Processing of your data and your associated rights
– information as per Articles 13, 14 and 15 of the European General Data Protection Regulation (GDPR) –
Dear customer, In the following, we inform you how we process your personal data and the legal claims and rights you are permitted to assert in line with data protection legislation.
The specific data and the extent to which it is used are governed by the proposed or agreed services.
1. Who is responsible for data processing and who can I contact in this regard?
The data controller is:
FITSEVENELEVEN GmbH, Düsseldorfer Str. 40, 65760 Eschborn, Taunus
Phone number: 069 153240690
Email address: email@example.com
Our data protection officer can be contacted at:
C/O FITSEVENELEVEN GmbH, Düsseldorfer Str. 40, 65760 Eschborn, Taunus
Email address: firstname.lastname@example.org
2. Which sources and data do we use?
We process personal data that you submit to us within the scope of our business relationship
. We also process data that we have legally obtained from other companies to the extent required to perform our services
(e.g. to execute orders, perform contracts or on the basis of your consent).
Relevant personal data refers to your personal information (name, address and other
contact information, date and location of birth, nationality), verification data (e. g.
identification) and authentication data (e.g. specimen signature). The data collected may also include
order-related data (e.g. delivery addresses), data required to satisfy our contractual
obligations, marketing and sales data, documentation (e. g.
consultation records), data on your use of our telemedia services (e. g.
the time you accessed our website, apps or newsletter, pages or posts
you have clicked on) along with the other specified categories of similar data.
We collect the following data when you register at one of our fitness clubs:
Your name, address, home/mobile number, email address, data of birth and bank details.
The above data is required to allow us to perform the contractually agreed services
(Art. 6(1) GDPR)
3. Which purposes do we process your data for and on which legal bases?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):
3.1 In order to fulfil our contractual duties (Art. 6(1) lit. b GDPR)
We process personal data (Art. 4(2) GDPR) in order to provide physical fitness services (fitness studios) and sell products in relation to these services.
The purposes for which we process your data are primarily based on the specific product (e.g. fitness training, fitness advice, physiotherapy) and may include needs analyses, advice and selling products.
Further information on the purpose of data processing can be found in the respective contractual documents and our terms and conditions.
3.2 In order to balance interests (Art. 6(1) lit. f GDPR)
Where necessary, we process your data for purposes beyond the actual performance of the contract in order to protect our legitimate interests or the legitimate interests of third parties, for example in the
- Consultations and data exchanges with credit agencies (e.g. CREFO) to communicate risks related to creditworthiness or payment and requirements with regard to accounts with seizure protection or basic accounts;
- To review and optimise processes for direct customer contact;
- Advertising, market research and opinion polling, provided you have not objected to the use of your data for this purpose;
- To assert legal claims and to defend legal disputes;
- To uphold IT security and IT operations;
- Security measures for the building and systems (access control, for example);
- Measures to uphold the right to determine who is granted or denied access to the premises;
- To introduce measures for corporate governance and the further development of services and products.
3.3 On the basis of your consent (Art. 6(1) lit. a GDPR)
The legality of processing that takes place on the basis of your consent is ensured once you have granted us consent to the processing of your personal data for certain purposes (e.g. the provision of information on courses we offer). Once granted, consent may be withdrawn at any time. This also applies to the withdrawal of declarations of consent that were submitted to us prior to the date on which the GDPR entered into force, 25th May 2018.
Please note that this withdrawal only applies with future effect. Processing that takes place prior to withdrawal is not affected by this and shall remain lawful.
4. Who receives my data?
Only employees within the FITSEVENELEVEN Group who require your data for the fulfilment of our contractual and statutory obligations shall be granted access thereto. Processors as per Art. 28 GDPR may also receive your data for the above purposes. This includes companies that provide IT services, logistics services, print services, telecommunications, debt collection, advisory services, consulting, sales and marketing.
Other companies or similar organisations to which we send personal data in order to perform the business relationship with you (depending on the contract: e. g. Tax advisers, debt collection companies, legal firms, credit agencies). Other data recipients may include the entities to which you have granted your consent for data transfers.
