Last amended: August 2020
The controller for the processing of your personal data when you visit this website within the meaning of the General Data Protection Regulation (GDPR) is
Gymondo GmbH (hereinafter referred to as "Gymondo")
We will be happy to respond to your information requests and feedback on the subject of data protection. Simply email our data protection team at email@example.com. We expressly point out that when this e-mail address is used, the contents will not be taken into account exclusively by our data protection officer. If you wish to exchange confidential information, please contact the data protection officer directly via this e-mail address.
Personal data is any information relating to an identified or identifiable natural person (e.g. name, address, telephone number, date of birth or email address). As a rule, it is possible to use our website without providing any personal information. However, the use of certain services may require you to provide personal data, for example if you register or you participate in a competition. Mandatory information is normally indicated with a *.
Each time you use the website, your browser automatically transfers certain information to us in so-called log files, which we store.
We store the log files for seven to ten days, using them only to identify errors and for security reasons (e.g. to investigate attempted attacks), and then erase them. Any log files whose further storage is required for evidence purposes are excluded from erasure until the respective incident has been finally clarified and may be passed on to investigating authorities in individual cases. This data processing is performed in order to safeguard our legitimate interests on the basis of Art. 6(1) (f) GDPR.
In particular, the following information is stored in the log files:
Should you use services that require registration, we will collect, process and use the data required for those services from you, in particular in order to make the services available to you.
With the user’s explicit registration, the following data can be collected (provided the user enters this data him- or herself): gender, first name, last name, date of birth, email address, street, house number, postcode, town, SEPA data for direct debit, telephone number. We determine your country of origin based on the IP address you use to visit our website. Our website also gives you the option of entering information about your height and weight, your hip, abdominal and leg circumference, and pulse (e.g. in order to calculate your Body Mass Index). We obtain your consent for this data processing (Art. 9 (2) (a) GDPR).
The personal data you provide when registering is collected, processed and used by Gymondo for the purpose of creating the relevant contract, for executing and processing the contract, as well as for billing purposes. The legal basis for data processing in this case is Art. 6(1) (a) and (b) GDPR.
When you use our website, we also process personal data to the extent necessary (e.g. when you participate in courses, add favourite courses, participate in competitions or write comments in the Gymondo magazine). The legal basis for this is Art. 6(1) (b) GDPR.
In principle, we will only pass on the data we collect if:
In addition, data may be disclosed in connection with official requests, court orders and legal proceedings if this is necessary to pursue or enforce rights.
If these service providers process your data outside the European Union, this may result in your data being transferred to a country with a lower data protection standard than that of the European Union. In such cases, Gymondo ensures that the service providers concerned guarantee an equivalent level of data protection, either by contract or otherwise (e.g. by concluding Standard Contractual Clauses with the service provider. Alternatively, for data transfers to third countries, Gymondo relies on one of the exceptions under Art. 49 DSGVO.
Where a contract is concluded within the framework of a cooperation, we may also disclose your personal data to the respective cooperation partner (e.g. your telecommunications provider or your health insurance provider), for example to verify your membership or contract status with the cooperation partner or for billing purposes in connection with the cooperation. Depending on the cooperation, the legal basis for this is Art. 6(1) (a) or (b) GDPR.
We use external payment service providers. Depending on which payment method you choose when ordering, we will disclose the data collected for payment processing purposes (e.g. bank details or credit card information) to the bank commissioned with the payment or to payment service providers commissioned by us. The legal basis for this data processing is Art. 6(1) (b) GDPR.
If you create an account with us, we will also use your contact information to send you emails containing relevant information about our products and services, as well as related news, promotions, offers, feedback and other surveys. These emails are sent regardless of whether you have subscribed to our newsletter or not. You can object to the use of your data for advertising purposes at any time by sending an email to firstname.lastname@example.org or by clicking on the unsubscribe link in the advertising email – without incurring any costs other than the transmission costs according to the basic rates. The legal basis for this data processing is Art. 6(1) (f) GDPR, which permits data processing to safeguard legitimate interests insofar as this concerns the storage and further use of the data for advertising purposes (advertising to existing customers).
