Privacy Policy

A. General Information

  1. This Privacy Policy applies to personal data within the meaning of the General Data Protection Regulation (GDPR) of the EU as well as for personal data within the meaning of Swiss data protection law such as, in particular, the Federal Data Protection Act (FADP) (hereinafter collectively “personal data”), which is processed through one of the following brands: SCOTT, Bergamont, Bold, Syncros, Avanti, Dolomite, Lizard, Bach, Malvern Star, Solo and Powderhorn.

  2. The data controller of personal data processed in relation to one of the above-mentioned brands is always SCOTT Sports SA, located at Route du Crochet 11, CH — 1762 Givisiez, Switzerland (hereafter also referred to as the “data controller”, “we” or “us”).

  3. The representative of the data controller in the European Union according to article 27 GDPR is Bergamont Fahrrad Vertrieb GmbH, located at Budapester Strasse 45, 20359 Hamburg, Germany.

  4. The data controller has designated a data protection officer according to article 37 GDPR who can be contacted at gdpr@scott-sports.com.


B. Basic Principles of Data Processing

  1. We process personal data in accordance with applicable data protection laws and regulations (in particular the GDPR and the FADP). This means that personal data is processed only when there is a legal basis for processing it. Where the GDPR applies, the processing is carried out in accordance with at least one legal basis listed in article 6 paragraph 1 letter a-f GDPR.

  2. Where we have your consent, we may use personal data that has been collected by cookies, including to send marketing communications such as our newsletter to you (as applicable, depending on the consent you have provided). You may withdraw your consent at any time, however, this will not affect the lawfulness of any data processing carried out before your consent was withdrawn.

  3. We are entitled to provide information on the personal data we process and to provide access to that personal data to law enforcement or emergency response agencies in accordance with applicable law, and to process data, where necessary, in order to comply with our legal obligations.

  4. When contacting us (for example, via a contact form or email), the data can be stored for the purposes of processing the inquiry and in the event that questions arise (art. 6 para. 1 let. b and/or f GDPR). In any case, inquiries are first processed at our head office in Switzerland.

  5. Further details about the purposes for which we process your data, how we process your data and who your data is disclosed to are set out below.


C. Collection of Online Access Data (log files)

  1. We may automatically collect information when you access our websites. We collect data on requests for access to the server on which our website is hosted (server log files). The access data includes the name of the retrieved web page file, date and time of retrieval, transmitted data volume, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the site used prior to this visit), IP address and the requesting provider.

  2. We will usually process the log data on an anonymous basis, without reference to other information identifying the relevant user or any other creation of a profile, and only for statistical evaluations for the purposes of the operation, security and optimization of our website. However, we reserve the right to check the log data at a later date and to use this data with other information that may identify a user if we have reasonable reasons to suspect unlawful use or activity.

  3. Legal basis: art. 6 para. 1 let. a and/or f GDPR.


D. Enquiry by e-mail, telephone or fax

  1. If you contact us by e-mail, telephone or fax, your enquiry including all personal data resulting from it (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

  2. The processing of this data is based on art. 6 para. 1 let. b GDPR if your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (art. 6 para. 1 let. f GDPR) or on your consent (art. 6 para. 1 let. a GDPR) if this has been requested; the consent can be revoked at any time.


E. Newsletters

  1. We send newsletters, emails and other electronic notifications with promotional information, which we will collectively refer to as “newsletters”, only with the consent of the recipient (art. 6 para. 1 let. a GDPR). If you subscribe to our newsletters, you agree to receive the newsletters.

  2. In addition, we may ask if you would like to receive emails from our local retailers (for example, with information about the sporting goods market, their offers and brands).

  3. We keep a record of subscriptions to our newsletters in order to demonstrate that the registration process is in accordance with legal requirements. This includes the storage of the login and confirmation time as well as the IP address.

  4. Newsletters are sent by Maropost and/or Emarsys, Maropost is a marketing platform provided by Maropost Inc., 180 University Ste 5002, Toronto, Ontario M5H0A2, Canada. Emarsys is provided by Emarsys eMarketing Systems GmbH, Lassallestrasse 7b, 1020 Vienna, Austria.

