Privacy Policy
-
Data Protection Statement
The data protection statement according to the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
Von Locquenghien and Jans GbR Lincolnstraße 14 64285 Darmstadt Germany
Email: fitnessxrsize@gmail.com Website:
2. General
2.1. Scope of Processing of Personal Data
We generally process the personal data of users only as far as this is necessary for the provision of a functional website and app as well as our content and services. Processing of personal data is usually only carried out with the consent of the user. An exception applies in those cases where obtaining prior consent is not possible for factual reasons and processing of the data is permitted by legal provisions.
2.2. Legal Basis for Processing Personal Data
If the legal basis for the processing of personal data is not mentioned in our data protection statement, the processing of personal data is based on the following legal bases:
Where we obtain the user's consent for processing personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
For the processing of personal data necessary for the performance of a contract to which the user is a party or for the implementation of pre-contractual measures, Article 6 (1) (b) GDPR serves as the legal basis.
Where processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6 (1) (c) GDPR serves as the legal basis.
Where processing of personal data is necessary to protect the vital interests of the user or of another natural person, Article 6 (1) (d) GDPR serves as the legal basis.
Where processing of personal data is necessary for the purposes of legitimate interests pursued by our company or by a third party and the interests, fundamental rights, and freedoms of the user do not outweigh the former interest, Article 6 (1) (f) GDPR serves as the legal basis for processing.
2.3. Deletion of Data and Storage Duration
Unless otherwise regulated in the following sections of this data protection statement, the following shall apply:
Personal data of the user will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this is provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a necessity for further storage of the data for conclusion of a contract or fulfillment of a contract.
2.4. Marketing and Promotion of Our Offer
We may use personal data to provide tailored content and advertising, to the extent permitted by applicable law. This may include email campaigns and personalized and custom audience advertising. However, we will not use or disclose health and fitness data for advertising or marketing purposes.
3 Data entered by the user in the app:
3.1. Description and scope of data processing
To be able to use the app, the user must provide the following information:
Age
Gender
Training level (i.e. performance data for various exercises)
Training goal
Body weight
Body height
Training frequency
Muscle focus
Furthermore, we store the user's training data (locally on the user's device) to a) present the training progress and b) provide appropriate suggestions for the future training plan. These training data include, for example, the following:
(1) Set number (2) Repetition number (3) Weight
3.2. Legal basis for data processing
The legal basis for processing the personal data entered by the user in the app is Art. 6 para. 1 lit. b GDPR, as the collection of this data is necessary for the performance of a contract to which the user is a party or for the implementation of pre-contractual measures.
3.3. Purpose of data processing
We store data entered by the user in the app:
(1) to authenticate access to the app account; (2) to create a personalized training plan; (3) to provide training analyses, statistics, and progress reports and give the user the ability to evaluate their training; (4) to be able to respond to possible requests from the user, conduct investigations, and resolve service problems; (5) to meet our business requirements; (6) to improve and analyze the performance and use of our website/app and content; (7) to conduct analyses for the further development of our offerings and to enable the user to have an even better experience when using them.
We process the user's data in accordance with all applicable laws and regulations and to fulfill our obligations. If we deem it necessary to investigate possible cases of fraud or other violations of our terms and conditions or this privacy policy, we will process the user's data.
3.4. Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. This is the case, for example, when the user deletes their account.
3.5. Right to object and remove data
If the user deletes their account, all of their data will be deleted.
If storage is legally required, a deletion request will have no effect on the data.
4. Provision of the website
4.1. Description and scope of data processing
The website builder from Wix.com is used to provide and operate the website. Wix.com Ltd., based in Israel, therefore understands itself to be GDPR-compliant as a so-called data processor, who collects usage data contractually when the website is accessed and processes it in accordance with its own privacy policy (https://www.wix.com/about/privacy). We have no influence on this data collection and are not responsible for it. In addition, we do not collect any data when using the website, especially those that allow conclusions to be drawn about a natural person, unless the website visitor explicitly enters such data into corresponding form fields and sends it to us. We point out that Wix.com Ltd. stores the data at different locations, which are subject to different local data protection laws.
4.2. Legal basis for data processing
The legal basis for processing this data is Art. 6 para. 1 lit. f GDPR.
4.3. Purpose of data processing
Our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR is that the data is technically necessary for us to offer you the functions of our website and to ensure its stability and security.
4.4. Duration of Storage
Once the data is no longer required for the purpose of its collection, it will be deleted. This is the case at the latest after 7 days. Further storage of the data is possible. In this case, the user's IP address is deleted or altered.
4.5. Right to Object and Removal Possibility
The collection of data for the provision of the website and the storage of the data is mandatory for the operation of the website. Therefore, there is no possibility of objection.
5. Provision of the App and Creation of Log Files
5.1. Description and Scope of Data Processing
To use this app, the user must be registered with the Google Play Store and have provided relevant personal data such as name, email address, account customer number, time of download, payment information, and the individual device identifier.
We have no influence on this data collection and are not responsible for it. We only process this data to the extent necessary for the performance of the contract.
