Privacy policy

Last amended: July 2019

The following privacy policy applies to the Gymondo app (hereinafter referred to as the "app" or the "online service").

1. Data controller and contact

The controller for the processing of your personal data when you use this online service within the meaning of the General Data Protection Regulation (GDPR) is

Gymondo GmbH (hereinafter referred to as "Gymondo", "we")

Rungestr. 22-24

10179 Berlin

Email: service@gymondo.de

We or our data protection officer will be happy to respond to your information requests and feedback on the subject of data protection. Simply email us at privacy@gymondo.de.

2. Collection, processing and use of personal data

2.1 General

Personal data is any information relating to an identified or identifiable natural person (e.g. name, address, telephone number, date of birth or email address). As a rule, it is possible to use our app without providing any personal information. However, the use of certain services may require you to provide personal data, for example if you register or you participate in a competition. Mandatory information is normally indicated with a *.

2.2. Data processing by app stores

Before you can install this app, you may need to enter into a user agreement with an app store operator (e.g. Google, Apple) in order to gain access to their portal (e.g. Google Play, App Store). As the controller within the meaning of the GDPR, the app store operator will collect and process data in connection with your use of the app store, such as your username, email address and individual device ID. We are not a party to the user agreement with the app store operator and have no control over this data processing. In this respect, the privacy policy of the respective app store operator shall apply.

2.3 Log files

Each time you use our app, certain information is automatically transferred to us in so-called log files, which we store.

We store the log files for seven to ten days, using them only to identify errors and for security reasons (e.g. to investigate attempted attacks), and then erase them. Any log files whose further storage is required for evidence purposes are excluded from erasure until the respective incident has been finally clarified, and may be passed on to investigating authorities in individual cases. This data processing is performed in order to safeguard our legitimate interests on the basis of Art. 6 (1) (f) GDPR.

In particular, the following information is stored in the log files:

  • abbreviated IP address (internet protocol address) of the device from which the app is accessed;
  • name of the service provider through which the online service is accessed;
  • name of the files or information retrieved;
  • date and time as well as duration of the retrieval;
  • perating system and information about the device used;
  • http status code (e.g. for "successful response" or "requested file not found").

2.4 Registration

You have to register in order to use our app.

With the user's explicit registration, the following data can be collected (provided the user enters this data him- or herself): gender, first name, last name, date of birth, email address, street, house number, postcode, town, SEPA data for direct debit, telephone number. We determine your country of origin based on the IP address you use to visit our app. Our app also gives you the option of entering information about your height and weight, your hip, abdominal and leg circumference, and pulse (e.g. in order to calculate your Body Mass Index). This data is protected separately by additional security systems.

The personal data you provide when registering is collected, processed and used by Gymondo for the purpose of creating the relevant contract, for executing and processing the contract, as well as for billing purposes. The legal basis for data processing in this case is Art. 6 (1) (a), (b) GDPR.

2.5 Using our online service

When you use our app, we also process personal data to the extent necessary (e.g. when you participate in courses, add favourite courses, participate in competitions or write comments in the Gymondo magazine). The legal basis for this is Art. 6 (1) (b) GDPR.

2.6 Push notifications

You may receive so-called push notifications from us, even if you are not using the app at the moment. This may involve messages that we send to you as part of our performance of the contract (e.g. notification of service interruption due to maintenance work), but also advertising. You will only receive advertising by push notification if you have expressly consented to this. You can stop receiving push notifications at any time by adjusting your mobile device settings.

2.7 Disclosure of data to third parties; service providers

In principle, we will only pass on the data we collect if:

  • you have given your explicit consent pursuant to Art. 6 (1) (a) GDPR;
  • disclosure is necessary pursuant to Art. 6 (1) (f) GDPR in order to establish, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being disclosed;
  • we are legally obliged to do so under Art. 6 (1) (c) GDPR; or
  • this is required under Art. 6 (1) (b) GDPR for the processing of contractual relationships with you or for taking steps at your request prior to entering into a contract (e.g. forwarding enquiries and orders to regional cooperation partners).

In addition, data may be disclosed in connection with official requests, court orders and legal proceedings if this is necessary to pursue or enforce rights.

Part of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include, in particular, data centres, software providers, IT service providers and consulting companies. If we pass data on to our service providers, they may use the data exclusively for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of data subjects and are carefully monitored by us.

