
software updates are rolled out
Personal settings can be made on the bike

Personal data processed

Depending on the application/usage scenario and usage phase, we process the following data in the overview:

Last name, first name
Address and possible delivery address (click-n-collect)
E-mail address
Telephone number
Payment
Associated data of the registered bike(s)
Personal settings and usage data within our app

Purposes of using personal data

Legal basis

Subscribe to newsletter

First and last name, address, phone number, and email address The above-described purposes: 1, 2, 6, 7, 8, 11, 12, 13, and 15 Consent or legitimate interest

Contact form of our customer service

First and last name, address, phone number, and email address The above-described purposes: 1, 2, 6, 7, 8, 11, 12, 13, and 15 Performance of an agreement or legitimate interest

Create Accell account

First and last name, address, phone number, and email address. The above-described purposes: 1, 2, 4, 6, 7, 8, 9, 11, 12, 13, and 15 Consent or performance of an agreement. Please refer to ‘when you register to an Accell account’

Register Accell brand product

First and last name, address, phone number, and email address The above-described purposes: 1, 2, 3, 6, 7, 8, 9, 11, 12, 13, and 15 Performance of an agreement or legitimate interest

Purchase Accell products via the website

First and last name, address, phone number, and email address. The above-described purposes: 1, 2, 3, 6, 7, 8, 9, 11, 12, 13, and 15 Performance of an agreement or legitimate interest

Participate in a promotion, event, contest, or online forum

First and last name, address, phone number, and email address. The above-described purposes: 1, 5, 6, 7, 8, 11, 12, 13, and 15 Consent or legitimate interest

Visit our websites (cookies)

Metadata. NB: see the Cookie Statement for further details The above-described purposes: 6, 7, 8, 11, 12, 13, and 15 Consent or legitimate interest

Visit and/or make an appointment at an Accell Experience center

First and last name, address, phone number, and email address. The above-described purposes: 6, 7, 8, 11, 12, 13, and 15 Consent or legitimate interest

Use of an Accell connected product

The last known location of your Accell product. The above-described purposes: 14 Consent or legitimate interest

Use of the Accell app: Geofencing

The last known location of your Accell product. The above-described purposes: 4, 8, 10 Consent

Use of the Accell app: Track rides

Location and ride data of your Accell product. The above-described purposes: 4, 8, 10 Consent

Use of the Accell app: Safety Tracking

Phone number provided by you. The above-described purposes: 10 Performance of an agreement or legitimate interest

Our legitimate interests include: marketing, advertising, security, (crime) prevention, IT management, research and analysis of our own products or services, business operations, legal matters, internal management.

If you have given consent for the processing of your personal data, you have the right to withdraw it at any time by sending a request to privacy@accell-group.com.

How do we share or transfer your personal data?

You should be aware that Accell has several affiliates and that departments (such as marketing and IT) may be part of Accell's global companies. As a result, your personal data may be shared worldwide with and/or transferred to other business group companies or other Accell business units. You can consult the list and location of our companies here:

Accell may also share your personal data with external parties to perform certain activities on behalf of Accell and to facilitate services they provide to us. These may be service providers of services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure facilities, customer service, email delivery, audits, and other services. Accell may also share your personal data with third parties so that they can send you marketing communications, in accordance with your choices. Accell requires these external parties to carefully process and protect your personal data. Accell will not sell your personal data to third parties.

Accell or Accell affiliates may reorganize, merge, or otherwise sell or divest (part of) a business to another company. If such a business is related to Accell, such a transfer of ownership may include the transfer of your personal data to the new owner and its advisors.

We will only disclose your personal data if permitted or authorized by law, necessary to prevent or combat fraud, necessary for dispute resolution, or necessary for any other legitimate need that outweighs your privacy interests in the circumstances, such as the security of our business and the safety of our staff.

When you choose to have an order from the Accell webshop delivered to a dealer, your personal data may be shared with the dealer you choose.

