1. General information

In this section of the data protection declaration you will find information on the scope, the person responsible for data processing, his data protection officer and data security. We also explain in advance the meaning of important terms that are used in the privacy policy.

  1. Important terms

Browser: Computer program for displaying websites (e.g. Chrome, Firefox, Safari)

Cookies: Text files that the called web server places on the user’s computer via the browser used. The stored cookie information can contain an identifier (cookie ID), which is used for recognition, as well as content-related information such as login status or information about websites visited. The browser sends the cookie information back to the web server with each request on subsequent visits to this page. Most browsers automatically accept cookies .

Third countries: countries outside the European Union (EU)

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data, on the free movement of data and on the repeal of Directive 95/46 / EC (General Data Protection Regulation), available here .

Personal data: All information relating to an identified or identifiable natural person. A natural person is regarded as identifiable who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical , physiological, genetic, psychological, economic, cultural or social identity of this natural person.

Profiling: Any type of automated processing of personal data that consists of this personal data being used to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences To analyze or predict the interests, reliability, behavior, whereabouts or relocation of this natural person

Services: Our offers to which this data protection declaration applies (see scope).

Tracking: The collection of data and its evaluation with regard to the behavior of visitors to our services .

Tracking technologies: Tracking can take place both via the activity logs (log files) stored on our web servers and by collecting data from your device using pixels , cookies and similar tracking technologies .

Processing: Any process carried out with or without the help of automated processes or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or change, reading, querying, use, Disclosure through transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.

Pixels: Pixels are also called counting pixels, tracking pixels, web beacons or web bugs. They are small, invisible graphics or on websites. When a document is opened, this small image is loaded from a server on the Internet, and the download is registered there. In this way, the operator of the server can see whether and when an e-mail was opened or a website was visited. This function is usually implemented by calling up a small program (Javascript). Certain types of information can be recognized and passed on on your computer system, such as the content of cookies , the time and date of the page view and a description of the page on which the tracking pixel is located.

  1. Scope

This data protection declaration applies to the following offers:

  • our online offer ” Fit For Fun Website “ (website), especially available at www.fitforfun.de ,
  • our online offer ” Fit For Fun mobile website “ (website), available in particular at m.fitforfun.de ,
  • Whenever a reference is made to this data protection declaration from one of our offers (e.g. websites, subdomains, mobile applications, web services or integration in third-party sites), regardless of how you access or use it.

All of these offers are collectively referred to as ” services “.

  1. Responsible

The person responsible for data processing – i.e. the person who decides on the purposes and means of processing personal data – in connection with the services is:

  1. Data protection officer

Contact our data protection officer:
Data protection request form

Or via the address given under I.3 (for the attention of the data protection department) or via:

  1. In this section of the data protection declaration, we will inform you in detail about the processing of personal data within the scope of our services . For better clarity, we have broken down this information according to certain functionalities of our services . With the normal use of the services , different functionalities and thus also different processing can come into effect one after the other or at the same time.The data processing in detail
  2. General information on data processing

Unless otherwise stated, the following applies to all processing operations shown below:

  1. a) No obligation to provide & consequences of non-provision

The provision of personal data is not required by law or contract and you are not obliged to provide data. As part of the input process, we will inform you if the provision of personal data is required for the respective service (e.g. by designating it as a “mandatory field”). If data is required, failure to provide it means that the service in question cannot be provided. Otherwise, failure to provide it may mean that we cannot provide our services in the same form and quality.

  1. b) Consent

In various cases you have the option of giving us your consent to further processing in connection with the processing described below (possibly for part of the data). In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all modalities and the scope of the consent and about the purposes that we pursue with this processing. The processing based on your consent is therefore not listed again here ( Art. 13 (4 ) GDPR ).

  1. c) Transfer of personal data to third countries

If we transfer data to third countries , ie countries outside the European Union, the transfer takes place exclusively in compliance with the legally regulated admissibility requirements.

If the transmission of the data to a third country does not serve to fulfill our contract with you, we do not have your consent, the transmission is not necessary for the establishment, exercise or defense of legal claims and no other exception according to Art. 49 GDPR applies, we transmit Your data to a third country only if there is an adequacy decision according to Art. 45 GDPR or suitable guarantees according to Art. 46 GDPR .

