Let's stay in touch,

observe our social media.
social social social

Privacy policy

1. Data controller and definitions

  • The administrator of the personal data of the Customers / Users of the Online Shop and the sales form, also referred to as the Seller, is: Adam Oleksiak BikeHero, phone: , NIP: 1251564114, REGON: .
  • The Data Administrator can be contacted:
    • at the mailing address: Bartnicza 19b, 05-240 Wilczeniec;
    • at the e-mail address: no-reply@idosell.com.
  • User – a natural person accessing the website/pages of the Internet Shop and the sales form or using the services or functionalities described in this Privacy and Cookies Policy.
  • Customer – a natural person with full legal capacity, a natural person who is a Consumer, a legal person or an organisational unit without legal personality, to which the Act grants legal capacity, who concludes a distance sales agreement with the Seller.
  • Online Shop – the website operated by the Seller, available at the following electronic addresses (sites): https://bikehero.pl, through which the Client/User may obtain information about the Goods and their availability and purchase Goods or order services.
  • Newsletter – information, including commercial information within the meaning of the Act of 18 July 2002 on electronic provision of services (Journal of Laws of 2020, item 344) originating from the Seller sent to the Client/User electronically; its receipt is voluntary and requires the consent of the Client/User.
  • Account – a set of data stored in the Online Shop and in the Seller’s ICT system concerning a given Customer/User and the orders placed by him/her and contracts concluded, using which the Customer/User can place orders and conclude contracts.
  • RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

2. Aims, legal basis and duration of data processing

  • In order to perform the Distance Sales Contract, the Seller processes:
    • information concerning the User’s device in order to ensure the correct functioning of the services: IP address of the computer, information contained in cookies or other similar technologies, session data, browser data, device data, data concerning activity on the Site, including on individual pages;
    • geolocation information if the User has consented to the service provider’s access to geolocation. Geolocation information is used to provide more tailored offers of products and services;
    • Users’ personal data: name, surname, registered office address, correspondence address, e-mail address, telephone number, Tax Identification Number, bank account number or other personal data which is necessary to complete the purchase and which the Administrator requires to be provided in the purchase process.
  • This information does not contain data concerning the identity of Users, but in combination with other information may constitute personal data and therefore the Administrator covers it with the full protection afforded under the RODO.
  • This data is processed in accordance with Article 6(1)(b) of the RODO, for the purpose of providing the service, i.e. the contract for the provision of electronic services in accordance with the Terms and Conditions, and in accordance with Article 6(1)(a) of the RODO, in relation to the consent for the use of certain cookies or other similar technologies expressed by the relevant settings of the Internet browser in accordance with the Telecommunications Law or in relation to the consent for geolocalisation. The data are processed until the end of the Customer/User’s use of the Online Shop and the sales form.
  • The Administrator undertakes to take all measures required under Article 32 of the RODO, i.e., taking into account the state of the art, the cost of implementation and the nature, scope and purposes of the processing and the risk of infringement of the rights or freedoms of natural persons of varying probability and seriousness, the Administrator implements appropriate technical and organisational measures to ensure a degree of security corresponding to that risk.

3. Marketing activities of the controller

  • On the website of the Online Shop and the sales form, the Data Controller may post marketing information about its products or services. The display of this content is carried out by the Data Controller in accordance with Article 6(1)(f) of the RODO, i.e. in accordance with the legitimate interest of the Data Controller to publish content related to the services provided and promotional content of campaigns in which the Data Controller is involved. At the same time, this action does not violate the rights and freedoms of Customers/Users, Customers/Users expect to receive content of similar content and even expect it or it is their direct purpose to visit the website/pages of the Online Shop and the sales form.

4. Recipients of user data

  • The Data Controller shall only disclose users’ personal data to processors under concluded personal data processing entrustment agreements in order to perform services for the Data Controller, e.g. hosting and maintenance of the Site, IT services, marketing and PR services.

