Privacy Policy (English version)


(Jannis Hermanns) #1

Privacy Policy Big Mike Alright UG
We are very pleased about your interest in Big Mike Alright UG and our services. Of course, to be able to offer our websites and apps, we also need some data about you.We take the protection of personal data very seriously and always process it in accordance with the applicable data protection provisions, in particular the EU General Data Protection Regulation (DSGV) With this Privacy Policy we would like to inform you in full about the nature, extent and purpose of the personal data processed by usInform your rights as affected person.

1. Responsible and general information
Your data will be processed by the Big Mike Alright UG, Jägerndorfer Zeile 61, 12205 Berlin, Phone: +491579 2347364, E-Mail: hello@gymheroapp.com responsible within the meaning of the General Data Protection Regulation (DSGVO). We also mean that when we use phrases like “we” or “us”. By “Big Mike Alright UG” we mean in this document www.gymhero.me, www.fitty.co, www.bigmikealright.com, max-and-mila.com and the various apps (Gym Hero, Gym Hero Pro and the Max and Mila app) by Big Mike Alright UG, including all available subpages, content and features (eg Internet community). Individual parts of Big Mike Alright UG are also referred to below as “online services”. We also mean that, as far as a website is mentioned below or when we speak of App.
Our services are intended for the general public and not for children. We do not knowingly collect personal information from users who are considered to be children under their respective national laws.

2. Collection and processing of personal data
As a rule, you can use online services that do not require payment or registration without providing personal information. In certain cases, however, we process the personal data listed in section 3. This basically only happens if this is necessary to provide a functional website or app as well as our content and services. We also process personally identifiable information in connection with the use of Big Mike Alright UG, if you provide such information by you, eg. For example, as part of a registration or a request to us or because of a different legal basis (see paragraph 4). If you do not wish this, you can not use our services or not in full.

3. Categories of processed data
Once you use Big Mike Alright UG, our system automatically collects information from the computer system of the calling machine. It can u. a. the following data are collected:

  • Information about the browser type and version used
  • Operating system of the user
  • Date and time of access
  • Web analytics data
  • Websites from which the user accesses our website
  • Websites that the user accesses through our website

In addition, we process the following personal data if there is a contractual relationship between you and us or if you have transmitted the data to us in other ways:

  • Communication data (e-mail address)
  • Login data: username and password

4. Legal basis and purpose of processing
We process your data solely on the basis of one or more of the possible legal foundations.
According to DSGVO, personal data may be processed in particular on the basis of a contract or for the performance of pre-contractual measures, in the presence of consent, on the basis of a legitimate interest or law and for the protection of vital or public interests.
To provide certain content or services on our website, registration is required. Each user can register for free with Big Mike Alright UG, stating a username, e-mail address and password, which will send your registration information to us. The collection and processing of this data takes place in order to fulfill the user agreement between us and the user, Art. 6 para. 1 lit. b DSGVO.
When subscribing or purchasing a paid service, we use your contract master data, including contact details for performance and fulfillment of the contract, such as processing required to provide other service or consideration, as well as the enforcement of legal rights or claims (Article 6 (1) (b) GDPR). The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services. In the case of paid services, we process certain data because we are subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations (Article 6 (1) © GDPR).
In addition, we use your e-mail address collected in the course of registration or as part of the contract to generally inform you about Big Mike Alright UG. The processing of the e-mail address in this case is based on our legitimate interest in notifying you of important changes.
In addition, we use your e-mail address to send you our newsletter if you have given us your prior express consent to receive a newsletter or advertising. In this case, we process your e-mail address in order to be able to deliver the newsletter as you wish (Art. 6 (1) (b) GDPR). You may object to the use of your e-mail address for such purposes at any time in writing or in writing to hello@gymheroapp.com or Jägerndorfer line 61 in 12205 Berlin with effect for the future, without any costs other than the transmission costs according to the basic tariffs.
On the Internet, each device for transmitting data requires a unique address, the so-called IP address. The at least temporary storage of the IP address is technically necessary to allow delivery of the website to the computer of the user. We shorten the IP addresses before any processing and process them only anonymously. There is no storage or further processing of the unabridged IP addresses.
In the case of processing operations that are not covered by one or more of the aforementioned legal bases, processing takes place if it is necessary to safeguard a legitimate interest and if your interests, fundamental rights and fundamental freedoms do not predominate due to a comprehensive weighing of interests (Article 6 (1) lit. DSGVO). A legitimate interest is to be assumed if the data subject is a customer of the person responsible. Based on the processing of personal data, our legitimate interest is, in particular, to conduct our business for the benefit of all of our employees and our shareholders.
Our legitimate interest in being able to offer you tailor-made products, to inform you about our products, innovations and quality features as well as to continuously improve our services and products and thereby also increase our sales, is the legal basis for processing for the purpose of web / app analysis. For web analysis services, see point 9.
Another legitimate interest is the functionality of the business processes that result in processing for internal administrative purposes (eg, address management).
You can object to the processing on the basis of a legitimate interest at any time (see section 13).
In the event that the data is processed for a purpose other than that specified in the data collection, a compatibility check will be carried out in accordance with Art. 6 (4) GDPR. Further processing is only permitted if the original purpose is compatible with the new purpose or permitted on the basis of a separate legal basis. Recognized compatible purposes are u. a. the assertion, exercise or defense of civil law claims unless there is overriding interest of the data subject. In this case, we will inform you about the change of purpose. If the new purpose is incompatible with the purpose stated on the survey, a new survey will be carried out on the basis of a new legal basis. Again, we will inform you about the change of purpose.

