Privacy policy

Last amended: 26 June 2019

The following privacy policy applies to the website at https://www.gymondo.com.

1. Data controller and contact

The controller for the processing of your personal data when you visit this website within the meaning of the General Data Protection Regulation (GDPR) is

Gymondo GmbH (hereinafter referred to as "Gymondo")

Rungestr. 22-24

10179 Berlin

E-Mail: service@gymondo.com

We or our data protection officer will be happy to respond to your information requests and feedback on the subject of data protection. Simply email us at privacy@gymondo.com.

2. Collection, processing and use of personal data

2.1 General

Personal data is any information relating to an identified or identifiable natural person (e.g. name, address, telephone number, date of birth or email address). As a rule, it is possible to use our website without providing any personal information. However, the use of certain services may require you to provide personal data, for example if you register or you participate in a competition. Mandatory information is normally indicated with a *.

2.2 Log files

Each time you use the website, your browser automatically transfers certain information to us in so-called log files, which we store.

We store the log files for seven to ten days, using them only to identify errors and for security reasons (e.g. to investigate attempted attacks), and then erase them. Any log files whose further storage is required for evidence purposes are excluded from erasure until the respective incident has been finally clarified and may be passed on to investigating authorities in individual cases. This data processing is performed in order to safeguard our legitimate interests on the basis of Art. 6(1) (f) GDPR.

In particular, the following information is stored in the log files:

  • abbreviated IP address (internet protocol address) of the device from which the website is accessed;
  • internet address of the website from which the website was accessed (so-called origin or referrer URL);
  • name of the service provider through which the website is accessed;
  • name of the files or information retrieved;
  • date and time as well as duration of the retrieval;
  • operating system and information about the browser used, including installed add-ons (e.g. for Flash Player);
  • http status code (e.g. for “successful response” or “requested file not found”).

2.3 Registration

Should you use services that require registration, we will collect, process and use the data required for those services from you, in particular in order to make the services available to you.

With the user’s explicit registration, the following data can be collected (provided the user enters this data him- or herself): gender, first name, last name, date of birth, email address, street, house number, postcode, town, SEPA data for direct debit, telephone number. We determine your country of origin based on the IP address you use to visit our website. Our website also gives you the option of entering information about your height and weight, your hip, abdominal and leg circumference, and pulse (e.g. in order to calculate your Body Mass Index). This data is protected separately by additional security systems.

The personal data you provide when registering is collected, processed and used by Gymondo for the purpose of creating the relevant contract, for executing and processing the contract, as well as for billing purposes. The legal basis for data processing in this case is Art. 6(1) (a) and (b) GDPR.

2.4 Using our website

When you use our website, we also process personal data to the extent necessary (e.g. when you participate in courses, add favourite courses, participate in competitions or write comments in the Gymondo magazine). The legal basis for this is Art. 6(1) (b) GDPR.

2.5 Disclosure of data to third parties; service providers

In principle, we will only pass on the data we collect if:

  • you have given your explicit consent pursuant to Art. 6(1) (a) GDPR;
  • disclosure is necessary pursuant to Art. 6(1) (f) GDPR in order to establish, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being disclosed;
  • we are legally obliged to do so under Art. 6(1) (c) GDPR; or
  • this is required under Art. 6(1) (b) GDPR for the processing of contractual relationships with you or for taking steps at your request prior to entering into a contract (e.g. forwarding enquiries and orders to regional cooperation partners).

In addition, data may be disclosed in connection with official requests, court orders and legal proceedings if this is necessary to pursue or enforce rights.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include, in particular, data centres, software providers, IT service providers and consulting companies. If we pass data on to our service providers, they may use the data exclusively for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of data subjects and are carefully monitored by us.

If these service providers process your data outside the European Union, this may result in your data being transferred to a country with a lower data protection standard than that of the European Union. In such cases, Gymondo ensures that the service providers concerned guarantee an equivalent level of data protection, either by contract or otherwise (e.g. by concluding Standard Contractual Clauses with the service provider or by ensuring that the service provider is certified according to the EU-US-Privacy Shield).

