We give great importance to data protection. The collection and processing of your personal data takes place in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR). We collect and process your personal data in order to offer you the website, the app and any other services. This statement describes how and for what purpose your data is collected and used and what options you have in regards to personal data. Please keep in mind that you can only use our service if you accept these conditions.
I. General Information
1. Responsible Party
Responsible party for the collection, processing and use of your personal data in the sense of the GDPR is
represented by the Managing Directors: Deneb Moosmeier, Julian Franke
Telephone: 0049 (0) 17646028099
The following terms are used on the website:
a) Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more specific features to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the controller.
Processing refers to any handling of personal data performed with or without the help of automated procedures such as collecting, recording, organizing, structuring, storing, adapting or modifying, reading, querying, using, disclosure by transmission, dissemination or other form of making it available, alignment or association, restriction, erasure or destruction.
d) Restriction of Processing
Restriction of processing is the marking of stored personal data with the aim to limit their future processing.
Profiling is any kind of automated processing of personal data that consists of using personal data to evaluate certain personal aspects of a natural person, particularly to analyse or predict aspects concerning that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation is the processing of personal data in a way that personal data can no longer be attributed to a specific data subject without the need of additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.
(g) Data Controller
The controller is the natural or legal person, public authority, agency or other entity that, alone or jointly with others, decides on the purposes and means of the processing of personal data; here the purposes and means of such processing are determined by Union law or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Data Processor
The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
The recipient is a natural or legal person, agency or another entity to whom personal data are disclosed, whether it is a third party or not. However, public authorities which may receive which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
j) Third Party
Third party is a natural or legal person, public authority, body or entity other than the data subject, the controller, the processor and the persons who, under direct authority of controller or processor, are authorized to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
II. Data Processing
1. General provisions
As a social fitness service, we encourage you and other users to post content and make it available through the app. In order to enable you to find the right training partner in real time and based on your location, all profiles in our service are set up as public profiles and display information such as your location, your username, posts you leave on other profiles, your public profile, subscriptions, age, gender, local gym, details you share about you, your preferred sport, and photos you upload in the app. You have the option to put your profile in "invisible" mode, but this will disable the search function. Furthermore, you have different options, which information you want to share and whether they are publicly available (for example, your location information).
2. Data Processing when Using the Website
Each time our website is accessed, our system automatically collects data and information from the computer system of the requesting computer.
The following data is collected here:
(1) Information about the browser type and the version used as well as browser settings
(2) The operating system of the user
(3) The Internet service provider of the user
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the system of the user comes to our website
(7) Websites accessed by the user's system through our website
The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
The only temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
For these purposes, our legitimate interest in the processing of data are according to Art. 6 para. 1 lit. f GDPR.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.
3. Data Processing when Using the App
3.1 Data collection and processing
After installing the app on your device, you can register as a user using your Facebook account or your e-mail address.
We collect and store the following data:
(2) Information from metadata, which is usually user-related technical data. Such information provides insights into how content was created, collected, or edited, and can include hashtags, geotags, content properties, inter alia.
(3) Information from data to device identification, built into smartphones and tablets to quickly identify yourself while you use the app. Such identifications gather information about your browsing behaviour and are therefore relevant to improving our service.
(4) Browse behaviour within the service
(5) information from your registration process
(6) First name / username
(7) Last name / username
(8) Date of birth / age
(9) Your e-mail address for the registration process and further correspondence with you concerning our services. We do not make your e-mail address visible to other users.
(10) Your password will be encrypted and for no one including us visible saved. The password will not be passed on to third parties.
(11) IP address at login
(13) Profile picture
(14) Your local gym
(15) Further information that you share in your user profile "About you"
(16) Preferred sports
(17) Photos and images that you upload in the app. Your photos will be visible to all users on the Explore interface. Restrictions can be done through your settings in the app.
(18) If you register using your Facebook account, we store your Facebook ID
(19) If you register using your Facebook account, we record your friends list on Facebook
(20) Time of registration with your login data
(21) Time of the last logins with your login data
(22) We record which user blocks which other user in order to execute this action
(23) We record which user is chatting with which other user (this is not visible to all users)
(24) Information from messages between us and you (e.g., confirmation emails, password reset, etc.)
(25) Information from messages between you and other users (for example via chats)
(26) Information from your device and network, such as your contact list, third-party networks such as Facebook, or manual search.