  5. The email addresses of our newsletter recipients, as well as their other data described in point 8 and 9 of this section, are stored on Maropost's and/or Emarsys's servers in Canada respectively Austria. Maropost and/or Emarsys use this information to send and evaluate the newsletters on our behalf. In addition, Maropost and/or Emarsys may use this information to optimize or improve their own services, for example, for the technical optimization of the dispatch and presentation of newsletters, for financial purposes, or in order to determine the recipients' countries of residence. However, Maropost and/or Emarsys do not use the data of our newsletter recipients to write to them, and they do not forward the data to third parties.

  6. We trust the reliability and the IT and data security of Maropost, and we have concluded a data processing agreement with the platform. You can view Maropost's privacy policy here: http://www.maropost.com/privacy-policy/.

  7. We consider the IT and data security of Emarsys as lawful, and we have concluded a data processing agreement with the platform. You can view Emarsys's privacy policy here: https://emarsys.com/privacy-policy/.

  8. To subscribe to newsletters, all you have to do is provide us with your email address. You could also be asked for further information such as your first and last name, your date of birth and your gender. The disclosure of this data is optional. In addition, we automatically collect information regarding which country version and language is being used. This information is merely for the personalization of the newsletters. In order to send you targeted offers, we may divide the e-mail address into existing or future groups of persons. We use and create this information to adapt the content of newsletters to our readers' interests.

  9. Statistical surveys and analysis: The newsletters contain a “web beacon”, which is a pixel- sized file that is retrieved from the Maropost respectively Emarsys server when the newsletter is opened. As part of this retrieval, technical information is collected, for example concerning the browser and your system as well as your IP address and the time of retrieval. This information is collected for the improvement of the service, based on technical data or the target groups, their reading behavior, retrieval locations (which can be determined using the IP address) and access times.

  10. Statistical surveys also determine whether newsletters are opened, when they are opened, and which links are clicked. This information can be assigned to individual newsletter recipients for technical reasons. However, neither we nor Maropost and/or Emarsys are attempting to observe individual users. The evaluation helps us identify the reading habits of our users and adapt our content to them or send different content according to their interests.

  11. There are instances where we direct newsletter recipients to the Maropost respectively Emarsys website. For example, our newsletter contains a link that enables the newsletter recipients to access newsletters online (in the event of display problems with the email program). In addition, newsletter recipients may subsequently modify their data, such as their email address, on the Maropost respectively Emarsys website and if a user wish to view Maropost's (see point 6) respectively Emarsys's privacy policy (see point 7), they are also available on their website.

  12. In this context, please note that Maropost's website uses cookies, meaning that if you visit a Maropost website your personal data may be processed by Maropost, its partners and service providers (such as Google Analytics). We have no influence on this data collection. Please refer to Maropost's privacy policy for further information.

  13. Unsubscribing from the newsletter: If you wish to receive the newsletter, you are required to give your consent for all the data processing set out in points 8, 9 and 10 of this section. However, you may unsubscribe from our newsletter at any time, meaning you may revoke your consent. In this case, your consent to receiving the newsletter, having your data sent via Maropost respectively Emarsys and the statistical analyses, all simultaneously expire.


F. Cookies and Reach Measurement What are Cookies?

Our websites use cookies. A cookie is a small text file stored on your device when you are visiting websites. We use cookies mainly to analyze and improve your experience on our websites and for marketing purposes. We use the term “cookies” here for techniques such as cookies, flash cookies, social media plugins, pixel tags and web beacons. Cookies set by us are called “first-party cookies”. Cookies set by parties other than us are called “third-party cookies”. Third-party cookies enable third-party features or functionality to be provided on or through the website (e.g., personalized advertising and analytics). You can decide for yourself whether and which cookies you would like to accept.


What Kind of Cookies Do We Use?

There are different cookies for different purposes. Information collected by these cookies may include the following (depending on the cookie in question): device type, unique browser identifier, IP address, unique cookie identifier, browser type, language, country, operating system, system settings, information about your interaction with our sites such as purchases, indicated preferences and click behavior. We do not control the functioning of cookies from third parties. The respective third parties are responsible for such cookies as well as for their own data processing.


Strictly Necessary Cookies

These cookies enable services you have specifically asked for. They are essential to enable you to move around the website and use its features, such as accessing secure areas. Without using these cookies, services you have asked for, such as shopping baskets or e-billing, cannot be provided.


