Data protection declaration

Personal rights are important. Therefore, on this page you will find a statement of a privacy policy that governs how data is collected, used, disclosed, shared and stored when you use our website. Data protection is a serious issue and personal data should therefore be treated confidentially and in accordance with legal regulations. Since changes to this data protection declaration may be made due to new technologies and the constant development of the website, it is recommended that you read the data protection declaration again at regular intervals. The definitions of the terms used (e.g. “personal data” or “processing”) can be found in Art. 4 GDPR.

The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Fritz Geers, Altenauer Straße 35, 38678 Clausthal-Zellerfeld, Germany, contact email: info [a] The person responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

This website uses SSL or SSL encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible). TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser line.

Type of data processed

  • Inventory data (e.g. customer master data, such as names, addresses)
  • Contact details (e.g. email, telephone numbers)
  • Content data (e.g. text entries, photographs, videos)
  • Contract data (e.g. subject matter of the contract, term, customer category)
  • Payment data (e.g. bank details, payment history)
  • Usage data (e.g. websites visited, interest in content, access times)
  • Meta/communication data (e.g. device information, IP addresses)

Purpose of processing

Processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website, as well as to answer contact inquiries and communication with users, as a security measure and for measuring reach or for marketing. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

Relevant legal bases

In accordance with Art. 13 GDPR, the legal basis for data processing on this website is communicated. If the legal basis is not stated in the data protection declaration, the following applies: The legal basis for obtaining consent is Article 6 Paragraph 1 Letter a and Article 7 GDPR, the legal basis for processing to fulfill services and carry out contractual measures and answering inquiries is Art. 6 Para. 1 lit. b GDPR, the legal basis for processing to fulfill legal obligations is Art. 6 Para. 1 lit. c GDPR, and the legal basis for processing to protect legitimate interests is Art. 6 Paragraph 1 Letter f GDPR. In the event that the vital interests of a data subject or another natural person require the processing of personal data, Art. 6 Para. 1 lit. d GDPR serves as the legal basis.

Security measures

In accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probability of occurrence and The severity of the risk to the rights and freedoms of natural persons, appropriate technical and organizational measures taken to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transfer, securing availability and its separation. Furthermore, there is a procedure set up to ensure the exercise of the rights of those affected, the deletion of data and the response to threats to the data. Furthermore, the protection of personal data was taken into account during the development or selection of hardware, software and procedures in accordance with the principle of data protection through technology design and was made using data protection-friendly default settings (Art. 25 GDPR).

Collaboration with processors and third parties

If, as part of the processing, data is disclosed to other people and companies (contract processors or third parties), it is transmitted to them or they are otherwise granted access to the data, this only occurs consent has been given on the basis of legal permission (e.g. if a transfer of data to third parties, such as payment service providers, is necessary to fulfill the contract in accordance with Art. 6 Para. 1 lit. b GDPR), a legal obligation provides for this or on the basis of legitimate interests (e.g. when using agents, web hosts, etc.). If third parties are commissioned to process data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.

Transfers to third countries

If data is processed in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third-party services or disclosure, or transfer of data to third parties, this only occurs if it is done to fulfill the (pre-)contractual obligations, on the basis of consent, on the basis of a legal obligation or on the basis of a legitimate interest. Subject to legal or contractual permissions, the data will only be processed in a third country if the special requirements of Art. 44 ff. GDPR are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

Rights of data subjects

Users have the right to request confirmation as to whether the data in question is being processed and to receive information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR. Users have accordingly. Art. 16 GDPR gives you the right to request that the relevant data be completed or that incorrect data concerning you be corrected. In accordance with Art. 17 GDPR, users have the right to demand that the relevant data be deleted immediately, or alternatively they can request a restriction on the processing of the data in accordance with Art. 18 GDPR. Users have the right to receive the data they have provided in accordance with Art. 20 GDPR and to request that it be transmitted to other responsible parties.