5. Transmission of personal data to third countries

  • Personal data will not be processed in third countries.

6. Rights of data subjects

  • Every data subject has the right:
    • access (Article 15 RODO) – to obtain confirmation from the Data Controller as to whether or not personal data about him or her is being processed. If data about a person are processed, he/she is entitled to access them and obtain the following information: about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the data have been or will be disclosed, the period for which the data are stored or the criteria for their determination, the data subject’s right to request rectification, erasure or restriction of the processing of personal data and to object to such processing;
    • to obtain a copy of the data (Article 15(3) RODO) – to obtain a copy of the data undergoing processing, the first copy being free of charge and for subsequent copies the Data Controller may impose a reasonable charge based on administrative costs;
    • to rectification (Article 16 RODO) – to request the rectification of personal data concerning him/her which is inaccurate or the completion of incomplete data;
    • to erasure (Article 17 RODO) – to request the erasure of her personal data if the Data Controller no longer has a legal basis for the processing or the data are no longer necessary for the purposes of the processing;
    • to restrict processing (Article 18 RODO) – to request the restriction of processing of personal data when:
      • the data subject challenges the accuracy of the personal data – for a period allowing the Controller to verify the accuracy of the personal data,
      • the processing is unlawful and the data subject objects to the erasure of the data by requesting the restriction of its use,
      • the Controller no longer needs the data, but the data are needed by the data subject to establish, assert or defend a claim,
      • the data subject has objected to the processing – until it is established whether the legitimate grounds on the part of the controller override the grounds of the data subject’s objection;
    • to data portability (Article 20 RODO) – to receive in a structured, commonly used machine-readable format the personal data concerning him/her which he/she has provided to the Controller, and to request that these data be sent to another Controller where the data are processed on the basis of the data subject’s consent or a contract with him/her and where the data are processed by automated means;
    • to object (Article 21 RODO) – to object to the processing of his/her personal data for the legitimate purposes of the Controller on grounds relating to his/her particular situation, including profiling. The Controller shall then assess the existence of valid legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for establishing, asserting or defending claims. If, according to the assessment, the interests of the data subject outweigh the interests of the controller, the Controller shall be obliged to cease processing for these purposes;
    • to withdraw consent at any time and without giving any reason, but the processing of personal data carried out prior to the withdrawal of consent will continue to be lawful. Withdrawal of consent will result in the Administrator ceasing to process personal data for the purpose for which the consent was given.
  • In order to exercise the aforementioned rights, the data subject should contact, using the contact details provided, the Data Controller and inform him/her of which right and to what extent he/she wishes to exercise it.

7. President of the Office for the Protection of Personal Data

  • The data subject shall have the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Office for Personal Data Protection with its seat in Warsaw, ul. Stawki 2, who may be contacted as follows:
  • by letter: ul. Stawki 2, 00-193 Warsaw;
  • by electronic sub-box available at: https://www.uodo.gov.pl/pl/p/kontakt;
  • Infoline: 606-950-000.

8. Data Protection Officer

  • In any case, the data subject may also directly contact the Data Protection Officer of the Controller by email or in writing to the address of the Controller as set out in section 1, point 2 of this Privacy and Cookies Policy.

9. Changes to the Privacy Policy

  • The Privacy and Cookies Policy may be supplemented or updated according to the current needs of the Administrator in order to provide up-to-date and reliable information to Customers/Users.