2.6 Disclosure of data to cooperation partners

Where a contract is concluded within the framework of a cooperation, we may also disclose your personal data to the respective cooperation partner (e.g. your telecommunications provider or your health insurance provider), for example to verify your membership or contract status with the cooperation partner or for billing purposes in connection with the cooperation. Depending on the cooperation, the legal basis for this is Art. 6(1) (a) or (b) GDPR.

2.7 Disclosure of data to banks and payment service providers

We use external payment service providers. Depending on which payment method you choose when ordering, we will disclose the data collected for payment processing purposes (e.g. bank details or credit card information) to the bank commissioned with the payment or to payment service providers commissioned by us. The legal basis for this data processing is Art. 6(1) (b) GDPR.

Some payment service providers also collect this data themselves, and if they do so they are responsible for this. In this respect, the privacy policy of the respective payment service provider shall apply.

2.8 Data processing for advertising purposes

2.8.1 Sending of advertising to existing customers

If you create an account with us, we will also use your contact information to send you emails containing relevant information about our products and services, as well as related news, promotions, offers, feedback and other surveys. These emails are sent regardless of whether you have subscribed to our newsletter or not. You can object to the use of your data for advertising purposes at any time by sending an email to service@gymondo.com or by clicking on the unsubscribe link in the advertising email – without incurring any costs other than the transmission costs according to the basic rates. The legal basis for this data processing is Art. 6(1) (f) GDPR, which permits data processing to safeguard legitimate interests insofar as this concerns the storage and further use of the data for advertising purposes (advertising to existing customers).

2.8.2 Newsletter

We offer you the opportunity to subscribe to a newsletter, in which we regularly inform you about our new products, services and news from the world of fitness and lifestyle. The legal basis of this data processing is your consent pursuant to Art. 6(1) (a) GDPR.

In our email newsletters, we use market-standard technologies to allow us to measure interactions with the newsletters (e.g. opening and click rates). We use this data for general evaluations as well as to personalise and further develop our content and customer communication. This is done using small graphics (known as pixels) and special links embedded in the newsletters. The data collected in this way will be associated with your other personal data. However, we can only view aggregated information about our subscribers’ reading habits, and not whether and when a subscriber opened a particular email. The legal basis of this is your consent pursuant to Art. 6(1) (a) GDPR. If you do not want your usage behaviour to be analysed in this way, you can unsubscribe from the newsletter or disable the display of graphics in your email client by default.

You can withdraw your consent at any time. To do this, please use the unsubscribe link at the end of a newsletter or contact us using the information in the “Your contact person and contact” section.

3. Use of our own cookies

Some of our services require us to use what are known as cookies. A cookie is a small text file stored on your device by your browser. Cookies are not used to execute programs or download viruses onto your computer. The main purpose of our own cookies is rather to provide an offer tailored to your needs and to make using our services as time-saving as possible.

Most browsers are set to automatically accept cookies by default. However, you can adjust your browser settings in such a way that cookies are rejected or stored only with prior consent. If you disable cookies, you will not be able to fully use all of our services.

We use these cookies to store your preferences on our website, such as language settings, or to technically implement the login function for accessing the password-protected area. We do this to be able to make your use of our website more convenient and more personalised. These services are based on our aforementioned legitimate interests, meaning the legal basis is Art. 6(1) (f) GDPR.

We also use cookies and similar technologies (e.g. web beacons) from partners for analysis and marketing purposes. This is described in more detail in the following sections.

4. Use of cookies and comparable technologies for analysis purposes

To improve our website, we use cookies and comparable technologies (e.g. web beacons) for the statistical recording and analysis of general usage behaviour based on access data. We also use analysis services to evaluate how people use our various marketing channels.

The legal basis for the data processing described in the following section is Art. 6(1) (f) GDPR, based on our legitimate interest in the demand-oriented design and continuous optimisation of our website. In the list of the technologies we use, you will also find information about how you can object to our analysis measures by means of what are known as opt-out cookies.