Cancellation & Right to object

Users have the right to revoke consent given in accordance with Art. 7 Para. 3 GDPR with effect for the future. Users can object to the future processing of their data at any time in accordance with Art. 21 GDPR. The objection can be made in particular against processing for direct advertising purposes.


The websites offered sometimes use so-called cookies. Cookies do not cause any damage to the user's computer and do not contain any viruses. Cookies serve to make the offering more user-friendly, effective and secure. Cookies are small text files that are stored on the user's computer and stored in their browser. The cookies used on these pages are so-called “session cookies”. They are automatically deleted at the end of your website visit. No cookies are stored on the user's device.

Server log files

Web pages are hosted by a provider, so the files required to display the website are stored on the provider's servers. Based on a legitimate interest (see Art. 6 Para. 1 lit. f. GDPR), the provider collects data about access to the website and stores it as “server log files” on the website server. The following data is logged like this:

  • Visited websites te (name and URL)
  • Time at the time of access
  • Amount of data sent in bytes
  • Source/reference from which you came to the page (referrer URL)
  • Browser used
  • Operating system used
  • IP address used
  • Name of the access provider

The log files are immediately anonymized by the provider when they are collected. The data is collected for the proper performance of the contract (ensuring trouble-free page structure, comfortable use of the website, for system security and stability purposes and for administrative purposes) as well as for security reasons, e.g. B. to be able to clarify cases of abuse. If data has to be kept for evidentiary reasons, it is excluded from deletion until the incident has been finally clarified. Otherwise, the data will be retained for 21 days and then deleted. The basis for data processing is Art. 6 Para. 1 lit. f GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.

Shop system

Our websites use the Shopify Inc. (“Shopify”) platform. When you place an order on our store, you agree to the storage and processing of your personal data by Shopify. For this purpose, your personal data will be forwarded and processed to the Shopify data center in the United States. This storage and processing of data is carried out for the purposes of supporting and processing your orders, authenticating you, processing payments and improving Shopify's services. For more information about Shopify's terms of use and privacy, please visit


As part of the comment function (feedback) on this website, in addition to your comment, information about the time the comment was created and the commenter name you chose are saved and published on the website. Furthermore, your IP address is logged and stored. The IP address is stored for security reasons and in the event that the person concerned violates the rights of third parties or posts illegal content through a comment made. The storage of your IP address also serves to protect against machine comments. By submitting you agree to this. By submitting an entry, you expressly agree that the entry with your name, date and time will be publicly readable on the corresponding page of this website. If you would like to delete or correct a post, please contact us using the email address provided in the legal notice. The legal basis for storing your data is Article 6 Paragraph 1 Letters b and f GDPR. We reserve the right to delete comments if they are criticized by third parties as being illegal.

Newsletter & MTB routes

If users would like to receive the newsletter or the MTB routes offered on the website, they will be provided with an email address and information that allows them to be verified You are the owner of the email address provided and you must obtain a declaration of consent that you agree to receive a newsletter or offered MTB routes. No further data is collected or only collected on a voluntary basis. This data will only be used to send the requested information and will not be passed on to third parties. The data entered into the newsletter registration form is processed exclusively on the basis of the consent (Art. 6 Para. 1 lit. a GDPR) of the users. The consent given to the storage of the data, the e-mail address and their use to send the newsletter can be revoked at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. The data provided by users for the purpose of subscribing to the newsletter will be stored until they are unsubscribed from the newsletter and will be deleted after unsubscribing from the newsletter. Data stored for other purposes remains unaffected.

