Privacy Policy

Please note: The German original version of this Privacy Policy is the legally binding document. This English translation is provided for convenience purposes only and has no legal effect.

We operate our websites in accordance with the principles set out below: We are committed to complying with the statutory provisions on data protection and endeavour to consistently observe the principles of data minimisation and data avoidance.

1. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States of the European Union as well as other data protection provisions is:

GroupridesUG (haftungsbeschränkt), Bogenallee 10, 20144 Hamburg, +491741617703, support@grouprides.cc

2. Definitions

We have drafted our Privacy Policy in accordance with the principles of clarity and transparency. Should any ambiguities arise with regard to the use of certain terminology, the relevant definitions may be consulted https://dsgvo-gesetz.de/art-4-dsgvo/.

3. Legal Basis for the Processing of Data

a) Processing of Personal Data under the GDPR

We process your personal data, such as your first and last name, your e-mail address and IP address, etc., only where a legal basis exists for doing so. Under the General Data Protection Regulation, the following provisions are particularly relevant in this regard:

Art. 6(1)(1)(a) GDPR: The data subject has given consent to the processing of their personal data for one or more specific purposes.
Art. 6(1)(1)(b) GDPR: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Art. 6(1)(1)(c) GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject.
Art. 6(1)(1)(d) GDPR: Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
Art. 6(1)(1)(e) GDPR: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Art. 6(1)(1)(f) GDPR: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

We will, however, draw your attention at each relevant point of this Privacy Policy to the legal basis on which the processing of your personal data is carried out.

b) Consent of Persons with Parental Responsibility pursuant to Art. 8(1)(2) Alt. 2 GDPR

A person with parental responsibility must consent to all data processing operations on this website for which the consent of a minor who has not yet reached the age of 16 is required.

Information on the individual data processing operations, their purposes, and the categories of data concerned for which the consent of the data subject is required is set out in this Privacy Policy.

You may withdraw your consent at any time by sending a written declaration of withdrawal to the contact details of the controller. The lawfulness of processing carried out on the basis of consent prior to its withdrawal shall not be affected thereby.

c) Processing of Information pursuant to Section 25(1) TDDDG

We also process information pursuant to Section 25(1) of the Telecommunications and Telemedia Data Protection Act (TDDDG) by storing information on your terminal equipment or accessing information already stored on your terminal equipment. This may encompass both personal data and non-personal data, such as cookies, browser fingerprints, advertising IDs, MAC addresses, and IMEI numbers. Terminal equipment within the meaning of this provision refers to any device directly or indirectly connected to the interface of a public telecommunications network for the purpose of transmitting, processing, or receiving messages, pursuant to Section 2(2)(6) TDDDG.

We process such information as a general rule on the basis of your consent, pursuant to Section 25(1) TDDDG.

Where an exemption pursuant to Section 25(2)(1) and (2) TDDDG applies, no consent is required. Such an exemption applies where we exclusively access or store information for the sole purpose of transmitting a communication over a public telecommunications network, or where this is strictly necessary in order for us to provide a telemedia service explicitly requested by you. You may withdraw your consent at any time.

We hereby inform you that the withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

4. Disclosure of Personal Data

The disclosure of personal data also constitutes processing within the meaning of the preceding Section 3. We wish, however, to inform you separately at this point regarding the subject of disclosure to third parties. The protection of your personal data is of the utmost importance to us. For this reason, we exercise particular caution when it comes to disclosing your data to third parties.

Disclosure to third parties shall therefore only occur where a legal basis for processing exists. For example, we disclose personal data to persons or entities acting as our processors pursuant to Art. 28 GDPR. A processor is any party that processes personal data on our behalf — in particular in a relationship of instruction and supervision with us.

In accordance with the requirements of the GDPR, we enter into a contract with each of our processors in order to bind them to compliance with data protection provisions and thereby ensure comprehensive protection of your data.

5. Retention Period and Erasure

Your personal data will be erased by us once it is no longer necessary for the purposes for which it was collected or otherwise processed, and provided that the processing is not required for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defence of legal claims.

6. SSL/TLS Encryption

This website uses SSL/TLS encryption for reasons of security and to protect the transmission of confidential content, such as requests that you submit to us as the website operator. An encrypted connection can be identified by the fact that the address bar of the browser changes from "http://" to "https://" and by the padlock symbol in your browser bar.

Where SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

7. Cookies

We use cookies on our website. Cookies are small data packets that your browser automatically creates and stores on your terminal device when you visit our website. These cookies serve to store information in connection with the terminal device in use at the relevant time.

A distinction is drawn between technically necessary cookies and "further" cookies. Technically necessary cookies are those that are strictly required in order to provide a service of the information society explicitly requested by you.

a) Technically Necessary Cookies

In order to make your use of our services more convenient, we deploy technically necessary cookies, which may include so-called session cookies (e.g. language and font settings, shopping cart, etc.), consent cookies, cookies for ensuring server stability and security, and similar. The legal basis for these cookies derives from Art. 6(1)(1)(f) GDPR, our legitimate interest in the error-free operation of the website and in providing our services to you in an optimised manner.

b) Further Cookies

Further cookies include cookies used for statistical, analytical, marketing, and retargeting purposes.