Please note that if you subsequently delete all cookies in your browser or use a different browser and/or profile, you will need to store a new opt-out cookie.

4.1 Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US (“Google”). According to Google, its point of contact for all data protection matters is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use Google Analytics with the additional function offered by Google to anonymise IP addresses: this means that Google generally shortens the IP address within the EU; only in exceptional cases does it first do so in the US, and in each case the IP address is stored only in shortened form. You can object to the collection and evaluation of your data by this tool by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

If you are using a mobile device to visit our website, please use the following opt-out link: Deactivate Google Analytics. Please note that you will need to click on the link again if you have deleted the cookies on your mobile device or if you want to prevent Google Analytics from collecting data on this website when you use another device. This opt-out does not prevent Google Analytics from collecting data on other websites.

Please refer to Google’s privacy policy for more information.

4.2 Visual Website Optimizer

Visual Website Optimizer is provided by Wingify (Wingify, 14th Floor, KLJ Tower North, Netaji Subhash Place, Pitam Pura, Delhi 110034, India).

We use VWO to learn more about how users behave on this website and to optimise our services for users. All analyses are carried out in accordance with the provisions of German data protection law. In this regard, we only use or store pseudonymous data. If you do not want Visual Website Optimizer to store data about your use of our website, you can object to its use. Visual Website Optimizer allows you to submit an opt-out declaration that prevents you from being included in Visual Website Optimizer analyses in the future. You can use the opt-out link (https://vwo.com/opt-out/) to place a cookie in order to exclude yourself from the analysis tool.

Privacy policy: https://vwo.com/privacy-policy/

5. Use of cookies and comparable technologies for advertising

With this website, we aim to present our users with advertising and special offers tailored to their interests (“interest-based advertising”) and limit the frequency with which certain advertisements are displayed. We use the tools described below for this purpose.

The usage profiles created by the tools – using advertising cookies or third-party advertising cookies, so-called web beacons (invisible graphics which are also known as pixels or tracking pixels) or comparable technologies – are not merged with personal data. The tools either do not process users’ IP addresses at all or shorten them immediately after their collection.

Unless we have indicated otherwise, the controller responsible for the processing of data in connection with the tools is the respective provider. The providers of the tools may also disclose information to third parties for the aforementioned purposes.

For each tool, you will find information about the respective provider and how you can object to the collection of data by that tool. Please note that objecting will not deactivate advertising. Your objection will only make it impossible to display interest-based advertising based on your usage behaviour to you. The legal basis for the data processing described in the following section is Art. 6(1) (f) GDPR, based on our legitimate interest in the personalised advertising of our products and services.

In the case of tools that work with opt-out cookies, it should be noted that the opt-out function is specific to a particular device or browser, and only applies to the device or browser currently in use. If you use multiple mobile devices or browsers, you will need to complete the opt-out on each individual mobile device and in each browser you use. We would like to point out that using an ad blocker can impair the functionality of opt-out cookies. Despite the storage of an opt-out cookie, in certain cases this can mean that the corresponding tools may continue to collect data. In this case, you can restore the functionality by adjusting or uninstalling your ad blocker accordingly.

In each of the following descriptions of the technologies we use, you will also find information about how you can object to our analysis and advertising measures by means of what are known as opt-out cookies. Alternatively, you can exercise your right to object using the settings on the websites TrustArc or Your Online Choices, which allow you to opt out of the services provided by wide a range of advertisers. Both sites let users place opt-out cookies to deactivate all ads from the providers listed at once, or alternatively to adjust their settings for each individual provider.

Please note that if you subsequently delete all cookies in your browser or use a different browser and/or profile, you will need to store a new opt-out cookie.

