Gym & Cheer GmbH
Laibacher Str. 6
Email address: firstname.lastname@example.org
Legal representative: Anita Sommer
Link to the data protection declaration: http://gymandcheer.com/privacypolicy/
Link to the imprint: https://gymandcheer.com/imprint/
1. Types of data processed
– Inventory data (e.g. personal master data, names or addresses).
– Contact details (e.g., email, telephone numbers).
– Content data (e.g. text entries, photographs, videos).
– Usage data (e.g. websites visited, interest in content, access times).
– Meta / communication data (e.g., device information, IP addresses).
2. Categories of data subjects
Visitors and users of the online offer (in the following we refer to the data subjects collectively as „users“).
3. Purpose of processing
– Providing the online offer, its functions and content.
– Answering contact inquiries, processing course registrations and communicating with users.
– Safety measures.
– Range measurement / marketing
4. Terms used
„Personal data“ is all information that relates to an identified or identifiable natural person (hereinafter „data subject“); A natural person is considered to be identifiable if he or she can be identified directly or indirectly, in particular by assigning an identifier such as a name, an identification number, location data, an online identifier (eg cookie) or one or more special features, expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
“Processing” is any process carried out with or without the help of automated processes or any such series of processes in connection with personal data. The term goes far and covers practically every handling of data.
„Pseudonymization“ means the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.
“Profiling” means any kind of automated processing of personal data, which consists in the fact that this personal data is used to evaluate certain personal aspects related to a natural person, in particular aspects related to work performance, economic situation, health, personal Analyze or predict the preferences, interests, reliability, behavior, location or relocation of this natural person.
The “responsible person” is the natural or legal person, public authority, agency or other body that alone or together with others decides on the purposes and means of processing personal data.
„Processor“ means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the person responsible.
5. Security measures
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing, as well as the different occurrence and severity of the risk to the rights and freedoms of natural persons Measures to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling the physical access to the data, as well as the access, input, transfer, securing availability and its separation. Furthermore, we have set up procedures that guarantee the exercise of data subject rights, deletion of data and reaction to data threats. We also take the protection of personal data into account when developing or selecting hardware, software and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings.
6. Cooperation with processors, jointly responsible and third parties
If we disclose data to other people and companies (processors, jointly responsible persons or third parties) as part of our processing, transmit them to them or otherwise give them access to the data, this will only be done on the basis of legal permission (e.g. if the data is transmitted to third parties, such as payment service providers, is necessary for the fulfillment of the contract), users have given their consent, a legal obligation provides for this or based on our legitimate interests (e.g. when using agents, web hosts, etc.).
If we disclose, transmit or otherwise grant data to other companies in our group of companies, this is done in particular for administrative purposes as a legitimate interest and also on a basis that complies with the legal requirements.
7. Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or as part of the use of third-party services or disclosure or transmission of data to other people or companies happens, this only happens if it happens to fulfill our (pre) contractual obligations, based on your consent, a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or leave the data in a third country only if the legal requirements are met. That the processing takes place e.g. on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g. for the USA through the „Privacy Shield“) or compliance with officially recognized special contractual obligations.
8. Rights of the data subjects
You have the right to request confirmation as to whether the data in question are being processed and to request information about this data as well as further information and a copy of the data in accordance with the legal requirements.
In accordance with the legal requirements, you have the right to request the completion of the data concerning you or the correction of the incorrect data concerning you.
In accordance with the legal requirements, you have the right to request that the data in question be deleted immediately or, alternatively, to request that the processing of the data be restricted in accordance with the legal requirements.
You have the right to request that the data relating to you, which you have provided to us, be received in accordance with the legal requirements and to request their transmission to other responsible parties.
You also have the right to file a complaint with the relevant supervisory authority in accordance with the legal requirements.
9. Right of withdrawal
You have the right to withdraw your consent with future effect.
10. Right to object
You can object to the future processing of your data at any time in accordance with the legal requirements. In particular, the objection can be made against processing for direct marketing purposes.
11. Cookies and right to object to direct advertising
„Cookies“ are small files that are stored on users‘ computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit within an online offer. Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie e.g. the content of a shopping cart in an online shop or a login status can be saved. Cookies are referred to as „permanent“ or „persistent“ and remain saved even after the browser is closed. For example, the login status is saved if the users visit it after several days. Such a cookie can also be used to store the interests of users who are used for range measurement or marketing purposes. A „third-party cookie“ refers to cookies that are offered by providers other than the person responsible for the online offering (otherwise, if they are only their cookies, we speak of „first-party cookies“).