We deploy these cookies on the basis of your consent pursuant to Art. 6(1)(1)(a) GDPR.

You may withdraw your consent to the use of cookies at any time.

We hereby inform you that the withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

To do so, you may either edit your cookie settings on our website, disable the use of cookies in your browser settings (which may, however, restrict the functionality of the online service), or, in individual cases, set an opt-out for the relevant service.

We draw your attention in this Privacy Policy at each relevant service to the legal basis on which such data is processed.

8. Use of AI Systems (Artificial Intelligence)

For the purpose of optimising our processes and improving your personalised visitor experience on our website, your personal data may be processed by artificial intelligence (AI) technologies. AI is used in particular to:

carry out data analyses,
generate forecasts,
identify and remediate security vulnerabilities,
and to render routine processes more efficient.

The AI systems deployed operate in accordance with the principles of the GDPR. Any decisions that have legal or similarly significant effects on you shall not be made solely by AI, but shall be supplemented by human intervention.

9. Cookie Banner / Consent Management

For the purpose of obtaining consent for the cookies we deploy, we use the cookie banner of the service provider iubenda s.r.l, Via San Raffaele, 1 – 20121 Milan (Italy). This provider itself sets a so-called consent cookie in order to retrieve and process the relevant consent status. This consent cookie is technically necessary and is therefore deployed on the basis of our legitimate interest pursuant to Art. 6(1)(1)(f) GDPR, Section 25(1) TDDDG.

For the use of certain services of the Google/Alphabet group, we use the so-called Google Consent Mode V2 in Advanced Mode. Details regarding this consent mode can be found on Google's website at https://developers.google.com/tag-platform/security/guides/consent?hl=de&consentmode=advanced and at the relevant Google services.

The deployment of the Consent Mode is technically necessary and is therefore used on the basis of our legitimate interest pursuant to Art. 6(1)(1)(f) GDPR.

10. Collection and Storage of Personal Data and the Nature and Purpose of Their Use

a) External Hosting

Our website is hosted by DigitalOcean, LLC, Broomfield, Colorado, USA (105 Edgeview Drive, Suite 425). For this reason, all personal data collected on our website is stored on the servers of our hosting provider, unless an external third-party service is integrated. This may include the IP address, your e-mail address, communication data, or similar. The specific personal data concerned will be set out below in connection with the individual functions and services described by us. Where we deploy an external third-party service, this will be indicated in the description of the respective service or tool.

The hosting provider processes your data solely on our instructions and to the extent necessary for the fulfilment of services on the website. Processing of data by the hosting provider for its own purposes does not take place. We have entered into a data processing agreement with this provider.

b) Upon Visiting the Website

When you access our website, the browser deployed on your terminal device automatically transmits information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and retained until it is automatically deleted:

IP address of the requesting device
Date and time of access
Name and URL of the file retrieved
Browser used and, where applicable, the operating system of your device as well as the name of your access provider

The aforementioned data is processed by us for the following purposes:

Ensuring a smooth establishment of the website connection
Ensuring convenient use of our website
Evaluation of system security and stability
Error analysis

Data that permits conclusions to be drawn regarding your identity, such as the IP address, shall be deleted no later than 7 days after collection. Should we retain data beyond this period, such data will be pseudonymised so that attribution to your person is no longer possible.

The legal basis for data processing is Art. 6(1)(1)(f) GDPR. Our legitimate interest derives from the purposes for data collection listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

c) Use of the Content Delivery Network (CDN) of Vercel

Our website uses technologies of the Content Delivery Network (CDN) of Vercel Inc., 440 N Barranca Avenue #4133, Covina, CA 91723, USA. A CDN is a network of globally distributed servers designed to optimise the loading speed and availability of websites by delivering content such as images, JavaScript files, and stylesheets to users more rapidly.

In connection with the use of this service, the following personal data may be processed:

IP address: This is collected in order to enable the delivery of content to the correct user and to prevent technical errors.

Telemetry data: Data concerning the use and performance of your interaction with the website may be collected in order to optimise the platform.

System and device information: Information such as browser type, operating system, and device configuration may be processed in order to ensure optimal presentation.

The processing of the aforementioned data is carried out on the basis of Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring the functionality, stability, and security of our website as well as in optimising loading speeds.

Vercel may also process data on servers outside the European Union, in particular in the USA. The transfer of personal data to third countries is carried out on the basis of appropriate safeguards such as standard contractual clauses pursuant to Art. 46 GDPR, in order to ensure an adequate level of data protection. Vercel is furthermore certified under the EU-U.S. Data Privacy Framework, which includes additional security measures and rights for users from the EU.

The data collected during the use of the CDN is retained only for the period necessary to achieve the purposes stated herein. Upon expiry of the purpose, the data is regularly deleted.

A data processing agreement pursuant to Art. 28 GDPR has been concluded with Vercel, ensuring that data is processed solely on our behalf and in accordance with the requirements of the GDPR.