By concluding the EU standard data protection clauses issued by the European Commission with the receiving body, we meet the requirements for checking with regard to suitable guarantees in accordance with Art. 46 (2) c) GDPR , as well as with regard to an appropriate level of data protection in third countries . Copies of the EU standard data protection clauses are available on the website of the European Commission, available here .

  1. d) Hosting with external service providers

Our data processing takes place to a large extent with the involvement of so-called hosting service providers, who provide us with storage space and processing capacities in their data centers and, according to our instructions, also process personal data on our behalf. With all of the following functionalities, personal data may be transmitted to hosting service providers. These service providers process data either exclusively in the EU or we have guaranteed an adequate level of data protection with the help of the EU standard data protection clauses (see under c.).

  1. e) Transmission to state authorities

We transmit personal data to state authorities (including law enforcement authorities) if this is necessary to fulfill a legal obligation to which we are subject (legal basis: Art. 6 Para. 1 c) GDPR ) or if it is necessary to assert, exercise or defend legal claims (Legal basis Art. 6 Para. 1 f) GDPR ).

  1. f) Storage period

In the “Storage period” section, it is specified how long we use the data for the respective processing purpose. After this time, the data will no longer be processed by us, but will be deleted at regular intervals, unless ongoing processing and storage is required by law (in particular because it is necessary to fulfill a legal obligation or to assert, exercise or defend legal claims ) or you give us any further consent.

  1. g) Duration of operation of cookies

The data processing shown in the following sections takes place in part with the help of cookies . The information stored in a cookie can only be accessed via the Internet by the operator of the web server that originally set the cookie. Access by third parties in this way is not possible. The cookies have different functional periods. Some cookies are only active during a browser session and are then deleted, while others work for longer periods of time, but usually less than a year. After the functional period has expired, a cookie is deleted by the browser . You can use cookiesusing the browser functions (mostly under “Options” or “Settings”). This means that the storage of cookies can be deactivated, made dependent on your consent in individual cases, or otherwise restricted. You can also delete cookies at any time.

  1. h) Names of data categories

In the following sections, the following summarizing category names are used for certain types of data:

  • Account data: login / user ID and password
  • Personal master data : title, salutation / gender, first name, last name, date of birth
  • Address data: street, house number, if necessary additional address, zip code, city, country
  • Contact details: Telephone number (s), Fax number (s), E-mail address (s)
  • Login data: information about the service through which you have registered; Times and technical information on registration, confirmation and cancellation; Data you provided when registering
  • Usage profile data newsletter: opening of the newsletter (date and time), content, selected links, also the following information from the accessing computer system: Internet protocol address (IP address) used, browser type and version, device type, operating system and similar technical information.
  • Access data : date and time of your visit to our service; the page from which the accessing system came to our page; Pages called up during use; Session identification data (Session ID); In addition, the following information from the accessing computer system: Internet protocol address (IP address) used, browser type and version, device type, operating system and similar technical information.
  1. i) data collection from public sources

We collect personal data from publicly accessible sources. Publicly accessible sources include in particular publicly accessible websites, all public directories that are available to the general public (telephone number and similar directories) and public registers, even if they may require a login (e.g. commercial register).

We process all categories of data that are stored in publicly accessible sources. This can be, for example, personal master data , address data , contact data , payment data , order data , as well as all other data categories such as interests, preferences, affinities and the like.

The data are collected for the purpose of fulfilling the principle of correctness according to Art. 5 Para. 1 Letter d) GDPR , if necessary the purpose of contract implementation according to Art. 6 Para. 1 Letter b) GDPR , if necessary for the purpose of legal enforcement and for collection in accordance with Art. 6 Para. 1 Letter b) and f) GDPR , as well as for the purpose of direct advertising in accordance with Art. 6 Para. 1 Letter f) in conjunction with Recital 46 GDPR .

2. Calling up our services

In the following, we describe how your personal data is processed when you access our services (e.g. loading and viewing the website, opening and navigating within the mobile device app). In addition, we use technically or legally necessary auxiliary tools that do not collect any data themselves (such as a tag manager), but only serve the security of the website, the administration and operation of other tools or the administration of the consent you have given (Consent Management Platform) . We particularly point out that the transmission of access datato external content providers (see under b.) is unavoidable due to the technical functionality of the information transfer on the Internet. The third-party providers are responsible for the data protection-compliant operation of the IT systems they use. The decision on the storage period of the data is incumbent on the service providers.