We can use temporary and permanent cookies and clarify this in the context of our data protection declaration.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
12. Deletion and blocking of personal data
The data processed by us is deleted in accordance with the legal requirements or its processing is restricted. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there are no legal retention obligations to prevent deletion.
If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. That the data will be blocked and not processed for other purposes. This applies e.g. for data that must be kept for commercial or tax reasons.
13. Changes and updates to the data protection declaration
We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes make it necessary to act on your part (e.g. consent) or other individual notification.
14. Establishing contact
When contacting us (e.g. via contact form, e-mail, telephone or via social media), the information provided by the user for processing the contact request and processing it in accordance with. Art. 6 para. 1 lit. b. (within the framework of contractual / pre-contractual relationships), Art. 6 para. 1 lit. f. (other inquiries) GDPR processed .. The information of the users can be stored in a customer relationship management system („CRM system“) or comparable inquiry organization.
If a data subject contacts the data controller by email or via a contact form, the personal data transmitted by the data subject will be automatically saved. Such data transmitted voluntarily by a data subject to the data controller are stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties.
We delete the requests if they are no longer necessary. We check the necessity every two years; The statutory archiving obligations also apply.
15. Subscription to our newsletter
With the following information we inform you about the content of our newsletter as well as the registration, shipping and statistical evaluation procedure and your right to object. By subscribing to our newsletter, you agree to the receipt and the procedures described.
Content of the newsletter: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter „newsletter“) only with the consent of the recipient or with a legal permission. Insofar as the content of a newsletter is specifically described, it is decisive for the consent of the user. Our newsletters also contain information about our services and us.
Double opt-in and logging: The registration for our newsletter takes place in a so-called double opt-in procedure. That After registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with someone else’s email address. The registrations for the newsletter are logged in order to be able to demonstrate the registration process in accordance with the legal requirements. This includes storing the time of registration and confirmation, as well as the IP address. Changes to your data stored with the shipping service provider are also logged.
Registration data: To register for the newsletter you have to enter your email address. We also ask you to enter a name in the newsletter for personal contact.
The newsletter is sent and the success measurement associated with it is based on the consent of the recipient in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with § 7 Para. 2 No. 3 UWG or, if consent is not required, on the basis of our legitimate interests in direct marketing in accordance with. Art. 6 para. 1 according to f. GDPR in conjunction Section 7 (3) UWG.
The logging of the registration process is based on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Our interest is focused on the use of a user-friendly and secure newsletter system that serves both our business interests and the expectations of the users and also allows us to prove consent.
Cancellation / Revocation – You can cancel the receipt of our newsletter at any time, i.e. Revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. Based on our legitimate interests, we can save the e-mail addresses that have been removed for up to three years before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the previous consent is confirmed.
If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter.
We use the so-called double opt-in procedure to ensure that the newsletter is sent out in an agreed manner. In the course of this, the potential recipient can be included in a distribution list. The user then receives the opportunity to confirm the registration in a legally secure manner by means of a confirmation email. The address is only actively included in the distribution list if the confirmation is given.
We only use this data to send the requested information and offers.
Newsletter2Go is used as newsletter software. Your data will be transmitted to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling your data and using it for purposes other than sending newsletters. Newsletter2Go is a German, certified provider, which was selected in accordance with the requirements of the General Data Protection Regulation and the Federal Data Protection Act.
You can find more information here: https://www.newsletter2go.de/informationen-newsletter-empfaenger/
You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the „unsubscribe“ link in the newsletter.
The data protection measures are always subject to technical updates, for this reason we ask you to inform yourself about our data protection measures at regular intervals by inspecting our data protection declaration.
15.1 Data protection declaration when using Google reCAPTCHA
We use the Google reCaptcha service to determine whether a person or a computer makes a particular entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer: IP address of the device used, the website that you visit with us and on which the Captcha is integrated, the date and duration of the visit, the identification data of the used device Browser and operating system type, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks for which you have to identify images. The legal basis for the data processing described is Art. 6 Para. 1 lit. f General data protection regulation. There is a legitimate interest on our part in this data processing to ensure the security of our website and to protect us from automated entries (attacks).
15.2 Consent text in the newsletter form
Our free newsletter informs you regularly by email about new products and special promotions. The data you enter here will only be used to personalize the newsletter and will not be passed on to third parties. You can unsubscribe from the newsletter at any time or revoke your consent at any time by email to email@example.com. Your data will be deleted within 1 month of receiving the newsletter, provided that the deletion does not conflict with any statutory retention requirements. By sending the data you have entered, you consent to the data processing and confirm our data protection declaration.