If these service providers process your data outside the European Union, this may result in your data being transferred to a country with a lower data protection standard than that of the European Union. In such cases, Gymondo ensures that the service providers concerned guarantee an equivalent level of data protection, either by contract or otherwise (e.g. by concluding standard contractual clauses with the service provider or by ensuring that the service provider is certified according to the EU-U.S. Privacy Shield).

2.8 Disclosure of data to cooperation partners

Where a contract is concluded within the framework of a cooperation, we may also disclose your personal data to the respective cooperation partner (e.g. your telecommunications provider or your health insurance provider), for example to verify your membership or contract status with the cooperation partner or for billing purposes in connection with the cooperation. Depending on the cooperation, the legal basis for this is Art. 6 (1) (a) or (b) GDPR.

2.9 Disclosure of data to banks and payment service providers

We use external payment service providers. Depending on which payment method you choose when ordering, we will disclose the data collected for payment processing purposes (e.g. bank details or credit card information) to the bank commissioned with the payment or to payment service providers commissioned by us. The legal basis for this data processing is Art. 6 (1) (b) GDPR.

Some payment service providers also collect this data themselves, and if they do so they are responsible for this. In this respect, the privacy policy of the respective payment service provider shall apply.

2.10 Data processing for advertising purposes

2.10.1 Advertising to existing customers

If you create an account with us, we will also use your contact information to send you emails containing relevant information about our products and services, as well as related news, promotions, offers, feedback and other surveys. These emails are sent regardless of whether you have subscribed to our newsletter or not. You can object to the use of your data for advertising purposes at any time by sending an email to service@gymondo.de or by clicking on the unsubscribe link in the advertising email – without incurring any costs other than the transmission costs according to the basic rates. The legal basis for this data processing is Art. 6 (1) (f) GDPR, which permits data processing to safeguard legitimate interests insofar as this concerns the storage and further use of the data for advertising purposes (advertising to existing customers).

2.10.2 Newsletter

We offer you the opportunity to subscribe to a newsletter, in which we regularly inform you about our new products, services and news from the world of fitness and lifestyle. The legal basis of this data processing is your consent pursuant to Art. 6 (1) (a) GDPR.

In our email newsletters, we use market-standard technologies to allow us to measure interactions with the newsletters (e.g. opening and click rates). We use this data for general evaluations as well as to personalise and further develop our content and customer communication. This is done using small graphics (known as pixels) and special links embedded in the newsletters. The data collected in this way will be associated with your other personal data. However, we can only view aggregated information about our subscribers' reading habits, and not whether and when a subscriber opened a particular email. The legal basis of this is your consent pursuant to Art. 6 (1) (a) GDPR. If you do not want your usage behaviour to be analysed in this way, you can unsubscribe from the newsletter or disable the display of graphics in your email client by default.

You can withdraw your consent at any time. To do this, please use the unsubscribe link at the end of a newsletter or contact us using the information in the "Your contact person and contact" section.

3. Use of tracking technologies for analysis purposes

In order to improve our app, we use tracking technologies to statistically record and analyse general usage behaviour based on access data. We also use analysis services to evaluate how people use our various marketing channels.

The legal basis for the data processing described in the following section is Art. 6 (1) (f) GDPR, based on our legitimate interest in the demand-oriented design and continuous optimisation of our app. For each tool, you will find information about the respective provider and how you can object to the collection and processing of data by that tool.

You can generally prevent the creation of user profiles for analysis purposes by adjusting your settings in order to disable analysis and tracking.

Please note that the opt-out function is specific to a particular device or app, and only applies to the device or app currently in use. If you use multiple mobile devices or apps, you will need to complete the opt-out on each individual mobile device and in each app you use.

3.1 Google Mobile App Analytics

Our app uses Google Mobile App Analytics, an analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US ("Google"). According to Google, its point of contact for all data protection matters is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use Google Mobile App Analytics with the additional function offered by Google to anonymise IP addresses: this means that Google generally shortens the IP address within the EU; only in exceptional cases does it first do so in the US, and in each case the IP address is stored only in shortened form. For personal data transferred to the US, Google has subjected itself to the EU-US Privacy Shield. Please refer to Google's privacy policy for further details.

3.2. Firebase

Our app uses Firebase, an analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US ("Google"). According to Google, its point of contact for all data protection matters is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Firebase uses tracking technologies that allow us to analyse how you use our app, e.g. for performance monitoring, for error logs and for analysing user behaviour, such as which content has been viewed and which publications have been opened how often. The statistics this yields help us to improve our online service and make it more interesting for you as a user.

