Last amended: March 2021
- Data controller and contact
The controller for the processing of your personal data when you visit this website within the meaning of the General Data Protection Regulation (GDPR) is
CAREFYL – Alexandra Potthoff (hereinafter referred to as “CAREFYL “)
We will be happy to respond to your information requests and feedback on the subject of data protection. Simply email our data protection team at firstname.lastname@example.org. We expressly point out that when this e-mail address is used, the contents will not be taken into account exclusively by our data protection officer. If you wish to exchange confidential information, please contact the data protection officer directly via this e-mail address.
- Collection, processing and use of personal data
Personal data is any information relating to an identified or identifiable natural person (e.g. name, address, telephone number, date of birth or email address). As a rule, it is possible to use our website without providing any personal information. However, the use of certain services may require you to provide personal data, for example if you register or you participate in a competition.
2.2 Log files
Each time you use the website, your browser automatically transfers certain information to us in so-called log files, which we store.
We store the log files for seven to ten days, using them only to identify errors and for security reasons (e.g. to investigate attempted attacks), and then erase them. Any log files whose further storage is required for evidence purposes are excluded from erasure until the respective incident has been finally clarified and may be passed on to investigating authorities in individual cases. This data processing is performed in order to safeguard our legitimate interests on the basis of Art. 6(1) (f) GDPR.
In particular, the following information is stored in the log files:
- abbreviated IP address (internet protocol address) of the device from which the website is accessed;
- internet address of the website from which the website was accessed (so-called origin or referrer URL);
- name of the service provider through which the website is accessed;
- name of the files or information retrieved;
- date and time as well as duration of the retrieval;
- operating system and information about the browser used, including installed add-ons (e.g. for Flash Player);
- http status code (e.g. for “successful response” or “requested file not found”).
Should you use services that require registration, we will collect, process and use the data required for those services from you, in particular in order to make the services available to you.
With the user’s explicit registration, the following data can be collected (provided the user enters this data him- or herself): gender, first name, last name, date of birth, email address, street, house number, postcode, town, SEPA data for direct debit, telephone number. We determine your country of origin based on the IP address you use to visit our website.
The personal data you provide when registering is collected, processed and used by CAREFYL for the purpose of creating the relevant contract, for executing and processing the contract, as well as for billing purposes. The legal basis for data processing in this case is Art. 6(1) (a) and (b) GDPR.
2.4 Using our website
When you use our website, we also process personal data to the extent necessary (e.g. when you participate in courses and personal trainings or write comments). The legal basis for this is Art. 6(1) (b) GDPR.
2.5 Disclosure of data to third parties; service providers
In principle, we will only pass on the data we collect if:
- you have given your explicit consent pursuant to Art. 6(1) (a) GDPR;
- disclosure is necessary pursuant to Art. 6(1) (f) GDPR in order to establish, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being disclosed;
- we are legally obliged to do so under Art. 6(1) (c) GDPR; or
- this is required under Art. 6(1) (b) GDPR for the processing of contractual relationships with you or for taking steps at your request prior to entering into a contract (e.g. forwarding enquiries and orders to regional cooperation partners).
In addition, data may be disclosed in connection with official requests, court orders and legal proceedings if this is necessary to pursue or enforce rights.
If these service providers process your data outside the European Union, this may result in your data being transferred to a country with a lower data protection standard than that of the European Union. In such cases, CAREFYL ensures that the service providers concerned guarantee an equivalent level of data protection, either by contract or otherwise (e.g. by concluding Standard Contractual Clauses with the service provider). Alternatively, for data transfers to third countries, CAREFYL relies on one of the exceptions under Art. 49 DSGVO.
2.6 Disclosure of data to cooperation partners
Where a contract is concluded within the framework of a cooperation, we may also disclose your personal data to the respective cooperation partner (e.g. your telecommunications provider or your health insurance provider), for example to verify your membership or contract status with the cooperation partner or for billing purposes in connection with the cooperation. Depending on the cooperation, the legal basis for this is Art. 6(1) (a) or (b) GDPR.
2.7 Disclosure of data to banks and payment service providers
We use external payment service providers. Depending on which payment method you choose when ordering, we will disclose the data collected for payment processing purposes (e.g. bank details or credit card information) to the bank commissioned with the payment or to payment service providers commissioned by us. The legal basis for this data processing is Art. 6(1) (b) GDPR.
2.8 Data processing for advertising purposes
2.8.1 Sending of advertising to existing customers
If you create an account with us, we will also use your contact information to send you emails containing relevant information about our products and services, as well as related news, promotions, offers, feedback and other surveys. These emails are sent regardless of whether you have subscribed to our newsletter or not. You can object to the use of your data for advertising purposes at any time by sending an email to email@example.com or by clicking on the unsubscribe link in the advertising email – without incurring any costs other than the transmission costs according to the basic rates. The legal basis for this data processing is Art. 6(1) (f) GDPR, which permits data processing to safeguard legitimate interests insofar as this concerns the storage and further use of the data for advertising purposes (advertising to existing customers).