In order for the user to use the app and for us to improve the app in the future, we collect the following data when the user installs the app on their mobile device:
(1) Login data of the mobile device (including device ID) (2) IP address anonymized (3) Date and time of access, time zone difference to Greenwich Mean Time (GMT), access status/HTTP status code (4) Transferred data volumes, messages about successful transfers to the mobile device (5) Data generated by the use of the app, such as page views and search queries by the user.
The data is stored separately from all other personal data provided by the user.
5.2. Legal Basis for Data Processing
The legal basis for the processing of this data is Art. 6 para. 1 lit. f DSGVO.
5.3. Purpose of Data Processing
Our legitimate interest in processing data in accordance with Art. 6 para. 1 lit. f DSGVO is that the data is technically necessary for us to offer the functions of our app and to ensure its stability and security.
5.4. Duration of Storage
Once the data is no longer required for the purpose of its collection, it will be deleted. This is the case at the latest after 7 days. Further storage of the data is possible. In this case, the IP address is deleted or altered.
5.5. Right to Object and Removal Possibility
The collection of data for the provision of the app and the storage of the data is mandatory for the operation of the app. Therefore, there is no possibility of objection.
6. Google Services
6.1. Description and Scope of Data Processing
We use Google Services to improve the functionality of our app. The services are offered by Google (Gordon House, Barrow Street, Dublin 4, Ireland; "Google Ireland Ltd.").
6.2. Legal Basis for Data Processing
The legal basis for the processing of this data is Art. 6 para. 1 lit. f DSGVO.
6.3. Purpose of Data Processing
The data collected is used to improve the functions of our app and to provide the user with an optimal user experience. By analyzing usage data, for example, we can determine which functions of our app are particularly popular and which are used less. This allows us to develop and improve the app in a targeted manner.
6.4. Duration of Storage, Right to Object, and Removal Possibility
The data will be deleted from our app as soon as it is no longer necessary for the purpose of its collection. The collection of data is mandatory for the provision and operation of the app - therefore, there is no possibility of objection.
7. Google Firebase
7.1. Description and scope of data processing
We use Google Firebase to analyze user behavior, run A/B tests, and send push notifications. Firebase is a service provided by Google (Gordon House, Barrow Street, Dublin 4, Ireland; "Google Ireland Ltd.") and offers a variety of services for app developers.
Some Firebase services process personal data. In most cases, the personal data used is limited to so-called instance IDs with timestamps. Instance IDs created by Firebase are only used once, so they can be assigned to a specific event or process. Data collected in this way is not personal and we do not take any steps to personalize it later.
Information about the instance IDs used can be found here: https://firebase.google.com/support/privacy/manage-iids
Information on the use of data for marketing purposes by Google can be found here: https://www.google.com/policies/technologies/ads
Google's privacy policy can be found here: https://www.google.com/policies/privacy
Google is certified under the Privacy Shield agreement, thereby providing a guarantee to comply with European data protection law: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
7.2. Legal basis for data processing
The legal basis for processing this data is Art. 6 para. 1 lit. f GDPR.
7.3. Purpose of data processing
The data is used to improve the quality of our app and the effectiveness of our advertising campaigns.
7.4. Duration of storage, possibility of objection and removal
The user can limit the use of the advertising ID in the device settings of their mobile device.
Android: Settings > Google > Ads > Reset advertising ID
Objection to interest-based advertising by Google marketing services can be made here: http://www.google.com/ads/preferences
Push notifications can be deactivated in the settings of the mobile device and reactivated at any time.
8. RevenueCat
8.1. Description and scope of data processing
We use RevenueCat to manage and analyze in-app purchases. RevenueCat is a service provided by Revenue Cat, Inc. based at 633 Tarava St. Suite 101, San Francisco, CA 94116 USA.
The privacy policy of RevenueCat can be found here: https://www.revenuecat.com/privacy
8.2. Legal basis for data processing
The legal basis for processing this data is Art. 6 para. 1 lit. f GDPR.
8.3. Purpose of data processing
The data is used to manage in-app purchases.
8.4. Duration of storage, possibility of objection and removal
The data is deleted from our app as soon as it is no longer necessary to achieve the purpose of its collection. The collection of data is mandatory for the provision and operation of the app - therefore, there is no possibility of objection.
9. Establishing a contractual relationship
9.1. Description and scope of data processing
If the user subscribes to the Pro version, we store the start and end dates and transmit this data to the Play Store. When the subscription is concluded through the app, user data for payment processing is directly collected by the Play Store. We use the service RevenueCat (RevenueCat, Inc. 633 Tarava St. Suite 101, San Francisco, CA 94116, USA) for the processing of subscription purchases.
Google's privacy policy can be found here: https://policies.google.com/privacy?hl=en
RevenueCat's privacy policy can be found here: https://www.revenuecat.com/privacy
9.2. Legal basis for data processing
The legal basis for processing personal data is Art. 6 para. 1 lit. b GDPR, as the processing of this data is necessary for the performance of a contract with the user.
9.3. Purpose of data processing
We process the data so that the Pro version can be successfully activated and deactivated, and the correct amount can be transferred with the stored payment method.
