Privacy policy

Dear visitor of our Website,

Dear Muto customer,


Firstly, we kindly thank you for the interest in our products and the services and your confidence in our brand. We

attach great value to your privacy. We therefore wish to inform you about the terms and conditions under which we

process your personal data.


This Privacy Policy sets out how Muto.Bike B.V. (“Muto”) handles personal data of their Site visitors, customers and

other third parties (“you” or “your”).


1.            Scope


1.1          The scope of this Privacy Policy is limited to processing activities to which the General Data Protection Regulation and its national implementation acts apply.          


2.            Responsibility data processing


2.1          Muto is involved with processing your personal data. This company will also be referred to as “Muto”, “we”, “our” or “us”. Muto is responsible for how it handles your personal data. This means we are the data controller.


2.2          In principle, we control the processing of your personal data. However, in exceptional cases, we may process your personal data on behalf of another party. This Privacy Policy does not regard that part of our processing activities. To such processing, the Privacy Policy of the relevant controller applies.


2.3          We will only process personal data in accordance with the Applicable Privacy Legislation and as described in this Privacy Policy.


2.4          The Site includes links to Sites of third parties (for example hyperlinks, banners or buttons). We are not responsible for the content of these Sites, services provided by these third parties, or their compliance with the Applicable Privacy Legislation.


3.            How we obtain your personal data


3.1          We obtain your personal data in various ways:

a.         We obtain information actively provided by you. For example, if you contact us or if you provide information to us in the course of our removal services. When you provide personal data to Muto, please do not provide information that is irrelevant, not accurate and/or unnecessary for the services provided.

b.         We obtain some information automatically when you visit our Site via cookies. For more information on this, please the Cookie tab in the footer of our Website.

c.         We also obtain information from third parties. For example from our affiliated companies.

d.         We may perform analysis on personal data about you. The resulting data can also qualify as personal data about you. For example, we may analyze which webpages are visited most frequently, and from which previous website the website visitor was referred to such webpage.


3.2          It may be that providing certain personal data to us is a statutory or contractual requirement, a requirement necessary to enter into a contract, or that you are otherwise obliged to provide the data to us. If that is the case, we will inform you thereof separately, and will also explain the possible consequences if you fail to provide such personal data to us. 


4.            Details data processing: categories of personal data, processing purposes and legal grounds


4.1          It depends on the processing activity, which personal data we process about you, for which purposes and based on which legal ground. Please find an overview below.



If you visit our Site, we may process the following personal data about you:

1.1             We process the following personal data about you:

(i)            name and address details;

(ii)           date of birth (in case of insurance);

(iii)          e-mail address;

(iv)          IP address.


1.2             Sensitive personal data: via our Site we do not collect sensitive personal data such as copies of your ID or information about your health. 


1.3             Your personal data is collected by us when you:

(i)            contact us through the Site;

(ii)           otherwise use the Site.


If you visit our Site, we may process your personal data for the following purposes:


        i.          Communication: we use your personal data to communicate with you about our products and services and to inform you of matters that are important for your account and/or use of the Site. We also use your personal data to respond to any questions, comments or requests you filed with us and the handling of any complaints. This processing of personal data is necessary for the performance of a contract and/or for purposes of legitimate interest pursued by Muto, namely to conduct its normal business.


       ii.          Marketing purposes: in relation to marketing, we approach customers via e-mail. These activities are carried out on the basis of the following grounds:

●       Legitimate interest: we send offers about similar Muto products or services that you have previously ordered on the basis of our legitimate interest.

●       Consent: we send you marketing e-mails (other than for marketing regarding similar products or services), always on the basis of your prior consent.

You always have the option to unsubscribe from our mailings, e.g. via the unsubscribe link in our marketing e-mails.


      iii.          Customer service: if you contact the customer service, your personal data is used to provide you with customer service. This processing of your personal data is necessary for the performance of a contract, or is necessary for purposes of a legitimate interest pursued by Muto, namely to conduct its normal business.


4.2          If and insofar your personal data is processed on the basis of legitimate interests, information can be obtained by you as to the so-called balancing test that was carried out to allow us to rely on this processing ground. Please find our contact details below.


4.3          It may be that we intend to further process your personal data for a purpose other than those for which the personal data have been collected, but compatible with the initial processing purpose. In such case, we will provide you with information about the(se) other purpose(s) and all relevant further information prior to that further processing.


5.            Cookies


We use cookies to ensure that the Site functions properly. Please click on the Cookie tab in the footer of our Website for further information on this.


6.            Sharing with third parties


6.1          We only share your personal data with trusted third parties if:

a.             they need to know the information for the purposes of providing their services and/or our Muto products to you;

b.            they agreed to comply with the Applicable Privacy Legislation or if our Terms and Conditions apply, in which this is required. This means for instance that such third party needs to put adequate security measures in place; and that where applicable, the transfer complies with any legitimization requirements for cross border transfer.


