Last amended: September 2021
The privacy policy applies to the following service: https://corporatehealth.gymondo.com/en/
In connection with the purchase of vouchers by corporate customers and when you visit this website, the controller responsible for the processing of your personal data within the meaning of the General Data Protection Regulation (GDPR) is
Gymondo GmbH (hereinafter referred to as "Gymondo")
Ritterstraße 12
10969 Berlin
E-Mail: service@gymondo.com
Our data protection team will be happy to respond to your information requests and feedback on the subject of data protection. Simply email us at privacy@gymondo.com. We expressly point out that emails sent to this address will not be read solely by our data protection officer. If you wish to share confidential information, please first use this email address to request direct contact with our data protection officer.
We offer our services to companies as part of the Corporate Health Programme.
For this purpose, you enter your contact details – such as first name and last name, business email address, phone number, company name and details of the enquiry in the free text field – in the designated contact form. In the further course, we may collect, process and use the data you provided for the purpose of creating the relevant contract, for executing and processing the contract, as well as for billing purposes. The legal basis for data processing in this case is Art. 6(1) Sentence (1)(b) GDPR. We will store the data for the duration of the business relationship.
We will process the data required in connection with the contractually owed scope of services, in particular to conduct business relationships, to conclude contracts, to process orders, for deliveries and services. For billing purposes, we record information about offers, orders, services rendered and invoice items as well as bank details. Contact details may also be processed in this context. The legal basis is Art. 6(1) Sentence 1(b) GDPR. We will store the data for the duration of the business relationship, but at least as long as required in order to meet our legal and accounting obligations.
We will also use your information on orders, services rendered and invoice items for internal cost accounting and results accounts, controlling, and internal reporting, which serves our corporate management and planning purposes. The legal basis for this is Art. 6(1) Sentence 1(f) GDPR.
We will use your company data and contact details and, if applicable, other details about previous orders in order to send you relevant information about our services (e.g. news, promotions and offers) by email or post. Depending on the advertising measure, the legal basis is either your consent (Art. 6(1) Sentence 1(a) GDPR) or our legitimate interest in sending you advertising, for example in the case of advertising to existing customers, or postal advertising (Art. 6(1) Sentence 1(f) GDPR). You can object to the use of your data for advertising purposes at any time by sending an email to service@gymondo.com or by clicking on the unsubscribe link in the advertising email – without incurring any costs other than the transmission costs according to the basic rates.
Each time you use the website, your browser automatically transfers certain information to us in so-called log files, which we store. We store the log files for seven to ten days, using them only to identify errors and for security reasons (e.g. to investigate attempted attacks), and then erase them. Any log files whose further storage is required for evidence purposes are excluded from erasure until the respective incident has been finally clarified, and may be passed on to investigating authorities in individual cases. This data processing is performed in order to safeguard our legitimate interests on the basis of Art. 6(1) Sentence 1(f) GDPR.
In particular, the following information is stored in the log files:
In principle, only we process the personal data collected from you. We will only transfer your data to third parties if we are legally obliged to do so (Art. 6(1) Sentence 1(c) GDPR) or in order to safeguard your or our interests (Art. 6(1) Sentence 1(f) GDPR) or to fulfil our contractual obligations (Art. 6(1) Sentence 1(b) GDPR), for example by involving external service providers as well as consultants and auditors.
External service providers are bound by instructions and will receive your data only to the extent and for the period of time required to provide the service. We always conclude agreements with our external consultants and auditors in order to ensure the confidentiality of all information.
Your data may be passed on to the following recipients in particular: Group companies, IT service providers (e.g. for customer data management or for sending newsletters), subcontractors ( e.g. when carrying out services contractually agreed with you), waste disposal service providers, authorities and offices, banks.
If these service providers process your data outside the European Union, this may result in your data being transferred to a country with a lower data protection standard than that of the European Union (a so-called third country). In such cases, Gymondo ensures that the service providers concerned guarantee an equivalent level of data protection, either by contract or otherwise (e.g. by concluding standard contractual clauses). Alternatively, Gymondo relies on one of the derogations under Art. 49 GDPR for data transfers to third countries.
For our Corporate Health area, we use the service provider Shopify International Limited, 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify") for the purpose of providing and displaying our online shop, in which cases Shopify processes data on behalf of us as the controller. When you create a user account or make a purchase in our Corporate Health web shop, this data is processed on Shopify's servers.
