Data protection

Inhalt

1) Information about the collection of personal data and contact details of the person responsible

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following we will inform you about the handling of your personal data when using our website. Personal data are all data with which you can be personally identified.

1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Fitness Nation GmbH, Bergstr. 18, 59394 Nordkirchen, Germany, Tel .: 025969372486, E-Mail: info@fitness-nation.com. The person responsible for processing personal data is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data.

1.3 The person responsible has appointed a data protection officer who can be reached as follows: “Mr. Jürgen Recha, c / o datarev GmbH, Robert-Koch-Strasse 55, 30853 Langenhagen”

1.4 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible), this website uses an SSL or. TLS encryption. You can recognize an encrypted connection by the character string “https: //” and the lock symbol in your browser line.

2) Data collection when you visit our website

If you only use our website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source / reference from which you came to the page
Browser used
Operating system used
IP address used (if applicable: in anonymous form)

Processing takes place in accordance with Art. 6 Paragraph 1 lit. The data will not be passed on or used in any other way and, as a rule, we will not use the data collected for the purpose of drawing conclusions about your person. We reserve the right to do this in the event that this becomes necessary in order to clear up abusive page accesses if there are concrete indications of illegal use.

3) Content-Delivery-Network

If you upload images when using our portal (see section 7), we use a so-called content delivery network (“CDN”) from the technology service provider Cloudinary. A content delivery network is an online service with the help of which, in particular, large media files (such as graphics, page content or scripts) are delivered through a network of regionally distributed servers connected via the Internet. Using the Content Delivery Network from Cloudinary helps us to optimize the loading speeds of our website.

Your pictures are saved by the technical service provider Cloudinary Inc. 111 W Evelyn Ave, Suite 206 Sunnyvale, CA 94086 (http://www.cloudinary.com/), to whom we pass on the data provided. This transfer takes place in accordance with Art. 6 Paragraph 1 lit. Please note that your data is usually transferred to a Cloudinary server in the USA and stored there. The data is stored exclusively pseudonymized by Cloudinary with its own ID.

To protect your data in the USA, we have concluded a data processing agreement (“Data Processing Agreement”) with Cloudinary on the basis of the standard contractual clauses of the European Commission to enable the transfer of your personal data to Cloudinary. This data processing contract can be viewed at any time if you are interested. Regardless of this, we ask for your consent to the transfer of your data to third countries during the upload of your images (Art. 49 Para. 1 lit. a GDPR). Please note that in these third countries, especially in the USA, there may not be an adequate level of data protection that corresponds to that in the EU or the EEA. In particular, personal data can be subject to extensive access rights for government authorities. This can result in risks for your rights and freedoms.

You can view the data protection provisions of Cloudinary here: https://cloudinary.com/privacy

4) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted again after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable your browser to be recognized the next time you visit (so-called persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values on an individual basis. Persistent cookies are automatically deleted after a specified period, which can differ depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings in your web browser.

In some cases, the cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies we use, the processing takes place in accordance with Art. 6 Para. 1 lit. b GDPR either for the execution of the contract, in accordance with Art. 6 Para. 1 lit. in accordance with Art. 6 Paragraph 1 lit.f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of every browser, which explains how you can change your cookie settings. You can find these for the respective browser under the following links:

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

Opera: https://help.opera.com/de/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be restricted, namely insofar as these are functionally necessary cookies for which we do not ask for your prior consent.

5) Consentmanager

This website uses the cookie consent tool from consentmanager, Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden (“consentmanager”) to obtain effective user consents for cookies and cookie-based applications that require consent.

By integrating a corresponding JavaScript code, users are shown a banner when the page is called, in which consent for certain cookies and / or cookie-based applications can be given by ticking the box. Here, the tool blocks the setting of all cookies that require consent until the respective user gives consent by ticking the box. This ensures that such cookies are only set on the respective end device of the user if consent has been given.

So that the cookie consent tool can clearly assign page views to individual users and individually record, log and save the consent settings made by the user for a session, certain user information (including the IP address) is saved when our website is called up. collected, transmitted to consentmanager’s server and stored there.

This data processing takes place in accordance with Art. 6 Paragraph 1 lit.

Another legal basis for the data processing described is Article 6 (1) (c) GDPR. As the person responsible, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.

