Data protection

This Privacy Statement clarifies the nature, scope and purpose of processing personal data ("Data") within our online offering and related websites, functions and content, as well as external online presence; Such as Our social media profiles on. (collectively referred to below as an "online offering"). In terms of the terms used, such as We refer to the definitions in the way "personal data" or its "processing." 4 of the General Data Protection Regulation (GDPR).

 

Responsible:

Name/Company: FIT TEAM Group GmbH

Street No.: Fritz Reichle Ring 28

Postcode, City, Country: 78315 Radolfzell, Germany

Commercial Register/No.: HRB 708828, Register Court Freiburg

Managing Director: Henning Fründt

Phone: 07732-8231080

Fax: 07732-8231090

E-mail address: group@fitteam-personaltrainer.de

 

Types of data processed:

• Inventory data (e.g., names, addresses).

• Contact details (e.g., e-mail, telephone numbers).

* Content data (e.g., text input, photographs, videos).

• Contract data (e.g., subject matter of the contract, term, customer category).

• Payment data (e.g., bank details, payment history).

• Usage data (e.g., visited websites, interest in content, access times).

• Meta-/Communication data (e.g., device information, IP addresses).

 

Processing of specific categories of data (type. 9 paragraph. 1 GDPR):

The following special categories of data are processed: Health data from personal training customers as well as interested parties who provided health data at their request.

 

Categories of persons affected by the processing:

• Customers/prospective customers/suppliers.

* Visitors and users of the online offer.

In summary, we also refer to the affected persons as "users."

 

Purpose of processing:

✓ Provision of the online offer, its contents and functions.

• Provision of contractual services, service and customer care.

• Answering contact requests and communicating with users.

* Marketing, advertising and market research.

• Security measures.

 

Status: 23.05.2018

1. Authoritative legal bases

By the sort. 13 We inform you about the legal basis of our data processing. If the legal basis is not mentioned in the Privacy Statement, the following applies: The legal basis for obtaining consents is Art. 6 paragraph 1 lit. a and kind. 7 GDPR, the legal basis for processing to fulfil our services and implement contractual measures, as well as answering inquiries is kind. 6 paragraph 1 lit. b GDPR, the legal basis for processing to fulfil our legal obligations is kind. 6 paragraph 1 lit. c GDPR, and the legal basis for processing to safeguard our legitimate interests is kind. 6 paragraph 1 lit. f DSGVO. In the event that vital interests of the person concerned or another natural person require the processing of personal data serves Art. 6 paragraph 1 lit. D GDPR as the legal basis.

 

2. Changes and updates to the Privacy Statement

We ask you to check the content of our privacy policy on a regular basis. We adjust the privacy policy as soon as the changes to the data processing we do make this necessary. We will inform you as soon as the changes will result in an act of participation on your part (e.g. Consent) or other individual notification.

 

3. Security

3.1. We meet according to the species. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons, appropriate technical and organizational measures to ensure a level of protection appropriate to the risk; The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, ensuring availability and its separation. We have also established procedures to ensure the perception of affected rights, the deletion of data and the response to the risk of data. We also take the protection of personal data into account in the development, or Selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and by data protection-friendly default settings taken into account (Art. 25 GDPR).

3.2. The security measures include, in particular, the encrypted transmission of data between your browser and our server.

 

4th. Working with contract processors and third parties

4.1. If, in the context of our processing, we disclose data to other persons and companies (processors or third parties), transmit them to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.B. If the data is transmitted to third parties, such as payment service providers. Article. 6 paragraph 1 lit. (F) GDPR is required to comply with the contract), you have consented to a legal obligation to do so or on the basis of our legitimate interests (e.g. When using agents, web hosts, etc.).

4.2. If we provide third parties with the processing of data on the basis of a so-called Commissioning "contract processing contracts" is done on the basis of the kind. 28 GDPR.

 

5. Transfers to third countries

If we provide data in a third country (i.e. Process outside the European Union (EU) or the European Economic Area (EEA)) or do so as part of the use of third-party services or disclosure, or disclosure. This is only done if it is done to fulfil our (before) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permits, we process or leave the data in a third country only in the event of the special requirements of the species. 44 ff. GDPR. I.e. Processing takes place, for example. On the basis of special guarantees, such as the officially recognised finding of a level of data protection corresponding to the EU (e.g. For the United States through the "Privacy Shield" or observance of officially recognized special contractual obligations (so-called "standard contractual clauses").

 

6. Rights of the persons concerned

6.1. You have the right to request confirmation as to whether data in question is processed and for information about this data, as well as for further information and copy of the data in accordance with nature. 15 GDPR.