9.4. Storage period
The data will be deleted from our app as soon as it is no longer necessary to achieve the purpose of its collection.
Users should also read Google's and RevenueCat's privacy policies, as the storage period of the data is explained in their privacy policies.
9.5. Objection and removal options
The processing of data is mandatory for activating and deactivating the Pro version and for correct billing. Therefore, there is no option to object.
10. Google Fonts
Our website uses Google Fonts (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
The provider's privacy policy can be found here: https://www.google.com/policies/privacy
11. Social media presence
We use social networks and platforms for customer communication and information. The operators' terms and conditions and privacy policies apply on these platforms. We process user data when users contact us on these platforms.
12. YouTube
On our website, we embed videos from the YouTube platform (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
The provider's privacy policy can be found here: https://www.google.com/policies/privacy
13. User rights
The following list includes all user rights according to the GDPR against the controller. Rights that are not relevant to our website and app do not have to be mentioned. Insofar as the list can be shortened.
13.1. Right to information
The user can request confirmation from the controller whether personal data concerning the user is being processed by us.
If such processing is taking place, the user can request the controller to provide information on the following:
(1) the purposes for which the personal data are processed; (2) the categories of personal data being processed; (3) the recipients or categories of recipients to whom the personal data concerning the user have been or will be disclosed; (4) the planned duration of the storage of the personal data concerning the user or, if specific information on this is not possible, the criteria for determining the storage period; (5) the existence of a right to rectify or erase the personal data concerning the user, a right to restrict processing by the controller or a right to object to such processing; (6) the existence of a right to lodge a complaint with a supervisory authority; (7) all available information on the origin of the data if the personal data were not collected from the user; (8) the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved as well as the scope and intended effects of such processing for the user.
The user has the right to request information on whether personal data concerning the user is being transferred to a third country or to an international organization. In this context, the user may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
13.2. Right to rectification
The user has the right to have personal data concerning him or her corrected and/or completed by the controller if the processed personal data concerning the user is inaccurate or incomplete. The controller shall carry out the correction without undue delay.
13.3. Right to restriction of processing
Under the following conditions, the user can demand the restriction of the processing of personal data concerning him or her:
(1) If the user disputes the accuracy of personal data concerning him or her for a duration that enables the controller to verify the accuracy of the personal data; (2) If the processing is unlawful and the user refuses the erasure of the personal data and instead requests the restriction of the use of the personal data; (3) If the controller no longer needs the personal data for the purposes of processing, but the user needs them for the establishment, exercise, or defence of legal claims, or (4) If the user has objected to processing under Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the user.
Once the processing of personal data concerning the user has been restricted in accordance with the above conditions, except for storage, such data may only be processed with the user's consent, or for the establishment, exercise, or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, the controller shall inform the user before the restriction is lifted.
13.4. Right to erasure
a) Obligation to erase
The user may demand from the controller the immediate erasure of personal data concerning him or her, and the controller is obliged to erase such data immediately if one of the following reasons applies:
(1) The personal data concerning the user is no longer necessary for the purposes for which it was collected or otherwise processed; (2) The user withdraws the consent on which the processing is based according to Art. 6(1) lit. a or Art. 9(2) lit. a GDPR, and there is no other legal ground for the processing; (3) The user objects to the processing pursuant to Art. 21(1) GDPR, and there are no overriding legitimate grounds for the processing, or the user objects to the processing pursuant to Art. 21(2) GDPR; (4) The personal data concerning the user has been unlawfully processed; (5) The erasure of personal data concerning the user is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject; (6) The personal data concerning the user has been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
b) Information to third parties
Where the controller has made the personal data concerning the user public and is obliged pursuant to Art. 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the user has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Exceptions
The right to erasure shall not apply to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information; (2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (3) for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR; (4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR in so far as the right referred to in paragraph (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or (5) for the establishment, exercise or defence of legal claims.
13.5 Right to be informed
Where the data subject has exercised his or her right to rectification, erasure or restriction of processing, the controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Articles 16, 17(1) and 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
The controller shall inform the data subject about those recipients if the data subject requests it.
13.6 Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(1) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (2) the processing is carried out by automated means.
In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
13.8. Right to withdraw the data protection consent declaration
The user has the right to withdraw their data protection consent declaration at any time. The revocation of consent does not affect the lawfulness of processing based on consent before its withdrawal.
13.9. Automated individual decision-making, including profiling
The user has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. This does not apply if the decision
(1) is necessary for entering into, or performance of, a contract between the user and the controller, (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the user's rights and freedoms and legitimate interests, or (3) is based on the user's explicit consent.
However, these decisions must not be based on special categories of personal data referred to in Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and suitable measures to safeguard the user's rights and freedoms and legitimate interests are in place.
Regarding the cases mentioned in (1) and (3), the controller shall implement suitable measures to safeguard the user's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.
13.10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, the user has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement, if the user considers that the processing of personal data relating to them infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy under Article 78 of the GDPR.
-
Amendment of the data protection provisions
We reserve the right to amend or adapt this data protection declaration at any time in compliance with the applicable data protection regulations.
As of May 1, 2023.