6.2          For the provision of our services we share your personal data on a strictly need-to-know-basis with:

a.             affiliate companies of Muto;

b.            agents involved, operating on behalf of Muto;

c.             subcontractors and service providers involved, such as: shipping lines, trucking companies, depots, auditing companies, consulting and law firms, insurance companies, other authorities and hosting and payment providers.

d.            persons authorized to this end, employed or engaged by a data processor of Muto or affiliated companies of Muto, involved in the processing of HR data, on a need-to-know basis (accounting and auditing firms, insurance and payroll companies and tax institutions);

e.             competent authorities, such as the authorities of the country of transit or destination for customs clearance in as far as required by the laws of the respective country; and

f.              incidentally: other third parties, on a need-to-know basis.


7.            Transfer to countries outside the EEA


7.1          Currently, Muto does not involve parties that are located outside the European Economic Area (“EEA”) for the processing of your personal data. See this link for an overview of countries outside the EEA. If this will be the case in the future, Muto will duly inform you of that matter and the procedure as explained below will apply.


7.2          Transfers of your personal data to a country outside the EEA may in the first place be legitimized on the basis of a so-called adequacy decision. This is a decision in which the European Commission states that e.g. a certain country offers a level of data protection similar to the GDPR. See this link for the current list of adequacy decisions. If and insofar as we transfer personal data with parties in countries outside the EEA to which no adequacy decision applies, we will agree with these parties to data protection provisions set by the European Commission, so called standard contractual clauses. A copy of the agreed standard contractual clauses can be requested by you from Muto. Please also contact us if you would like to obtain additional information on the transfer of your personal data out of the EEA. Our contact details are stated below.


8.            Security


8.1          We take appropriate organizational and technical security measures to protect your personal data and to prevent misuse, loss or alteration thereof. In addition, we limit access to personal data to those employees, agents, contractors and other third parties who need to have access in view of their work/services. Also, the aforementioned persons involved are bound by a confidentiality obligation, either in their employment agreements or (data processing) agreements.


8.2          Examples of technical security measures taken by us are:

a.             logical and physical security (e.g. safe, doorman, firewall, network segmentation);

b.            technical control of the authorizations (as limited as possible) and keeping log files;

c.             management of the technical vulnerabilities (patch management);

d.            keeping software up-to-date (e.g. browsers, virus scanners and operating systems);

e.             making back-ups to safeguard availability and accessibility of the personal data;

f.              automatic erasure of outdated personal data;

g.             encryption of personal data;

h.            applying hashing or (other) pseudonymization methods to personal data; and

i.              provide secure storage facilities for end-users (e.g. file server storage).


8.3          Examples of organizational security measures taken by us are:

a.             assign responsibilities for information security;

b.            promote privacy and security awareness among new and existing employees;

c.             establish procedures to test, assess and evaluate security measures periodically;

d.            check logfiles regularly;

e.             using a protocol for handling data breaches and other security incidents;

f.              conclude confidentiality, data processing and data protection agreements;

g.             assess whether the same objectives can be achieved with less personal data;

h.            provide access to personal data to as few people within the organization as possible; and

i.              define the decision-making and underlying considerations per processing.


8.4          We have internal security policies in place in which it is further described how we ensure an appropriate level of technical and organizational security measures. We also have a data breach policy in place in which it is described how we deal with a (possible) data breach. We will for example notify the relevant supervisory authority and the data subjects involved if required under Applicable Privacy Legislation.


9.            Retention periods


9.1          In principle, we do not store your personal data any longer than is strictly necessary for the purposes for which we process your personal data. Muto has put in place a Retention Policy to ensure that your personal data are deleted after a reasonable period.


9.2          If you or another person successfully exercises one of your privacy rights, it can be that the relevant personal data may no longer be retained. In such cases, we may process your personal data for a shorter period, than as stated under the ‘main rule’. Please be referred to the ‘Your Rights’ section below, for more information on this.


9.3          In exceptional cases, we may process your personal data longer. In such cases we may process your personal data longer than as stated under the ‘main rule’. This is the case if we need to process your personal data for a longer period in view of:

a.             a longer minimum statutory retention period that applies to Muto or other specific statutory obligation;

b.            practicality: in order to practically be able to act in line with the Retention Policy, some retention periods have been categorized and for the various Muto locations within Europe some periods have been integrated;

c.             a legal procedure;

d.            the right to freedom of expression and to information;

e.             a task carried out in the public interest or in the exercise of official authority vested in the controller; or

f.              public health.


9.4          Please contact us via our contact details displayed below, should you wish to be further informed on how long we process your personal data.