Further information on data processing by Vercel can be found in Vercel's Privacy Policy.

d) Use of Cloudinary

On our website we use the cloud service Cloudinary, provided by Cloudinary Inc., 3400 Central Expressway, Suite 110, Santa Clara, CA 95051, USA. This service is used for the optimisation and provision of media files, such as images and videos, on our website, in order to ensure fast and stable loading times and high quality.

In connection with the use of Cloudinary, data such as IP addresses, metadata of the requested media content, device information, and usage data are processed and may be transferred to the USA.

The use of Cloudinary is carried out on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR, as it is necessary for ensuring the stable and efficient provision of our website.

We have concluded a data processing agreement with Cloudinary, so that your personal data is processed in accordance with European data protection requirements.

Further information on the processing of your data by Cloudinary can be found in Cloudinary's Privacy Policy at the following link: https://cloudinary.com/privacy

e) Contractual Relationship

(1) Conclusion of Contract / User Account

In the context of establishing the contractual relationship, the personal data required for the processing of the contract is processed and a user account is created, pursuant to Art. 6(1)(1)(b) GDPR.

Within the user profile, the user may configure notification preferences, whereby notifications relating to booked events shall always be sent. To the extent that you provide additional voluntary information, such information shall be processed solely on the basis of the consent granted by you pursuant to Art. 6(1)(1)(a) GDPR. We use this voluntary information in order to provide a customer-friendly service and to continuously improve it.

You have the right at any time to modify or delete your data within the customer account, and also to delete the account in its entirety. If you make use of this function, your customer account together with all data contained therein will be deleted immediately.

(2) Disclosure of Data When Using Online Payment Service Providers

Should you choose to pay using one of the online payment service providers offered by us in the course of your order process, your contact details will be transmitted to the respective provider in connection with the order so placed. The lawfulness of such disclosure derives from Art. 6(1)(1)(b) GDPR, for the purpose of processing the payment method selected by you, as well as from our legitimate interests pursuant to Art. 6(1)(1)(f) GDPR in enabling a user-friendly and straightforward payment process.

The personal data transmitted to the online payment service provider generally includes first name, last name, address, telephone number, IP address, e-mail address, or other data required for the processing of the order, as well as data related to the order, such as the number of items, item number, invoice amount and taxes as a percentage, invoice information, etc.

This transmission is necessary for the processing of your order using the payment method selected by you, in particular for the verification of your identity, the administration of your payment, and the management of the customer relationship.

Please note, however, that personal data may also be disclosed by the online payment service provider to service providers, subcontractors, or other affiliated entities, to the extent that this is necessary for the fulfilment of the contractual obligations arising from your order or where the personal data is to be processed on a commissioned basis.

Depending on the payment method selected, e.g. invoice or direct debit, the personal data transmitted to the provider may be forwarded by the provider to credit reference agencies. Such transmission serves the purpose of identity and creditworthiness verification in respect of the order placed by you. Information regarding the credit reference agencies concerned and the data generally collected, processed, stored, and disclosed by the respective provider can be found in the respective privacy policies of the providers:

Stripe – Stripe Payments Europe, Ltd, Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, dpo@stripe.com, https://stripe.com/de/privacy

(3) Credit Card Payment

Where you elect to pay by credit card, we collect and process your necessary personal data and forward it to the card-issuing institution for the purpose of payment processing and compliance with statutory requirements, such as customer authentication pursuant to the EU Payment Services Directive PSD2.

The transmission of this data is carried out for the purpose of payment processing pursuant to Art. 6(1)(1)(b) GDPR, as well as for compliance with our statutory obligation to implement strong customer authentication pursuant to Art. 6(1)(1)(c) GDPR in conjunction with Directive EU 2015/2366 (PSD2) and the German Payment Services Supervision Act (ZAG) for the purposes of anti-money laundering and law enforcement.

The technical processing of the credit card payment is carried out by Stripe Payments Europe, Ltd, Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. This entity has been engaged for the technical management of payment transactions, including the implementation of the 3D Secure 2.0 procedure, pursuant to Art. 28 GDPR. Further recipients of the data include the banks involved, namely the card-issuing bank (the Issuer) and the merchant's card-acquiring bank (the Acquirer).

Stripe's data protection provisions can be found at https://stripe.com/de/privacy

(4) Right of Withdrawal

You have the option to withdraw the distance selling contract concluded with us on our website via our online form. For this purpose, the processing of your first and last name as well as your e-mail address is strictly necessary so that we may process the withdrawal and send you an acknowledgement of receipt.

The processing of your personal data is carried out on the basis of statutory provisions pursuant to Art. 6(1)(1)(c) GDPR in conjunction with Section 356a of the German Civil Code (BGB) (new version effective 12.06.2026).