Analytical or Performance Cookies

These cookies collect anonymous information on the pages that you have visited. They collect information about how visitors use a website, for instance, which pages visitors go to most often, how they move around our website and if they get error messages from webpages. These cookies do not collect data that personally identifies any user. They help us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Functionality Cookies

These cookies remember choices you make to improve your experience. They are used to recognize you when you return to our website. They allow the website to remember choices you make (e.g., username, language or the region you are in) and provide enhanced, more personal features such as greeting you by name. They can also be used to remember changes you have made to text size, fonts and other parts of our website that you can customize as well as to provide services you have asked us for, such as watching a video or commenting on a blog. The information these cookies collect may be anonymized and they cannot track your browsing activity on other websites.


Targeting or Advertising Cookies

These cookies collect information about your browsing habits in order to make advertising relevant to you and your interests. They record your visit to our website, the pages you have visited and the links you have followed. They are used to deliver adverts that are more relevant to you and your interests. These cookies are also placed by third parties (including advertising networks) with our permission. The cookies remember which pages of our website you have visited, and this information is shared with other organizations such as advertisers. It may be used to deliver adverts to you on third-party websites or applications based on your online activity.


The third-party advertising cookies and services we use include Google Ads, Facebook Ads, Bing Ads, Yahoo! Ads and Instagram Ads.


Furthermore, you can get more information about cookies at http://www.allaboutcookies.org/ and https://www.networkadvertising.org/understanding- online-advertising/what-are-my-options.


G. Tools

    i) Google Analytics

    1. To collect “clickstream” data (such as IP address, date and time of the visit, reference URL, the pages visited on our website, and information about the browser being used) we use Google Analytics, a web analysis service from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Ltd relies on Google LLC (based in the USA) as an order processor (both “Google”). Google uses cookies that are stored on users' devices and that allow an analysis of the use of the website. The information generated by the cookie is generally transferred to a Google server in the USA and stored there.

    2. Google uses this information on our behalf to evaluate the use of the website by users in order to compile reports on the activities within the website, and to provide additional services related to the use of the website as well as Internet usage. Pseudonymous usage profiles of the users can therefore be created from the processed data.

    3. We only use Google Analytics with IP anonymization enabled. This means that the IP addresses of the users will be abbreviated by Google within the member states of the European Union or in other contracting states of the European Economic Area and thus cannot be traced. Only in exceptional cases will the full IP address be transferred to a Google server in the US and abbreviated there.

    4. Although we can assume that the information we share with Google is not personal data for Google, it is possible that Google can draw conclusions about the identity of visitors from this data for its own purposes, create personal profiles and link this data to the Google accounts of these individuals. Users can prevent the storage of cookies by setting their browser software accordingly; users may also block the collection of data generated by the cookie and related to their use of the website for Google, as well as the processing of such data by Google, by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.

    5. For further information on Google's use of the data for advertising purposes, as well as settings and opportunities to raise objections, please refer to the following webpages: https://www.google.com/intl/en/policies/privacy/partners/ (“How Google uses data when you use our partners' sites or apps”), https://policies.google.com/technologies/ads?hl=en (“Data usage for advertising purposes”), https://adssettings.google.com/anonymous?hl=en (“Control the information Google uses to show you ads”) and https://adssettings.google.com/anonymous?hl=en (“Make the ads you see more useful to you”).

    6. Legal basis: Art. 6 para. 1. let. a GDPR.


    ii) Google Signals

    1. As an extension to Google Analytics, Google Signals may be used on this website to allow cross-device reporting. If you have enabled personalized ads and linked your devices to your Google account, Google may analyze your usage behavior across devices and create database models, subject to your consent to use Google Analytics. We do not receive any personal data from Google, only statistics. Visitor data may include end user location, search history, YouTube history and data from Google partner websites. It is used to provide aggregated and anonymized statistics on visitor behavior across devices. You can access and delete this data collected by Google via Google's “my activities” page. If you want to stop the cross-device analysis, you can deactivate the “personalized advertising” function in the settings of your Google account.

    2. Further, we share data from users logged in on Google to improve Google's products and services. This also provides us with anonymized and aggregated reports on performance by demographic characteristics and interests.

    3. Legal basis: Art. 6 para. 1. let. a GDPR.

    iii) Radlabor

    1. Our website uses Smartfit Online Sizing Widget, a tool from Radlabor GmbH, Heinrich- von-Stephan-Strasse 5c, 79100 Freiburg, Germany.