10. Cookies

  • The online shop performs the functions of obtaining information about Customers, Users and their behaviour in the following ways:
    • by means of information voluntarily entered in forms for purposes arising from the function of the specific form;
    • by storing cookies (so-called ‘cookies’) in the end devices;
    • through the collection of web server logs by the webshop hosting operator and the sales form (necessary for the correct operation of the website).
  • Cookies are IT data, in particular text files, which are stored on the Customer’s / User’s terminal device and are intended for the use of the website of the Online Shop and the sales form. Cookies usually contain the name of the website they come from, the time they are stored on the end device and a unique number.
  • The Internet Shop uses cookies only after the Customer/User of the Shop has given their prior consent in this respect. Consent to the Online Shop’s use of all cookies is given by clicking on the button: ‘Close’ while the message about the use of cookies by the Online Shop is displayed or by closing this message.
  • If the Customer/User of the Online Shop and the sales form does not consent to the Online Shop’s use of cookies, he/she can use the option: ‘I do not consent’, also available in the message about the use of cookies by the Internet Shop or make changes in the settings of the Internet browser he/she is currently using (however, this may result in incorrect operation of the website of the Internet Shop and the sales form).
  • To manage your cookie settings, select your browser/system from the list and follow the instructions: Internet Explorer, Chrome, Safari, Firefox, Opera, Android, Safari (iOS), Windows Phone.
  • The legal basis for the processing of personal data originating from cookies is the legitimate interests of the Data Controller, consisting in providing high quality services, ensuring the security of services.
  • Within the framework of the Online Shop and the sales form, two main types of cookies are used: ‘session’ cookies and “permanent” cookies (persistent cookies). ‘Session’ cookies are temporary files which are stored on the User’s terminal equipment until they log off, leave the Online Shop and the sales form or switch off the software (web browser). ‘Persistent’ cookies are stored on the final device of the Customer/User for the time specified in the parameters of the cookies or until they are deleted by the Customer/User.

Functional cookies (required)

bikehero.pl

prompt_token: 365 days, cookie
Identifies the shop customer.

shop_monit_token: 30 minutes, cookie
Identifies the shop customer.

client: 1 day, cookie
Identifies a logged in customer / basket of a non-logged in customer.

affiliate: 90 days, cookie
Stores information about the affiliate ID from which the shop was accessed.

ordersDocuments: cookie
Stores information about the print status of a document.

__idsui: 1095 days, cookie
A file which is necessary for the functioning of the so-called light login on the website.

__idsual: 1095 days, cookie
File necessary for the functioning of the so-called light log-in on the website.

__IAI_SRC: 90 days, cookie
Stores only the source from which the page was accessed.

login: cookie
Stores information about whether the user has logged in to the website.

CPA: 28 days, cookie
Contains information about the variables for the CPA / CPS programmes in which the site participates.

IAIRSABTVARIANT: 30 days, cookie
Variant identifier for the A/B test and configuration of the IdoSell RS engine.

basket_id: 365 days, cookie
Site user’s basket ID, given for the duration of the ongoing session.

page_counter: 1 day, cookie
Counter of pages visited.

LANGID: 180 days, cookie
Stores information about the language selected by the page user.

REGID: 180 days, cookie
Stores information about the region of the website user.

CURRID: 180 days, cookie
Stores information about the currency selected by the site user.

IAIABT: 30 days, cookie
Stores the A/B test ID, for the purpose of testing and improving shop functionality.

IAIABTSHOP: 30 days, cookie
Stores the identifier of the shop participating in the A/B test.

IAIABTVARIANT: 30 days, cookie
Stores the identifier of the variant drawn as part of the ongoing A/B test.

toplayerwidgetcounter[]: cookie
Stores the number of times a pop up message has been displayed.

samedayZipcode: 90 days, cookie
Stores information about the site user’s zipcode, which is required to offer courier delivery on the SameDay service.

applePayAvailability: 30 days, cookie
Stores information about whether an ApplePay payment method is available for the user.

paypalMerchant: 1 day, cookie
PayPal account ID.

toplayerNextShowTime_: cookie
Stores information about the time at which the next pop up message is to be displayed.

discountCode_clicked: 1 day, cookie
Stores information about the closing of the active discount bar.

freeeshipping_clicked: 1 day, cookie
Stores information about the closure of the bar indicating free delivery.

