Privacy Policy

The operator of the online offer www.fitnessRAUM.de is

fitnessRAUM.de GmbH for sport and fitness online
Kirchstr. 18
69115 Heidelberg

fitnessraum.de

as well as its parent company UPMC GmbH (Kirchstr. 18. 69115 Heidelberg, www.upmc.de).

The responsible party (hereinafter also referred to as "fitnessRAUM.de") observes the relevant legal provisions of data protection when handling personal data, in particular the provisions of the General Data Protection Regulation (GDPR), as well as the Federal Data Protection Act (BDSG).

This data protection declaration informs you about the type, scope and purpose of the processing of personal data within our online offer and the websites, functions and content connected to it. The privacy policy applies regardless of the systems, platforms and devices used (e.g. desktop or mobile) on which the online offer is executed. For definitions of terms used, such as "personal data" or their "processing", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).


Data processing by visiting our website

When you browse our web pages, it is technically necessary for data to be transmitted to our web server via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

Visited domain
Date and time of the request
Page from which the file was requested
Access status (file transferred, file not found, etc.)
Web browser and operating system used
IP address of the requesting computer
Amount of data transferred
We collect the listed data to ensure a smooth connection setup of the website and to enable a comfortable use of our website by the users. In addition, the log file is used to evaluate system security and stability as well as for administrative purposes. The legal basis for the temporary storage of the data or the log files is Art. 6 para. 1 lit. f GDPR.


Processing of personal data

We process users' personal data only in compliance with the relevant data protection provisions and to the extent necessary to provide a functional website and our content and services. The collection and use of personal data of our users is carried out after the consent of the user or if a legal permission exists, in particular if the data processing is necessary for the provision of our contractual performance or services or if it is required by law as well as due to our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR, in particular in the case of reach measurement, creation of profiles for advertising and marketing purposes, as well as collection of access data and use of third-party services).

The legal basis for the processing of personal data in the presence of consent is Art. 6 para. 1 lit. a. and Art. 7 GDPR, for the performance of our services and implementation of contractual measures Art. 6 para. 1 lit. b. GDPR, for the fulfillment of our legal obligations Art. 6 para. 1 lit. c. GDPR, for processing to protect our legitimate interests Art. 6 para. 1 lit. f. GDPR.


Provision of contractual services

We process the inventory data (name and e-mail address), payment data and other optionally specified data for the use of additional services (e.g. age, weight) provided by you for the fulfillment of our contractual obligations or the provision of our services pursuant to Art. 6 para. 1 lit b GDPR.


Contact form and contact by e-mail

If you send us inquiries via contact form or e-mail, your data from the inquiry form or your e-mail, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. Under no circumstances will we pass on this data without your consent. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 (1) (f) GDPR and, if applicable, Art. 6 (1) (b) GDPR, if your request is aimed at concluding a contract. Your data will be deleted after your request has been processed, provided that there are no legal obligations to retain data.


Registration

You have the option to register for certain services provided on our website and thus create a user profile. In the course of registration and setup, we collect and use the following personal data:

First name, last name, title
E-mail address of the user
Date and time of registration
In addition, voluntary information may be provided (e.g. telephone number, etc.). Mandatory information, which is provided for the purpose of registration, is marked as mandatory in the input mask. With your user account you get the possibility to use further parts of our website and to log in for the offers you have purchased. The legal basis for data processing is Art. 6 para. 1 lit. a GDPR in the case of consent or Art. 6 para. 1 lit. b GDPR, insofar as the processing is necessary to provide the desired services.

Your data will be deleted as soon as the user account on our website is deleted and as long as there are no legal retention obligations. You can usually change and/or delete your user account, including the data you have provided, directly in your user account after logging in or by sending a corresponding message to .

Comment function and community

If you leave comments on the courses or make contributions to the community, in addition to this information, the time of their creation and the user name and e-mail address previously selected by the website visitor will be stored. This is for our security, since we can be prosecuted for illegal content on our website, even if it was created by users.


Newsletter

If you would like to receive the newsletter offered on the website with regular information about our offers and products, we require your e-mail address as mandatory information. To send the newsletter we use the so-called double opt-in procedure. This means that we will only send you our newsletter by e-mail if you have expressly confirmed that you consent to the sending of newsletters. In the first step, you will receive an e-mail with a link that you can use to confirm that you want to receive future newsletters as the owner of the corresponding e-mail address. With the confirmation, you give us your consent pursuant to Art. 6 (1) a GDPR that we may use your personal data for the purpose of sending the desired newsletter.