(27) Depending on the medium of your choice, we will access your contact list to verify if some of your contacts are already on GYMDER. For third-party applications, you may need to obtain additional verification.
(28) Subscribed users
(29) Given POWs / user content you like
(30) Received POWs
(31) Memberships in groups, teams, gyms
(32) Created groups
(33) Postings in groups and on your own profile
You can modify the following settings individually in your profile:
In your user profile you can customize the following settings:
(1) Collection and evaluation of location data: in the radar function, we enable you to find the right training partner in real time based on your location. You can deactivate this functionality. Please keep in mind that you will be able to use the services of the app in a limited way.
(2) Privacy settings: you can keep certain information private in your user profile.
(3) Access permissions: you may allow or deny access to us in your user profile and in your device settings, e.g. access to your camera and your photos, as well as allowing us to inform you immediately with news about your profile and our services. You also decide what kind of push notification we can send you.
(4) If you are an administrator of a group, other users can contact you.
(5) You can decide if you want to leave a trace. This is if other users should be informed by push notification when you visit their profile and if they can see on "My World", and "Visitor" in the app when you visit their profile.
Purposes of Data Processing and Legal Bases
We use your information for the following purposes:
· To track, observe and understand your usage behaviour so we can improve our service.
· To provide you with relevant and useful content (also for marketing purposes).
· To optimize activity and increase efficiency during use and navigation of the app (e.g. login, frequent search, etc.).
· To develop and test potential new features.
· To measure the performance of our service with indicators (e.g. visitors, traffic, engagement, etc.).
· To diagnose and repair technical problems.
· To provide improvements and updates to the app.
· To keep your published content within the community. That is if you choose to delete your account, your profile and content will be deleted, but content that other users have already shared will remain.
· To enable user search in our service using criteria such as name, gender, type, group, team, gym, and distance.
· For marketing purposes (including, but not limited to, the use of content uploaded by you) in direct context with GYMDER and its services. For example, we can use your uploaded images for Insta Ads, posters and videos.
· In addition, for legal purposes, we may use and disclose your information if required by a court or power of attorney, or to assist in preventing illegal or unlawful acts.
Legal basis for the processing of data is, as far as we receive your consent, Art. 6 para. 1 lit. a GDPR, otherwise Art. 6 para. 1 lit. f DSGVO and Art. 6 para. 1 lit. b DSGVO, since we provide our services in the context of your user contract with us and may take legitimate interests for us, as far as we perform the data processing for advertising and analysis purposes.
4. E-mail Contact
Establishing contact using the provided e-mail address is possible. In this case, the user's personal data transmitted by e-mail will be stored.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Article 6 (1) lit. f DSGVO. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
The processing of personal data after contact via e-mail serves us only to process the contact. This is the necessary legitimate interest in the processing of the data.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is finished when it can be inferred from the circumstances that the relevant facts have been finally clarified.
The user has the possibility at any time to revoke his consent to the processing of the personal data. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation cannot continue. All personal data stored in the course of the contact will be deleted in this case.
5. Push Notifications
To share information about activities on your user account or for other announcements, we send you push notifications. Legal basis for the processing of the data after activation of push notifications by the user is in the presence of the consent of the user Art. 6 para. 1 lit. a GDPR.
6. Sponsored Content and Advertising
Certain content displayed within our service (for example under the categories Radar, Explore and Teams) is financed by advertising revenue. You hereby authorize GYMDER to display such advertisements, promotions, special offers and product placement within the service and in context with your personal preferences. The nature, appearance and extent of such advertising may vary and change at any time without notice.
In order to be able to display meaningful and appropriate sponsored content, we will use the information provided by you and based on your user behaviour. The information we may use and / or share for this purpose includes information about your gender, your activity (e.g. sport activity or sport interests), general interests, your birthday, and your user activity within our service. You hereby authorize us to collect such information and / or to forward it to third parties for the purposes set out in Article 3. If you do not want us to continue forwarding such information and provide you with suitable marketing information, you can send us an e-mail to the following address: email@example.com
7. SSL encryption
Our website uses SSL encryption. This encryption is used, for example, for requests that you make to us through our website. Please make sure that the SSL encryption is activated on certain activities on your end. The use of encryption is easy to recognize: the ad in your browser address bar shows "https: //". SSL encrypted data is not readable by third parties.