redirection: cookie
Stores information about the closing of the pop-up message informing about the suggested language for the shop.

filterHidden: 365 days, cookie
When the option to collapse a filter for goods is clicked, stores information about which filter to collapse when the goods list is refreshed.

toplayerwidgetcounterclosedX_: cookie
Stores information when a pop-up message is closed.

cpa_currency: 60 minute, cookie
Holds information about the currency for CPA / CPS programmes in which the site participates.

basket_products_count: cookie
Stores information about the number of goods in the basket.

wishes_products_count: cookie
Stores information on the number of products in the favourites list.

remembered_mfa: 365 days, cookie
Stores remembered user information for multi-factor authentication (MFA)

IAI S.A.

iai_accounts_toplayer: 30 days, cookie
Ensures that the pop up message informing about the IdoAccounts login service (https://www.idosell.com/pl/tysiace-gotowych-do-uzycia-funkcji/logowanie-do-sklepu-z-konta-w-innym-serwisie/) is displayed correctly.

IdoSell

platform_id: cookie
Stores information about whether the website is displayed in the mobile application.

paypalAvailability_: 1 day, cookie
Stores information about whether a PayPal payment method is available for the user.

ck_cook: 3 days, cookie
Stores information about whether the user of the site has consented to cookies.

IdoAccounts

accounts_terms: 365 days, cookie
Stores information about whether the user has accepted permission to use the IdoAccounts service.

express_checkout_login: 365 days, cookie
CookieNameExpressCheckoutLogin

Google

NID: 180 days, cookie
These cookies (NID, ENID) are used to remember the user’s preferences and other information, such as preferred language, the number of results displayed on the search results page (for example, 10 or 20) and whether the user wants to have the Google SafeSearch filter enabled. This file is also necessary to offer the Google Pay payment service.

Google reCAPTCHA

_GRECAPTCHA: 1095 days, cookie
This cookie is set by Google reCAPTCHA, which protects our website from spam requests on contact forms.

PayPal

ts: cookie
This cookie is usually provided by PayPal and handles payment services on the site.

ts_c: 1095 days, cookie
This cookie is usually provided by PayPal and is used for fraud prevention.

x-pp-s: cookie
This cookie is typically provided by PayPal and handles payment services on the site.

enforce_policy: 365 days, cookie
This cookie is typically provided by PayPal and supports payment services on the site.

tsrce: 3 days, cookie
This cookie is typically provided by PayPal and supports payment services on the site.

l7_az: 60 minutes, cookie
This cookie is necessary for the PayPal login function on the website.

LANG: 1 day, cookie
This cookie is usually provided by PayPal and supports payment services on the website.

nsid: cookie
Used in the context of t

Analytical cookies

IAI S.A.

__IAI_AC2: 45 days, cookie
Activity Tracking identifier for collecting the history of sources prior to placing an order, as well as the source through which the order was placed according to the last click attribution model.

Google Maps

SID: 3650 days, cookie
Contains digitally signed and encrypted records of the user’s Google account ID and last login time. The combination of these cookies (SID, HSID) allows Google to block many types of attacks, such as attempts to steal the content of forms submitted on Google services.

Advertising cookies

bikehero.co.uk

RSSID: 180 days, cookie
IdoSell RS user ID, used to display tailored product recommendations on the website.

IAIRSUSER: 60 minutes, cookie
IdoSell RS user ID, used for the purpose of displaying tailored product recommendations on the website.