With Firebase, information about the use of our app is collected and transmitted to and processed by Google in Ireland or the United States. The data is only collected anonymously and transmitted to Firebase. According to Google, the data is not combined with other user data. Google will use this information to evaluate your use of our app and to provide us with further services associated with the use of apps. For personal data transferred to the US, Google has subjected itself to the EU-US Privacy Shield. Please refer to Google's privacy policy for further details as well as http://firebase.google.com.

4. Use of tracking technologies for advertising purposes

When they visit third-party platforms (such as third-party websites or apps), we aim to present our users with advertising and special offers tailored to their interests ("interest-based advertising") and limit the frequency with which certain advertisements are displayed. Our app uses the tools described below for this purpose. The tools either do not process users' IP addresses at all or shorten them immediately after their collection.

We use so-called advertising identifiers, which are provided by your mobile device's operating system, for advertising purposes. For devices running on the Android operating system this is the so-called advertising ID, and for iOS devices this is the called the Advertising Identifier (IDFA). Like the online identifiers typically stored in cookies, advertising identifiers are unique identifiers that are not permanently retained. The user behaviour profiles created with the help of these advertising identifiers (e.g. advertising banners clicked on, parts of the service visited, search queries made) are used by us to display advertising or offers tailored to your interests ("interest-based advertising"). Data collected in this way is not linked to any other device-related information.

You can restrict the use of advertising identifiers for advertising purposes in your mobile device settings or delete the advertising identifier (if deleted, a new advertising identifier will be created which is not merged with the data collected under the previous identifier).

The legal basis for the data processing described in the following section is Art. 6 (1) (f) GDPR, based on our legitimate interest in the personalised advertising of our products and services.

Unless we have indicated otherwise, the controller responsible for the processing of data in connection with the tools is the respective provider. The providers of the tools may also disclose information to third parties for the aforementioned purposes. For each tool, you will find information about the respective provider and how you can object to the collection of data by that tool. Please note that objecting will not deactivate advertising. Your objection will only make it impossible to display interest-based advertising based on your usage behaviour to you.

You can generally prevent the creation of user profiles for commercial purposes by adjusting your settings in order to disable tracking.

Please note that the opt-out function is specific to a particular device or app, and only applies to the device or app currently in use. If you use multiple mobile devices or apps, you will need to complete the opt-out on each individual mobile device and in each app you use.

4.1 Adjust

Our app uses the tracking technology Adjust, which is provided by adjust GmbH, Saarbrücker Str. 38a, 10405 Berlin ("Adjust"). When the customer installs our app, Adjust stores information about the installation and other interactions with the app. This helps us to understand how our users use our app and what interests them. It also lets us analyse and improve our mobile advertising campaigns. For this analysis, Adjust uses your device's advertising identifier as well as your anonymised IP and MAC address or other device identifiers. For further information about how Adjust records data, please refer to Adjust's privacy policy. You can generally prevent the creation of user profiles for advertising purposes as described above.

4.2 Google Marketing Platform and Ad Manager (formerly DoubleClick and others)

Our app uses Google Marketing Platform and Google Ad Manager, services offered to users from the European Economic Area, Switzerland and Liechtenstein by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") and to all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US ("Google"). These services use advertising identifiers and similar technologies to present you with ads that are relevant to you. Using these services enables Google and its partner websites to serve ads based on previous visits to our app. For evaluation purposes, Google may transfer the data generated in this context to a server in the US and store it there. In the event that personal data is transferred to the US, Google has subjected itself to the EU-US Privacy Shield.

You may prevent the storage of advertising identifiers by adjusting your settings as described above. Furthermore, you can prevent the recording of data generated by advertising identifiers about your use of the app and its processing by Google by disabling the "Ads Personalisation" button in your Google Ads Settings. In this case, Google will then only display general advertising which has not been selected based on information collected about you.

Please refer to Google's privacy policy for further details.