10.          Your rights (incl. the right to object)


10.1       In relation to our processing of your personal data, you have the below privacy rights. For more information on your privacy rights, please be referred to this webpage of the European Commission.

a.             Right to withdraw consent: In so far as our processing of your personal data is based on your consent (see above), you have the right to withdraw consent at any time.

b.            Right of access: You have the right to request access to your personal data. This enables you to receive a copy of the personal data we hold about you (but not necessarily the documents themselves). We will then also provide you with further specifics of our processing of your personal data.

c.             Right to rectification: You have the right to request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.

d.            Right to erasure: You have the right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where: (i) the personal data are no longer necessary, (ii) you have withdrawn your consent, (iii) you have objected to the processing activities, (iv) the personal data have been unlawfully processed, (v) the personal data have to be erased on the basis of a legal requirement, or (vi) where the personal data have been collected in relation to the offer of information society services. We do not have to honour your request to the extent that the processing is necessary: (i) for exercising the right of freedom of expression and information, (ii) for compliance with a legal obligation which requires processing, (iii) for reasons of public interest in the area of public health, (iv) for archiving purposes, or (v) for the establishment, exercise or defence of legal claims.

e.             Right to object: You have the right to object to processing of your personal data where we are relying on legitimate interests as processing ground (see above). Insofar as the processing of your personal data takes place for direct marketing purposes, we will always honour your request. For processing for other purposes, we will also cease and desist processing, unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or that are related to the institution, exercise or substantiation of a legal claim.

f.              Right to restriction: You have the right to request restriction of processing of your personal data in case: (i)  the accuracy of the personal data is contested by you, during the period we verify your request, (ii) the processing is unlawful and restriction is requested by you instead of erasure, (iii) we no longer need the personal data but they are required by you for the establishment, exercise or defense of legal claims, or (iv) in case you have objected to processing, during the period we verify your request. If we have restricted the processing of your personal data, this means that we will only store them and no longer process them in any other way, unless: (i) with your consent, (ii) for the establishment, exercise or defense of legal claims, (iii) for the protection of the rights of another natural or legal person, (iv) or for reasons of important public interest

g.             Right to data portability: You have the right to request to transfer of your personal data to you or to a third party of your choice (right to data portability). We will provide to you, or such third, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies if it concerns processing that is carried out by us by automated means, and only if the our processing ground for such processing is your consent or the performance of a contract to which you are a party (see above).

h.            Automated decision-making: You have the right not to be subject to a decision based solely on automated processing, which significantly impacts you (“which produces legal effects concerning you or similarly significantly affects you”). In this respect, please be informed that when processing your personal data, we do not make use of automated decision-making.

i.              Right to complaint: In addition to the above mentioned rights you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or of an alleged infringement of the GDPR at all times. Please be referred to this webpage for an overview of the supervisory authorities and their contact details. However, we would appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us beforehand.


10.2       The exercise of the abovementioned rights is free of charge and can be carried out by phone or by e-mail via the contact details displayed below. If requests are manifestly unfounded or excessive, in particular because of the repetitive character, we will either charge you a reasonable fee or refuse to comply with the request.


10.3       We may request specific information from you to help us confirm your identity before we comply with a request from you concerning one of your rights.


10.4       We will provide you with information about the follow-up to the request without undue delay and in principle within one month of receipt of the request. Depending on the complexity of the request and on the number of requests, this period can be extended by another two months. We will notify you of such an extension within one month of receipt of the request. The Applicable Privacy Legislation may allow or require us to refuse your request. If we cannot comply with your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.


11.          Contact details


For any questions, comments or requests, you may contact us via . Please let us know by e-mail if you prefer to have further contact by phone.


12.          Miscellaneous


12.1       Muto is entitled at all times to delete your personal data without notice. In such a case, Muto owes no compensation to you as a result of the termination of the account.


12.2       If provisions from this Privacy Policy are in conflict with the law, they will be replaced by provisions of the same purport that reflects the original intention of the provision, all this to the extent legally permissible. In that case, the remaining provisions remain applicable unchanged.


12.3       Muto reserves the right to change this Privacy Policy on a regular basis. Where required, Muto will inform you of updates made to this Privacy Policy. The current version is always available on our Site This Privacy Policy was last amended and revised in September 2021.


13.          Definitions


13.1       In these Privacy Policy, the following definitions apply:


Applicable Privacy Legislation

All applicable privacy legislation, including the General Data Protection Regulation (“GDPR”) and the relevant national implementation acts.

Privacy Policy

This present privacy policy.

Muto EU

Muto.Bike B.V.

Oosteinderweg 90

8072 PD Nunspeet

The Netherlands

Chamber of Commerce number: 58250603



13.2       Other terms that are defined in the Applicable Privacy Legislation, such as ‘personal data’, (joint) controller, processor, data subject and processing will have the meaning as described in the Applicable Privacy Legislation.