6.2. You have accordingly. Article. 16 GDPR has the right to require the completion of the data concerning you or the correction of the incorrect data concerning you.

6.3. You have by way of the species. 17 GDPR the right to demand that data in question be deleted immediately, or that data in question be deleted. Alternatively, according to the species. 18 GDPR to require a restriction of the processing of the data.

6.4. You have the right to request that the data you have provided to us is provided by the species. 20 GDPR and demand it be transmitted to other persons responsible.

6.5. They are also well. Article. 77 GDPR has the right to lodge a complaint with the competent supervisory authority.

 

7. Withdrawal

You have the right to give consent. Article. 7 para. 3 GDPR with effect for the future.

 

8. Right to object

You can process the data in question in the future according to the type. 21 GDPR at any time. The objection may be made in particular against processing for direct advertising purposes.

 

9. Cookies and the right to object to direct advertising

We set temporary and permanent cookies, i.e. Small files stored on users ' devices include one (explanation of term and function, see last section of this privacy policy). In some cases, the cookies are used for security or are necessary for the operation of our online offer (e.B., for the presentation of the website) or to save the user's decision when confirming the cookie banner. In addition, we or our technology partners use cookies for range measurement and marketing purposes, about which users are informed in the course of the data protection declaration.

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/.

In addition, cookies can be stored by switching them down in the browser's settings. Please note that not all functions of this online offer may be available.

 

10. Deletion of data

10.1. The data we process is based on the type. 17 and 18 GDPR deleted or restricted in their processing. Unless expressly stated in the context of this Privacy Statement, the data stored with us will be deleted as soon as it is no longer necessary for its purpose and no legal retention obligations stand in the way of deletion. Unless the data is deleted because it is necessary for other and legally permissible purposes, its processing will be restricted. I.e. The data will be blocked and will not be processed for any other purpose. This applies, for example, to For data that must be retained for commercial or tax reasons.

10.2. Germany: According to legal requirements, the storage takes place in particular for 6 years in accordance with § 257 para. 1 HGB (trading books, inventories, opening balance sheets, annual financial statements, trade letters, accounting documents, etc.) and for 10 years in accordance with Section 147 para. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.).

 

11. Provision of contractual services

11.1. We process inventory data (e.B., names and addresses as well as contact data of users), contract data (e.B., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services acc. Article. 6 paragraph 1 lit b. GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.

11.2. As part of your request or use of our online services, the IP address and the timing of the respective user store will be saved. The storage is based on our legitimate interests, as well as the user in terms of protection against abuse and other unauthorized use.

In principle, this data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so. Article. 6 paragraph 1 lit. c GDPR.

11.3. We process usage data (e.B., the visited websites of our online offer, interest in our products) and content data (e.B., entries in the contact form or user profile) for advertising purposes in a user profile, e.B. To display product instructions based on their services used so far.

11.4. The deletion takes place after expiry of statutory warranty and comparable obligations, the necessity of storing the data is checked every three years; in the case of statutory archiving obligations, the deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation); Information in the customer account remains until it is deleted.

 

12. Contact

12.1. When contacting us (via contact form or e-mail), the user's details are provided to process the contact request and how to process it. Article. 6 paragraph 1 lit. b) GDPR.

12.2. Users ' information can be stored in our Customer Relationship Management System ("CRM System") or similar request organization.

12.3. We use the CRM system of the provider Mindbody, Inc., 4052 Broad Street, San Luis Obispo, California, USA) based on our legitimate interests (efficient and fast processing of user requests). To this end, we have a contract with Mindbody with so-called. Standard contract clauses concluded in which Minbody undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level. Mindbody is also certified under the Privacy Shield Agreement and thus offers an additional guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TOHGAA4&status=Active).

12.4. We will delete the requests if they are no longer required. We review the necessity every two years; We store inquiries from customers who have a customer account permanently and refer to the details of the customer account for deletion. In the case of legal archiving obligations, the deletion takes place after its expiry (end of commercial law (6 years) and tax law (10 years) retention obligation).

 

13. Collection of access data and log files

13.1. We elevate on the basis of our legitimate interests in the sense of nature. 6 paragraph 1 lit. Q. GDPR data about every access to the server on which this service is located (so-called server log files). Access data includes name of the website retrieved, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type plus version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting providers.

13.2. Logfile information is available for security reasons (e.g. to investigate acts of abuse or fraud) for a maximum period of seven days and then deleted. Data that is required for further retention for evidentiary purposes are exempt from deletion pending a final resolution of the incident.