(5) Disclosure to the Event Organiser

When you book an event through our platform, the personal data provided by you at the time of booking will be disclosed to the respective event organiser. This disclosure is carried out on the basis of the performance of a contract pursuant to Art. 6(1)(b) GDPR. The respective event organiser shall thereafter be responsible for any further data processing and for providing the requisite information.

f) Newsletter

Content of the Newsletter and Registration Data

The dispatch of our newsletter as well as the conduct of statistical surveys and analyses and the logging of the registration process shall only take place where you have granted your corresponding consent pursuant to Art. 6(1)(1)(a) GDPR, Section 25(1) TDDDG.

The content of the newsletter is specifically described at the time of registration. Registration for the newsletter requires only the provision of your e-mail address. Should you provide additional voluntary information, such as your name and/or gender, such information shall be used exclusively for the personalisation of the newsletter addressed to you.

Double Opt-In and Logging

For registration to our newsletter, we use the so-called double opt-in procedure for security reasons, in order to prevent any person from registering using a third party's e-mail address. Following your registration for our newsletter, you will therefore initially receive an e-mail requesting that you confirm your registration. The registration shall only become effective upon confirmation.

Furthermore, your registration for the newsletter will be logged. The log records the time of registration and confirmation, the data you have provided, and your IP address. Any amendments made to your data will likewise be logged.

Withdrawal

Should you no longer wish to receive our newsletter, you may withdraw your consent with effect for the future at any time. To do so, you may click on the unsubscribe link at the end of any newsletter, or send an e-mail to: support@grouprides.cc

The withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

Use of Mailjet

We use the e-mail tool Mailjet (Mailgun Technologies Inc., 112 E Pecan St #1135, San Antonio, TX 78205, USA) for the dispatch of our newsletter.

For this purpose, the data provided by you will be transmitted to and processed by Mailjet. Through this tool, we are able to evaluate how the newsletters are opened and used.

We have entered into standard contractual clauses with Mailjet. Mailjet does not acquire any right to disclose your data.

Further information on data protection at Mailjet can be found at https://www.mailjet.de/privacy-policy/

g) Sentry

We continuously improve and develop our website in order to provide our users with the best possible customer experience. However, not all disruptions — such as those caused by programming errors — can be reliably excluded in advance. We therefore use Sentry, an error tracking tool provided by Functional Software Inc., 132 Hawthorne St, San Francisco, CA 94107, USA (hereinafter "Sentry"). In order to improve the accessibility and technical stability of our website through monitoring of system stability and detection of code errors, we may, in the event of a software error, automatically transmit the following information to Sentry: device information (operating system, browser version, browser type), the IP address of the device, e-mail, name, date, and time of the error.

The legal basis for the aforementioned data processing is Art. 6(1)(1)(f) GDPR. No explicit analysis for advertising purposes takes place in this process. The information is collected in anonymised form, not used for personal purposes, and subsequently deleted. This analysis assists us in continuously improving our website and rectifying hidden code errors. Such processing is in our legitimate interest, as the data is used exclusively for the identification and analysis of errors. Further information on data processing at Sentry and its functionality can be found in Sentry's Privacy Policy at: https://sentry.io/privacy/

We have entered into a data processing agreement with Sentry.

h) Integration of Routes via Strava

We integrate on our website services of the provider Strava (Strava, Inc., 208 Utah Street, San Francisco, CA USA 94103, USA). This serves the purpose of the interactive display of cycling routes and maps.

Strava uses cookies. When you visit our website, Strava collects your IP address, usage data (interactions with the embedded map), device data (e.g. browser and operating system), and where applicable location data, as well as information on the displayed routes and activities, and processes these on its own servers in the USA. Strava processes this data for its own purposes, such as improving the service and providing personalised content. Strava bears independent responsibility for the processing of this data and does not act on our behalf.

Further information can be found in Strava's Privacy Notice at: https://www.strava.com/legal/privacy

The data processing is carried out on the basis of your granted consent pursuant to Art. 6(1)(1)(a) GDPR.

i) Integration of Routes via komoot

Our website uses the services of komoot provided by komoot GmbH (Friedrich-Wilhelm-Boelcke-Str. 2, 14473 Potsdam, Germany) for the interactive display of routes and maps.

Komoot uses cookies and, upon your visit to our website, collects and processes, amongst other things, your IP address, information about the browser and the operating system, as well as the referrer URL. Komoot is an independent controller within the meaning of the GDPR and decides independently on the purposes and means of processing the transmitted data. We do not have a data processing relationship with Komoot.

Further information can be found in komoot's Privacy Notice at: https://www.komoot.com/de-de/privacy

The data processing is carried out on the basis of your granted consent pursuant to Art. 6(1)(1)(a) GDPR.

j) Use of the Ride with GPS Service

On our website, we deploy the service Ride with GPS, operated by Ride with GPS LLC, 00 NE 22nd Ave., Ste B, Portland, OR 97232. The provider offers mapping and route planning functions for cyclists and outdoor users. Personal data is processed in this context.

Ride with GPS uses personal data such as IP addresses, browser information, and basic information such as date and time, in order to provide the functions of the application and to conduct an analysis of user behaviour. Furthermore, cookies — both session cookies and persistent cookies — may be used to facilitate the use of the website and to ensure a seamless experience.