    2. Radlabor is offered for the purpose of online sizing advice for bicycles. In order to receive a size consultation, the gender and height must be specified in each case. The leg and arm length are optional. A specific size recommendation is given through the use of algorithms. The personal data is collected by Radlabor in anonymous form and processed only for the purpose of calculating the bicycle size that is individually suitable for the customer. A so-called “session cookie” is used for this purpose. Cookies are considered necessary for technical reasons, as the online size consultation cannot be used meaningfully without the use of cookies. You can prevent the storage of the session cookie by configuring your browser accordingly.

    3. Further details can be found in the Radlabor data protection declaration: https://www.radlabor.de/datenschutz.

    4. Legal basis: Art. 6 para. 1. let. a and/or f GDPR.


    iv) Hotjar

    1. Our website uses Hotjar, a tool provided by Hotjar Ltd., St Julian's Business Centre, St Julian's, STJ 3155 Malta. Hotjar is a tool that helps track the behavior of users on our website.

    2. Hotjar is a technology service that helps us better understand our visitors' experiences (e.g., how much time is spent on which page, which links are clicked, etc.). It helps us build and maintain our service based on visitor feedback. Hotjar uses cookies and other technologies to collect data about the behavior of our visitors and their devices. This includes, but is not limited to, a device's IP address (which is processed during your session and stored in anonymized form), device screen size, device type, browser information, geographical location (country of residence) and the preferred language in which our website is displayed. Hotjar stores this information on our behalf in a pseudonymized visitor profile. Hotjar is contractually prohibited from selling the data collected on our behalf.

    3. For more details, please see the 'About Hotjar' section on Hotjar's support page and Hotjar's privacy policy: https://www.hotjar.com/legal/policies/privacy/.

    4. Legal basis: Art. 6 para. 1. let. a and/or f GDPR.


    v) Reddit

    1. For the purpose of customized design and continuous optimization of our website, we use Reddit Ads and Reddit Conversion Tracking (Pixel), a marketing service of Reddit Ireland Limited, 70 Sir John Rogerson's Quay, Grand Canal Dock, Dublin 2, Ireland and Reddit Inc., 548 Market St., 16093, San Francisco, California, 94104, USA respectively. Further we also use the “visitor action pixel” (Reddit Conversion Tracking) of the Reddit platform within our website.

    2. We use Reddit Conversion Tracking for marketing and optimization purposes, in particular to analyze the use of our website and to improve individual functions and offers as well as the user experience (Art. 6 para. 1 let. a and/or f GDPR). The statistical evaluation of your website actions (such as adding to the shopping basket, searches, purchases, etc.) and other activities on our website is intended to improve our offer and make it more interesting for visitors.

    3. You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. You can also prevent the collection of the aforementioned information by Reddit by adjusting the corresponding settings on the Reddit website.

    4. For more information on the use of cookies by Reddit Ads, please visit: https://www.reddit.com/policies/cookies/.


    vi) Social Plugins

    1. On our website, functions of the services of Meta, specifically Facebook and Instagram, are integrated (“Social Plug-ins”), both operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The social plugins are e.g., recognizable by the Facebook logo (white “f” on a blue tile, the terms “like” or “thumbs up”) or marked in the form of the Instagram logo (Instagram camera).

    2. We have configured these elements so that they are deactivated by default. If you activate them (by clicking on them), the operators of the respective social networks can register that and where you are on our website and can use this information for their purposes. The processing of your personal data is then the responsibility of this operator according to its data protection regulations. We do not receive any information about you from them.

    3. If a user activates the Social Plug-ins and calls up a function of the website that contains such a plug-in, his/her device establishes a direct connection to Facebook/Instagram's servers. The content of the Social Plug-ins is transmitted directly from Facebook/Instagram to the user's device and integrated into the website. We thus have no influence on the extent of the data that is collected by Facebook/Instagram with the help of this Social Plug-ins.

    4. Through the integration of the Social Plug-ins, Facebook/Instagram receives the information that a user has accessed our website. If the user is logged in to Facebook/Instagram, Facebook/Instagram can assign the visit to his/her Facebook/Instagram account. If users interact with the plug-ins, for example, by pressing the button with a corresponding logo, by commenting on a post, “liking”, sharing or saving a comment, the corresponding information is sent directly to Facebook/Instagram and stored there. If you do not have a Facebook/Instagram account, it is still possible that Facebook/Instagram can find and save your IP address.