4.3 Google Ads Conversion Tracking and Remarketing

Our app uses the services "Ads Conversion Tracking" and "Ads Remarketing", which are offered to users from the European Economic Area, Switzerland and Liechtenstein by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") and to all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US ("Google"). Using "Ads Conversion Tracking", customer actions defined by us (such as clicking on an ad, page views, downloads) are recorded and analysed. We use "Ads Remarketing" to display personalised advertising messages for our products on Google partner websites.The services both use advertising identifiers and similar technologies for this purpose. For evaluation purposes, Google may transfer the data generated in this context to a server in the US and store it there. In the event that personal data is transferred to the US, Google has subjected itself to the EU-US Privacy Shield.

If you use a Google Account, depending on the settings in your Google Account, Google can link your web and app browsing history to your Google Account and use information from your Google Account to show you personalised ads. If you do not want this information to be associated with your Google Account, you must log out of Google before using our app.

You can generally prevent the use of advertising identifiers as described above. You can also disable the "Ads Personalisation" button in your Google Ads Settings. In this case, Google will then only display general advertising which has not been selected based on information collected about you.

You can find more information on this in Google's information on the use of data and privacy policy.

4.4 Outbrain (for mobile)

Our app uses technology of the provider Outbrain UK Ltd., 5 New Bridge Street, London, EC4V 6JA, UK ("Outbrain"), which refers our users to further content, both on websites and in third-party apps, that may also be of interest to them. The recommendations for further reading integrated by Outbrain, e.g. below an article, are determined on the basis of the content previously read by the user. Outbrain uses advertising identifiers, which are stored on the user's device, to display this interest-related content. Both technically and in terms of their content, the ads displayed in the Outbrain widget are automatically controlled and deployed by Outbrain.

The display of reading recommendations by Outbrain using advertising identifiers is performed on a purely pseudonymous basis. The last part of the IP address is removed in order to render it anonymous.

You may refuse the use of advertising identifiers by selecting the appropriate settings (see above) or by objecting on the Outbrain website.

Please refer to Outbrain's privacy information for further details.

4.5 Criteo

Within the framework of a joint controllership within the meaning of Art. 26 GDPR, we use the services of Criteo SA, 32 Rue Blanche, 75009 Paris ("Criteo"). The purpose of the processing is retargeting – that is, if you have viewed certain offers in our app, we can have advertisements for similar offers displayed on websites, apps, or other third-party platforms. Under our contract with Criteo, we determine the scope of each advertising campaign. Criteo is then responsible for implementing this advertising campaign, including deciding which ads are delivered and where. For this purpose, a Criteo code is directly executed in our app by Criteo, and so-called (re)marketing tags are integrated. An advertising identifier is used to record which websites the user visits, which content he or she is interested in, and which offers he or she has clicked on, but also technical information about the app, device and operating system, referring websites, the visiting time and further information about the use of the online service.

Criteo may also associate the above information with information from other sources. If the user subsequently visits other websites or apps, ads tailored to the user's interests may be displayed. The technical data collected by Criteo is stored for up to 13 months from the time of its collection.

As part of our joint controllership for the aforementioned processing, you may assert your rights under the GDPR both against us and against Criteo.

As described in the "Use of tracking technologies for advertising purposes" section, you can generally prevent the use of advertising identifiers.

For more information, as well as details of how to object to your data being recorded by Criteo, please refer to Criteo's privacy policy.

4.6 Amazon Mobile Ads

We use Amazon Mobile Ads, a service provided by Amazon.com, Inc. 2021 Seventh Avenue, Seattle, Washington 98121, US ("Amazon"), to show advertisements for our products to users of our app on websites of Amazon and third parties. Amazon uses advertising identifiers and comparable tracking technologies for this, storing them locally on your device so as to enable an analysis of your use of our online service. This advertising identifier is used to analyse user behaviour such as which websites he or she user visits, which content he or she is interested in, and which offers he or she has clicked on, but also technical information about the operating system, device, referring websites, the visiting time and further information about the use of the online service. Amazon may also associate this information with information from other sources. If the user subsequently visits other websites, ads tailored to the user's interests may be displayed. In the event that personal data is transferred to the US, Amazon has subjected itself to the US-EU Privacy Shield.

As described in the "Use of tracking technologies for advertising purposes" section, you can generally prevent the use of advertising identifiers.

More information about how Amazon collects data and how to object is available in Amazon's Advertising Preferences and privacy notice.

5. Facebook SDK, Facebook Ads, App Events and Custom Audiences

When they use the online services of Facebook and third parties, we aim to present users of our app with advertising and special offers tailored to their interests ("interest-based advertising") and limit the frequency with which certain advertisements are displayed. For this purpose we use the Facebook Software Development Kit (SDK) provided by Facebook Ireland Ltd, Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), including the functions Facebook App Ads, App Events and Facebook Custom Audiences.