 

14th. Online presence on social media

14.1. We maintain online presence within social networks and platforms in order to communicate with the customers, prospective customers and users who are active there and to inform them about our services there. When calling the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

14.2. Unless otherwise stated in the context of our privacy policy, the data of the users will process if they communicate with us within the social networks and platforms, e.g. Write posts on our online stores or send us messages.

 

15th. Cookies & range measurement

15.1. Cookies are information that is transmitted from our web server or third-party web servers to the web browsers of the users and stored there for a later retrieval. Cookies can be small files or other types of information storage.

15.2. We use "session cookies", which are only stored for the duration of the current visit to our online presence (e.B. to enable the storage of your login status or the shopping cart function and thus the use of our online offer at all). A randomly generated unique identification number is stored in a session cookie, a so-called session ID. A cookie also contains information about its origin and the retention period. These cookies cannot store other data. Session cookies will be deleted if you have stopped using our online offer and, for example, Log out or close the browser.

15.3. Users will be informed about the use of cookies in the context of pseudonymous range measurement as part of this privacy policy.

15.4. If users do not want cookies to be stored on their computer, they are asked to disable the option in their browser's system settings. Saved cookies can be deleted from the browser's system settings. The exclusion of cookies can lead to functional limitations of this online offer.

15.5. You can object to the use of cookies, which are used for range measurement and advertising purposes, via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

 

16. Google Analytics

16.1. We set on the basis of our legitimate interests (i.e. Interest in the analysis, optimization and economic operation of our online offer in the sense of the species. 6 paragraph 1 lit. Q. GDPR) Google Analytics, a web analytics service of Google LLC ("Google"). Google uses cookies. The information generated by the cookie about users ' use of the online offer is usually transmitted to a Google server in the USA and stored there.

16.2. Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

16.3. Google will use this Information on our Behalf to evaluate the Users ' use of our Online offering, to compile reports on the Activities within this Online offering, and to provide further information on the use of this Online offer and the Internet use Related Services to provide us. Pseudonymous user profiles can be created from the processed data.

16.4. We use Google Analytics to display the ads placed within Google's advertising services and its partners, only those users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined by the websites visited) that we submit to Google (so-called "Remarketing," or "Google Analytics Audiences"). With the help of the Remarketing Audiences, we also want to ensure that our ads are in line with the potential interest of users and do not have a nuisance.

16.5. We only use Google Analytics with IP anonymization enabled. This means that the IP address of users is being shortened by Google within Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address to a server of Google in the United States is transferred and cut there.

16.6. The IP address transmitted by the user's browser will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; Users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

16.7. Further information on Google's use of data, setting and objection options can be found on Google's websites: https://www.google.com/intl/de/policies/privacy/partners ("Data use by Google when you use websites or apps of our partners"), https://policies.google.com/technologies/ads ("Data use for advertising purposes"), https://adssettings.google.com/authenticated ("Manage information that Google to show you advertisements").

 

17th. Google Re/Marketing Services

17.1. We use on the basis of our legitimate interests (i.e. Interest in the analysis, optimization and economic operation of our online offer in the sense of the species. 6 paragraph 1 lit. Q. GDPR) Google LLC's marketing and remarketing services (or Google Marketing Services), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").

17.2. Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

17.3. Google Marketing Services allow us to display ads for and on our website in a more targeted way, only to present ads to users that potentially correspond to their interests. If, for example, a user Ads for products that he has been interested in on other websites are referred to as "remarketing". For these purposes, when you visit our and other websites on which Google marketing services are active, Google executes a code from Google directly and so-called Google marketing services are executed. (Re) Marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. A small file is stored (instead of cookies, comparable technologies can also be used). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file notes which websites the user visits, which content he is interested in and which offers he has clicked, as well as technical information about the browser and operating system, referring websites, visit time and other information about Use of the online offer. Users ' IP address is also recorded, and we state in the context of Google Analytics that the IP address within Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area is being reduced, and Only in exceptional cases is transferred entirely to a Google server in the USA and shortened there. The IP address is not merged with the user's data within other Google offerings. Google may also link the above information to such information from other sources. If the user subsequently visits other websites, the ads tailored to him can be displayed according to his or she's interests.

17.4. Users ' data is processed pseudonymously as part of Google's marketing services. I.e. For example, Google stores and processes Not the name or e-mail address of the users, but processes the relevant data Cookie-related within pseudonymous user profiles. I.e. From Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who that cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by Google Marketing Services about users is transmitted to Google and stored on Google's servers in the USA.