5. Place of processing
We ourselves do not transfer your personal data to countries outside the European Economic Area, except in cases where it is permitted under the GDPR. Whether third parties, with whom you have your own contractual relationship (such as with Facebook, if you have a Facebook account) transfer data to countries outside the European Economic Area, is beyond our knowledge and influence.
We also process data in countries outside the European Economic Area (“EEA”). In order to ensure the protection of your personal rights also in the context of these data transfers, we use the standard contractual clauses of the EU Commission in structuring the contractual relationships with the recipients in third countries in accordance with Art. 46 para. 2 lit. c DSGVO. These are available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF at any time, alternatively you can also download these documents from us Ask for the contact options below.
For the US, the European Commission has decided by decision of 12.7.2016, that under the regulations of the EU-U.S. Privacy Shields an appropriate level of data protection exists (adequacy decision, Art. 45 DSGVO). For more information - including the certification of the service providers we use - you can get it at https://www.privacyshield.gov. We only use US service providers who are under the EU-US. Privacy Shield are certified.

6. Origin of the data
In certain cases, we also receive data because you have consented to the transmission to us.
As you know, apps are regularly made available for download from third-party sites (such as iTunes, Google, etc.). If, in accordance with the applicable terms and conditions of such a provider, the Big Mike Alright UG becomes your contractual partner for the purchase of the App, we will process the data provided to us by the third party to the extent necessary to fulfill the contract so that you can download the app to your mobile device can download.
Notes when using apps:
General
Our apps use the following permissions for the purposes listed below to give them access to certain features of your mobile device:

• Camera - To create progress pics, the app needs access to your phone’s camera. The images are stored exclusively on your phone and are used e.g. not synchronized with servers nor are they publicly visible.

In order to use our apps in full, you must have an account. What data are collected for this, you have already learned in advance (see section 3). Our usage concept is partly based on the publication of certain information of our users, including your information. So that you can decide for yourself whether and which data you would like to publish, we present below our program in more detail. This includes in particular the following information:

  • Public profile (username, profile picture if you signed in with your Facebook account)
  • Training information (number, duration and type of training session, total number of training sessions, exercise names, etc.)

With the information in your public profile you appear on the Big Mike Alright UG websites. This information will allow other site visitors to see your username and profile picture and, if necessary, recognize you based on that information.
The Gym Hero Apps save all your successfully completed training sessions. Other visitors to the Big Mike Alright UG websites can see this information. With this we want to motivate you and other athletes to become better and to train more successfully.
If you do not want the above information to be made public, you can disable it in the app settings.

Facebook Connect
You can also log in to Big Mike Alright UG via a Facebook account.
Facebook Connect is an offer from Facebook Ireland Limited, 5-7 Hanover Quay, Dublin 2, Ireland. The use of Facebook Connect is subject to the privacy conditions and terms of use of Facebook. If you decide to register with your Facebook account, you will be redirected to Facebook in a first step. There, Facebook asks to provide the access data and log in to Facebook or register. If you are already logged in at this moment on Facebook, this query for registration is skipped. Important: We will not receive any access data. When logging in via Facebook Connect, Facebook profile data and according to the Facebook definition “public information” (https://www.facebook.com/about/privacy/your-info/) are transferred from your Facebook profile to us, ie such that you make publicly available or release for the respective application. “Public” in connection with Facebook means that anyone outside of Facebook can see this data. This includes your name, your profile and cover picture, your gender, networks, username (Facebook URL) and user ID number (Facebook ID). Conversely, data can also be transferred from us to your Facebook profile. When you register with us via Facebook Connect, we store and process your data transmitted to us for the purpose of registration.