We offer you the opportunity to subscribe to a newsletter, in which we regularly inform you about our new products, services and news from the world of fitness and lifestyle. The legal basis of this data processing is your consent pursuant to Art. 6(1) (a) GDPR.
In our email newsletters, we use market-standard technologies to allow us to measure interactions with the newsletters (e.g. opening and click rates). We use this data for general evaluations as well as to personalise and further develop our content and customer communication. This is done using small graphics (known as pixels) and special links embedded in the newsletters. The data collected in this way will be associated with your other personal data. However, we can only view aggregated information about our subscribers’ reading habits, and not whether and when a subscriber opened a particular email. The legal basis of this is your consent pursuant to Art. 6(1) (a) GDPR. If you do not want your usage behaviour to be analysed in this way, you can unsubscribe from the newsletter or disable the display of graphics in your email client by default.
You can withdraw your consent at any time. To do this, please use the unsubscribe link at the end of a newsletter or contact us using the information in the “Your contact person and contact” section.
We maintain online presences on social networks in order, among other things, to communicate with customers and other interested parties and to inform them about our products and services.
User data is usually processed for market research and advertising purposes. In this way, user profiles can be created based on the users’ interests. For this purpose, cookies and other identifiers are stored on users’ computers. Based on these usage profiles, ads are then shown on the social networks, for example, but also on third-party websites.
We would like to point out that the most efficient way to assert data protection requests is with the respective social network provider, as only these providers have access to the data and can take appropriate measures directly.
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
- Facebook fan pages based on an agreement on the joint processing of personal data
- EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
- EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
Vimeo, Inc., 555 West 18th Street, New York, New York 10011, US
- EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt00000008V77AAE&status=Active
We will store your data for as long as is necessary to provide our website and the associated services or as long as we have a legitimate interest in further storage. In all other cases, we will erase your personal data with the exception of data that we are required to maintain in order to comply with contractual or legal (e.g. under tax or commercial law) retention periods (e.g. invoices). Contractual retention periods may also result from contracts with third parties (e.g. holders of copyrights and ancillary copyrights).
We will block any data that is subject to a retention period until the end of that period.
To assert your rights, please use the information in the “Data controller and contact” section. Please make sure that we are able to uniquely identify you.
Alternatively, you can also adjust the settings in your user account to correct the data you entered during registration or to object to advertising.
Please note that, if the erasure is prevented due to retention periods, your data will initially only be blocked.
You may request that we confirm whether we process personal data concerning you, and you have a right of access to the personal data of yours which we process. Should your data be inaccurate or incomplete, you may request that it be rectified or completed. If we have passed on your data to third parties, we will inform them about the rectification to the extent required by law.
If the legal requirements are met, you can request that we erase your personal data without delay. In particular, this is possible if
If we have passed on your data to third parties, we will inform them about the erasure to the extent required by law.
Please note that your right to erasure is subject to restrictions. For example, we do not have to, or rather are not allowed to, erase any data that we have to retain further due to legal retention periods. Data which we require for the establishment, exercise or defence of legal claims is also excluded from your right to erasure.
If the legal requirements are met, you can request that we restrict processing. In particular, this is possible if
If there is a right to restriction of processing, we will mark the data concerned in order to ensure that it will only be processed within the narrow limits that apply to such limited data (in particular to defend legal claims or with your consent).
You have the right to receive, in a transferable format, personal data that you have provided to us for the performance of the contract or on the basis of your consent. In this case, you can also request that we transfer this data directly to a third party, to the extent that this is technically feasible.
If you have consented to us processing your data, you can withdraw this at any time with effect for the future. This will not affect the lawfulness of the processing of your data before the withdrawal.
You can also object to the processing of your personal data for advertising purposes at any time (“advertising objection”). Please note that for organisational reasons there may be an overlap between your withdrawal and the use of your data during a campaign that is already running.
You have the right to object to data processing by us for reasons arising from your particular situation, insofar as this is based on the legal basis of a legitimate interest. We will then cease processing your data, unless we can – in accordance with the statutory provisions – prove compelling legitimate reasons for further processing which outweigh your rights.
You have the right to lodge a complaint with a data protection authority. You can contact the data protection authority responsible for your place of residence or federal state, or the data protection authority responsible for us. This is:
Berlin Commissioner for Data Protection and Freedom of Information