5.1 Google Marketing Platform and Ad Manager (formerly DoubleClick and others)

Our website uses Google Marketing Platform and Google Ad Manager, services offered to users from the European Economic Area, Switzerland and Liechtenstein by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) and to all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US (“Google”). These services use cookies and similar technologies to present you with ads that are relevant to you. Using these services enables Google and its partner websites to serve ads based on previous visits to our or other websites on the internet. For evaluation purposes, Google may transfer the data generated in this context to a server in the US and store it there. In the event that personal data is transferred to the US, Google has subjected itself to the EU-US Privacy Shield.

You can prevent the storage of cookies by adjusting your browser settings accordingly (as described above); however, we would like to point out that if you do this you may not be able to use the full functionality of the website. Furthermore, you can prevent the recording of data generated by cookies about your use of the website and its processing by Google by downloading and installing the browser plug-in for deactivating personalised ads. As an alternative to the browser plug-in or within browsers on mobile devices, you can also deactivate “Personalised Advertising” in your Google ad settings. In this case, Google will then only display general advertising which has not been selected based on information collected about you.

Please refer to Google’s privacy policy for further details.

5.2 Google Ads Conversion Tracking and Remarketing

Our website uses the services “Ads Conversion Tracking” and “Ads Remarketing”, which are offered to users from the European Economic Area, Switzerland and Liechtenstein by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) and to all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US (“Google”). Using “Ads Conversion Tracking”, customer actions defined by us (such as clicking on an ad, page views, downloads) are recorded and analysed. We use “Ads Remarketing” to display personalised advertising messages for our products on Google partner websites. The services both uses cookies and similar technologies for this purpose. For evaluation purposes, Google may transfer the data generated in this context to a server in the US and store it there. In the event that personal data is transferred to the US, Google has subjected itself to the EU-US Privacy Shield.

If you use a Google Account, depending on the settings in your Google Account, Google can link your web and app browsing history to your Google Account and use information from your Google Account to show you personalised ads. If you do not want this information to be associated with your Google Account, you must log out of Google before visiting our website.  You can configure your browser to reject cookies as described above. You can also disable the “Ads Personalisation” button in your Google Ads Settings. In this case, Google will then only display general advertising which has not been selected based on information collected about you.

You can find more information on this in Google’s information on the use of data and privacy policy.

5.3 Bing Ads

Our website uses Bing Ads, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, US (“Microsoft”). Microsoft uses cookies and similar technologies to present you with ads that are relevant to you. Using these technologies enables Microsoft and its partner websites to serve ads based on previous visits to our or other websites on the internet. For evaluation purposes, Microsoft may transfer the data generated in this context to a server in the US and store it there. In the event that personal data is transferred to the US, Microsoft has subjected itself to the EU-US Privacy Shield.

You can prevent the storage of cookies by adjusting your browser settings accordingly (as described above); however, we would like to point out that if you do this you may not be able to use the full functionality of the website. Furthermore, you can prevent the recording of data generated by cookies about your use of the website and its processing by Microsoft by disabling personalised ads on the Bing Ads opt-out page or in the general ad settings provided by Microsoft. If you do this, please note that if you subsequently delete all cookies in your browser or use a different browser and/or profile, you will need to opt out again.

You can find more information about this on the Bing Ads help pages and in Microsoft’s privacy statement.

5.4 Outbrain

Our website uses technology of the provider Outbrain UK Ltd., 5 New Bridge Street, London, EC4V 6JA, UK (“Outbrain”), which refers our users to further content, both within our website and on websites of third parties, that may also be of interest to them. The recommendations for further reading integrated by Outbrain, e.g. below an article, are determined on the basis of the content previously read by the user. Outbrain uses cookies, which are stored on the user’s device, to display this interest-related content. Both technically and in terms of their content, the ads displayed in the Outbrain widget are automatically controlled and deployed by Outbrain.

The display of reading recommendations by Outbrain using cookies is performed on a purely pseudonymous basis. The last part of the IP address is removed in order to render it anonymous.

You may refuse the use of cookies by selecting the appropriate settings in your browser (see above) or by objecting on the Outbrain website.

Please refer to Outbrain’s privacy information for further details.