Further information on the use of data by consentmanager can be found in consentmanager’s data protection declaration at https://www.consentmanager.de/privacy.php.

6) Contact

When you contact us (e.g. using the contact form or email), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for processing this data is our legitimate interest in answering your request in accordance with Art. 6 Para. 1 lit.f GDPR. If your contact is aimed at concluding a contract or if it relates to an existing contractual relationship with you, the additional legal basis for processing is Article 6 (1) (b) GDPR. Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the matter in question has been finally clarified and provided that there are no statutory retention requirements.

Direct contact with fitness studios:

We offer various options through our portal to establish direct contact with a fitness studio (call-back, landing pages, trial training, bring a friend). The personal data that you provide as part of these contact inquiries are evaluated by us and then made available to the fitness studio in question for the purpose of answering your inquiry or establishing contact and for the associated technical administration within our system. We will not process your data after it has been forwarded. The fitness studio you wrote to will use it for the purpose of answering your request. Please note the corresponding data protection information for the fitness studio you have contacted.

7) Make an appointment online

Own function for making appointments online

We process your personal data within the framework of the online appointment arrangements made available. You can see which data we collect online to make appointments from the respective input form or the appointment query for making appointments. If certain data is necessary in order to be able to make an online appointment, we will indicate this accordingly in the input form or when requesting an appointment. If we provide you with a free text field on the input form, you can describe your request there in more detail. You can then also control which additional data you would like to enter. The data you provide will be saved and used solely for the purpose of making an appointment. When processing personal data that are required to fulfill a contract with you (this also applies to processing operations that are required to carry out pre-contractual measures), Article 6 (1) (b) GDPR serves as the legal basis. Incidentally, the legal basis for processing this data is our legitimate interest in answering your request in accordance with Art. 6 Paragraph 1 lit.f GDPR.

Direct contact with fitness studios:

We also offer the option of making an appointment directly in a fitness studio via our portal. The personal data that you make available within the framework of these appointments are evaluated by us and then made available to the fitness studio in question for the purpose of answering your request or establishing contact and for the associated technical administration within our system. We will not process your data after it has been forwarded. The fitness studio you wrote to will use it for the purpose of answering your request. Please note the corresponding data protection information for the fitness studio you have contacted.

8) Data processing when opening a customer account and for contract processing, portal registration

In accordance with Article 6 (1) (b) GDPR, personal data will continue to be collected and processed if you provide them to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. A deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. We save and use the data you provide to process the contract. After the contract has been fully processed or your customer account has been deleted, the processing of your data will be restricted with regard to retention periods under tax and commercial law and deleted after these periods have expired, unless you have expressly consented to further use of your data or a further use of data permitted by our law Page was reserved.

Registration with the portal

You can register on our website by providing personal data. Which personal data are processed for the registration results from the input mask that is used for the registration. We use the so-called double opt-in procedure for registration. H. Your registration is only complete when you have previously confirmed your registration via a confirmation email sent to you for this purpose by clicking on the link contained therein. If you do not receive your confirmation in this regard within 24 hours, your registration will be automatically deleted from our database. The specification of the aforementioned data is mandatory. You can provide all further information voluntarily by using our portal.

If you use our portal, we will save your data required to fulfill the contract, including any information on the method of payment, until you finally delete your access. Furthermore, we save the voluntary data you provide for the duration of your use of the portal, unless you delete them beforehand. You can manage and change all information in the protected customer area. The legal basis is Article 6 (1) lit.f GDPR.

In addition, we save all content published by you (such as public posts, pin board entries, guest book entries, etc.) in order to operate the website. We have a legitimate interest in providing the website with the complete user-generated content. The legal basis for this is Article 6, Paragraph 1, Letter f of the GDPR. If you delete your account, your public statements, especially in the forum, will still be visible to all readers, but your account will no longer be accessible. In this case, all other data will be deleted.

Registration via resellers and studios (third-party access)

The platform of the person responsible mentioned above is also open to other providers. In particular, we enable resellers and operators of fitness studios (“third-party providers”) to open access to the platform via their own web offers or apps (“third-party provider access”). These third-party providers offer their third-party access under their own name and with their own “look and feel”. Third-party access nevertheless gives you access to all of the functionalities of our platform, and your data will be processed by the above-mentioned controller as if you had registered directly in the portal.