The website operator uses GetResponse to send newsletters. The provider is GetResponse Sp.z o.o., ul. ARKONSKA 6/A3, 80-387 GE DANSK, Poland. GetResponse is a service that, among other things, can be used to organize and analyze the sending of newsletters. The data entered by users for the purpose of subscribing to the newsletter is stored on GetResponse's servers. If the website operator sends newsletters using GetResponse, it can be determined whether a newsletter message was opened and which links, if any, were clicked. GetResponse also allows newsletter recipients to be divided into different categories (so-called tagging). The newsletter recipients can be divided, for example, according to gender, personal preferences or customer relationship. In this way, the newsletters can be better adapted to the respective target groups. Further information can be found on (external link). If users do not agree to the analysis by GetResponse, they must unsubscribe from the newsletter. For this purpose, a corresponding link is provided in every newsletter message. Data processing is based on your consent (Art. 6 Para. 1 lit. a GDPR). Users can revoke this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation. The data provided by users to the website operator for the purpose of subscribing to the newsletter will be stored until you unsubscribe from the newsletter and will be deleted from GetResponse's servers after you unsubscribe from the newsletter. Data stored for other purposes remains unaffected. Further information can be found in GetResponse's data protection regulations at: /email-marketing/legal/datenschutz.html (external link). The website operator has concluded a contract for data processing with GetResponse, in which GetResponse undertakes to protect customer data and not to pass it on to third parties.

Online presence in social media

The website operator maintains online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and to be able to inform them about services there. Please note that user data may be processed outside the European Union. This can result in risks for users because, for example, it could make it more difficult to enforce users' rights. With regard to US providers who are certified under the Privacy Shield, it should be noted that they thereby undertake to comply with EU data protection standards. Furthermore, user data is usually processed for market research and advertising purposes. For example, usage profiles can be created from the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and interests of the users are stored. Furthermore, data can also be stored in the usage profiles regardless of the devices used by the users (particularly if the users are members of the respective platforms and are logged in to them). The processing of users' personal data is based on the legitimate interests of the website operator in effectively informing users and communicating with users in accordance with Article 6 Paragraph 1 Letter f of the GDPR. If the users are asked by the respective platform providers for their consent to the data processing described above, the legal basis for the processing is Article 6 Paragraph 1 Letter a., Article 7 GDPR. For a detailed description of the respective processing and the objection options (opt-out), please refer to the information provided by the providers linked below. In the case of requests for information and the assertion of user rights, it should also be noted that these can most effectively be asserted with the providers. Only the providers have access to user data and can take appropriate measures and provide information directly. If users still need help, they can contact the website operator.

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), Facebook pages based on an agreement on joint processing of personal data - data protection declaration: (external link), opt-out: (external link) and (external link), Privacy Shield: (external link).

Google/ YouTube (Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA) – Data protection declaration: (external link) , Opt-Out: (external link), Privacy Shield : Active (external link).

Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy/Opt-Out: (external link).

Agreement when requesting mountain bike tours as a GPS file by email

The route files for mountain bike tours offered on these websites (hereinafter referred to as content) were created with the greatest possible care and to the best of our knowledge. However, the provider of this website assumes no responsibility for the topicality, completeness and accuracy of the content provided. The files offered for mountain bike tours are not advice or a replacement for the provider's guided mountain bike tours, but only tour suggestions. You use the content at your own risk. The provider excludes any claims, damages or other liability arising from the use of the content. Due to the constant changes in path conditions, path changes and the conditions in the overall structure of the path network, we cannot constantly check each individual content for accuracy. The software used is also in a testing phase and we assume no liability for any damage that may be caused by the use of our files and services. Users release the provider from all claims that third parties assert against the provider due to incorrect use of the information. Users also guarantee not to drive on areas that are not permitted to be entered. The provider reserves the right to change the content if necessary. In addition, the provider reserves the right to delete content if it is not in the provider's interest. It is forbidden to merge, publish, distribute and/or sell copies of the offered file with other files. Permission is only granted to use a copy of this file for navigation on an appropriate GPS-enabled device for private use only.

Status and update

This privacy policy is current as of February 3, 2024. We update the privacy policy from time to time. Please inform yourself about the current status of this data protection declaration.