You may withdraw this consent granted to FITSEVENELEVEN GmbH at any time.
FITSEVENELEVEN members will continue to be able to access individual information such as workout plans and course dates for the duration of their contractual relationship on the Noexcuses app from MySports GmbH, Schauenburger Str. 6, 20095 Hamburg. By using Noexcuse, members grant FITSEVENELVEN permission to send data retrieved from the Noexcuses app to MySports GmbH in order to use it in relation to the app as well as to retrieve data stored by MySports GmbH and save it in the member’s profile. Consent to the above can be withdrawn at any time.
5. How long is my data stored for?
Where necessary, we process and store your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract, for example. In this regard, we would like to point out that our business relationship constitutes a continuing obligation that may be established for several years.
Furthermore, we are subject to a range of storage and documentation obligations as per the German Commercial Code and the Fiscal Code, among other regulations. The periods stipulated for storage or documentation range from two to ten years.
The retention period is also determined on the basis of statutory periods of limitation, for example, three years as per Section 195 ff. of the German Civil Code in certain cases, but up to thirty years in other cases.
6. Is my personal data transferred to a third country or international organisation?
Your personal data will only be transferred to third countries (countries located outside the European Economic Area – EEA) where required to execute your orders, where legally permissible or if you have granted your consent hereto. We shall inform you separately of the details in each individual case, provided this is required by law.
7. What are my rights as a data subject?
Each data subject is entitled to the right to access as per Art. 15 GDPR; the right to rectify as per Art. 16 GDPR; the right to erasure as per Art. 17 GDPR; the right to restrict processing as per Art. 18 GDPR; and the right to data portability as per Art. 20 GDPR.
The right to access and rectification are subject to the restrictions pursuant to Sections 34 and 35 BDSG. In addition to the above, you are also entitled to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG)
8. Am I required to provide data?
You are required to provide personal data that is necessary to establish, perform and terminate a business relationship or data that we are legally required to collect. As a rule, failure to provide this data shall prevent us from concluding a contract or may lead to us refusing to perform orders or no longer being able to execute an existing contract and subsequently needing to terminate it.
9. To what extent is automated decision-making used in individual cases?
We do not use automated decision-making as per Art. 22 GDPR in order to establish or manage business relationships. However, in cases where use automated decision-making on an individual basis, we shall separately inform you thereof if we are legally required to do so.
10. To what extent is my data used to create a profile (scoring)?
In certain cases, we automatically process your data in order to analyse certain personal aspects. For instance, we use profiling in the following cases: We use analysis tools in order to provide tailored information on products and advice. This facilitates personalised communications and ads, including market research and opinion polling.
11. Data protection in relation to applications and during the application process
Fitseveneleven collects and processes personal data from applicants to manage the application process. This processing may also take place in electronic form. In particular, the above shall apply if an applicant sends corresponding application documents to Fitseveneleven or one of its affiliates by email. If Fitseveneleven concludes an employment or service contract with the applicant, the disclosed data shall be stored in line with statutory provisions due to the establishment of an employment relationship. If Fitseveneleven does not enter into an employment relationship with the applicant, the application documents shall be deleted within 6 months after the applicant is informed of the rejection in the absence of any other compelling interests of Fitseveneleven that permit continued storage. One compelling interest in this regard may be the requirement to provide evidence in proceedings as per the General Equal Treatment Act (AGG), for example.
12. Google Analytics
Fitseveneleven has embedded components from Google Analytics (with anonymisation) on the website www.fitseveneleven.de.
Google Analytics is a web analysis service. Web analysis refers to the collection and evaluation of data on the surfing behaviour of website visitors.Among other things, a web analysis service collects information on which website the data subject accessed our website from, which subpages of the website were visited and how often and for how long each subpage was visited. The primary reason behind the use of web analysis is to optimise the website and analyse the cost-benefit ratio of web-based advertising. Google Analytics components are provided by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA
Fitseveneleven uses the extension _gat._anonymizeIp for web analysis by Google Analytics. Google uses this extension to truncate and anonymise the IP address of the datasubject’s internet connection when our website is accessed within a member state of the EU or a non-member state which isparty to the Agreement on the European Economic Area.
