Privacy Policy
Last updated: April 2025
Data Controller
bikegraz.at Michael Fraß Wiener Straße 10a 8020 Graz, Austria Email: info@bikegraz.at
Hosting
This website is hosted on servers operated by Uberspace (uberspace.de) in Germany. When you visit our pages, your browser automatically transmits connection data (IP address, date, time, page requested, browser type) as server log files, which are stored for a maximum of 7 days. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the security and operation of the website).
Cookies & Sessions
We use only technically necessary session cookies, which are deleted when you close your browser. These cookies are required for the operation of the website (e.g. login status). No tracking or advertising cookies are used.
Web Analytics (Matomo)
We use Matomo (formerly Piwik), a self-hosted open-source analytics platform, to statistically evaluate user behaviour on our website. Matomo runs on our own server; no data leaves this server or is shared with third parties. Matomo is configured to set no cookies (cookieless tracking). Instead, an anonymised fingerprint is derived from the IP address and browser information; this fingerprint cannot be traced back to individual persons. IP addresses are fully anonymised before processing. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in improving our service). As no cookies are set and all data remains exclusively on our server, no separate consent is required.
User Accounts
You can create an account to use community features (RideAlong, photo uploads) or to access the business partner dashboard. We collect your name, email address, and password (stored in encrypted form). Your display name is visible to other registered users in the context of RideAlong (as an organiser or participant of a ride). The legal basis is Art. 6(1)(b) GDPR (performance of a contract) and Art. 6(1)(a) GDPR (consent) for community features.
RideAlong (Group Rides)
RideAlong allows registered users to organise and join group cycling rides. The following data is processed: • When creating a ride: title, description, meeting point (text), date/time, difficulty, maximum participants, and visibility (public, community, or private). • The organiser's display name is shown publicly on the ride detail page (for public and community rides). • For private rides, a random invite token is generated. Anyone with the invite link can view the ride without logging in; however, participation requires an account. • Confirmed participants are listed by their display name on the detail page. Ride data is retained until you delete your account or the organiser removes the ride. The legal basis is Art. 6(1)(a) GDPR (consent given by actively using the feature).
Business Directory (Graz Bike Guide)
The Graz Bike Guide lists cycling-relevant businesses (bike shops, repair workshops, cafés, hotels, etc.) using publicly accessible information: name, address, contact details, opening hours, and description. This data is sourced exclusively from publicly available sources (the business's own website, Google Maps, trade directories). No non-public data is collected. The legal basis is Art. 6(1)(f) GDPR (legitimate interest of cyclists in finding local services, and the legitimate interest of businesses in being discoverable). Businesses may request the deletion or correction of their listing at any time by emailing info@bikegraz.at — we will action this within 7 working days.
Newsletter
When you subscribe to our newsletter, we store your email address and preferred language. Each newsletter contains a personalised unsubscribe link. You can cancel your subscription at any time with a single click; your email address will then be blocked from future mailings. The legal basis is your explicit consent (Art. 6(1)(a) GDPR).
Community Moments (Photo Uploads)
When you upload a photo as part of Community Moments, the image is stored on our server and displayed publicly. Please do not upload images that show identifiable people without their consent. Uploaded images can be deleted upon request at info@bikegraz.at. The legal basis is Art. 6(1)(a) GDPR (consent given by the act of uploading).
Map Integration (Leaflet, OpenStreetMap, CARTO)
For the interactive maps on this website, we use the open-source library Leaflet and map tiles from OpenStreetMap (© OpenStreetMap contributors) and CARTO. When loading maps, your IP address is transmitted to the servers of CARTO (United States) and OpenStreetMap. We have no influence over the privacy practices of these third-party providers. Further information: carto.com/privacy and openstreetmap.org/privacy. Legal basis: Art. 6(1)(f) GDPR.
Payment Processing (Stripe)
For paid premium partnerships, we use the payment service provider Stripe (Stripe, Inc., USA). Payment data (credit card numbers etc.) is processed exclusively by Stripe and is not stored on our servers. Stripe is certified under the EU-US Data Privacy Framework. Further information: stripe.com/privacy.
Strava Event Import
Publicly available event data from Strava (Strava, Inc., USA) is imported via the Strava API. No personal user data is transmitted or stored in this process.
AI Services (Gemini, DALL-E, DeepL)
To automatically create blog content, we use Google Gemini (Google LLC, USA) for text generation and analysis, and DALL-E 3 (OpenAI, USA) for cover image creation. Translations are performed using DeepL (DeepL SE, Germany). Only editorial content (topics, text snippets from public websites) is transmitted to these services — no personal user data. Legal basis: Art. 6(1)(f) GDPR.
Social Media Publishing (Bluesky)
Editorial content (news, tours) may optionally be published on the official bikegraz.at profile on Bluesky (Bluesky Social, PBC, USA). The title, teaser text, a link to the post, and optionally a preview image are transmitted to the Bluesky AT Protocol API. The bikegraz.at account credentials are stored server-side only and are never shared with end users. No personal user data is transmitted to Bluesky. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in public communication). Further information: bsky.social/about/support/privacy-policy.
Your Rights (GDPR)
You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21). Where processing is based on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out prior to withdrawal. Please direct requests to: info@bikegraz.at
Right to Lodge a Complaint
You have the right to lodge a complaint with the competent supervisory authority: Austrian Data Protection Authority (Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna, dsb.gv.at