The Facebook SDK is a collection of ready-made programs, so-called tools and applications, developed by Facebook in order to measure the success of in-app advertising.

The information logged by the Facebook SDK includes but is not limited to:

  • Explicit events – Information from events that are tracked.
  • Implied events – Information from events that are implicitly logged when we use other features of the Facebook SDK, such as integration with Facebook Login or the "Like" button.
  • Automatically logged events – Basic interactions in the app (e.g. app installations, app starts) and system events (e.g. SDK loading, SDK performance) that are automatically recorded.
  • Facebook App ID – A unique Facebook-assigned ID of the advertiser's website and mobile app.
  • Mobile Advertising ID – iOS IDFA or Android advertising ID.
  • Metadata from the request – Type and version of the mobile operating system, SDK version, app name, app version, opt-out setting, user agent string and client IP address. The SDK also records the following device-related metrics: time zone, device operating system, device model, carrier, screen size, processor cores, total disk space, free disk space.

When you sign into our app via Facebook, the Facebook SDK also collects the following information:

  • App Events : this includes generic app events (e.g. app installations, app starts) and other standard logs for product metrics (e.g. SDK loading, SDK performance).
  • Configuration data : after a user logs in, the SDK regularly performs background requests to automatically manage the lifetime of the access key.
  • Error information : the SDK records error information, even during SDK initialisation. This information may include the user ID of people logged into Facebook.
  • Short-term data : the SDK measures certain user activities to detect fraud and misuse. This data is only stored for a short period of time for people who are not logged into Facebook.

Using the App Events feature, we can track certain interactions ("Events") with our app (opening the app, in-app purchases, closing a course) and use them for further analysis and advertising purposes. The Custom Audience feature then allows us to use our Facebook ads to reach those people who use our app and have completed certain actions or App Events within it.

Using the hashed user-specific Facebook App ID, Facebook automatically checks whether the data transmitted by the Facebook SDK can be assigned to a Facebook user. If the data cannot be assigned to a Facebook user, it will not be sorted into any of the "Custom Audience" user groups.

If it is possible to assign the Facebook App ID to a Facebook user, Facebook assigns this user to a "Custom Audience" according to the rules defined by us, provided that the relevant criteria are met. We use the information obtained in this way to deploy ads on Facebook ("Facebook Ads"). However, ads are only displayed from a Custom Audience size of 20 or more different users – so it is not possible to draw any conclusions about the characteristics of the individual users when an ad is deployed. This assignment to a particular Custom Audience lasts for no longer than 180 days. This period begins again when you reopen our app and the same Custom Audiences rules are met.

Facebook may associate your use of our app and related activities with your Facebook user account. We are not able to do this. We only receive statistical information from Facebook about the use of our website, via Audience Insights.

As described in the "Use of tracking technologies for advertising purposes" section, you can generally prevent the use of advertising identifiers.

In the event that personal data is transferred to the US, Facebook has subjected itself to the EU-US Privacy Shield. Please refer to Facebook's privacy policy for further details. You can assert your right of objection using the slider described in Section 4.

6. Spotify

You can use our app to control the Spotify Player. Spotify is a service provided by Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. Please refer to Spotify's privacy policy for further details.

7. Typeform

Our app uses Typeform, a service provided by Typeform SL, C/Bac de Roda 163, Barcelona, Spain. If users of our online service participate in surveys and competitions, data entered there will be stored and processed on our behalf by Typeform. The user's IP address, information on the time and duration of use as well as the information provided by the user in the forms will be transmitted. We usually evaluate the results of surveys in aggregated form, making it impossible to draw conclusions about any individual person. We have concluded a data processing agreement with Typeform which ensures that Typeform protects your data appropriately and does not pass it on to third parties without authorisation. The legal basis for the above data processing is Art. 6 (1) (b) and (f) GDPR, based on our legitimate interest in conducting customer surveys.

Please refer to Typeform's privacy policy for further information.

8. Online presence on social media

We maintain online presences on social networks in order, among other things, to communicate with customers and other interested parties and to inform them about our products and services.

User data is usually processed for market research and advertising purposes. In this way, user profiles can be created based on the users' interests. For this purpose, advertising identifiers and other identifiers are stored on users' devices. Based on these usage profiles, ads are then shown on the social networks and in the app, for example, but also on third-party websites.