With regard to setting up your account via the relevant third-party access, we and the third-party provider you have chosen share a responsibility (Art. 26 GDPR). According to this agreement, all content that you upload to the platform will be shared on the Fitness Nation network at the same time and displayed to the entire Fitness Nation community if you do not object. For this purpose, on the basis of the legitimate interest in as broad an international community as possible (Art. 6 Paragraph 1 lit. We will inform you about this processing and the essentials of our agreement here. By the way: The person responsible mentioned above is your first point of contact if you want to exercise your rights as a data subject (Art. 15-22 GDPR). You can therefore also contact the selected third party provider at any time, and they will then forward your request to Fitness Nation GmbH.

9) Use of single sign-on procedures

Facebook Connect

On our website you can create a customer account or register using the single sign-on process “Facebook Connect” of the social network Facebook, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”), if you have a Facebook profile. You can recognize “Facebook Connect” on our website by the blue button with the Facebook logo and the inscription “Register with Facebook” or “Connect with Facebook” or “Log in with Facebook” or “Sign in with Facebook”.

By using this “Facebook Connect” button on our website, you have the option of logging in or registering on our website using your Facebook user data. Only if you give your express consent in accordance with Art. 6 Paragraph 1 lit. Depending on your personal data protection settings on Facebook, the general and publicly accessible information stored in your profile, namely name, email address and, if applicable, the profile picture. We process the data transmitted to us by Facebook for the purpose of registering on the portal (Art. 6 Para. 1 lit. b GDPR).

We would like to point out that following changes to Facebook’s data protection conditions and terms of use, if you give your consent, your profile pictures, the user IDs of your friends and the friends list may also be transferred if this is marked as “public” in your privacy settings on Facebook became. The data transmitted by Facebook will be stored and processed by us to create a user account with the necessary data (title, first name, last name, email address,) if you have approved them on Facebook.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your related rights and setting options to protect your privacy can be found in Facebook’s data protection information: https://www.facebook.com/policy.php

Single sign-on with your Apple ID

When you sign in to us with your Apple device, you can also use your Apple ID to sign in. As part of this single sign-on process, if you give the relevant approval during the registration process, we will receive your email address from Apple. In addition, the email address belonging to your own Apple ID can be hidden from us if you wish. Apple then creates a one-time email address that is only valid for our portal. Apple forwards messages to this address to your mailbox linked to the Apple ID.

All accounts are protected with two-factor authentication for greater security, and Apple promises not to track your activities on our portal.

You must also enter further information required for registration on our portal when using single sign-on with your Apple ID as described under Section 7 of this data protection declaration.

The purpose and scope of the data collection and the further processing and use of the data by Apple as well as your related rights and setting options to protect your privacy can be found in Apple’s data protection information: https://www.apple.com/de/legal/privacy/de-ww/

10) Comment function

As part of the comment function on this website, in addition to your comment, information about the time the comment was created and the name of the commentator you have chosen will be saved and published on this website. Your IP address is also recorded and saved. The IP address is stored for security reasons and in the event that you violate the rights of third parties or post illegal content by submitting a comment. We need your e-mail address in order to contact you if a third party should object to your published content as unlawful. The legal basis for storing your data is Article 6 Paragraph 1 lit. b and f GDPR. We reserve the right to delete comments if third parties complain that they are illegal.

You as a user can subscribe to the follow-up comments. You will receive a confirmation email to ensure that you are the owner of the specified email address (double opt-in procedure). The legal basis for data processing in the case of subscribing to comments is Article 6 (1) (a) GDPR. You can unsubscribe from ongoing comment subscriptions at any time with effect for the future; for more information on how to unsubscribe, please refer to the confirmation email.

11) Use of customer data for direct mail

11.1 Registration for our e-mail newsletter

If you register for our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. The provision of further data is voluntary and is used in order to be able to address you personally. We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you an email newsletter if you have expressly confirmed to us that you consent to receiving the newsletter. We will then send you a confirmation email asking you to click on a link to confirm that you want to receive the newsletter in the future.

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Article 6 (1) (a) GDPR. When you register for the newsletter, we save your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later point in time. The data collected by us when registering for the newsletter are used exclusively for the purpose of advertising via the newsletter. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a message to the person responsible mentioned above. After you have unsubscribed, your e-mail address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we will inform you in this declaration.