We offer you the opportunity to subscribe to a newsletter, in which we regularly inform you about our new products, services and news from the world of fitness and lifestyle. The legal basis of this data processing is your consent pursuant to Art. 6(1) (a) GDPR.
In our email newsletters, we use market-standard technologies to allow us to measure interactions with the newsletters (e.g. opening and click rates). We use this data for general evaluations as well as to personalise and further develop our content and customer communication. This is done using small graphics (known as pixels) and special links embedded in the newsletters. The data collected in this way will be associated with your other personal data. However, we can only view aggregated information about our subscribers’ reading habits, and not whether and when a subscriber opened a particular email. The legal basis of this is your consent pursuant to Art. 6(1) (a) GDPR. If you do not want your usage behaviour to be analysed in this way, you can unsubscribe from the newsletter or disable the display of graphics in your email client by default.
You can withdraw your consent at any time. To do this, please use the unsubscribe link at the end of a newsletter or contact us using the information in the “Your contact person and contact” section.
- Online presence on social media
We maintain online presences on social networks in order, among other things, to communicate with customers and other interested parties and to inform them about our products and services.
User data is usually processed for market research and advertising purposes. In this way, user profiles can be created based on the users’ interests. For this purpose, cookies and other identifiers are stored on users’ computers. Based on these usage profiles, ads are then shown on the social networks, for example, but also on third-party websites.
- Duration of storage; retention periods
We will store your data for as long as is necessary to provide our website and the associated services or as long as we have a legitimate interest in further storage. In all other cases, we will erase your personal data with the exception of data that we are required to maintain in order to comply with contractual or legal (e.g. under tax or commercial law) retention periods (e.g. invoices). Contractual retention periods may also result from contracts with third parties (e.g. holders of copyrights and ancillary copyrights).
We will block any data that is subject to a retention period until the end of that period.
- Your rights
5.1 How can you assert your rights?
To assert your rights, please use the information in the “Data controller and contact” section. Please make sure that we are able to uniquely identify you.
Alternatively, you can also adjust the settings in your user account to correct the data you entered during registration or to object to advertising.
Please note that, if the erasure is prevented due to retention periods, your data will initially only be blocked.
5.2 Your rights of access and rectification
You may request that we confirm whether we process personal data concerning you, and you have a right of access to the personal data of yours which we process. Should your data be inaccurate or incomplete, you may request that it be rectified or completed. If we have passed on your data to third parties, we will inform them about the rectification to the extent required by law.
5.3 Your right to erasure
If the legal requirements are met, you can request that we erase your personal data without delay. In particular, this is possible if
- your personal data is no longer needed for the purposes for which it was collected; the legal basis for the processing was solely your consent and you have withdrawn this;
- you have objected to processing for advertising purposes (“advertising objection”);
- You have objected to processing, citing the legal basis of the balancing of interests for personal reasons, and we cannot prove that there are overriding legitimate reasons for a processing;
- your personal data has been unlawfully processed; or
- your personal data must be erased in order to comply with legal requirements.
If we have passed on your data to third parties, we will inform them about the erasure to the extent required by law.
Please note that your right to erasure is subject to restrictions. For example, we do not have to, or rather are not allowed to, erase any data that we have to retain further due to legal retention periods. Data which we require for the establishment, exercise or defence of legal claims is also excluded from your right to erasure.
5.4 Your right to restriction of processing
If the legal requirements are met, you can request that we restrict processing. In particular, this is possible if
- the accuracy of your personal data is disputed by you, in which case we will restrict the processing until we have had the opportunity to verify its accuracy;
- the processing is not lawful and you request a restriction of use instead of erasure (see previous section); we no longer require your data for the purposes of processing, but you need it to establish, exercise or defend your legal claims;
- you have objected for personal reasons, in which case we will restrict the processing until it is established whether your interests prevail.
If there is a right to restriction of processing, we will mark the data concerned in order to ensure that it will only be processed within the narrow limits that apply to such limited data (in particular to defend legal claims or with your consent).
5.5 Your right to data portability
You have the right to receive, in a transferable format, personal data that you have provided to us for the performance of the contract or on the basis of your consent. In this case, you can also request that we transfer this data directly to a third party, to the extent that this is technically feasible.
5.6 Your right to withdraw your consent
If you have consented to us processing your data, you can withdraw this at any time with effect for the future. This will not affect the lawfulness of the processing of your data before the withdrawal.
5.7 Your right to object to direct marketing
You can also object to the processing of your personal data for advertising purposes at any time (“advertising objection”). Please note that for organisational reasons there may be an overlap between your withdrawal and the use of your data during a campaign that is already running.
5.8 Your right to object for personal reasons
You have the right to object to data processing by us for reasons arising from your particular situation, insofar as this is based on the legal basis of a legitimate interest. We will then cease processing your data, unless we can – in accordance with the statutory provisions – prove compelling legitimate reasons for further processing which outweigh your rights.
5.9 Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with a data protection authority. You can contact the data protection authority responsible for your place of residence or federal state, or the data protection authority responsible for us. This is:
Berlin Commissioner for Data Protection and Freedom of Information