  • Cookies are used for the following purposes:
    • creating statistics which help to understand how the Customers/Users of the Internet Shop and the sales form use the websites, which enables improving their structure and content;
    • maintaining a Customer/User session (after logging in), thanks to which a Customer/User does not have to re-enter his/her login and password on each sub-page of the Internet Shop and sales form;
    • determine the profile of the Customer/User in order to display product recommendations and tailored materials in advertising networks, in particular the Google network.
  • The web browsing software (web browser) usually allows cookies to be stored on the Customer/User’s terminal device by default. Customers/Users may change their settings in this respect. The web browser allows cookies to be deleted. It is also possible to automatically block cookies.
  • Restrictions on the use of cookies may affect some of the functionalities available on the web pages of the Online Shop and the sales form.
  • Cookie files placed on the Customer’s/User’s terminal device and used may also be used by advertisers cooperating with the Internet Shop and partners of the Internet Shop and the sales form.
  • Cookies may be used by the Google network to display advertisements tailored to the way the Customer/User uses the Online Shop and the sales form. For this purpose, they may retain information about the user’s navigation path or the length of time they have stayed on a particular page: https://policies.google.com/technologies/partner-sites.
  • We recommend that the Customer/User reads the privacy policies of these companies to understand the use of cookies used in statistics: Google Analytics Privacy Policy.
  • With regard to information about the Customer/User’s preferences collected by the Google advertising network, the Customer/User can view and edit information resulting from cookies using the tool: https://www.google.com/ads/preferences/.
  • There are plug-ins on the website of the Online Store and the sales form that may transmit Customer/User data to Administrators such as: Google Maps, PayPal, Google reCAPTCHA, IdoAccounts, IdoSell, IAI S.A., Google.
  • In order to properly execute the Distance Sales Agreement, the Data Administrator may share the Customers/Users’ data with courier companies. The currently available delivery methods in the Online Store are available pd at: https://bikehero.pl/pl/delivery.html.
  • In order to properly perform the Distance Selling Agreement, the Administrator may share Customers’/Users’ data with online payment systems. The currently available payment methods in the form of prepayments in the Online Store are available at: https://bikehero.pl/pl/payments.html.
  • For more information on terms and privacy, please also visit Google’s Privacy and Terms page.

11. Newsletter

  • The Customer may agree to receive commercial information by e-mail, by selecting the appropriate option in the registration form or later in the appropriate tab. If such consent is given, the Client/User will receive information (Newsletter) of the Online Store and the sales form, as well as other commercial information sent by the Seller to the email address provided by the Client.
  • The Customer may unsubscribe from the Newsletter at any time on his/her own, by unchecking the appropriate box on the page of his/her Account or by going to the form https://bikehero.pl/pl/newsletter.html, clicking the appropriate link located in the content of each Newsletter or through the Customer Service.

12. Account

The Vendor has the right to terminate the contract for the provision of services concerning the Account in the event of discontinuation of the provision or transfer of the service of the Online Store and the sales form to a third party, violation of the law or the provisions of the Terms and Conditions by the Client/User, as well as in the event of inactivity of the Client/User for a period of 6 months. Termination of the contract is subject to a seven-day notice period. The Seller may stipulate that re-registration of the Account will require the permission of the Seller.

The Customer/User may not place in the Online Store or provide to the Seller content, including opinions and other data of an unlawful nature.

The Customer/User gains access to the Account after registration.

As part of the registration, the Customer / User provides the type of account or gender, first name, last name, company name, Tax Identification Number, data for issuing a sales document, shipping data, e-mail address and selects a password. Customer / User assures that the data provided by him / her in the registration form, are true. Registration requires a thorough reading of the Terms and Conditions and indicating on the registration form that the Customer/User has read the Terms and Conditions and fully accepts all of its provisions.

At the moment of granting the Customer/User access to the Account between the Seller and the Customer, an agreement for the provision of electronic services concerning the Account is concluded for an indefinite period of time. The Consumer may withdraw from this agreement under the terms of the Regulations.

Registration of the Account on one of the pages of the Online Store and the sales form means at the same time registration allowing access to the other pages under which the Online Store is available.

The Customer/User may terminate the contract for the provision of services by electronic means at any time with immediate effect by notifying the Seller by e-mail or in writing to the address of the Data Controller as specified in Section 1, item 2 of this Privacy and Cookies Policy.