    5. The purpose and scope of the data collection and the further processing and use of the data by Facebook/Instagram, as well as the rights and settings for user privacy protection, can be found in the Meta privacy notice: https://en-gb.facebook.com/privacy/policy respectively https://privacycenter.instagram.com/policy/.

    6. If you are not a Facebook/Instagram member and you do not want Facebook/Instagram to collect data about you through this website, nor to link to your member data stored on Facebook/Instagram, you must log out of Facebook/Instagram before using our website and delete your cookies. Further settings on and objections to the use of data for advertising purposes are possible within Facebook/Instagram's profile settings: https://www.facebook.com/privacy/policy/?link_dialog=PLATFORM_SETTINGS or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are independent of the platform, i.e., they are used for all devices, such as computers and mobile devices.

    7. There is no EU Commission adequacy decision for data transfers to the USA. Facebook ensures an adequate level of data protection via the EU standard contractual clauses. You can access a copy of the contractual clauses here: https://www.facebook.com/legal/EU_data_transfer_addendum.

    8. Legal basis: Art. 6 para. 1. let. a and/or f GDPR.


    vii) Facebook Custom Audiences / Facebook Pixel

    1. Within our website, we use Facebook Custom Audiences as well as “Facebook pixel” of the social network Facebook, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland respectively Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA („Facebook“).

    2. Facebook Custom Audiences enables Facebook to determine the visitors to our website as a target group for the display of ads, referred to as Facebook ads. These target groups can be created by Facebook Pixel, follower(s) on social media channels or based on other data. Accordingly, we use Facebook Custom Audiences only to display Facebook ads. This means that Facebook Custom Audiences enables us to ensure that our Facebook ads match the users' potential interests and do not bother them. Moreover, the Facebook Pixel allow us to determine the effectiveness of the Facebook ads for statistical and marketing purposes, so we are able to see whether users were forwarded to our website after clicking at a Facebook ad. Furthermore, Facebook Pixel helps us to create similar target groups through the information collected, so that we can also place relevant ads for potential customers.

    3. The Facebook Pixel is integrated directly by Facebook when our websites are called up and stores a cookie on your device. If you log in to Facebook and visit our website the visit to our website is marked in your profile. The data collected about you is anonymized, so it does not provide us with any indications about the identity of the users. However, this data is stored and processed by Facebook, thereby enabling a connection to the respective user profile. The data processing by Facebook is implemented within the framework of Facebook's data usage guidelines. For more information about how the Facebook Pixel works, as well as general information on the display of Facebook ads, see the privacy policy from Facebook: https://en-gb.facebook.com/privacy/policy.

    4. Legal basis: Art. 6 para. 1. let. b GDPR.


    viii) TikTok Pixel

    1. We use TikTok Pixel on our website, a tool provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (collectively “TikTok”).

    2. If you have accepted the TikTok Pixel, TikTok Pixel may track your behavior on our website and create a connection to your TikTok account. TikTok makes it possible to target advertising on TikTok to potential customers according to their interests. These audiences may be created through TikTok pixels, follower(s) on social media channels or based on other data. To do this, TikTok Pixel collects data such as user interactions, e.g., pages visited, actions taken, IP addresses and device information, through a pixel file on our website. TikTok Pixel uses this information to target advertising to specific groups of people and to analyze and, if necessary, improve its effectiveness.

    3. If you do not want your data to be collected by TikTok Pixel, you can disable it by adjusting your browser's cookie settings or TikTok's settings.

    4. For more information, see TikTok's privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en.

    5. Legal basis: Art. 6 para. 1. let. a GDPR.


    ix) YouTube

    1. Some of our websites integrate videos that can be played via YouTube. As soon as you play a video, data is transmitted. We have no influence on this data transmission. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube is a subsidiary of Google.

    2. Within the framework of this technical procedure, YouTube and Google receive information about which specific sub-page of our website is visited by you. If you are logged in to YouTube at the same time, YouTube recognizes which specific sub-page of our website you are visiting when you call up a sub-page that contains a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account.