Individual functions or tracking mechanisms may collect personal data beyond the scope of use, for example in the case of:

Use of third-party logins (e.g. Google, Apple),
Deployment of tracking cookies or analytical tools for the evaluation of user behaviour.

Processing is generally carried out on the basis of Art. 6(1)(f) GDPR (legitimate interest), provided the data is exclusively technically necessary in order to ensure the stability and functionality of the application. This includes:

Session cookies,
Log files for error analysis.

For all further processing that is not technically necessary — for example tracking cookies or the collection of data for marketing purposes — consent pursuant to Art. 6(1)(a) GDPR is required. Such consent is obtained upon visiting the website via a cookie banner. Users have the option to withdraw their consent at any time.

As Ride with GPS LLC is a US-based provider, personal data is processed in the USA. A data processing agreement is currently not offered by Ride with GPS. Data processing is carried out directly by the provider in accordance with its internal privacy policy.

Further information is available at: Ride with GPS Privacy Policy

11. Analytics and Tracking Tools

We deploy on our website the analytics and tracking tools listed below. These serve the purpose of ensuring the ongoing optimisation of our website and adapting it to the needs of users.

We deploy these tools on the basis of the consent granted by you pursuant to Art. 6(1)(1)(a) GDPR. You may withdraw your consent at any time by amending the cookie settings. The lawfulness of processing carried out prior to withdrawal shall not be affected thereby.

The respective data processing purposes and data categories are to be taken from the corresponding tools. We draw your attention to the fact that we have no influence on whether or to what extent the service providers carry out further data processing.

a) Google Consent Mode v2 – Advanced

For the use of certain services of the Google/Alphabet group, we use the so-called Google Consent Mode V2 in Advanced Mode.

This means that in the event that you do not consent within the framework of our cookie banner, your client will nonetheless transmit ping information including IP address, timestamp, user agent, and referral URL to Google. The IP address is anonymised on Google's servers. This data is used for conversion modelling in order to optimise advertisements despite the absence of consent or technical restrictions and to improve automated bidding settings.

Details regarding this consent mode can be found on Google's website at https://developers.google.com/tag-platform/security/guides/consent?hl=de&consentmode=advanced

The processing of your personal data is carried out on the basis of our legitimate interest pursuant to Art. 6(1)(1)(f) GDPR.

b) Google Analytics

We use Google Analytics on our website, a web analytics service provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter "Google").

Google Analytics uses cookies in this context (see Section 7). The information generated by the cookie about your use of this website, such as:

Name and version of the browser used
Operating system of your device
Website from which access was made (referrer URL)
IP address of the requesting device
Time of the server request

is generally transmitted to and stored on a Google server in the USA.

Your IP address is automatically anonymised by Google before it is recorded via EU domains and servers. Accordingly, no logging or storage of your IP address takes place.

On our behalf, Google will use this information to evaluate your use of our website, to compile reports on website activity, and to provide us with other services associated with website and internet use. The IP address transmitted by your browser in the context of Google Analytics shall not be merged with other Google data.

We have entered into a data processing agreement with Google.

Please click here for an overview of data protection at Google: https://support.google.com/analytics/answer/6004245

c) Meta Conversion Pixel (Meta Pixel)

We deploy on our website the Meta Conversion Pixel ("Meta Pixel"), an analytics and marketing tool of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta"). By means of the Meta Pixel, Meta is able to track the behaviour of users after they have been redirected to our website via an advertisement placed on Meta. This enables us to measure the effectiveness of our Meta advertisements for statistical and market research purposes ("conversion measurement"), to create and refine target audiences for advertisements ("Custom Audiences"), and to serve interest-based advertisements. If you are logged in to Meta services (e.g. Facebook, Instagram), Meta may attribute page visits to your profile there and evaluate them across devices.

The Meta Pixel enables the collection of so-called event data (e.g. "PageView", "ViewContent", "AddToCart", "Purchase" including order value and currency), technical information from HTTP headers (including IP address, user agent, referrer URL), device and browser data, Pixel ID, and timestamps.

For certain processing operations of said event data within the framework of Meta Business Tools, we and Meta are joint controllers. The allocation of roles and responsibilities is governed by the "Controller Addendum" of Meta (Art. 26 GDPR; available at de-de.facebook.com/legal/controller_addendum) in conjunction with the "Business Tools Terms" (facebook.com/legal/technology_terms). Accordingly, we are responsible in particular for obtaining a valid legal basis (consent), the correct implementation of the Pixel, and transparency disclosures. Meta assumes, inter alia, primary responsibility for facilitating data subjects' rights with respect to the event data processed by Meta following transmission, and for the security of Meta's systems. You may exercise your rights (e.g. access, erasure) both against us and against Meta. A data processing agreement pursuant to Art. 28 GDPR is not regularly concluded for the Meta Pixel; the aforementioned joint controllership agreement applies instead.

For further information, we refer to Meta's privacy information at https://www.facebook.com/about/privacy

12. Integration of Images, Audio, and Video

YouTube

We embed videos from YouTube, operated by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), on our website by means of iFrame and/or via a plugin. In connection with the embedding of the videos, we have activated the extended data protection mode of YouTube.