In connection with Shopify's aforementioned services, data may also be transferred to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc., Shopify Payments (USA) Inc. or Shopify (USA) Inc. as part of further processing on behalf of Shopify. In the event of the transfer of data to Shopify Inc. in Canada, the adequate level of data protection is guaranteed by the existence of a European Commission adequacy decision. For further information about how Shopify processes data, please refer to Shopify's privacy policy: https://www.shopify.de/legal/datenschutz.
We use the payment service provider "Shopify Payments" to process payments if you have opted for a payment method offered via Shopify Payments. In addition to the credit card option, payments can be made via the following payment service providers:
To improve our communication with you, we use the customer relationship management (CRM) service provided by Zendesk, Inc., 1019 Market Street, San Francisco, CA 94103, US ("Zendesk"). We use Zendesk to integrate contact forms and forward your direct enquiries to us if you have general or specific questions and problems about our products, the website or our company. In this context, we will process your data exclusively to communicate with you. This is optional for you. You may use alternative means of contact, such as by telephone or post, if you do not consent to Zendesk collecting your information.
When using the contact forms that we integrate on the website together with Zendesk, we collect the following contact data from you: email address, first and last name, address, IP address, voluntary information.
Zendesk also uses cookies and similar technologies that are "necessary cookies" for us and serve the purpose of ensuring smooth communication with you.
The data recorded in this context may be transferred to a Zendesk server in the US and stored there. In the event that personal data is transferred to the US or other third countries, Zendesk has approved binding corporate rules pursuant to Art. 46(2)(b), Art. 47 GDPR and we have concluded standard data protection clauses with Zendesk pursuant to Art. 46( 2)(c) GDPR.
Please refer to Zendesk's privacy policy for further details.
For detailed information about how our services use cookies, please refer to our cookie policy.
We will store your data for as long as is necessary to provide our website and the associated services or as long as we have a legitimate interest in further storage. In all other cases, we will erase your personal data with the exception of data that we are required to maintain in order to comply with contractual or legal (e.g. under tax or commercial law) retention periods (e.g. invoices). Contractual retention periods may also result from contracts with third parties (e.g. holders of copyrights and ancillary copyrights).
We will block any data that is subject to a retention period until the end of that period.
To assert your rights, please use the information in the "Data controller and contact" section. Please make sure that we are able to uniquely identify you.
Alternatively, you can also adjust the settings in your user account to correct the data you entered during registration or to object to advertising.
Please note that, if the erasure is prevented due to retention periods, your data will initially only be blocked.
You may request that we confirm whether we process personal data concerning you, and you have a right of access to the personal data of yours which we process. Should your data be inaccurate or incomplete, you may request that it be rectified or completed. If we have passed on your data to third parties, we will inform them about the rectification to the extent required by law.
If the legal requirements are met, you can request that we erase your personal data without delay. In particular, this is possible if
If we have passed on your data to third parties, we will inform them about the erasure to the extent required by law.
Please note that your right to erasure is subject to restrictions. For example, we do not have to, or rather are not allowed to, erase any data that we have to retain further due to legal retention periods. Data which we require for the establishment, exercise or defence of legal claims is also excluded from your right to erasure.
If the legal requirements are met, you can request that we restrict processing. In particular, this is possible if
If there is a right to restriction of processing, we will mark the data concerned in order to ensure that it will only be processed within the narrow limits that apply to such limited data (in particular to defend legal claims or with your consent).
You have the right to receive, in a transferable format, personal data that you have provided to us for the performance of the contract or on the basis of your consent. In this case, you can also request that we transfer this data directly to a third party, to the extent that this is technically feasible.
If you have consented to us processing your data, you can withdraw this at any time with effect for the future. This will not affect the lawfulness of the processing of your data before the withdrawal.
You can also object to the processing of your personal data for advertising purposes at any time ("advertising objection"). Please note that for organisational reasons there may be an overlap between your withdrawal and the use of your data during a campaign that is already running.
You have the right to object to data processing by us for reasons arising from your particular situation, insofar as the legal basis of this is a legitimate interest. We will then cease processing your data, unless we can – in accordance with the statutory provisions – prove compelling legitimate reasons for further processing which outweigh your rights.
You have the right to lodge a complaint with a data protection authority. You can contact the data protection authority responsible for your place of residence or federal state, or the data protection authority responsible for us. This is the:
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219
10969 Berlin
E-Mail: mailbox@datenschutz-berlin.de