    3. YouTube and Google always receive information via the YouTube component that you have visited our website if you are logged in to YouTube at the same time as calling up our website; this takes place regardless of whether a YouTube video is clicked on or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent it from being transmitted by logging out of your YouTube account before accessing our website.

    4. For further details, please refer to YouTube's privacy policy: https://policies.google.com/privacy?hl=en-UK.

    5. Legal basis: Art. 6 para. 1. let. a and/or f GDPR.

H. Online Customers

  1. Where you place an order for products online or make an inquiry with us, data processing is necessary for the performance of that contract or to conclude pre-contractual measures at your request.

  2. We pass on users' personal data to third parties if this is necessary for billing purposes (for example, to a payment service provider) or for other purposes necessary to meet our contractual obligations to our customers. This includes the transmission of customer data contained in orders to the local retailer selected by the customer, to assist in the fulfilment of an order, and to our group companies, including SCOTT Sports SA, for the purpose of providing customer support and order fulfilment.

  3. Some users may use Klarna's payment services. In order to be able to offer you Klarna's payment options, we will pass certain personal information to Klarna, such as contact and order details, in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you. Your personal data is handled in accordance with applicable data protection law and in accordance with Klarna's privacy policy: https://www.klarna.com/international/privacy-policy/.

  4. Legal basis: Art. 6 para. 1. let. a GDPR.


I. Online Sweepstakes

  1. If you take part in online sweepstakes, we may use ViralSweep, a service provided by ViralSweep LLC, 799 Peck Lane, Cheshire, CT 06410, USA. It is part of AppHub LLC, which is based in the USA. Data you enter to take part in the sweepstake can be forwarded to ViralSweep. Further information on how ViralSweep processes personal data can be found in their privacy policy: https://www.apphub.com/privacy-policy.

  2. Legal basis: Art. 6 para. 1. let. a GDPR.


J. Test Bikes

  1. We provide a link on our website that allows the connection to the website of an authorized dealer who offers the possibility to test bikes.

  2. The test bike rental contract shall be an agreement between the customer and the bike dealer. The bike dealers set their own data protection measures.


K. Job Applications

  1. If you send us a job application, we regard this as your consent to process the personal data therein. The processing of your applicant data is therefore done with your consent (Art. 6 para. 1. let. a and b GDPR). Based on your applicant data, we will check your suitability for the advertised position. If you apply via our website, your entries will be processed in a processing program of SAP Deutschland SE & Co. KG, Hasso-Plattner-Ring 7, 69190 Walldorf, Germany (hereinafter “Processor”). The Processor has no influence on the application process. This is a commissioned processing pursuant to Art. 28 GDPR. The Processor is obliged by detailed contractual guarantees to ensure the protection of personal data with technical and organizational measures.

  2. In the event of rejection, applicant data will be deleted no later than four months after the date of rejection. You are entitled to request the deletion of your data in advance. You also have the right to correct or restrict your applicant data, the right to data transfer and the right to object to the processing of your data. In the event of an objection, the processing carried out up to that point remains lawful.

  3. If you are awarded the contract for a position and an employment relationship is established, your applicant data will be transferred to a personnel file (art. 6 para. 1. let. b GDPR). You will then receive additional information on the processing of your data within the framework of the employment contract.

  4. We would like to point out that no automated decision-making takes place in our application process. You are also not obliged to provide us with personal data. However, incomplete application documents may prevent us from concluding an employment contract with you.

  5. As a matter of principle, we only pass on your applicant data to companies affiliated with us, in particular, to the company which has a vacant position. Within our group of companies, only persons who are part of the application process (in particular, employees of the relevant Human Resources departments and possible future superiors) have access to your applicant data. Irrespective of which company has a job vacancy to fill, your application data will always be received by SCOTT Sports SA in Switzerland first. Your application data will then be forwarded to the company that has the vacancy to fill.


L. Events

  1. We process personal data of event participants in accordance with applicable data protection laws and regulations. This means that the personal data of event participants is processed only when there is a lawful basis for processing it.

  2. When you register for an event via the website, data processing is necessary for the performance of that registration. Registration for events created by us is done individually through the GTS platform. The GTS platform simplifies the workflow, ensuring greater accuracy and contributing to improved operational control. It processes personal data in the context of event organization. For example, personal data may be stored to improve the customer experience (e.g., to recognize participants at subsequent events).