16. Hosting and emailing
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services that we use for the purpose of operating this online offer.
Here, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer based on our legitimate interests in the efficient and secure provision of this online offer in accordance with. Art. 6 para. 1 lit. f GDPR in conjunction Art. 28 GDPR (conclusion of an order processing contract).
17. Collection of access data and log files
We, or our hosting provider, based on our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. GDPR data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider ,
For security reasons (e.g. to investigate misuse or fraud), log file information is stored for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidence purposes are excluded from deletion until the respective incident has been finally clarified.
18. Integration of services and content from third parties
We use content or service offers from third-party providers within our online offer based on our legitimate interests (ie interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. Services such as Include videos or fonts (hereinafter referred to as “content”).
This always presupposes that the third-party providers of this content perceive the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is therefore required to display this content. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as „web beacons“) for statistical or marketing purposes. The „pixel tags“ can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information on the use of our online offer, as well as being linked to such information from other sources.
18.1 Google Fonts
We integrate the fonts („Google Fonts“) from the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection declaration: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
19. Transfer of personal data to social networks
19.1 Data protection provisions on the application and use of Instagram
The controller has integrated components of the Instagram service on this website. Instagram is a service that qualifies as an audiovisual platform and enables users to share photos and videos and also to disseminate such data on other social networks.
Instagram is operated by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
Each time one of the individual pages of this website is accessed, which is operated by the controller and on which an Instagram component (Insta button) has been integrated, the Internet browser on the information technology system of the person concerned is automatically activated by the respective Instagram component prompted to download a representation of the corresponding component from Instagram. As part of this technical process, Instagram receives knowledge of which specific subpage of our website is visited by the data subject.
If the data subject is logged in to Instagram at the same time, Instagram recognizes each time our website is accessed by the data subject and for the entire duration of their stay on our website, which specific subpage the data subject visits. This information is collected by the Instagram component and assigned to the respective Instagram account of the data subject by Instagram. If the data subject clicks one of the Instagram buttons integrated on our website, the data and information transmitted with it are assigned to the personal Instagram user account of the data subject and saved and processed by Instagram.
Instagram always receives information via the Instagram component that the person concerned has visited our website if the person concerned is logged in to Instagram at the same time as accessing our website; this takes place regardless of whether the person concerned clicks on the Instagram component or not. If the data subject does not want this information to be transmitted to Instagram, they can prevent the transmission by logging out of their Instagram account before accessing our website.
Further information and the applicable data protection regulations of Instagram can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
19.2 Data protection provisions on the application and use of Facebook and Facebook social plug-ins
The controller has integrated components of the Facebook company on this website. Facebook is a social network.
A social network is a social meeting point operated on the Internet, an online community that usually enables users to communicate with each other and to interact in virtual space. A social network can serve as a platform for exchanging opinions and experiences or enables the internet community to provide personal or company-related information. Facebook enables the users of the social network, among other things, to create private profiles, upload photos and network via friend requests.
Facebook is operated by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If an affected person lives outside the USA or Canada, the person responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.
Each time one of the individual pages of this website is accessed, which is operated by the controller and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the person concerned is automatically activated by the respective Facebook Component causes a representation of the corresponding Facebook component to be downloaded from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook receives knowledge of which specific subpage of our website is visited by the data subject.
If the data subject is logged into Facebook at the same time, Facebook recognizes each time our website is accessed by the data subject and for the entire duration of their stay on our website, which specific subpage of our website the data subject visits. This information is collected by the Facebook component and assigned to the respective Facebook account of the person concerned by Facebook. If the person concerned presses one of the Facebook buttons integrated on our website, for example the „Like“ button, or if the person concerned makes a comment, Facebook assigns this information to the person’s personal Facebook user account and stores this personal data ,
Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged in to Facebook at the same time as accessing our website; this takes place regardless of whether the person concerned clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, he can prevent the transmission by logging out of his Facebook account before visiting our website.
The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains which setting options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.
19.3 Data protection provisions on the application and use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. („Google“). Use is based on Art. 6 Para. 1 S. 1 lit. f. DSGVO. Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of the website such as
Browser type / version,
operating system used,
Referrer URL (the page previously visited),
Host name of the accessing computer (IP address),
Time of the server request,
are usually transferred to a Google server in the USA and stored there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. We have also added the code „anonymizeIP“ to Google Analytics on this website. This guarantees the masking of your IP address so that all data is collected anonymously. The full IP address will only be transmitted to a Google server in the USA and abbreviated there in exceptional cases.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: http://tools.google.com/dlpage/gaoptout?hl=de.