8. Analysis Tools
8.1 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored in your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
However, if IP anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement of the European Economic Area. Only in exceptional cases the full IP address will be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by Google Analytics within the framework of Google Analytics will not be merged with other data provided by Google. You can prevent the storage of cookies by setting your browser software accordingly; however, we point out that in this case you may not be able to use all functions of this website.
The legal basis for data processing in the context of Google Analytics is Art. 6 para. 1 lit. f) GDPR.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other website and internet related services to the website operator. The IP address transmitted by Google Analytics within the framework of Google Analytics will not be merged with other data provided by Google. This is our legitimate interest in data processing within the meaning of Art. 6 (1) (f) GDPR. The data processed as part of the use of Google Analytics will be automatically deleted after 26 months at the latest.
According to Art. 21 (1) GDPR, you have the right, at any time, to object to the processing of your personal data in connection with the use of Google Analytics for reasons arising from your particular situation.
You may also prevent the collection of the cookie generated and relating to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading the browser plugin available at the following link and installing: https://tools.google.com/dlpage/gaoptout?hl=en
8.2 Fabric / Crashlytics
We are using the App Fabric, including Crashlytics, a Twitter web analytics program, to improve the app and fix bugs to avoid misconduct or crashes. The data collected is provided anonymously and becomes the property of Twitter. We are notified of crashes and see the line of code that caused the crash, the type of mobile device and operating system installed, the amount of free memory and flash memory, and whether the operating system has been jailbroken. This data is used to reproduce the error as much as possible and then fix it in a future version. The data stored by Fabric itself is described in the Fabric Terms and Conditions (https://fabric.io/terms).
9. Applications via our Website
The controller collects and processes the personal data of candidates for the completion of the application process. The processing can also be done electronically. This is particularly the case if an applicant submits corresponding application documents by electronic means to the controller. If the controller concludes a contract of employment with an applicant, the data transmitted will be stored for the purposes of the employment relationship in accordance with the law. If no employment contract is concluded with the candidate by the controller, the application documents shall be deleted three months after the announcement of the rejection decision, provided that deletion does not harm any other legitimate interests of the controller. Other legitimate interest in this context, for example, a burden of proof in a procedure under the General Equal Treatment Act (AGG).
The legal basis for the processing of your personal data in the context of applications is Article 6 (1) (b) of the General Data Protection Regulation.
In the context of contact requests, we store your personal data until the end of the application process; If your application has led to an employment relationship, we keep your data for the duration of the employment relationship and beyond, as far as we have to store the personal data for legal or tax law or legal audit and accounting duties, we will keep the necessary personal data for the duration required by applicable law.
Our website links services of various, providers listed below. The linking takes place on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR, in order to make our company better known. The underlying commercial purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for the operation compliant with data protection is to be guaranteed by their respective providers.
Implementation and Use of Facebook
Our website links social networking services facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. When visiting our website, no data will be transmitted to Facebook, as no Facebook plugins are included.
When you click on a Facebook link or button, such as when you register with your Facebook account, you will be redirected to Facebook and data will be collected by them. We have no control over the amount of data Facebook collects.
If you are a Facebook member and do not want Facebook to collect data about you and associate it with your user data stored on Facebook, you must log out of Facebook before clicking on a Facebook link or button and consequently register using your e-mail address.
11. Implementation and Use of YouTube
We use the provider YouTube for the integration of videos. YouTube is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc., located at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
On our services we use plugins from the provider YouTube. If you request the internet pages or the app provided with such a plugin - for example our media library-, a connection to the YouTube servers will be established and the plugin will be displayed. This will communicate to the YouTube server which of our websites you have visited. If you are logged in as a member of YouTube, YouTube assigns this information to your personal user account. When using the plugin as such. Clicking on the start button of a video also assigns this information to your user account. You can prevent this association by logging out of your YouTube user account and other user accounts of the companies YouTube LLC and Google Inc. before using our website and deleting the corresponding cookies from the companies.
For more information about data processing and privacy by YouTube (Google), please visit www.google.com/intl/en/policies/privacy/ .
III. Your Rights as Personal Subject from Data Controllers
Under the applicable laws, you have different rights to your personal information. If you would like to assert these rights, please direct your request by e-mail or by post with a clear identification of your person to the responsible party (section I. above).
Below is an overview of your rights.