When registering for the newsletter, we store, in addition to the email address required for sending, the IP address via which you registered for the newsletter as well as the date and time of registration and confirmation, in order to be able to track possible misuse at a later date.

You can unsubscribe from the newsletter at any time via the link included in each newsletter or by sending an email to the responsible person named above. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to the continued use of the collected data or the continued processing is otherwise permitted by law.


Server log files

When you browse our website, it is technically necessary for data to be transmitted to our web server via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

Date and time of the request
Name of the requested file
Page from which the file was requested
Access status
Web browser and operating system used
(Complete) IP address of the requesting computer
Amount of data transferred
We collect the listed data to ensure a smooth connection setup of the website and to enable a comfortable use of our website by the users. In addition, the log file is used to evaluate system security and stability as well as for administrative purposes. The legal basis for the temporary storage of the data or the log files is Art. 6 para. 1 lit. f GDPR.

For reasons of technical security, in particular to defend against attempted attacks on our web server, we store this data for a short time. Based on this data, it is not possible for us to draw conclusions about individual persons. The log files are deleted after 6 months.

In anonymized form, the data may be processed for statistical purposes. This data is never stored together with other personal data of the user, compared with other data or passed on to third parties.


Use of the "MailChimp" dispatch service provider

The newsletter is sent using "MailChimp", a newsletter sending platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

The email addresses of our newsletter recipients, as well as their other data described in the context of this notice, are stored on MailChimp's servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, MailChimp may use this data to optimize or improve its own services, e.g. to technically optimize the dispatch and display of the newsletters or for economic purposes to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to address them itself or to pass them on to third parties.

We trust in the reliability and IT and data security of MailChimp. MailChimp is certified under the US-EU data protection agreement "Privacy Shield" and thus undertakes to comply with EU data protection requirements. Furthermore, we have concluded a "Data Processing Agreement" with MailChimp. This is a contract in which MailChimp undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties. You can view MailChimp's privacy policy here.


Passing on of data

Data is only passed on to third parties within the framework of legal requirements. We only pass on your data to third parties if this is necessary for contractual purposes on the basis of Art. 6 Para. 1 lit. b GDPR or on the basis of legitimate interests according to Art. 6 Para. 1 lit. f. GDPR in the economic and effective operation of our business operations.

Insofar as we use subcontractors to provide our services, we take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.

The processing of payments by credit card, direct debit or Paypal is carried out by our external payment service provider Heidelberger Payment GmbH (Heidelpay), Bayernstraße 151, 28219 Bremen, Germany. In this process, the data required to process the payment (first and last name, street, house number, postal code, city, telephone number), as well as the data in connection with the order are passed on to Heidelpay. For more information about the data protection of the payment service provider, you can read the privacy policy of Heidelpay following link: https://www.heidelpay.com/de/datenschutz/.


We use external IT services, in the context of which data is processed on our behalf by external service providers (e.g. external hosting, support for / maintenance of IT applications, programming).


Advertising

If we have received your e-mail address in connection with the sale of goods or services and have indicated this at the time of collection, we may use this address for direct advertising for our own similar goods or services. You may object to this use at any time, even subsequently, without incurring any costs other than the transmission costs according to the basic rates.

If you have expressly consented to such processing, we may also use your address and personal information, with your consent, to send you information about products and other (own or third-party) advertising by e-mail and/or by post. When you provide fitnessRAUM.de with information about yourself, you make the decision whether and to what extent we may contact you with various promotional materials, usually by checking appropriate boxes on the website. You can change your direct marketing preferences at any time by using the unsubscribe information in a mailing or by updating your user profile. If you use these functions, we will not delete your personal data from our database in the case of an existing contractual relationship, but will note the changed preferences.


User rights

Users have the right to receive, upon request and free of charge, information about the personal data that we have stored about you.
In addition, users have the right to correct inaccurate data, restrict processing and delete their personal data, if applicable, to assert their rights to data portability and, in the event that we assume that data processing is unlawful, to file a complaint with the competent supervisory authority.

Likewise, users may revoke consents, in principle with effect for the future, vis-à-vis the controller, e.g. by e-mail.

Users may object to the future processing of their personal data in accordance with the legal requirements at any time. The objection can be made in particular against the processing for purposes of direct advertising.


Deletion of data

The data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the user data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for reasons of commercial or tax law.

In accordance with legal requirements, data is retained for 6 years in accordance with Section 257 (1) of the German Commercial Code (HGB) (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with Section 147 (1) of the German Fiscal Code (AO) (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).


Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043. Google Analytics uses so-called cookies. These are text files that are stored in your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. We only use Google Analytics with IP anonymization activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

The terms of use of Google Analytics and information on data protection can be accessed via the following link: https://policies.google.com/privacy/update?gl=de.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the link http://tools.google.com/dlpage/gaoptout?hl=de.

Clicking on the following button prevents the collection by Google Analytics by setting a so-called opt-out cookie:

Disable now
Status: Google Analytics tracking is enabled.

Facebook Pixel

We use "Facebook Pixel", a service of Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA (hereinafter referred to as: "Facebook") on our website. Facebook Pixel enables Facebook to display our ads on Facebook, so-called "Facebook Ads", only to those Facebook users who have been visitors to our internet presence, in particular to those who have shown interest in our online offer. Facebook Pixel also makes it possible to check whether a user was redirected to our website after clicking on our Facebook Ads. Facebook Pixel uses, among other things, cookies, which are small text files that are stored locally in the cache of your web browser on your terminal device. If you are logged in to Facebook with your user account, the visit to our online presence will be noted in your user account. The data collected about you is anonymous to us, so it does not allow us to draw any conclusions about the identity of the user. However, this data can be linked by Facebook with your user account there. If you have a user account with Facebook and are registered, Facebook can assign the visit to your user account.

(2) We use Facebook Pixel for marketing and optimization purposes In particular, to place relevant and interesting ads for you on Facebook and thus improve our offer, make it more interesting for you as a user and avoid annoying ads.

(3) This is also our legitimate interest in the processing of the above data Art. 6 para 1 lit. f GDPR.

(4) You can object to the aforementioned collection by Facebook Pixel and the use of your data for the display of Facebook Ads. You can make the relevant settings as to which types of advertisements are displayed to you within Facebook on the following Facebook website:

https://www.facebook.com/settings?tab=ads.

We would like to point out that this setting will be deleted when you delete your cookies. In addition, you can deactivate cookies that are used for range measurement and advertising purposes via the following websites:

http://optout.networkadvertising.org/

http://www.aboutads.info/choices

http://www.youronlinechoices.com/uk/your-ad-choices/

We would like to point out that this setting will also be deleted when you delete your cookies.

(5) In addition, Facebook has submitted to the Privacy Shield Agreement concluded between the European Union and the USA and has certified itself. This means that Facebook undertakes to comply with the standards and regulations of European data protection law. You can find more information in the entry linked below:

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

(6) Information from the third-party provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

For more information about the third-party provider's privacy policy, please refer to the following Facebook website: https://www.facebook.com/about/privacy.

Information on Facebook Pixel can be found on the following Facebook website:

https://www.facebook.com/business/help/651294705016616

Google AdWords / Google Tag Manager

We use the Google Tag Manager and the online advertising program Google AdWords, services of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, for our websites. When you click on an ad placed by Google, a cookie is set for a so-called conversion tracking. These cookies lose their validity after 90 days and do not allow personal identification. If you visit certain pages of this website and the cookie has not yet expired, Google and us can recognize that you clicked on the ad and were redirected from there. Information obtained through the use of conversion cookies is used to create conversion statistics for AdWords customers. Customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a corresponding tag. However, no information is obtained that allows personal identification of users. If you do not wish to participate in the tracking, you can disable the cookie via your internet browser under user settings so that you are not included in the conversion tracking statistics.


By using this website, you consent to the processing of your data by Google in the manner and for the purposes set out above.

Google Analytics Remarketing/DoubleClick

Our website uses the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-related, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. cell phone) can also be displayed on another of your end devices (e.g. tablet or PC).

If you have given your consent, Google will link your web and app browsing history with your Google account for this purpose. In this way, the same personalized advertising messages can be displayed on every device on which you log in with your Google account.

To support this feature, Google Analytics collects user authenticated IDs that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad targeting.

You can permanently opt-out of cross-device remarketing/targeting by disabling personalized advertising in your Google Account; follow this link: https://adssettings.google.com/. You can also disable data collection by opting out (setting an optout cookie) of Google Analytics Tracking in the Google Analytics section.

In the case of data collection processes that are not merged in your Google account (e.g., because you do not have a Google account or have objected to the merging), the collection of data is based on Art. 6 (1) lit. f GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymized analysis of website visitors for advertising purposes.

The information collected on users may be transmitted to Google and stored on Google's servers in the USA. Google is certified for the US-European data protection agreement "Privacy Shield", which ensures compliance with the level of data protection applicable in the EU.

Further information and the data protection provisions can be found in Google's data protection declaration under: https://www.google.com/policies/technologies/ads/.