11.2 Sending the email newsletter to existing customers

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by e-mail. In accordance with Section 7 (3) UWG, we do not need to obtain separate consent from you for this. In this respect, data processing takes place solely on the basis of our legitimate interest in personalized direct mail in accordance with Art. 6 Para. 1 lit. f GDPR. If you have initially objected to the use of your e-mail address for this purpose, we will not send you an e-mail. You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the person responsible named at the beginning. For this you only have to pay transmission costs according to the basic tariffs. After receipt of your objection, the use of your e-mail address for advertising purposes will be stopped immediately.

11.3 Newsletterversand via Sendinblue

We send our newsletters (items 10.1 and 10.2) with the help of our service provider Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin. Sendinblue acts exclusively as a processor for us and does not process your personal data for its own business purposes.

11.4 Advertising by mail

On the basis of our legitimate interest in personalized direct mail, we reserve the right to store your first and last name, your postal address and – if we have received this additional information from you as part of the contractual relationship – your title, academic degree, year of birth and your professional, To save the industry or business name in accordance with Article 6 (1) (f) GDPR and to use it to send you interesting offers and information about our products by post.

You can object to the storage and use of your data for this purpose at any time by sending a message to the person responsible.

12) Data processing for order processing

12.1 To process your order, we work together with the following service provider (s) who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We will pass on your payment data to the commissioned credit institution as part of the payment processing, if this is necessary for the payment processing. If payment service providers are used, we will explicitly inform you about this below. The legal basis for forwarding the data is Article 6 Paragraph 1 lit. b GDPR.

12.2 Use of special service providers for order processing and processing

– Olimp Nutrition

Orders are processed by the service provider “Olimp” (Olimp Laboratories branch of Olimp Laboratories SP.z.o.o., Am Weiher 8, 63505 Langenselbod, DE). Name, address and any other personal data will be passed on to Olimp in accordance with Article 6 (1) (b) GDPR exclusively for processing the online order. Your data will only be passed on if this is actually necessary for processing the order. Details on Olimp’s data protection and its data protection declaration can be viewed on the Olimp website at “Olimpsport.com”.

– DHL Fulfillment

Orders are processed by the service provider DHL Home Delivery GmbH, Sträßchensweg 10, 53113 Bonn, as part of “Shipping by DHL Fulfillment”. Your personal data will only be passed on to DHL Fulfillment for the purpose of processing the online order in accordance with Article 6 (1) (b) GDPR.

– Fulfillment with büromatic

Another service provider who provides fulfillment services for us is büromatic Direktwerbung GmbH & Co. KG, Gruitener Str. 202, 42327 Wuppertal. Your personal data will only be passed on to büromatic for the purpose of processing your online order in accordance with Article 6 (1) (b) GDPR.

12.3 Passing on personal data to Shipping service provider

– DHL

If the goods are delivered by the transport service provider DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn), we will give your e-mail address in accordance with Article 6 (1) (a) GDPR prior to delivery of the goods for the purpose of coordination of a delivery date or delivery notification to DHL, provided that you have given your express consent for this in the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to DHL for the purpose of delivery in accordance with Article 6 (1) (b) GDPR. The transfer takes place only as far as this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DHL or the delivery notification is not possible.

The consent can be revoked at any time with effect for the future vis-à-vis the responsible person named above or vis-à-vis the transport service provider DHL.

– UPS

If the goods are delivered by the transport service provider UPS (United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss), we will give your e-mail address before the goods are delivered in accordance with Art. 6 Paragraph 1 a GDPR for the purpose of agreeing a delivery date or to announce the delivery to UPS, provided that you have given your express consent in the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to UPS for the purpose of delivery in accordance with Article 6 (1) (b) GDPR. The transfer takes place only as far as this is necessary for the delivery of the goods. In this case, prior coordination of the delivery date with UPS or the transmission of status information of the shipment delivery is not possible.

The consent can be revoked at any time with effect for the future vis-à-vis the person responsible or vis-à-vis the transport service provider UPS.

12.4 Use of Paymentdienstleistern (Payment services)

– Apple Pay

If you opt for the payment method “Apple Pay” from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment will be processed via the “Apple Pay” function of your terminal device operated with iOS, watchOS or macOS by debiting a payment card stored with “Apple Pay”. Apple Pay uses security features built into your device hardware and software to protect your transactions. To approve a payment, it is necessary to enter a code that you previously specified and to verify it using the “Face ID” or “Touch ID” function of your device.