When you want to insure your Accell product, personal data may be shared with the insurer (Hepster) to take out an insurance policy. For the processing of your personal data by the insurer, we refer you to the Privacy Statement of the insurer (see insurance policy). In the event that your Accell product is reported missing, the location of your Accell product may also be shared with the insurer and associated recovery party.

When you choose to use a private lease offer from Accell, via our website or through one of our partners, personal data may be shared with the leasing company to provide you with a lease offer. For the processing of your personal data by the leasing company, we refer you to the Privacy Statement of the leasing company (see lease agreement).

When you register for an Accell Account

We use Salesforce Sales Cloud (hereinafter "Salesforce") to manage customer data and your optional Accell account. Salesforce Sales Cloud is a CRM system and allows us, among other things, to manage existing and potential customers as well as customer contacts and to organize sales and communication processes. The use of the CRM system also enables us to analyse our customer-related processes. Customer data is stored on Salesforce's servers. Personal data may also be transmitted to the parent company of salesforce.com inc., Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA. Details on Salesforce Sales Cloud features can be found here. The use of Salesforce Sales Cloud is based on Art. 6 (1) (a) GDPR (your explicit consent).

Salesforce has Binding Corporate Rules (BCR) approved by the French Data Protection Authority. These are binding internal company regulations that legitimize intra-company data transfers to third countries outside the EU and the EEA. Details can be found here.

For details, see Salesforce's privacy policy.

Order processing with Salesforce

We have concluded a contract processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Checkout and payment provider

Processing of customer and contract data

We collect, process and use personal customer and contract data to establish, design and change our contractual relationships. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill for it. The legal basis for this is art. 6 (1) (b) GDPR.

The collected customer data will be processed after completion of the order or completion of the

Business relationship and expiry of any existing statutory retention periods. Statutory retention periods remain unaffected.

Data transfer upon conclusion of contract

If you order something from us, we will pass on your personal data to the transport company entrusted with the delivery as well as to the payment service provider commissioned with the payment processing. Only such data will be released that the respective service provider needs to fulfill its task. The legal basis for this is art. 6 (1) (b) GDPR, which prohibits the processing of data for

Fulfillment of a contract or pre-contractual measures. If you have a corresponding

Consent according to art. 6 (1) (a) GDPR, we will pass on your e-mail address to the transport company entrusted with the delivery so that they can inform you by e-mail about the shipping status of your order; You can revoke your consent at any time.

Creditworthiness checks

In the case of a purchase on account or any other payment method for which we make advance payments, we can carry out a credit check procedure (scoring). For this purpose, we transmit the data you have entered (e.g. name, address, age or bank details) to a credit agency. Based on this data, the probability of a payment default is determined. In the event of an excessive risk of non-payment, we may refuse the payment method in question.

The credit check is carried out on the basis of the fulfillment of the contract as well as the

Avoidance of payment defaults (legitimate interest). If consent has been obtained, the credit check is carried out on the basis of this consent; the consent can be revoked at any time.

Payment provider

We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, bank account details, credit card number) will be processed by the payment service provider for the purpose of payment processing. These transactions are subject to the respective contractual and data protection provisions of the respective providers. The payment service providers are used on the basis of Art. 6 para. 1 lit. b GDPR (contract processing) as well as in the

Interest in a payment process that is as smooth, convenient and secure as possible (art. 6 (1) (f) GDPR). Insofar as your consent is requested for certain actions, art. 6 (1) (a) GDPR is the legal basis for data processing; Consents can be revoked at any time for the future.

We use the following payment services / payment service providers within the framework of this website: Payment service providers used by us are:

Adyen (Adyen N.V., Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam) hereinafter referred to as Adyen

The processing is carried out on the basis of art. art. 6 (1) (b) GDPR. The provision of your payment data is necessary and obligatory for the conclusion or execution of the contract. If the payment data is not provided, it is impossible to conclude and / or execute the contract by means of a credit card payment. The data required for payment processing is transmitted securely via the "SSL" procedure and processed exclusively for payment processing. We delete the data arising in this context after the storage is no longer necessary, or restrict the processing if there are legal storage obligations. Due to mandatory commercial and tax regulations, we are obliged to keep your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we restrict the processing and reduce the processing to compliance with existing legal obligations.