When you play a YouTube video during your visit, a connection is established to YouTube's servers and YouTube is informed of which of our pages you have visited. This enables YouTube to attribute your browsing behaviour directly to your personal profile. You may prevent this by logging out of your membership account before visiting our website. In addition, upon starting the service, YouTube sets various cookies in order, according to its own statements, to improve its offered services and to prevent misuse.

Further information on the handling of user data and the cookies set can be found in YouTube's Privacy Policy at: https://www.google.de/intl/de/policies/privacy

Through the integration of YouTube, Google Fonts are also dynamically loaded from Google, without the website operator or visitor actively determining this. The integration of these web fonts is carried out via a server call, generally to a Google server in the USA. This may result in the following being transmitted to the server and stored by Google:

Name and version of the browser used
Website from which the request was initiated (referrer URL)
Operating system of your device
Screen resolution of your device
IP address of the requesting device
Language settings of the browser or operating system used by the user

Further information can be found in Google's Privacy Notice, available at: www.google.com/policies/privacy/

The legal basis derives from the consent granted by you pursuant to Art. 6(1)(1)(a) GDPR. You may withdraw your granted consent at any time by amending the cookie settings on our website.

13. Rights of the Data Subject

You are entitled to the following rights:

a) Right of Access

You have the right pursuant to Art. 15 GDPR to request information about your personal data processed by us. This right of access encompasses information about:

the purposes of processing
the categories of personal data concerned
the recipients or categories of recipients to whom your data has been or will be disclosed
the intended retention period or, at least, the criteria for determining the retention period
the existence of a right to rectification, erasure, restriction of processing, or objection
the existence of a right to lodge a complaint with a supervisory authority
the origin of your personal data, where it was not collected by us
the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved

b) Right to Rectification

You are entitled pursuant to Art. 16 GDPR to demand the immediate rectification of inaccurate or incomplete personal data stored by us.

c) Right to Erasure

You have the right pursuant to Art. 17 GDPR to demand the immediate erasure of your personal data by us, provided that further processing is not required for any of the following reasons:

the personal data is still necessary for the purposes for which it was collected or otherwise processed
for the exercise of the right to freedom of expression and information
for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR
for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89(1) GDPR, to the extent that the right referred to under section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing
for the establishment, exercise, or defence of legal claims

d) Right to Restriction of Processing

You may request pursuant to Art. 18 GDPR the restriction of the processing of your personal data on any of the following grounds:

You contest the accuracy of your personal data.
The processing is unlawful and you oppose the erasure of the personal data.
We no longer need the personal data for the purposes of processing, but you require it for the establishment, exercise, or defence of legal claims.
You have objected to processing pursuant to Art. 21(1) GDPR.

e) Right to Notification

Where you have requested the rectification or erasure of your personal data or the restriction of processing pursuant to Art. 16, Art. 17, or Art. 18 GDPR, we shall communicate this to all recipients to whom your personal data has been disclosed, unless this proves impossible or involves a disproportionate effort. You may request that we inform you of those recipients.

f) Right to Data Portability

You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format.

You also have the right to request the transmission of such data to a third party, provided that the processing was carried out by automated means and is based on consent pursuant to Art. 6(1)(1)(a) or Art. 9(2)(a) GDPR, or on a contract pursuant to Art. 6(1)(1)(b) GDPR.

g) Right to Withdraw Consent

You have the right pursuant to Art. 7(3) GDPR to withdraw your granted consent vis-à-vis us at any time. The withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal. We may no longer continue data processing that was based on your withdrawn consent.

h) Right to Lodge a Complaint

You have the right pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your personal data is in breach of the GDPR.

i) Right to Object

Where your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(1)(f) GDPR, you have the right pursuant to Art. 21 GDPR to object to the processing of your personal data, provided that grounds exist relating to your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without the need to state a particular situation. If you wish to exercise your right of withdrawal or objection, an e-mail to support@grouprides.cc shall suffice.

j) Automated Individual Decision-Making Including Profiling

You have the right not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning you or similarly significantly affects you. This shall not apply where the decision:

is necessary for the conclusion or performance of a contract between you and us,
is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
is based on your explicit consent.

However, such decisions must not be based on special categories of personal data pursuant to Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and appropriate measures have been taken to safeguard your rights and freedoms and your legitimate interests.

In respect of the cases referred to above, we shall implement appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at minimum the right to obtain human intervention on our part, to express your point of view, and to contest the decision.

14. Amendments to the Privacy Policy

Should we amend the Privacy Policy, this will be indicated on the website and registered users will be informed accordingly.

As of: 27.03.2026

Privacy Policy

Please note: The German original version of this Privacy Policy is the legally binding document. This English translation is provided for convenience purposes only and has no legal effect.