1. Right to confirmation and information
You have the right to obtain confirmation from us as to whether personal data relating to you is being processed at any time. If this is the case, then you have the right to obtain free information from us about the personal data you have stored with a copy of this data. Furthermore, there is a right to the following information:
a. The processing purposes;
b. The categories of personal data being processed;
c. The recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or international organizations;
d. if possible, the planned duration for which the personal data is stored or, if this is not possible, the criteria for determining that duration;
e. the right to rectification or deletion of personal data concerning you or restriction of processing by the controller or the right to object to such processing;
f. the existence of a right of appeal to a supervisory authority;
G. if the personal data are not collected from you, all available information about the source of the data;
H. the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on you.
If personal data are transmitted to a third country or to an international organization, you have the right to be informed of the appropriate safeguards under Article 46 of the GDPR in context with the transfer.
2. Right to Rectification
You have the right to demand that we rectify your incorrect personal data without delay. In consideration of the purposes, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
3. Right to Deletion ("Right to be Forgotten")
You have the right to request that personal data related to you to be deleted without delay and we are obliged to delete personal data immediately if one of the following applies:
a. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b. You delete your GYMDER user account.
c. You revoke your consent, on which the processing was based in accordance with Article 6 (1) GDPR (a) or Article 9 (2) (a) GDPR, and there is no other legal basis for the processing.
d. You object to the processing in accordance with Article 21 (1) of the GDPR and there are no legitimate grounds for processing, or you object to the processing in accordance with Article 21 (2) GDPR.
e. The personal data were processed unlawfully.
f. The deletion of personal data is required to fulfil a legal obligation under union or national law to which we are subject.
G. The personal data were collected in relation to information society services offered pursuant to Article 8 (1) of the GDPR.
In case you want to delete your account, you can send us an e-mail to the following address: firstname.lastname@example.org.
If we have made the personal data publicly available and if we are obliged to delete them in accordance with Art. 17 GDPR, we inform data controllers who process your personal data about your wish to delete any links to such personal information and copies or replications. We take appropriate measures, including technical ones, to do this, taking into account the available technology and the implementation costs.
4. Right to Restriction of Processing
You have the right to require us to restrict processing if any of the following conditions apply:
a. The accuracy of your personal information is challenged by you for a period of time which enables us to verify the accuracy of your personal information.
b. The processing is unlawful and you refuse the deletion of personal data and instead demand the restriction of the use of personal data;
c. We no longer need the personal data for the purposes of processing, but you need the data for asserting, exercising or defending legal claims, or
d. You objected to the processing in accordance with Article 21 (1) GDPR, as long as it is not certain that the legitimate reasons of our company outweigh those of yours.
5. Right to Data Portability
You have the right to receive the personal information you provide to us in a structured, common and machine-readable format, and you have the right to transfer that information to another person without impediments, provided that
a. the processing is based on a consent pursuant to Article 6 (1) (a) of the GDPR or Article 9 (2) (a) GDPR or on a contract pursuant to Article 6 (1) (b) GDPR, and
b. the processing is done using automated procedures.
While exercising your right to data portability in accordance with paragraph 1, you have the right to obtain that personal data that is transmitted directly by us to another person responsible, as far as this is technically feasible.
6. Right of Object
You have the right, at any time for reasons arising out of your particular situation, to object to the processing of personal data about you pursuant to Article 6 (1) (e) or (f) of the GDPR; this also applies to profiling based on these provisions. We no longer process personal information unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.
If personal data is processed by us to operate direct communication, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
You have the right, for reasons arising out of your particular situation, to object to the processing of your personal data related to you for scientific or historical research purposes or for statistical purposes under Article 89 (1) of the GDPR, unless: processing is necessary to fulfil a public interest duty.
7. Automated Decisions Including Profiling
You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect on you or significantly affect you in a similar manner.
8. Right to Revoke a Data Protection Consent
You have the right to withdraw consent to the processing of personal data at any time.
9. Right to Complain to a Supervisory Authority
You have the right to lodge a complaint with a regulatory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you is unlawful. The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR
IV. Disclosure of your Data to Third Parties
A transfer of your personal data to third parties for purposes other than those listed below does not take place.
We only share your personal information with third parties if:
You according to Art. 6 para. 1 sentence 1 lit. a GDPR have given express consent to this;
the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominantly legitimate interest in not disclosing your data,
in the event that disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR is a legal obligation, as well
this is legally permissible and according to Art. 6 para. 1 sentence 1 lit. b GDPR is required for the execution of contractual relationships with you.
Please read this message carefully
As of May 2018