5.5 Criteo

Within the framework of a joint controllership within the meaning of Art. 26 GDPR, we use the services of Criteo SA, 32 Rue Blanche, 75009 Paris (“Criteo”). The purpose of the processing is retargeting – that is, if you have viewed certain offers on our website, we can have advertisements for similar offers displayed on websites or other third-party platforms. Under our contract with Criteo, we determine the scope of each advertising campaign. Criteo is then responsible for implementing this advertising campaign, including deciding which ads are delivered and where. For this purpose, a Criteo code is directly executed on our website by Criteo, and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on your device (comparable technologies may also be used instead of cookies). This file records which websites the user visits, which content he or she is interested in, and which offers he or she has clicked on, but also technical information about the browser and operating system, referring websites, the visiting time and further information about the use of the website.

Criteo may also associate the above information with information from other sources. If the user subsequently visits other websites, ads tailored to the user’s interests may be displayed. The technical data collected by Criteo is stored for up to 13 months from the time of its collection. Criteo cookies expire automatically after 13 months.

As part of our joint controllership for the aforementioned processing, you may assert your rights under the GDPR both against us and against Criteo. For more information, as well as details of how to object to your data being recorded by Criteo, please refer to Criteo’s privacy policy.

5.6 AWIN

Within the framework of a joint controllership under Art. 26 GDPR, we participate in the partner programme of AWIN AG, Eichhornstr. 3, 10785 Berlin (“AWIN”). We determine the scope of the respective advertising campaign. AWIN is then responsible for implementing this advertising campaign, including deciding which ads are delivered and where.

If you have viewed certain offers on our website, we can have advertisements for similar offers displayed on websites or other third-party platforms. For this purpose, AWIN places an individual cookie or comparable tracking technologies on your device. This file records which websites the user visits, which content he or she is interested in, and which offers he or she has clicked on, but also technical information about the browser and operating system, referring websites, the visiting time and further information about the use of the website.

AWIN may also associate this information with information from other sources. If the user subsequently visits other websites, ads tailored to the user’s interests may be displayed.

As part of our joint controllership for the aforementioned processing, you may assert your rights under the GDPR both against us and against AWIN.

For more detailed information about this and about the storage duration of the cookies placed by AWIN, please refer to AWIN’s privacy policy. An option for objecting to data recording by AWIN is available here.

5.7 Amazon Mobile Ads

We use Amazon Mobile Ads, a service provided by Amazon.com, Inc. 2021 Seventh Avenue, Seattle, Washington 98121, US (“Amazon”), to show advertisements for our products to our website visitors on websites of Amazon and third parties. Amazon uses cookies and comparable tracking technologies for this, storing them locally on your device so as to enable an analysis of your use of our website. This file records which websites the user visits, which content he or she is interested in, and which offers he or she has clicked on, but also technical information about the browser and operating system, referring websites, the visiting time and further information about the use of the website. Amazon may also associate this information with information from other sources. If the user subsequently visits other websites, ads tailored to the user’s interests may be displayed. In the event that personal data is transferred to the US, Amazon has subjected itself to the US-EU Privacy Shield.

For more information about how Amazon collects data and how to object, please refer to Amazon’s Advertising Preferences and privacy policy.

5.8 Pinterest Conversion Tracking

We use the conversion tracking technology of the social network Pinterest (Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland), which enables us to display relevant advertisements and offers on Pinterest to visitors of our website who are already interested in our services and content and are Pinterest members. For this purpose, a so-called conversion tracking pixel from Pinterest is integrated on our pages, which informs Pinterest during your visit to our website of the fact that you have visited our website, and which aspects of our services you have demonstrated an interest in.

You can disable the collection of data for displaying interest-based advertising on Pinterest at any time in your Pinterest account settings or by going to Pinterest’s personalisation and data pages. For further information about how Pinterest records data, please refer to Pinterest’s privacy policy.