1. Name and Address of the Controller

GroupridesUG (haftungsbeschränkt), Bogenallee 10, 20144 Hamburg, +491741617703, support@grouprides.cc

2. Definitions

3. Legal Basis for the Processing of Data

a) Processing of Personal Data under the GDPR

Art. 6(1)(1)(a) GDPR: The data subject has given consent to the processing of their personal data for one or more specific purposes.
Art. 6(1)(1)(b) GDPR: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Art. 6(1)(1)(c) GDPR: Processing is necessary for compliance with a legal obligation to which the controller is subject.
Art. 6(1)(1)(d) GDPR: Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
Art. 6(1)(1)(e) GDPR: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Art. 6(1)(1)(f) GDPR: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

We will, however, draw your attention at each relevant point of this Privacy Policy to the legal basis on which the processing of your personal data is carried out.

b) Consent of Persons with Parental Responsibility pursuant to Art. 8(1)(2) Alt. 2 GDPR

A person with parental responsibility must consent to all data processing operations on this website for which the consent of a minor who has not yet reached the age of 16 is required.

Information on the individual data processing operations, their purposes, and the categories of data concerned for which the consent of the data subject is required is set out in this Privacy Policy.

c) Processing of Information pursuant to Section 25(1) TDDDG

We process such information as a general rule on the basis of your consent, pursuant to Section 25(1) TDDDG.

We hereby inform you that the withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

4. Disclosure of Personal Data

5. Retention Period and Erasure

6. SSL/TLS Encryption

Where SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

7. Cookies

a) Technically Necessary Cookies

b) Further Cookies

Further cookies include cookies used for statistical, analytical, marketing, and retargeting purposes.

We deploy these cookies on the basis of your consent pursuant to Art. 6(1)(1)(a) GDPR.

You may withdraw your consent to the use of cookies at any time.

We hereby inform you that the withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

We draw your attention in this Privacy Policy at each relevant service to the legal basis on which such data is processed.

8. Use of AI Systems (Artificial Intelligence)

carry out data analyses,
generate forecasts,
identify and remediate security vulnerabilities,
and to render routine processes more efficient.

9. Cookie Banner / Consent Management

The deployment of the Consent Mode is technically necessary and is therefore used on the basis of our legitimate interest pursuant to Art. 6(1)(1)(f) GDPR.

10. Collection and Storage of Personal Data and the Nature and Purpose of Their Use

a) External Hosting

b) Upon Visiting the Website

IP address of the requesting device
Date and time of access
Name and URL of the file retrieved
Browser used and, where applicable, the operating system of your device as well as the name of your access provider

The aforementioned data is processed by us for the following purposes:

Ensuring a smooth establishment of the website connection
Ensuring convenient use of our website
Evaluation of system security and stability
Error analysis

c) Use of the Content Delivery Network (CDN) of Vercel

In connection with the use of this service, the following personal data may be processed:

IP address: This is collected in order to enable the delivery of content to the correct user and to prevent technical errors.

Telemetry data: Data concerning the use and performance of your interaction with the website may be collected in order to optimise the platform.

System and device information: Information such as browser type, operating system, and device configuration may be processed in order to ensure optimal presentation.

The data collected during the use of the CDN is retained only for the period necessary to achieve the purposes stated herein. Upon expiry of the purpose, the data is regularly deleted.

A data processing agreement pursuant to Art. 28 GDPR has been concluded with Vercel, ensuring that data is processed solely on our behalf and in accordance with the requirements of the GDPR.

Further information on data processing by Vercel can be found in Vercel's Privacy Policy.

d) Use of Cloudinary

In connection with the use of Cloudinary, data such as IP addresses, metadata of the requested media content, device information, and usage data are processed and may be transferred to the USA.

The use of Cloudinary is carried out on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR, as it is necessary for ensuring the stable and efficient provision of our website.

We have concluded a data processing agreement with Cloudinary, so that your personal data is processed in accordance with European data protection requirements.

Further information on the processing of your data by Cloudinary can be found in Cloudinary's Privacy Policy at the following link: https://cloudinary.com/privacy

e) Contractual Relationship

(1) Conclusion of Contract / User Account

(2) Disclosure of Data When Using Online Payment Service Providers

Stripe – Stripe Payments Europe, Ltd, Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, dpo@stripe.com, https://stripe.com/de/privacy

(3) Credit Card Payment

Stripe's data protection provisions can be found at https://stripe.com/de/privacy

(4) Right of Withdrawal

(5) Disclosure to the Event Organiser

f) Newsletter

Content of the Newsletter and Registration Data

Double Opt-In and Logging

Withdrawal

The withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

Use of Mailjet

We use the e-mail tool Mailjet (Mailgun Technologies Inc., 112 E Pecan St #1135, San Antonio, TX 78205, USA) for the dispatch of our newsletter.

For this purpose, the data provided by you will be transmitted to and processed by Mailjet. Through this tool, we are able to evaluate how the newsletters are opened and used.

We have entered into standard contractual clauses with Mailjet. Mailjet does not acquire any right to disclose your data.