Google+
You can also log in to Big Mike Alright UG through your Google Account.
Google+ is an offer from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Use of Google+ is subject to Google’s Privacy Policy and Terms of Service (https://policies.google.com/privacy). If you decide to register with your Google Account, you’ll be taken straight to Google in a first step. There Google asks to provide the access data and to log in or register. If you are already logged into Google at this moment, this query will be skipped for login. Important: We will not receive any access data. When signing up for Google+, profile data will be sent to us, which you make public or share with the application. When you sign up with us via Google+, we store and process your data transmitted to us for the purpose of registration.

7. Disclosure of your data to third parties
We transmit your personal data to third parties only if the transmission is necessary in order to fulfill our contractual obligations to you and this is evident at or together with another provider (eg in cooperations), we for the transfer in any other way are legally entitled or obliged, or you have given us a corresponding consent.

In certain cases, we also use external service providers or affiliates who have been instructed by us to process data for us. Such service providers are contractually obligated by us according to the strict requirements of the DSGVO as a processor and may not re-use your data for any other purpose. Our contract processors provide the following services in particular for us: payment service (s), hosting and web / app analysis.

The transfer of data to processors takes place on the basis of Art. 28 (1) GDPR, alternatively based on our legitimate interest in the economic and technical advantages associated with the use of specialized contract processors, Art. 6 (1) lit. f DSGVO.
If we are legally obliged to do so or if this is permitted under data protection law, we transfer personal data to authorities, for example the police or public prosecutor (Art. 6 (1) c DSGVO). The disclosure of this data is based on our legitimate interest in the fight against abuse, the prosecution of crimes and the protection, assertion and enforcement of claims and that your rights and interests in the protection of your personal data do not predominate, Art. 6 para. 1 lit. , f DSGVO.

8. Cookies and related technologies
We use cookies. Cookies are small files that your browser stores on your device in a designated directory. Through them u. a. Determine if you have visited a website before. If you agree, cookies may also store login information for an online service, so you do not need to enter this login information every time you visit the site. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string through which websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited websites and servers to distinguish the individual’s browser from other Internet browsers that contain other cookies. A particular web browser can be recognized and identified by the unique cookie ID.

We use two types of cookies:
On the one hand technically necessary cookies, without which the functionality of our website would be limited as well as optional cookies, in order to make our website more user-friendly. The user data collected through technically necessary cookies will not be used to create user profiles. The use of the analysis cookies is for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and so we can constantly optimize our offer. Further information on the individual analysis services can be found in Section 9 of this Privacy Notice.
You can prevent the setting of cookies by us at any time by means of an appropriate setting of the Internet browser used and thus permanently contradict the setting of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. Deactivate the setting of cookies in the Internet browser used, may not all features of our website are fully usable.

When using apps, a technology similar in function is used instead of the cookie.
Cookies can not identify you as a person. In any case, the use of cookies on the basis of our legitimate interest in a needs-based design and the statistical analysis of Big Mike Alright UG justified (Article 6 (1) f DSGVO).

9. Web / Appanalyseservices
In order to constantly improve our content and adapt it to the interests of our users, we use some services that collect and evaluate data on our website or in the app. Insofar as these service providers are not themselves responsible for data protection purposes, they always process the pseudonymised user data according to instructions based on a order processing agreement. You can disable the individual analysis services at any time for the future. Below you can find details about the analysis services we use:

Google Analytics
We have integrated Google Analytics (with anonymization feature). Google Analytics is a web analytics service. Web analytics is the collection, collection and analysis of data about the behavior of visitors to websites. Among other things, a web analytics service collects information about which web site an affected person came to a web site (called referrers), which subpages of the web site were accessed, or how often and for what length of time a subpage was viewed. Web analytics is used primarily to optimize a website and cost-benefit analysis of Internet advertising.
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
We use the addition “_gat._anonymizeIp” for web analysis via Google Analytics. This addendum will truncate and anonymise Google’s IP address for the data subject if the access to our websites is from a Member State of the European Union or another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile for us online reports that show the activities on our websites, and to provide other services related to the use of our website.
Google Analytics uses a cookie on the information technology system of the person concerned. What cookies are, has already been explained above. By using the cookie, Google will be able to analyze the use of our website. Each time you visit any of the pages on this site operated by us and incorporating a Google Analytics component, the Internet browser on the subject’s information technology system is automatically prompted by the respective Google Analytics component for purposes submit the online analysis to Google. As part of this technical process, Google will be aware of personal data, such as the IP address of the person concerned, which serve, among other things, Google to track the origin of the visitors and clicks, and subsequently make commission settlements possible.
The cookie stores personally identifiable information, such as access time, the location from which access was made and the frequency of site visits by the data subject. Each time you visit our websites, your personal information, including the IP address of the Internet connection used by the individual, is transferred to Google in the United States of America. This personal information is stored by Google in the United States of America. Google may transfer such personal data collected through the technical process to third parties.
The person concerned may authorize cookies through our website, as described above, at any time by means of an appropriate setting of the Internet browser used prevent the setting of cookies permanently. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the person concerned. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
Furthermore, the data subject has the possibility of objecting to and preventing the collection of the data generated by Google Analytics for the use of this website as well as the processing of this data by Google. For this the person concerned has to add a browser add-on under the link http://tools.google.com/dlpage/gaoptout?hl=de
download and install. This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics.The installation of the browser add-on is considered by Google as a contradiction. If the data subject’s information technology system is later deleted, formatted or reinstalled, the data subject must re-install the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or disabled by the data subject or any other person within their sphere of control, it is possible to reinstall or reactivate the browser add-on.
Additional information and Google’s privacy policy can be found at https://www.google.com/intl/en/policies/privacy/ and http://www.google.com/analytics/terms/en.html. Google Analytics is explained in more detail at https://www.google.com/intl/de_de/analytics/.

Mixpanel
On Big Mike Alright UG, Mixpanel, a web analytics service provided by Mixpanel, 405 Howard Street, Floor 2, CA 94105 San Francisco, collects and stores data from which pseudonymous usage profiles are created. These user profiles are used to analyze visitor behavior and are evaluated to improve and tailor our services. Cookies can be used. You can prevent the storage of cookies by a corresponding setting of your browser software. The data collection and storage for the purpose of web analysis, you can contradict here at any time with effect for the future: https://mixpanel.com/optout/.
Additional information and the applicable Data Protection Policy of Mixpanel can be found at https://mixpanel.com/legal/privacy-policy/.

10. Social networks
You can also find us in social networks of foreign companies, such as: B. Facebook or Twitter. In addition, we have integrated individual functions of these networks into our online services. However, you can only use both if you are registered and logged in to the respective social network. Please note that the usage and privacy conditions of this company apply to the use of the respective social network, over which we have no influence. However, we would like to tell you how such networks process your personal data in this context:

Facebook
We have integrated components of the company Facebook on this website. Facebook is a social network.A social network is an Internet-based social meeting place, an online community that typically allows users to communicate with each other and interact in virtual space. A social network can serve as a platform to exchange views and experiences, or allows the Internet community to provide personal or business information. Facebook allows social network users to create private profiles, upload photos and socialize via friend requests.
The operating company of Facebook is Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Persons responsible for the processing of personal data, if an affected person lives outside the US or Canada, are Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.
Each time you visit one of the individual pages of this website, which is operated by us and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective Facebook component, to download a picture of the Facebook Facebook component. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=en_US. As part of this technical process, Facebook will be aware of the specific bottom of our website visited by the person concerned.
If the data subject is logged in to Facebook at the same time, Facebook recognizes with each visit to our website by the data subject and during the entire duration of the respective stay on our website, which specific underside of our website the data subject visits. This information is collected through the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the person concerned activates one of the Facebook buttons integrated on our website, for example the “Like” button, or if the person concerned makes a comment, Facebook assigns this information to the personal Facebook user account of the person concerned and saves this personal data, through the Facebook component, Facebook always receives information that the person concerned has visited our website if the data subject is simultaneously logged in to Facebook at the time of accessing our website; this happens regardless of whether the person clicks on the Facebook component or not. If such a transfer of this information to Facebook is not wanted by the person concerned, it can prevent the transfer by logging out of their Facebook account before calling our website. The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information on the collection, processing and use of personal data by Facebook. It also explains which options Facebook offers to protect the privacy of the data subject. In addition, different applications are available, which make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.