For the purpose of payment processing, the information you provided during the ordering process, along with the information about your order, will be passed on to Apple in encrypted form. Apple then re-encrypts this data with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. The encryption ensures that only the website from which the purchase was made can access the payment details. After the payment has been made, Apple will send your device account number and a transaction-specific, dynamic security code to the original website to confirm that the payment has been successful.

If personal data is processed in the described transmissions, the processing takes place exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR.

Apple maintains anonymized transaction data, including the approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. The anonymization completely rules out any personal reference. Apple uses the anonymized data to improve “Apple Pay” and other Apple products and services.

When you use Apple Pay on the iPhone or Apple Watch to complete a purchase made through Safari on the Mac, the Mac and the authorization device communicate over an encrypted channel on the Apple servers. Apple does not process or store any of this information in a format that can be used to identify you personally. You can turn off the ability to use Apple Pay on your Mac in your iPhone’s settings. Go to Wallet & Apple Pay and turn off Allow Payments on Mac.

Further information on data protection with Apple Pay can be found at the following Internet address: https://support.apple.com/de-de/HT203027

– BS PAYONE

If you choose a payment method from the payment service provider BS PAYONE, the payment will be processed by the payment service provider BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt / Main, to whom we will send the information you provided during the ordering process along with the information about your order in accordance with Art. 6 Para. 1 lit.b GDPR. Your data is passed on exclusively for the purpose of processing payments with the payment service provider PAYONE and only insofar as it is necessary for this.

– Google Pay

If you opt for the “Google Pay” payment method from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), the payment will be processed via the “Google Pay” application of yours with at least Android 4.4 (“KitKat”) operated mobile device with an NFC function by debiting a payment card stored with Google Pay or a payment system verified there (e.g. PayPal). To release a payment via Google Pay in the amount of more than € 25, you must first unlock your mobile device using the verification measure set up in each case (such as face recognition, password, fingerprint or sample).

For the purpose of payment processing, the information you provided during the ordering process, along with information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a unique transaction number to the original website, with which a successful payment is verified. This transaction number does not contain any information about the real payment data of your means of payment stored with Google Pay, but is created and transmitted as a one-time valid numeric token. For all transactions via Google Pay, Google only acts as an intermediary for processing the payment process. The transaction is carried out exclusively in the relationship between the user and the original website by debiting the means of payment stored with Google Pay.

If personal data is processed in the described transmissions, the processing takes place exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR.

Google reserves the right to collect, store and evaluate certain process-specific information for every transaction made via Google Pay. This includes the date, time and amount of the transaction, the location and description of the dealer, a description of the goods or services purchased by the dealer, photos that you included in the transaction, the name and email address of the seller and buyer or of the sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction.

According to Google, this processing takes place exclusively in accordance with Art. 6 Paragraph 1 lit.

Google also reserves the right to merge the processed data with other information that is collected and stored by Google when other Google services are used.

The terms of use of Google Pay can be found here: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de

Further information on data protection with Google Pay can be found at the following Internet address: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de

– giropay

When paying via “giropay”, payment is processed by giropay GmbH, An der Welle 4, 60322 Frankfurt / Main, to whom we pass on the information you provided during the ordering process along with information about your order. Your data is passed on in accordance with Article 6 (1) (b) GDPR exclusively for the purpose of processing payments and only to the extent that it is necessary for this. You can find more information about the data protection provisions of giropay GmbH at the following Internet address: https://www.giropay.de/rechtliches/datenschutzerklaerung.

– Paydirekt

If you choose the paydirekt payment method, the payment will be made via the payment service provider paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main. Your payment data (e.g. payment amount, details of the payee) as well as your confirmation that the payment data are correct will be collected, processed and sent to your by paydirekt GmbH to carry out the paydirekt payment in accordance with Art. 6 Para. 1 lit. Bank transmitted. This processing only takes place insofar as it is actually necessary for the execution of the payment. Paydirekt GmbH then authenticates the payment using the authentication process stored for you at your bank. Further information about the transfer and processing of your data can be found in the paydirekt data protection declaration, which you can view under the following link: https://www.paydirekt.de/agb/index.html.