Further information on data protection at Mailjet can be found at https://www.mailjet.de/privacy-policy/

g) Sentry

We have entered into a data processing agreement with Sentry.

h) Integration of Routes via Strava

Further information can be found in Strava's Privacy Notice at: https://www.strava.com/legal/privacy

The data processing is carried out on the basis of your granted consent pursuant to Art. 6(1)(1)(a) GDPR.

i) Integration of Routes via komoot

Our website uses the services of komoot provided by komoot GmbH (Friedrich-Wilhelm-Boelcke-Str. 2, 14473 Potsdam, Germany) for the interactive display of routes and maps.

Further information can be found in komoot's Privacy Notice at: https://www.komoot.com/de-de/privacy

The data processing is carried out on the basis of your granted consent pursuant to Art. 6(1)(1)(a) GDPR.

j) Use of the Ride with GPS Service

Individual functions or tracking mechanisms may collect personal data beyond the scope of use, for example in the case of:

Use of third-party logins (e.g. Google, Apple),
Deployment of tracking cookies or analytical tools for the evaluation of user behaviour.

Session cookies,
Log files for error analysis.

Further information is available at: Ride with GPS Privacy Policy

11. Analytics and Tracking Tools

We deploy on our website the analytics and tracking tools listed below. These serve the purpose of ensuring the ongoing optimisation of our website and adapting it to the needs of users.

a) Google Consent Mode v2 – Advanced

For the use of certain services of the Google/Alphabet group, we use the so-called Google Consent Mode V2 in Advanced Mode.

Details regarding this consent mode can be found on Google's website at https://developers.google.com/tag-platform/security/guides/consent?hl=de&consentmode=advanced

The processing of your personal data is carried out on the basis of our legitimate interest pursuant to Art. 6(1)(1)(f) GDPR.

b) Google Analytics

We use Google Analytics on our website, a web analytics service provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter "Google").

Google Analytics uses cookies in this context (see Section 7). The information generated by the cookie about your use of this website, such as:

Name and version of the browser used
Operating system of your device
Website from which access was made (referrer URL)
IP address of the requesting device
Time of the server request

is generally transmitted to and stored on a Google server in the USA.

Your IP address is automatically anonymised by Google before it is recorded via EU domains and servers. Accordingly, no logging or storage of your IP address takes place.

We have entered into a data processing agreement with Google.

Please click here for an overview of data protection at Google: https://support.google.com/analytics/answer/6004245

c) Meta Conversion Pixel (Meta Pixel)

For further information, we refer to Meta's privacy information at https://www.facebook.com/about/privacy

12. Integration of Images, Audio, and Video

YouTube

Further information on the handling of user data and the cookies set can be found in YouTube's Privacy Policy at: https://www.google.de/intl/de/policies/privacy

Name and version of the browser used
Website from which the request was initiated (referrer URL)
Operating system of your device
Screen resolution of your device
IP address of the requesting device
Language settings of the browser or operating system used by the user

Further information can be found in Google's Privacy Notice, available at: www.google.com/policies/privacy/

The legal basis derives from the consent granted by you pursuant to Art. 6(1)(1)(a) GDPR. You may withdraw your granted consent at any time by amending the cookie settings on our website.

13. Rights of the Data Subject

You are entitled to the following rights:

a) Right of Access

You have the right pursuant to Art. 15 GDPR to request information about your personal data processed by us. This right of access encompasses information about:

the purposes of processing
the categories of personal data concerned
the recipients or categories of recipients to whom your data has been or will be disclosed
the intended retention period or, at least, the criteria for determining the retention period
the existence of a right to rectification, erasure, restriction of processing, or objection
the existence of a right to lodge a complaint with a supervisory authority
the origin of your personal data, where it was not collected by us
the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved

b) Right to Rectification

You are entitled pursuant to Art. 16 GDPR to demand the immediate rectification of inaccurate or incomplete personal data stored by us.

c) Right to Erasure

You have the right pursuant to Art. 17 GDPR to demand the immediate erasure of your personal data by us, provided that further processing is not required for any of the following reasons:

the personal data is still necessary for the purposes for which it was collected or otherwise processed
for the exercise of the right to freedom of expression and information
for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR
for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89(1) GDPR, to the extent that the right referred to under section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing
for the establishment, exercise, or defence of legal claims

d) Right to Restriction of Processing

You may request pursuant to Art. 18 GDPR the restriction of the processing of your personal data on any of the following grounds:

You contest the accuracy of your personal data.
The processing is unlawful and you oppose the erasure of the personal data.
We no longer need the personal data for the purposes of processing, but you require it for the establishment, exercise, or defence of legal claims.
You have objected to processing pursuant to Art. 21(1) GDPR.

e) Right to Notification

f) Right to Data Portability

You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format.

g) Right to Withdraw Consent

h) Right to Lodge a Complaint

You have the right pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your personal data is in breach of the GDPR.

i) Right to Object

j) Automated Individual Decision-Making Including Profiling

is necessary for the conclusion or performance of a contract between you and us,
is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
is based on your explicit consent.

14. Amendments to the Privacy Policy

Should we amend the Privacy Policy, this will be indicated on the website and registered users will be informed accordingly.

As of: 27.03.2026

Discover

Challenges

Create

Profile