17.5. Among the Google marketing services we use is, among others, The online advertising program "Google AdWords." In the case of Google AdWords, each AdWords customer will receive a different "conversion cookie." Cookies cannot therefore be tracked through AdWords customers ' websites. The information obtained with the help of the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers will learn the total number of users who clicked on their ad and were directed to a page with a Conversion-tracking tag. However, you will not receive any information that can be used to identify users personally.

17.6. We can also use the Google Optimizer service. Google Optimizer allows us to understand how various changes to a website affect (e.g. Changes in input fields, design, etc.). For these testing purposes, cookies are stored on users' devices. Only pseudonymous data of the users is processed.

17.7. We may also use the "Google Tag Manager" to integrate and manage Google Analysis and Marketing services in our website.

17.8. Further information on Google's use of data for marketing purposes can be found on the overview page: https://policies.google.com/technologies/ads, Google's privacy policy is available at https://policies.google.com/privacy.

17.9. If you wish to object to interest-based advertising by Google marketing services, you can use the setting and opt-out options provided by Google: https://adssettings.google.com/authenticated.

 

18th. Facebook, Custom Audiences and Facebook Marketing Services

18.1. Within our online offer, because of our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes, the so-called  "Facebook pixel" of the social network Facebook, which is created by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, respectively. If you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").

18.2. Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

18.3. With the help of the Facebook pixel, Facebook is able, on the one hand, to target visitors to our online offer as a target group for the display of ads (so-called. "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads we run only to Facebook users who have also shown an interest in our online offering or who have certain features (e.g. Interests in certain topics or products that are determined by the websites visited), which we transmit to Facebook (so-called. "Custom Audiences"). With the help of the Facebook pixel, we also want to make sure that our Facebook ads are in line with the potential interest of the users and do not have a nuisance. With the help of the Facebook pixel, we can also understand the effectiveness of Facebook ads for statistical and market research purposes, in which we see if users have been forwarded to our website after clicking on a Facebook ad (so-called. "Conversion").

18.4. Facebook processes the data as part of Facebook's data use policy. Accordingly, general notes about the display of Facebook ads, in Facebook's data usage policy: https://www.facebook.com/policy.php. For special information and details about the Facebook pixel and how it works, visit Facebook's help section: https://www.facebook.com/business/help/651294705016616.

18.5. You can object to the collection by using your data to display Facebook ads. To set what types of ads you see within Facebook, you can view the page set up by Facebook and follow the settings of usage-based ads: https://www.facebook.com/settings?tab=ads. The settings are made as platform independent, i.e. They are applied to all devices, such as desktop computers or mobile devices.

18.6. You can also object to the use of cookies for range measurement and advertising purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

 

19th. Integration of third-party services and content

19.1. We set within our online offer on the basis of our legitimate interests (i.e. Interest in the analysis, optimization and economic operation of our online offer in the sense of the species. 6 paragraph 1 lit. Q. GDPR) third-party content or service offerings to provide their content and services, such as: Include videos or fonts (referred to below uniformly as "Content").

This always presupposes that the third-party providers of this content perceive the IP address of the users, since they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We make every effort to use only content whose respective providers only use the IP address to deliver the content. Third-party vendors can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" allow information to be analysed on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and, among other things, technical information about the browser and operating system, referring websites, visiting time as well as other information about the use of our online offer As well as such information from other sources.

19.2. The following presentation provides an overview of third-party providers as well as their contents, as well as links to their privacy policies, which provide further information on the processing of data and, in some cases, Already mentioned here, possibilities for opposition (so-called Opt-Out) include:

-External fonts from Google, LLC., https://www.google.com/fonts ("Google Fonts"). Google Fonts is integrated by a server call to Google (usually in the United States). Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.

-Maps of the service "Google Maps" of the third-party Google LLC service, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.

-Videos of the platform "YouTube" of the third-party Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.

-Within our online offer, functions of the service Google + are integrated. These features are offered by third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are logged into your Google + – account, you can link the contents of our pages to your Google + – profile by clicking on the Google + – button. This allows Google to assign your visit to our pages to your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or their use by Google+. Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.

-Within our online offer, functions of the service Instagram are integrated. These functions are integrated offered CA, 94025, USA road, Menlo Park, by the Instagram Inc., 1601 willow. If you are logged into your Instagram – account, you can link the contents of our pages to your Instagram – profile by clicking on the Instagram – button. Thus, Instagram can associate your user account visit our pages. We would like to point out that we, as the provider of the pages, do not receive any knowledge of the content of the transmitted data as well as their use by Instagram. Privacy Policy: http://instagram.com/about/legal/privacy/.

– External code of the JavaScript framework "jQuery", provided by the third-party provider jQuery Foundation, https://jquery.org.