Instagram
We use components of the Instagram service. Instagram is a service that qualifies as an audiovisual platform, allowing users to share photos and videos, and also disseminate such data to other social networks. The operator of Instagram is the Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA. Each time you visit any of the pages on this site that incorporates an Instagram component (Insta-Button), Instagram learns which specific subpage of our site is being visited by the affected person. If you are logged in to Instagram at the same time, Instagram recognizes with each visit to our website and during the entire duration of the respective stay on our website which specific subpage has been visited. This information is collected through the Instagram component and assigned through Instagram to your Instagram account. If you use one of the Instagram buttons integrated on our website, the data and information transferred with it are assigned to the personal Instagram user account and saved and processed by Instagram. Instagram always receives information from the Instagram component that you have visited our website if you are simultaneously logged into Instagram at the time of accessing our website; this happens regardless of whether you click on the Instagram component or not. If you do not wish to have this information transmitted to Instagram, it may prevent you from logging out of your Instagram account before you visit our website. Additional information and Instagram’s privacy policy can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

Twitter
We have integrated Twitter components into this website. Twitter is a multilingual publicly available microblogging service where users can post and distribute so-called tweets, which are limited to 140 characters. These short messages are available to anyone, including non-Twitter subscribers. The tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Twitter also allows you to address a broad audience via hashtags, links or retweets.
The operating company of Twitter is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
Each time you visit one of the individual pages of this website, which is operated by us and on which a Twitter component (Twitter button) has been integrated, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective Twitter component. to download a presentation of the corresponding Twitter component of Twitter. Further information on the Twitter buttons is available at https://about.twitter.com/en/resources/buttons. As part of this technical process, Twitter will be aware of the specific bottom of our site being visited by the person concerned. The purpose of the integration of the Twitter component is to allow our users to redistribute the content of this website, to promote this website in the digital world and to increase our traffic.
If the data subject is logged in to Twitter at the same time, Twitter recognizes with each visit to our website by the data subject and during the entire duration of the respective stay on our website which specific subpage of our website the data subject visits. This information is collected through the Twitter component and assigned through Twitter to the affected person’s Twitter account. If the person concerned activates one of the Twitter buttons integrated on our website, the data and information transmitted with it are assigned to the personal Twitter user account of the person concerned and stored and processed by Twitter.
Twitter always receives information from the Twitter component that the data subject has visited our website if the data subject is simultaneously logged in to Twitter at the time our website is accessed; this happens regardless of whether or not the subject clicks on the Twitter component. If the affected person does not want to transmit this information to Twitter, it can prevent it from logging out of their Twitter account before calling our website.
The applicable privacy policies of Twitter are available at https://twitter.com/privacy.

YouTube
We have integrated YouTube components into this site. YouTube is an internet video portal that allows video publishers to freely watch video clips and other users for free viewing, rating and commenting. YouTube allows the publication of all types of videos, so that both complete film and television broadcasts, but also music videos, trailers or user-made videos via the Internet portal are available.
YouTube’s operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
Each time you visit any of the pages on this site operated by us and you have integrated a YouTube component (YouTube video), the internet browser on the subject’s information technology system will be automatically triggered by the particular YouTube component, to download a representation of the corresponding YouTube component from YouTube. More information about YouTube can be found at https://www.youtube.com/yt/about/en/. As part of this technical process, YouTube and Google are aware of the specific bottom of our site being visited by the data subject.
If the person is logged in to YouTube at the same time, YouTube recognizes by calling a sub-page that contains a YouTube video, which specific bottom of our website the affected person visits. This information is collected by YouTube and Google and associated with the individual YouTube account.
YouTube and Google will always receive information from the YouTube component that the data subject has visited our website if the data subject is logged into YouTube at the time of accessing our website; this happens regardless of whether the person clicks on a YouTube video or not. If such transfer of such information to YouTube and Google is not wanted by the data subject, it may prevent the transfer by logging out of their YouTube account before calling our website.
YouTube’s privacy policy, available at https://www.google.com/intl/en/policies/privacy/, identifies the collection, processing, and use of personally identifiable information by YouTube and Google.
On smartphones and tablets, the aforementioned services are often not implemented by plug-ins, but by a device-internal “sharing” function. According to its settings, information can also be given to other social media service providers. Please refer to details of your device information.