We continue to use Google Analytics to evaluate data from double-click cookies and also AdWords for statistical purposes. If you do not want this, you can deactivate this via the Ads Preferences Manager (http://www.google.com/settings/ads/onweb/?hl=de).
19.4 Data protection provisions on the application and use of Twitter
The controller has integrated Twitter components on this website. Twitter is a multilingual, publicly accessible microblogging service on which users can publish and distribute so-called tweets, i.e. short messages that are limited to 280 characters. These short messages are available to everyone, including anyone who is not logged in to Twitter. The tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Twitter also enables a wide audience to be addressed via hashtags, links or retweets.
Twitter is operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
Each time one of the individual pages of this website is accessed, which is operated by the controller and on which a Twitter component (Twitter button) has been integrated, the Internet browser on the information technology system of the person concerned is automatically activated by the respective Twitter component prompted to download a representation of the corresponding Twitter component from Twitter. Further information on the Twitter buttons can be found at https://about.twitter.com/de/resources/buttons. As part of this technical process, Twitter receives knowledge of which specific subpage of our website is visited by the data subject. The purpose of integrating the Twitter component is to enable our users to redistribute the content of this website, to make this website known in the digital world and to increase our visitor numbers.
If the data subject is logged in to Twitter at the same time, Twitter recognizes each time our website is accessed by the data subject and for the entire duration of their stay on our website, which specific subpage of our website the data subject visits. This information is collected by the Twitter component and assigned to the respective Twitter account of the data subject by Twitter. If the data subject clicks one of the Twitter buttons integrated on our website, the data and information transmitted with it are assigned to the personal Twitter user account of the data subject and saved and processed by Twitter.
Twitter receives information via the Twitter component that the person concerned has visited our website if the person concerned is logged in to Twitter at the same time as accessing our website; this takes place regardless of whether the person concerned clicks on the Twitter component or not. If the data subject does not want this information to be transmitted to Twitter, he or she can prevent the transmission by logging out of their Twitter account before accessing our website.
The applicable data protection regulations of Twitter are available at https://twitter.com/privacy?lang=de.
20. Relevant legal bases
In accordance with Art. 13 GDPR, we will inform you of the legal basis for our data processing. For users from the scope of the General Data Protection Regulation (GDPR), i.e. In the EU and the EEC, unless the legal basis is mentioned in the data protection declaration, the following applies:
The legal basis for obtaining consent is Art. 6 Para. 1 lit. a and Art. 7 GDPR;
The legal basis for processing for the performance of our services and implementation of contractual measures as well as answering inquiries is Art. 6 Para. 1 lit. b GDPR;
The legal basis for processing to fulfill our legal obligations is Art. 6 Para. 1 lit. c GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis. The legal basis for the processing required to perform a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible is Art. 6 Para. 1 lit. e GDPR. The legal basis for processing to protect our legitimate interests is Art. 6 Para. 1 lit. f GDPR.
The processing of data for purposes other than those for which it was collected is determined in accordance with the requirements of Art 6 (4) GDPR. The processing of special categories of data (according to Art. 9 Para. 1 GDPR) is determined according to the stipulations of Art. 9 Para. 2 GDPR.
21. Legitimate interests in the processing that are being pursued by the controller or a third party
Is the processing of personal data based on Article 6 I lit. f GDPR is our legitimate interest in carrying out our business for the benefit of all our employees and our shareholders.
22. Duration for which the personal data is stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the deadline has expired, the corresponding data will be routinely deleted, provided that it is no longer required to fulfill or initiate a contract.
23. Legal or contractual provisions for the provision of personal data; Necessity for the conclusion of the contract; Obligation of the data subject to provide the personal data; possible consequences of not providing
We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information about the contracting party). Sometimes it may be necessary to conclude a contract that a data subject provides us with personal data that we subsequently have to process. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide personal data would result in the contract not being concluded with the person concerned. Before the data subject provides personal data, the data subject must contact one of our employees. Our employee clarifies the person concerned on a case-by-case basis whether the provision of personal data is required by law or contract or is required for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of not providing the personal data.
This data protection declaration clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as „data“) as part of the provision of our services as well as within our online offer and the websites, functions and content connected to it, as well as external online presences, e.g. our social media profile (hereinafter collectively referred to as the „online offer“). With regard to the terminology used, e.g. “Processing” or “responsible person”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
As of January 2020