– Paypal

When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “installment payment” via PayPal, we give your payment data to PayPal (Europe) S.a.r.l. as part of the payment processing. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only insofar as this is necessary for payment processing.

PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment in installments” via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Article 6 (1) (f) GDPR on the basis of PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit check with regard to the statistical probability of default for the purpose of deciding on the provision of the respective payment method. The credit report can contain probability values (so-called score values). As far as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data. For more information on data protection, including the credit agencies used, please refer to PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

13) Contact for evaluation reminder

Own evaluation reminder (no dispatch by a customer evaluation system)

We use your e-mail address as a one-off reminder to submit an evaluation of your order for the evaluation system we use, provided that you have given us your express consent to this during or after your order in accordance with Article 6 (1) (a) GDPR.

You can revoke your consent at any time by sending a message to the person responsible for data processing.

Review reminder by ShopVote

If you have given us your express consent to this during or after your order in accordance with Art. 6 Paragraph 1 lit. .de) so that they can send you a review reminder by email.

You can revoke your consent at any time by sending a message to the person responsible for data processing or to the rating platform.

14) Use of social media: videos

Use of Youtube Videos

This website uses the YouTube embedding function to display and play back videos from the provider “YouTube”, which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

The extended data protection mode is used here, which, according to the provider, does not start storing user information until the video (s) are played back. If the playback of embedded YouTube videos is started, the provider “YouTube” uses cookies to collect information about user behavior. According to information from “Youtube”, these are used, among other things, to record video statistics, improve user-friendliness and prevent abusive practices. If you are logged in to Google, your data will be assigned directly to your account when you click on a video. If you do not want the assignment to your profile on YouTube, you must log out before activating the button. Google saves your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation is carried out in accordance with Article 6 Paragraph 1 lit. You have the right to object to the creation of these user profiles, although you must contact YouTube to exercise this right. When using YouTube, personal data may also be transmitted to the servers of Google LLC. come in the US.

Regardless of whether or not the embedded videos are played, a connection to the Google network is established each time this website is accessed, which can trigger further data processing operations beyond our control.

Further information on data protection at “YouTube” can be found in the provider’s data protection declaration at: https://www.google.de/intl/de/policies/privacy

As far as legally required, we have obtained your consent for the processing of your data described above in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service in the consentmanager.net “cookie consent tool” provided on the website (Section 4 of this data protection declaration).

15) Fitness Nation BeneFits

You have the opportunity to participate in our and the loyalty programs of the partner studios you have selected when making purchases via our online shop and when participating in the various special functions. If you collect BeneFit points via our portal or from partner companies, in this case, after collecting the data, we will transmit the following data on the basis of our legitimate interest in the user-friendly design and optimal marketing of our website in accordance with Article 6 (1) (f) GDPR to the respective studio or partner for the purpose of crediting and redeeming BeneFits: first name, last name, email address, number of BeneFits, basis of credit or redemption. You have the option of deactivating participation in the Benefit Points loyalty program in your profile settings.

16) Using a live chat system

Eigenes Live-Chat-System

On this website, for the purpose of operating a live chat system that is used to answer live inquiries, your given chat name and your communicated chat content are collected as data and stored for the course of the chat. The chat and your given chat name are only saved in the so-called RAM (Random Access Memory) during the chat and then only saved by us in encrypted form as soon as you or we have ended the chat conversation. The encrypted storage takes place for five years and serves the sole purpose of being able to provide information in the event of official inquiries (e.g. in the case of illegal content), insofar as there is a legal obligation to do so.

Cookies are used to operate the chat function. Cookies are small text files that are stored locally in the cache of the visitor’s Internet browser. The cookies enable the website visitor’s internet browser to be recognized in order to distinguish between the individual users of the chat function on our website (see section 4 of this data protection declaration).

If the information collected in this way is related to a person, it is processed in accordance with Article 6 (1) (f) GDPR on the basis of our legitimate interest in effective customer service.

To avoid the storage of cookies, you can set your internet browser so that cookies can no longer be stored on your computer in the future or cookies that have already been stored are deleted. Switching off all cookies can, however, mean that the chat function on our website can no longer be carried out.

17) Accounting via sevDesk

We use the sevDesk service of the cloud-based accounting software from sevDesk GmbH, Hauptstraße 115, 77652 Offenburg, to handle the bookkeeping.