5.9 Digital Media GmbH Pixel

We use the services of Digital Media GmbH, Georg-Glock-Str. 8, 40474 Düsseldorf, Germany (“Digital Media”) to measure the efficiency of our advertising campaigns conducted by Digital Media. Digital Media uses a cookie and similar tracking technologies on our website to collect information about your usage behaviour and then display more relevant and useful advertisements on third-party websites. Digital Media offers users the possibility of objecting. For further information about how Digital Media records data, please refer to Digital Media’s privacy policy.

6. Facebook Pixel and Website Custom Audiences

With this website, we aim to present our users with advertising and special offers tailored to their interests (“interest-based advertising”) and limit the frequency with which certain advertisements are displayed. For this purpose, we use the tool Website Custom Audiences from Facebook as well as the Facebook pixel.

The Facebook pixel is a JavaScript code that sends the following data to Facebook Ireland Ltd, Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”):

  • HTTP header information (including but not limited to IP address, web browser information, page storage location, document, web page URL, web browser user agent, and date and time of use);
  • pixel-specific information; this includes the pixel ID and Facebook cookie information, including your Facebook ID (these are used to associate events with a specific Facebook advertising account and associate them with a Facebook user);
  • additional information about the visit as well as standard and custom data events. We use the following custom data events:

    • earched and viewed content at product level;
    • product has been placed in shopping cart;
    • visiting the checkout in the order process; and
    • completion of the order process.

Using the hashed user-specific Facebook ID (contained in the Facebook cookie), Facebook automatically checks whether the data transmitted by the Facebook pixel can be assigned to a Facebook user. If no Facebook cookie is stored in your browser, it will not be sorted into any of the “Custom Audience” user groups.

If it is possible to assign the Facebook ID contained in the Facebook cookie to a Facebook user, Facebook assigns this user to a “Custom Audience” according to the rules defined by us, provided that the relevant criteria are met. We use the information obtained in this way to deploy ads on Facebook (“Facebook Ads”). However, ads are only displayed from a “Custom Audience” size of 20 or more different users – so it is not possible to draw any conclusions about the characteristics of the individual users when an ad is deployed. This assignment to a particular “Custom Audience” lasts for no longer than 180 days. This period begins again when you revisit our website and the same “Custom Audiences” rules are met.

Facebook may associate your visit to our website and related activities with your Facebook user account. We are not able to do this. We only receive statistical information from Facebook about the use of our website, via Audience Insights.

Facebook shares your data with Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, US, and uses your data to improve the quality of its advertising, including improving Facebook’s optimisation algorithm for displaying Facebook Ads and news feed ranking.

Right to object:

If you wish to object to the use of Facebook’s Website Custom Audiences, please click here. This will place a so-called opt-out cookie, preventing the transmission of data via the Facebook pixel.

In principle, this opt-out cookie is valid indefinitely. Please note, however, that the opt-out function is specific to a particular device or browser, and only applies to the device or browser currently in use. If you use multiple mobile devices or browsers, you will need to complete the opt-out on each individual mobile device and in each browser you use.

Deleting all cookies in your browser may reverse this objection, in which case you must opt out again.

Please refer to Facebook’s privacy policy for further details.

7. Spotify

You can use our app to control the Spotify Player. Spotify is a service provided by Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. Please refer to Spotify’s privacy policy for further details.

8. Typeform

Our website uses Typeform, a service provided by Typeform SL, C/Bac de Roda 163, Barcelona, Spain. If visitors to our website participate in surveys and competitions, data entered there will be stored and processed on our behalf by Typeform. The user’s IP address, information on the time and duration of use as well as the information provided by the user in the forms will be transmitted. We usually aggregate the results of surveys, making it impossible to draw conclusions about any individual person. We have concluded a data processing agreement with Typeform which ensures that Typeform protects your data appropriately and does not pass it on to third parties without authorisation. The legal basis for the above data processing is Art. 6(1) (b) and (f) GDPR, based on our legitimate interest in conducting customer surveys.

Please refer to Typeform’s privacy policy for further information.

9. Online presence on social media

We maintain online presences on social networks in order, among other things, to communicate with customers and other interested parties and to inform them about our products and services.