  3. Event participants agree that at the event photos are taken and published, particularly on social media, in print media and newsletters. Names will not be indicated at any time. Participants are not entitled to receive any payment for publication. You may withdraw your consent at any time, however, this will not affect the lawfulness of any data processing carried out before your consent was withdrawn (see also Q. Data Subject Rights). For any queries, you may contact us at gdpr@scott-sports.com.

  4. Legal basis: Art. 6 para. 1. let. a GDPR.


M. Product Liability

  1. In the event that our products are involved in accidents or lead to damages or personal injury, we may process personal data from end-users in order to meet obligations relating to such cases. We process such data to resolve product liability claims, to determine the cause of potential product defects and, if necessary, to determine compensation for damages or personal injury.

  2. In product liability cases, we may pass on end-users' personal data to third parties, in particular to insurance companies, suppliers and lawyers. This is done if it is necessary to determine the cause of a defect or to process a compensation claim or if it appears necessary for other purposes to fulfil our obligations towards the end user.


N. Profiling and automated decision making

  1. We process your personal data partly automatically with the aim of evaluating certain personal aspects (profiling). We use profiling in particular to be able to inform and advise you about products in a targeted manner. In doing so, we use evaluation tools that enable us to provide need-based communication and advertising, including market and opinion research.

  2. We do not use fully automated decision-making (as regulated in Art. 22 GDPR or Art. 21 FADP) for the establishment and implementation of the business relationship or otherwise. Should we use such procedures in individual cases, we will inform you if required by law and inform you of the associated rights.


O. Data Transfer within the SCOTT Group

  1. If required, we transfer personal data to companies affiliated to SCOTT Sports SA. This transfer may take place, in particular, if the processing is carried out by several enterprises within the Group. Our group of companies consists of several individual companies in different countries worldwide. Should data be transferred to countries without adequate data protection, lawful data processing is guaranteed, inter alia, through data processing agreements.

  2. Personal data may also be transferred to third parties outside the organization if, and to the extent necessary, a data processing contract is in place. This may be the case, for example, with service providers (SAP, Microsoft), suppliers, distributors, domestic and foreign authorities, parties to potential or actual legal proceedings and others.

  3. If personal data is exceptionally transferred to a company located in a country without adequate legal data protection, the company is contractually obliged to comply with the applicable data protection. This obligation does not apply if the company is subject to a legally recognized set of rules to ensure data protection or if an exception exists. An exception may exist, for example, through your consent, in the case of legal proceedings abroad or in the case of data made generally accessible, the processing of which you have not objected to.


P. Data Security

We put in place organizational, contractual and technical security measures that correspond to the latest technology, in order to ensure compliance with applicable data protection laws, and to ensure that the data processed by us is protected against accidental or intentional manipulation, loss, destruction or unauthorized access.


Q. Data Subject Rights

  1. Upon request at gdpr@scott-sports.com, you are entitled to receive information about your personal data that we process. In such cases, we may ask you to provide us with detailed information regarding possible circumstances that have led to the processing of your data by us.

  2. You also have the right to demand rectification of inaccurate data held about you, request the deletion of your personal data, assert your rights to the portability of your personal data, restrict or object to the processing of your data, and file a complaint with the relevant supervisory authority (http://www.edoeb.admin.ch) in the event of suspected unlawful data processing.

  3. You may, at any time, withdraw any consent to data processing that you have provided, however, this will not affect the lawfulness of any data processing carried out before your consent was withdrawn.

  4. Please note that in order to exercise these rights, clear identification is required, and this may have to be proven, for example, by a copy of an ID card. The exercise of these rights may also conflict with contractual agreements, which may result for example in premature termination of the contract or cost consequences. We will inform you in advance if this is not already contractually regulated.


R. Retention of Data

In general, and unless otherwise described in this Privacy Policy, data stored with us is deleted as soon as it has served its purpose and/or to the extent that there are no contractual and/or statutory retention requirements. In the event of legal disputes or legitimate business interests (e.g., for evidence and documentation purposes), we reserve the right to store data for longer.


S. Changes to the Privacy Policy

We reserve the right to change the Privacy Policy in order to adapt it to changes to the law, the website or our data processing. However, this only applies to declarations concerning data processing. If user consent is required or if the Privacy Policy contains provisions setting out the contractual relationship with the user, the changes will only be made with the consent of the user.