SevDesk processes incoming and outgoing invoices as well as, if necessary, the bank movements of our company in order to automatically record invoices, match them to the transactions and use them to create the financial accounting in a partially automated process.

If personal data is also processed here, the processing takes place in accordance with Article 6 (1) (f) GDPR on the basis of our legitimate interest in an efficient organization and documentation of our business transactions.

You can find more information about sevDesk GmbH, the automated processing of data and the data protection provisions at https://sevdesk.de/sicherheit-datenschutz/

18) Google Fonts

This site uses so-called web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) for the uniform representation of fonts. We have integrated the Google Web Fonts we use directly on our own servers and, through appropriate settings, prevented a connection to Google servers from being established when our website is accessed. There is therefore no data transmission to Google.

For more information on Google Web Fonts, see https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/

19) Rights of the data subject, in particular your right to object

19.1 The applicable data protection law grants you comprehensive rights of data subjects (information and intervention rights) to the person responsible with regard to the processing of your personal data, about which we will inform you below:

Right to information in accordance with Art. 15 GDPR: In particular, you have a right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned Storage period or the criteria for determining the storage period, the existence of a right to correction, deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if we did not collect them from you, the Existence of automated decision-making including profiling and, if necessary, meaningful information about the logic involved and the scope and the intended effects of such processing, as well as your right to be informed about the guarantees in accordance with Art. 46 GDPR when your data is forwarded in D rittlands exist;
Right to correction in accordance with Art. 16 GDPR: You have the right to immediate correction of incorrect data concerning you and / or completion of your incomplete data stored by us;
Right to deletion in accordance with Art. 17 GDPR: You have the right to request the deletion of your personal data if the requirements of Art. 17 Para. 1 GDPR are met. However, this right does not exist in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
Right to restriction of processing in accordance with Art. 18 GDPR: You have the right to request that the processing of your personal data be restricted as long as the correctness of your data is being checked, if you refuse to delete your data due to inadmissible data processing and instead request the Request restriction of the processing of your data if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have objected to reasons of your particular situation, as long as it is not certain whether our legitimate Reasons outweigh;
Right to information in accordance with Art. 19 GDPR: If you have asserted the right to correction, deletion or restriction of processing against the person responsible, the person responsible is obliged to notify all recipients to whom the personal data relating to you has been disclosed, this correction or deletion of the data or Notification of restriction of processing, unless this proves to be impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
Right to data portability in accordance with Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another person responsible, insofar as this is technically feasible;
Right to revoke consent given in accordance with Art. 7 Paragraph 3 GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. Withdrawing your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of withdrawal;
Right to lodge a complaint in accordance with Art. 77 GDPR: If you are of the opinion that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement.

19.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR MAINLY LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME, FOR REASONS THAT WE GIVE UPON YOUR SPECIFIC SITUATION.

IF YOU USE YOUR RIGHT TO OBJECT, WE WILL END THE PROCESSING OF THE DATA CONCERNED. FURTHER PROCESSING IS RESERVED IF WE CAN PROVE COMPULSORY REASONS FOR PROCESSING THAT OUTSIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOM OR IF THE PROCESSING OR EXPRESSION APPLIES.

IF YOUR PERSONAL DATA ARE PROCESSED BY US FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU MAY OBJECTIVE AS DESCRIBED ABOVE.

IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL END THE PROCESSING OF THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.

20) Duration of storage of personal data

The duration of the storage of personal data is based on the respective legal basis, the processing purpose and – if relevant – additionally based on the respective statutory retention period (e.g. commercial and tax retention periods).

When processing personal data on the basis of express consent in accordance with Article 6 (1) (a) GDPR, this data is stored until the person concerned revokes his or her consent.

If there are statutory retention periods for data that are processed in the context of legal or similar obligations on the basis of Art. 6 Paragraph 1 lit. and / or we have no legitimate interest in further storage.

When processing personal data on the basis of Art. 6 Paragraph 1 lit. prove for the processing that the interests, rights and freedoms of the data subject outweigh, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for the purpose of direct advertising on the basis of Art. 6 Para. 1 lit.

Unless otherwise stated in the other information in this declaration about specific processing situations, stored personal data will otherwise be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed. Posted under: data protection www.fitness-nation.com/support/datenschutz