User data is usually processed for market research and advertising purposes. In this way, user profiles can be created based on the users’ interests. For this purpose, cookies and other identifiers are stored on users’ computers. Based on these usage profiles, ads are then shown on the social networks, for example, but also on third-party websites.

When using social networks, users’ personal data may be processed outside the European Economic Area. In the event that a provider is certified under the EU-US Privacy Shield, it has undertaken to comply with the data protection standards of the European Union.

The legal basis for this data processing is Art. 6(1) (f) GDPR, based on our legitimate interest in effectively informing and communicating with users. The legal basis of the data processing carried out by the social networks, for which they are responsible, can be found in the privacy policy of the respective social network. The following links also provide you with further information on the respective data processing operations and the possibilities for objecting.

We would like to point out that the most efficient way to assert data protection requests is with the respective social network provider, as only these providers have access to the data and can take appropriate measures directly.

10. Facebook social plug-ins

Our website uses social media plug-ins (such as the Like button) of the social network Facebook, which is offered for users outside the US and Canada by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) and for all other users by Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, US (“Facebook”). The legal basis is Art. 6(1) (f) GDPR, based on our legitimate interest that you share our content over social networks, thereby increasing our reach.

In order to increase the protection of your data when visiting our website, the plug-ins are integrated into the site by what’s known as the “Shariff solution”. This ensures that no connection is established with the servers of the respective plug-in provider when a page on this website is accessed.

Only if you activate the plug-ins will your internet browser establish a direct connection to the Facebook servers.

This in turn informs Facebook that you have accessed the corresponding subpage of our website. This occurs regardless of whether you have an account with Facebook and are logged in there. If you are logged in to Facebook, this data will be directly associated with your account. If you activate the plug-in and, for example, link the page, Facebook also stores this information, including the date and time, in your user account and communicates this to your contacts publicly. If you do not wish for this data to be associated with your Facebook profile, you must log out before activating the plug-in.

Facebook stores this data as usage profiles and uses it for purposes of advertising, market research and/or the demand-oriented design of its website. Such analysis takes place in particular (including for users who are not logged in) to display demand-oriented advertising and to inform other users of the social network about your activities on our website. In the event that personal data is transferred to the US, Facebook has subjected itself to the EU-US Privacy Shield.

You have a right to object to the creation of these user profiles; as a Facebook member, you can disable advertising on the basis of social actions in the ad preferences area. You can also completely prevent the loading of Facebook social media plug-ins by using additional browser programs, e.g. with the Facebook Blocker.

Please refer to Facebook’s privacy information for further details.

11. Social login (login via social networks)

11.1 Registration/login via Facebook

We offer you the possibility to register or log in with us using your Facebook account. Facebook is offered for users outside the US and Canada by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) and for all other users by Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, US (“Facebook”).

If you make use of this single sign-on option, we receive the data required for registration or login directly from Facebook (e.g. email address, name). We have no way of influencing the extent of the data collected by Facebook when you log in via Facebook. If you do not want Facebook to collect information about you in connection with your use of our website and use it for its own purposes, you should not use the Facebook login. The legal basis for this data processing is Art. 6(1) (f) GDPR, based on our legitimate interest in offering you a variety of options for logging in and registering.

Further information about the purpose and scope of the collection as well as the further processing and use of your data by Facebook, and also about your rights and how to adjust your settings in order to protect your data, can be found in Facebook’s privacy policy.

11.2 Login via Google

We offer you the possibility to register or log in with us using your Google account. Google services are offered to users from the European Economic Area, Switzerland and Liechtenstein by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) and to all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US (“Google”).

If you make use of this single sign-on option, we receive the data required for registration or login directly from Google (e.g. email address, name).

We have no way of influencing the extent of the data collected by Google when you log in via Google. If you do not want Google to collect information about you in connection with your use of our website and use it for its own purposes, you should not use the Google login. The legal basis for this data processing is Art. 6(1) (f) GDPR, based on our legitimate interest in offering you a variety of options for logging in and registering.