We use Google Analytics to analyse the flow of visitors to our website. Google uses the collected data and information to analyse the use of our website and, among other things, to compile online reports on our behalf to provide information on surfing behaviour on our website and enable us to offer additional services related to the use of our website.
Google Analytics sets a cookie on the data subject’s IT system. Please refer to the previous sections to learn more about cookies. Setting cookies allows Google to analyse the use of our website. Each time a user visits one of the individual pages on this website that features a Google Analytics component and is operated by the data controller, the web browser on the data subject’s IT system is automatically prompted by the respective Google Analytics component to send data to Google to enable online analyses. Within the scope of this technical process, certain personal data is transmitted to Google, such as the data subject’s IP address, which Google uses to trace the origin of visitors and clicks, among other things, and subsequently facilitate the settlement of commission fees.
The cookie that is set is used to store personal information such as the time of access, the location from which the website was accessed and the frequency of visits to our website by the data subject. Each time our website is visited, this personal data, including the IP address of the data subject’s internet connection is transmitted to Google servers in the USA. This personal data is then stored by Google in the USA. Personal data collected via technical processes may also be transmitted to third parties by Google in certain cases.
As previously mentioned, data subjects can prevent and permanently object to the setting of cookies by our website through the corresponding settings in their web browser. Changing the relevant web browser settings prevents Google fromsetting a cookie on the data subject’s IT system.#
Any cookies previously set by Google Analytics can likewise be erased at any time through settings in the data subject’s web browser or other software programs.
Google recognises the installation of this browser add-on as a declaration of objection. The data subject shall be required to reinstall the browser add-on to deactivate GoogleAnalytics in the case that their IT system is erased, reformatted or reinstalled at a later date. The browser add-on can be reinstalled and reactivated at any point in time if it has beenuninstalled or deactivated by the data subject or another person within their sphere of influence.
13. Newsletter and marketing
Fitseveneleven sends newsletter emails and other information on the topics of fitness, body training and wellness (hereinafter referred to as ‘Marketing’) solely on the basis of your consent or where permitted by law. Marketing is sent to the email address you provided. When you first sign up, you will receive confirmation of your registration from Fitseveneleven. However, your registration is only complete once you have clicked on the link in the email to confirm your email address for a second time (double opt-in). By providing your consent, you agree to the collection of your personal data. We collect your data in order to improve our services.
You reserve the right to withdraw your consent at any time . Click on the corresponding hyperlink in the marketing email in order to withdraw your consent.
14. Social media
Facebook plug-ins (Like & Share button)
If you want to prevent Facebook from linking visits to our website to your Facebook user account,please log out of your Facebook user account.
We use Google+ features on our website provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Our website includes features from Instagram. These features are provided by Instagram 1601 Willow Road, Menlo Park, CA, 94025, USA.
Our website uses buttons from Tumblr. This service is provided by Tumblr, Inc., 35 East 21st St, 10th Floor, New York, NY 10010, USA. These buttons allow you to share a post or page on Tumblr or follow the poster on Tumblr. When you click on a Tumblr button to visit one of our websites, your browser establishes a direct connection to the Tumblr servers. We have no influence on the scope of data collected and sent to Tumblr using the plug-in.
The user’s IP address and the URL of the website visited are sent based on current knowledge.
Our website uses features from LinkedIn provided by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time you visit a page containing LinkedIn features, a direct connection is established between your browser and the LinkedIn servers. This connection informs LinkedIn that you have visited our website with your IP address. If you click on a LinkedIn Recommend Button and you are logged into your LinkedIn account, LinkedIn will be able to link your visit to our website to your user account. We would like to draw your attention to the fact that as the website operator, we do not receive any information on the content of transmitted data or the use thereof by LinkedIn.
We use social plug-ins from the social media network Pinterest on our website provided by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA (Pinterest).