How do we protect your personal data?

Accell will take appropriate technical and organizational security measures against loss or unlawful processing of your personal data. This may include the use of secure registration forms, data encryption, and access restrictions to your personal data.

Certain countries do not have an adequate level of protection for personal data. However, you can trust that Accell will take appropriate security measures regarding the confidentiality and protection of your data. For transfers from the EEA to countries that, according to the European Commission, do not provide an adequate level of data protection, we have taken adequate measures such as contractual agreements, as approved by the European Commission, concluded with third parties.

How long do we retain your personal data?

We will retain personal data as long as necessary or permitted within the framework of the purposes described in this Privacy Statement and in accordance with applicable law.

The criteria used to determine our retention period include:

The duration of the time we have an ongoing relationship with you and provide services to you (for example, as long as you have an account with us or continue to use our services).

Whether there is a legal obligation we must comply with (certain laws require us to retain our transactions for a certain period before we can delete them); or

Whether retention is desirable given our legal position (such as regarding limitation periods, disputes, or investigations by regulatory authorities).

Cookies, web beacons, and similar techniques

When you visit or use our websites, services, applications, communication services (such as email), and tools, we may use cookies, web beacons, and other similar technologies to store information to provide you with a better, faster, and safer browsing experience.

Please refer to our Cookie Statement for an explanation of cookies, web beacons, and similar techniques, how we use them, and how you can control them.

Your rights

If you wish to review, correct, update, restrict, or delete the personal data processed by us, object to the processing of personal data, or if you want to receive an electronic copy of your personal data to pass it on to another company (to the extent this right to data portability is provided to you by applicable law), you can contact us via privacy@accell-group.com. We will respond to your request in accordance with applicable law.

We ask you to describe as clearly as possible in your request which personal data your request relates to. For your safety, we will only handle requests related to the personal data associated with the specific email address you use to send us your request, and we may ask you to verify your identity before we comply with your request. We will try to comply with your request as soon as reasonably practicable, and in any case within the legally required timeframes.

In detail, you have the following rights:

Your right of access

You have the right to request access to your Personal Data. For example, the right to be provided with certain information about the Processing of Personal Data and access to that data. Please note this right is subject to exceptions.

Your right to rectification

If the Personal Data we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified.

Your right to erasure

You can ask us to delete or remove your Personal Data in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable).

Your right to restrict Processing

You can ask us to restrict the Processing of your Personal Data in certain circumstances, such as where you contest the accuracy of that Personal Data or you object to us.

Your right to data portability

You have the right, in certain circumstances, to obtain Personal Data you've provided us with (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.

Your right to object

You can ask us to stop Processing your Personal Data, and we will do so, if we are:

relying on our own or someone else's legitimate interests to Process your Personal Data, except if we can demonstrate compelling legal grounds for the Processing; or
processing your Personal Data for direct marketing purposes.

Your right to withdraw consent

If we rely on your consent (or explicit consent) as our legal basis for Processing your Personal Data, you have the right to withdraw that consent at any time. However, please note that the withdrawal of your consent does not impact the legality of any Processing prior to such withdrawal.

Your right to lodge a complaint with the supervisory authority

If you have a concern about any aspect of our privacy practices, including the way we have handled your Personal Data, you can report it to your local supervisory authority.

Please note that some of the abovementioned; rights may be limited where we have an overriding interest or legal obligation to continue to Process the Personal Data.

Contact, questions, feedback, and data protection officer

Send your questions and comments about this Privacy Statement to privacy@accell-group.com.

Our data protection officer (DPO) is also reachable via the above email address. You have the right to file a complaint with a data protection authority for your country or region or where an alleged breach of applicable privacy law occurs.

Policy changes

We may change this Privacy Statement from time to time. Changes to this Privacy Statement will take effect when we publish the revised statement. If necessary, we will inform you about changes to our Privacy Statement. This Privacy Statement was last modified on: July 1, 2025.