Further information about the purpose and scope of the collection as well as the further processing and use of your data by Google, and also about your rights and how to adjust your settings in order to protect your data, can be found in Google’s privacy information.

12. Duration of storage; retention periods

We will store your data for as long as is necessary to provide our website and the associated services or as long as we have a legitimate interest in further storage. In all other cases, we will erase your personal data with the exception of data that we are required to maintain in order to comply with contractual or legal (e.g. under tax or commercial law) retention periods (e.g. invoices). Contractual retention periods may also result from contracts with third parties (e.g. holders of copyrights and ancillary copyrights).

We will block any data that is subject to a retention period until the end of that period.

13. Your rights

13.1 How can you assert your rights?

To assert your rights, please use the information in the “Data controller and contact” section. Please make sure that we are able to uniquely identify you.

Alternatively, you can also adjust the settings in your user account to correct the data you entered during registration or to object to advertising.

Please note that, if the erasure is prevented due to retention periods, your data will initially only be blocked.

13.2 Your rights of access and rectification

You may request that we confirm whether we process personal data concerning you, and you have a right of access to the personal data of yours which we process. Should your data be inaccurate or incomplete, you may request that it be rectified or completed. If we have passed on your data to third parties, we will inform them about the rectification to the extent required by law.

13.3 Your right to erasure

If the legal requirements are met, you can request that we erase your personal data without delay. In particular, this is possible if

  • your personal data is no longer needed for the purposes for which it was collected; the legal basis for the processing was solely your consent and you have withdrawn this;
  • you have objected to processing for advertising purposes (“advertising objection”);
  • You have objected to processing, citing the legal basis of the balancing of interests for personal reasons, and we cannot prove that there are overriding legitimate reasons for a processing;
  • your personal data has been unlawfully processed; or
  • your personal data must be erased in order to comply with legal requirements.

If we have passed on your data to third parties, we will inform them about the erasure to the extent required by law.

Please note that your right to erasure is subject to restrictions. For example, we do not have to, or rather are not allowed to, erase any data that we have to retain further due to legal retention periods. Data which we require for the establishment, exercise or defence of legal claims is also excluded from your right to erasure.

13.4 Your right to restriction of processing

If the legal requirements are met, you can request that we restrict processing. In particular, this is possible if

  • the accuracy of your personal data is disputed by you, in which case we will restrict the processing until we have had the opportunity to verify its accuracy;
  • the processing is not lawful and you request a restriction of use instead of erasure (see previous section); we no longer require your data for the purposes of processing, but you need it to establish, exercise or defend your legal claims;
  • you have objected for personal reasons, in which case we will restrict the processing until it is established whether your interests prevail.

If there is a right to restriction of processing, we will mark the data concerned in order to ensure that it will only be processed within the narrow limits that apply to such limited data (in particular to defend legal claims or with your consent).

13.5 Your right to data portability

You have the right to receive, in a transferable format, personal data that you have provided to us for the performance of the contract or on the basis of your consent. In this case, you can also request that we transfer this data directly to a third party, to the extent that this is technically feasible.

13.6 Your right to withdraw your consent

If you have consented to us processing your data, you can withdraw this at any time with effect for the future. This will not affect the lawfulness of the processing of your data before the withdrawal.

13.7 Your right to object to direct marketing

You can also object to the processing of your personal data for advertising purposes at any time (“advertising objection”). Please note that for organisational reasons there may be an overlap between your withdrawal and the use of your data during a campaign that is already running.

13.8 Your right to object for personal reasons

You have the right to object to data processing by us for reasons arising from your particular situation, insofar as this is based on the legal basis of a legitimate interest. We will then cease processing your data, unless we can – in accordance with the statutory provisions – prove compelling legitimate reasons for further processing which outweigh your rights.

13.9 Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with a data protection authority. You can contact the data protection authority responsible for your place of residence or federal state, or the data protection authority responsible for us. This is:

Berlin Commissioner for Data Protection and Freedom of Information

Friedrichstr. 219

10969 Berlin

E-Mail: mailbox@datenschutz-berlin.de