Google Web Fonts

(1) We use "Google Web Fonts" on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: "Google"). Google Web Fonts enables us to use external fonts, so-called Google Fonts. For this purpose, the required Google Fonts are loaded into your browser cache by your web browser when you access our website. This is necessary so that your browser can also display a visually improved representation of our texts. If your browser does not support this function, a standard font will be used by your computer for display. The integration of these web fonts is done by a server call, usually a Google server in the USA. This transmits to the server whose page of our website you have visited. Also, the browser's IP address of the visitor's end device is stored by Google.

(2) We use Google Web Fonts for optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly.

(3) This is also our legitimate interest according to Art. 6 para. 1 lit. f GDPR.

(4) Google has submitted to the Privacy Shield Agreement concluded between the European Union and the USA and has certified itself. Google thereby undertakes to comply with the standards and regulations of the European data protection law. You can find more information in the entry linked below: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

(5) Information of the third party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

For further information on data protection, please refer to Google's privacy policy:

http://www.google.de/intl/de/policies/privacy

Further information about Google Web Fonts can be found at

http://www.google.com/webfonts/, https://developers.google.com/fonts/faq?hl=de-DE&csw=1und

https://www.google.com/fonts#AboutPlace:about.

AWIN Affiliate Program

We use the performance advertising network of AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany, on our website. As part of its services, AWIN stores cookies for the documentation of transactions (e.g. of leads and sales) on end devices of users who visit or use websites or other online offers of its customers.

In a cookie, the only information that is placed is when a certain advertising medium was clicked on by an end device. An individual sequence of numbers, which cannot be assigned to the individual user, is stored in the AWIN tracking cookies, with which the partner program of an advertiser, the publisher, and the time of the user's action (click or view) are documented. In this context, AWIN also collects information about the end device from which a transaction is carried out, e.g. the operating system and the calling browser. Insofar as the information also contains personal data, the described processing is carried out on the basis of our legitimate financial interest in processing commission payments with AWIN pursuant to Art. 6 (1) lit. f GDPR.

You can find more information about AWIN's data processing here: https://www.awin.com/de/rechtliches

According to its own information, AWIN has signed the "Code of Conduct Affiliate Marketing for Networks" of the Bundesverband der Digitalen Wirtschaft e.V. (Federal Association of the Digital Economy) and has thus committed itself to ensuring and expanding high quality standards in affiliate marketing. Here you can find a list of signatories and further information.


YouTube

Our website uses plugins from the YouTube site operated by Google. The operator of the pages is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit one of our pages that is equipped with a YouTube plugin, a connection to YouTube servers is established. This tells the YouTube server which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
For more information on the handling of user data, please refer to YouTube's privacy policy at:
https://www.google.de/intl/de/policies/privacy
The extended data protection mode is used here, which, according to the provider, only triggers the storage of user information when the video(s) is/are played. If the playback of embedded YouTube videos is started, the provider "YouTube" uses cookies to collect information about user behavior. According to information from "YouTube", these are used, among other things, to collect video statistics, to improve the user experience and to prevent abusive behavior. If you are logged into Google, your data is directly assigned to your account when you click on a video. If you do not want the assignment to your YouTube profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation is carried out in particular in accordance with Art. 6 para. 1 lit.f GDPR on the basis of Google's legitimate interests in the display of personalized advertising, market research and/or needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
Independently of a playback of the embedded videos, a connection to the Google network "DoubleClick" is established each time this website is called up, which may trigger further data processing operations without our influence.
Google is certified for the US-European data protection agreement "Privacy Shield", which ensures compliance with the level of data protection applicable in the EU.

Social media links

Social networks (Twitter, Instagram) are only integrated on our website as a link to the corresponding services. After clicking on the embedded text/image link, you will be redirected to the page of the respective provider. Only after the redirection, user information is transferred to the respective provider. For information on how your personal data is handled when using these websites, please refer to the respective privacy policy of the provider you are using.


Links to other websites

Our website may contain links to other websites that are out of our control and not covered by this privacy statement. If other sites are accessed through the links provided, the operators of those sites may collect and process data about you in a manner that is different from our data processing practices. We expressly point out that we do not adopt the content of these sites as our own and that we cannot accept any liability for the content of such sites. For more details, please refer to our disclaimer in the imprint.


Contact details of the data protection officer

PROLIANCE GmbH / www.datenschutzexperte.de
Data protection officer
Leopoldstr. 21
80802 Munich



Changes to the data protection policy

We reserve the right to modify this privacy policy in order to adapt it to current legal requirements or to take into account changes or extensions to our services. The current privacy policy applies to your visit.


Status: May 2020