Gravatar
In our offerings, particularly in our community, we use the Gravatar service of Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA.
At Gravatar, users can register with their email address and then set a profile picture for their own account. If an online service is then used, which uses the service of Gravatar, this profile picture is displayed without further settings with own contributions. So if you create posts or comment on posts on our pages, your profile picture will be displayed by Gravatar.com.
To verify that you are logged in to Gravatar, your email address will be encrypted to Gravatar and then deleted.
The use of Gravatar is based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR, because with the help of Gravatar we offer our users the possibility to customize their profile with us.
In order to offer the service of Gravatar, the IP address of the users will be transferred to Gravatar. That’s for communication between a browser and online service
necessary. For more information about Gravatar’s collection and processing of data, see the Automattic Privacy Notice: https://automattic.com/privacy/
If you do not want your profile picture stored on Gravatar to be displayed on our pages, you may refrain from your own comments and contributions, or use an e-mail address that is not deposited with Gravatar.

11. Payment service
In the event that you use a paid service or purchase something through our website / app, we offer different payment methods. If you decide to use one of these payment service providers, you are leaving our site. All data is then collected and processed by this payment service provider. We do not receive any personal data, in particular no bank or credit card data, but only the information that the payment was successfully made. The following payment service providers are available:

Stripe
We have integrated the payment service Stripe on this website. The operating company is Stripe Inc, 185 Berry Street, CA 94107 San Francisco. Stripe makes it possible to initiate online payments to third parties. If the data subject selects “Stripe” as a payment option during the ordering process in our online shop, data of the person concerned is automatically transmitted to Stripe. By selecting this payment option, the data subject consents to the transfer of personal data required for payment processing. The personal data provided to Stripe are usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other data required for payment processing. For the execution of the purchase contract, also such personal data are necessary, which are in connection with the respective order. The purpose of the transmission of the data is payment processing and fraud prevention. We will provide Stripe with personal information, in particular if there is a legitimate interest in the transfer. Stripe and personal information exchanged between us and Stripe may be transmitted to credit reporting agencies. This transmission aims at the identity and credit check. Stripe may disclose personal information to affiliates and service providers or subcontractors, to the extent necessary to fulfill contractual obligations or to process the data on behalf of. The data subject has the possibility to revoke the consent to the handling of personal data to Stripe at any time. A revocation has no effect on personal data which must be processed, used or transmitted for (contractual) payment processing. Stripe’s privacy policy is available at https://stripe.com/privacy-shield-policy.

12. Storage time
We store personal data only as long as we are entitled to do so and the processing purpose is not eliminated. For the duration of storage of personal data, the respective statutory retention period applies. After the deadline, the corresponding data will be routinely deleted, if they are no longer required to fulfill the contract or to initiate a contract.

13. Contact details and your rights as affected person
If you have any questions or suggestions about privacy and the enforcement of your rights as a data subject, please contact our data protection officer at any time:
Big Mike Alright UG
data protection
Jägerndorfer Zeile 61
12205 Berlin
hello@gymheroapp.com

Information and correction
You can receive information from us at any time free of charge if personal data about you are processed by us and also concretely which data about you are stored and a copy of the stored data. You can also correct and complete incorrect data.

Deletion, restriction and the right to be forgotten
You can request the deletion and restriction of your personal data. Please note that it is z. B. for paid contracts such as the purchase of a subscription from Big Mike Alright UG legal storage obligations and therefore we may not delete your data in any case completely. In this case, your data will be tagged with the aim of limiting their future processing.

Data portability
If applicable, you also have the right to have personal information relating to you transmitted to you or another person in a structured, common and machine-readable format, provided the processing is based on your consent or contract and is automated. However, this does not apply if the processing is not necessary for the performance of a task of public interest or in the exercise of public authority delegated to the controller. You also have the right to obtain that the personal data are transmitted directly from one person responsible to another person responsible, as far as this is technically feasible and if this does not affect the rights and freedoms of other persons.

Revocation / Opposition
Your given consent, you can at any time with effect for the future under the o. G. Revoke contact address. In particular, you may object to the use of your e-mail address for the purpose of sending out the newsletter at any time in writing or in writing to hello@gymheroapp.com or Jägerndorfer line 61 in 12205 Berlin with effect for the future, without any other than the transmission costs according to the basic rates arise. You also have the right, for reasons that arise from your particular situation, to object at any time to the processing of personal data concerning you that is based on a legitimate or public interest. This also applies to profiling based on these provisions. In the event of an objection, we will no longer process personal data unless we can establish compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing is for the purpose of asserting, exercising or defending legal claims ,
You also have the right, for reasons that arise from your particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes, unless such processing is involved necessary to fulfill a public interest task.

Right of appeal
Furthermore, you have a right of appeal to the competent supervisory authority as well as the opportunity to appeal. The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy.

Existence of automated decision making
We refrain from automatic decision-making or profiling.

As of: 20 May 2018