When you visit a page on our website that contains a corresponding plug-in, your browser establishes a direct connection to Pinterest’s servers. The plug-in transmits the log files to the Pinterest servers in the USA in the process. These log files may contain your IP address, the address of the websites you have visited that also contain Pinterest features, your browser type and settings, the date and time of your visit, information on your use of Pinterestas well as cookies.
15. Other plug-ins and tools
Our website uses plug-ins from YouTube, which is operated by Google. YouTube is a service provided by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. A connection to the YouTube servers is established when you visit one of our pages featuring a YouTube plug-in. This connection informs the YouTube server which of our pages you have visited.
Our website uses plug-ins from the Vimeo video portal provided by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
Google Web Fonts
This site uses web fonts provided by Google for the uniform display of fonts. When you visit a website, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.
Your browser needs to connect to Google’s servers for this purpose. This informs Google that our accessed website has been accessed via your IP address. Google Web Fonts are used in the interest of a uniform and attractive presentation of our website. This constitutes a compelling interest in accordance with 6(1) lit. f GDPR. If your browser does not support web fonts, your device will use a default font.
This website uses the mapping service Google Maps via APIs. This service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Our website includes features from the music streaming service Spotify provided by Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. Spotify plug-ins can be identified by the green logo on our website. An overview on Spotify plug-ins can be found at: https://developer.spotify.com. When you visit our website, the plug-in establishes a direct connection between your browser and the Spotify server. This connection informs Spotify that you have visited our website with your IP address. If you click on the Spotify button when you are logged into your Spotify account, you can link content from our website to your Spotify profile. This will enable Spotify to assign your visit to our website to your user account.
16. Payment providers
Our website accepts payments via PayPal and other payment providers. PayPal is a payment service provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter PayPal). If you opt to pay using PayPal, the payment information you enter is sent to PayPal. The transmission of data to PayPal takes place on the legal basis of Art. 6(1) lit. a GDPR. (consent) and Art. 6(1) lit. b GDPR (performance of contractual duties). You can withdraw your consent to the processing of your data at any time. This withdrawal shall not have any impact on the effectiveness of processing transactions that occurred in the past.
FITSEVENELEVEN right to object to processing and submit complaints Information on your right to lodge an objection as per Art. 21 of the General Data Protection Regulation
You reserve the right to lodge an objection to the processing of your personal data at any time on grounds pertaining to your personal situation on the legal basis of Art. 6(1) lit. e GDPR (data processing in the public interest) and Art. 6 (1) lit. f GDPR (data processing on the basis of balancing interests); this also applies to any profiling as per Art. 4(4) GDPR that takes place on the basis of these provisions carried out by us to optimise our services or for advertising purposes.
If you lodge an objection, we shall no longer process your personal data, unless we are able to provide compelling and legitimate grounds for continued processing that override your interests, rights and liberties, or the processing takes place in order to assert, exercise or defend legal claims.
In certain cases, we may process your personal data for direct advertising purposes. You are entitled to object to any processing of your personal data that takes place for this sort of marketing at any time; this also applies to profiling, provided it is linked to the direct advertising.
You also reserve the right to appeal to the competent supervisory authority in the case of violations of the GDPR. The competent supervisory authority for all data protection matters is the data protection commissioner of the federal state in which our company has its headquarters. A list of data protection commissioners and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
If you lodge an objection to the processing of your data for direct advertising purposes, we shall no longer process your personal data for these purposes.
An objection can be lodged in any form and, where possible, submitted to: FITSEVENELEVEN GmbH, Düsseldorfer Str. 40, 65760 Eschborn, Taunus
Phone: 069 153240690
Version: July 2019
We have appointed a data protection officer for our company:
You can get in touch with our company data protection officer, Dr Kevin Marschall, LL.M. (GDPC GbR), and our in-house data protection team (Martin Haak) by sending a letter to the above address with C/O Data Protection Officer in the address line or by sending an email to email@example.com.
You are welcome to contact us or our company data protection officer at any time to receive more information on the processing of your personal data and any related questions you may have.