When using social networks, users' personal data may be processed outside the European Economic Area. In the event that a provider is certified under the EU-US Privacy Shield, it has undertaken to comply with the data protection standards of the European Union.

The legal basis for this data processing is Art. 6 (1) (f) GDPR, based on our legitimate interest in effectively informing and communicating with users. The legal basis of the data processing carried out by the social networks, for which they are responsible, can be found in the privacy policy of the respective social network. The following links also provide you with further information on the respective data processing operations and the possibilities for objecting.

We would like to point out that the most efficient way to assert data protection requests is with the respective social network provider, as only these providers have access to the data and can take appropriate measures directly.

9. Facebook Social Plug-ins

Our app uses social media plug-ins (such as the Like button) of the social network Facebook, which is offered for users outside the US and Canada by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") and for all other users by Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, US ("Facebook"). The legal basis is Art. 6 (1) (f) GDPR, based on our legitimate interest that you share our content over social networks, thereby increasing our reach.

In order to increase the protection of your data when using our app, the plug-ins are integrated into the site by what's known as the "Shariff solution". This ensures that no connection is established with the servers of the respective plug-in provider when a page on this online service is accessed.

Only if you activate the plug-ins will your internet browser establish a direct connection to the Facebook servers.

This in turn informs Facebook that you have accessed the corresponding part of our app. This occurs regardless of whether you have an account with Facebook and are logged in there. If you are logged into Facebook, this data will be directly associated with your account. If you activate the plug-in and, for example, link the page, Facebook also stores this information, including the date and time, in your user account and communicates this to your contacts publicly. If you do not wish for this data to be associated with your Facebook profile, you must log out before activating the plug-in.

Facebook stores this data as usage profiles and uses it for purposes of advertising, market research and/or the demand-oriented design of its website. Such analysis takes place in particular (including for users who are not logged in) to display demand-oriented advertising and to inform other users of the social network about your activities on our website. In the event that personal data is transferred to the US, Facebook has subjected itself to the EU-US Privacy Shield.

You have a right to object to the creation of these user profiles; as a Facebook member, you can disable advertising on the basis of social actions in the ad preferences area. You can also completely prevent the loading of Facebook social media plug-ins by using additional browser programs, e.g. with the Facebook Blocker.

Please refer to Facebook's privacy information for further details.

10. Social login (login via social networks)

10.1 Registration/login via Facebook

We offer you the possibility to register or log in with us using your Facebook account. Facebook is offered for users outside the US and Canada by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") and for all other users by Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, US ("Facebook").

If you make use of this single sign-on option, we receive the data required for registration or login directly from Facebook (e.g. email address, name).

We have no way of influencing the extent of the data collected by Facebook when you log in via Facebook. If you do not want Facebook to collect information about you in connection with your use of our app and use it for its own purposes, you should not use the Facebook login. The legal basis for this data processing is Art. 6 (1) (f) GDPR, based on our legitimate interest in offering you a variety of options for logging in and registering.

Further information about the purpose and scope of the collection as well as the further processing and use of your data by Facebook, and also about your rights and how to adjust your settings in order to protect your data, can be found in Facebook's privacy policy.

10.2 Login via Google

We offer you the possibility to register or log in with us using your Google account. Google services are offered to users from the European Economic Area, Switzerland and Liechtenstein by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") and to all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US ("Google").

If you make use of this single sign-on option, we receive the data required for registration or login directly from Google (e.g. email address, name).

We have no way of influencing the extent of the data collected by Google when you log in via Google. If you do not want Google to collect information about you in connection with your use of our app and use it for its own purposes, you should not use the Google login. The legal basis for this data processing is Art. 6 (1) (f) GDPR, based on our legitimate interest in offering you a variety of options for logging in and registering.

Further information about the purpose and scope of the collection as well as the further processing and use of your data by Google, and also about your rights and how to adjust your settings in order to protect your data, can be found in Google privacy information.

10.3 Login via Amazon

We offer you the possibility to register or log in with us using your Amazon account. Amazon services are offered by Amazon.com, Inc., 2021 Seventh Avenue, Seattle, Washington 98121, US ("Amazon").

If you make use of this login option, we receive the data required for registration or login directly from Amazon (e.g. email address, name).

We have no way of influencing the extent of the data collected by Amazon when you log in via Amazon. If you do not want Amazon to collect information about you in connection with your use of our app and use it for its own purposes, you should not use the Amazon login. The legal basis for this data processing is Art. 6 (1) (f) GDPR, based on our legitimate interest in offering you a variety of options for logging in and registering.

Further information about the purpose and scope of the collection as well as the further processing and use of your data by Amazon, and also about your rights and how to adjust your settings in order to protect your data, can be found in Amazon's privacy information.

11. Duration of storage; retention periods

We will store your data for as long as is necessary to provide our app and the associated services or as long as we have a legitimate interest in further storage. In all other cases, we will erase your personal data with the exception of data that we are required to maintain for in order to comply with contractual or legal (e.g. under tax or commercial law) retention periods (e.g. invoices). Contractual retention periods may also result from contracts with third parties (e.g. holders of copyrights and ancillary copyrights).

We will block any data that is subject to a retention period until the end of that period.

12. Your rights

12.1 How can you assert your rights?

To assert your rights, please use the information in the "Data controller and contact" section. Please make sure that we are able to uniquely identify you.

Alternatively, you can also adjust the settings in your user account to correct the data you entered during registration or to object to advertising.

Please note that, if the erasure is prevented due to retention periods, your data will initially only be blocked.

12.2 Your rights of access and rectification

You may request that we confirm whether we process personal data concerning you, and you have a right of access to the personal data of yours which we process. Should your data be inaccurate or incomplete, you may request that it be rectified or completed. If we have passed on your data to third parties, we will inform them about the rectification to the extent required by law.

12.3 Your right to erasure

If the legal requirements are met, you can request that we erase your personal data without delay. In particular, this is possible if

  • your personal data is no longer needed for the purposes for which it was collected; the legal basis for the processing was solely your consent and you have withdrawn this;
  • you have objected to processing for advertising purposes ("advertising objection");
  • you have objected to processing, citing the legal basis of the balancing of interests for personal reasons, and we cannot prove that there are overriding legitimate reasons for a processing;
  • your personal data has been unlawfully processed; or
  • your personal data must be erased in order to comply with legal requirements.

If we have passed on your data to third parties, we will inform them about the erasure to the extent required by law.

Please note that your right to erasure is subject to restrictions. For example, we do not have to, or rather are not allowed to, erase any data that we have to retain further due to legal retention periods. Data which we require for the establishment, exercise or defence of legal claims is also excluded from your right to erasure.

12.4 Your right to restriction of processing

If the legal requirements are met, you can request that we restrict processing. In particular, this is possible if

  • the accuracy of your personal data is disputed by you, in which case we will restrict the processing until we have had the opportunity to verify its accuracy;
  • the processing is not lawful and you request a restriction of use instead of erasure (see previous section); we no longer require your data for the purposes of processing, but you need it to establish, exercise or defend your legal claims;
  • you have objected for personal reasons, in which case we will restrict the processing until it is established whether your interests prevail.

If there is a right to restriction of processing, we will mark the data concerned in order to ensure that it will only be processed within the narrow limits that apply to such limited data (in particular to defend legal claims or with your consent).

12.5 Your right to data portability

You have the right to receive, in a transferable format, personal data that you have provided to us for the performance of the contract or on the basis of your consent. In this case, you can also request that we transfer this data directly to a third party, to the extent that this is technically feasible.

12.6 Your right to withdraw your consent

If you have consented to us processing your data, you can withdraw this at any time with effect for the future. This will not affect the lawfulness of the processing of your data before the withdrawal.

12.7 Your right to object to direct marketing

You can also object to the processing of your personal data for advertising purposes at any time ("advertising objection"). Please note that for organisational reasons there may be an overlap between your withdrawal and the use of your data during a campaign that is already running.

12.8 Your right to object for personal reasons

You have the right to object to data processing by us for reasons arising from your particular situation, insofar as this is based on the legal basis of a legitimate interest. We will then cease processing your data, unless we can – in accordance with the statutory provisions – prove compelling legitimate reasons for further processing which outweigh your rights.

12.9 Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with a data protection authority. You can contact the data protection authority responsible for your place of residence or federal state, or the data protection authority responsible for us. This is:

Berlin Commissioner for Data Protection and Freedom of Information

Friedrichstr. 219

10969 Berlin

Email: mailbox@datenschutz-berlin.de