Information on Data Protection
The website is technically operated by Neusta destination.one GmbH (address, contact information and further details can be found below under Part II). Information on the processing of personal data carried out by Neusta destination.one can be found below in Section II. The content of this website is operated by the controller named in the legal notice (imprint). The content controller carries out separate processing operations of personal data under its own data protection responsibility, for which you will find further information below under Part I. To exercise your rights, please contact the respective controller named in the sections below, depending on the relevant data processing operation.
Part I: Information on data protection
(Data processing by the content controller)
In addition to the data protection provisions set out below, the following provisions apply specifically to this website:
Integration and use of the online booking tool of OBS OnlineBuchungService GmbH (accommodation directory)
(1) This website gives you the opportunity to search for and book accommodation.
Our online presence uses the online booking tool (hereinafter referred to as the “OBT”) of OBS OnlineBuchungService GmbH in order to enable online bookings of accommodation services and other travel services, as well as to process enquiries. When using the booking tool, data such as name, address, telephone number and email address must be transmitted, among other information. The legal basis for the transmission of the data is Article 6(1)(a) and (b) GDPR.
(2) The operator of the online booking tool is OBS OnlineBuchungService GmbH, Im Gewerbepark D 33, 93059 Regensburg (www.online-buchung-service.de, hereinafter also referred to as “OBS”).
(3) Further information on the use of data and the protection of your privacy can be found in OBS’s privacy policy for the OBT, which can be accessed at any time directly from the OBT or via the following link:
https://online-buchung-service.de/datenschutzerklaerung-buchung/
Use of the online booking tool of OBS OnlineBuchungService GmbH
Our online presence uses the online booking tool (hereinafter referred to as the “OBT”) of OBS OnlineBuchungService GmbH, Im Gewerbepark D 80, 93059 Regensburg (www.online-buchung-service.de, hereinafter “OBS”), to enable online bookings of accommodation services and other travel services, as well as to process enquiries. Within the scope of the OBT, OBS processes the data as an independent controller. Information and provisions on data protection can be found in OBS’s privacy policy for the OBT, which can be accessed at any time directly from the OBT or via
https://online-buchung-service.de/datenschutzerklaerung-buchung/
DomainFactory GmbH
The provider is DomainFactory GmbH, c/o WeWork, Neuturmstraße 5, 80331 Munich (hereinafter “DomainFactory”). When you visit our website, DomainFactory collects various log files, including your IP address.
Details can be found in DomainFactory’s privacy policy:
https://www.df.eu/de/datenschutz/
The use of DomainFactory is based on Art. 6(1)(f) GDPR. Teejit has a legitimate interest in the most reliable possible presentation of its software. Where consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent may be revoked at any time.
Hetzner Online GmbH
The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter “Hetzner”).
Details can be found in Hetzner’s privacy policy:
https://www.hetzner.com/de/rechtliches/datenschutz
The use of Hetzner is based on Art. 6(1)(f) GDPR. Teejit has a legitimate interest in the most reliable possible presentation of its software. Where consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent may be revoked at any time.
Teejit GmbH
The controller has integrated services of Teejit on this website. Teejit is an application for integrating and operating an online knowledge platform that enables the consumption of tourism-related knowledge from various areas. The data collected in this context (e.g. email address, user input) are stored and processed on the servers of our partner Teejit. The server location is Cologne, Germany.
These data may be used to develop further training measures or to provide individual users with additional information related to tourism. For this purpose, various data on users’ learning progress are visualized for the controller within the legal framework.
The data may be used to contact users of the service and to determine which additional services in the field of further education may be relevant for representatives of potential target groups.
For the interactive provision of certain content, Teejit uses external software. Separate provisions apply to this software. These include:
YouTube
Vyond
H5P (the collected data are stored and processed on Teejit servers)
Zoho Survey: https://www.zoho.com/survey/gdpr.html
Teejit is a company based in Germany with its registered office in Bavaria.
Contact:
Teejit GmbH
Domplatz 3
85072 Eichstätt
Further information on Teejit’s data protection provisions can be found at:
https://hub.teejit.de/service/datenschutz.php
Vimeo Inc.
This website uses plugins of the video portal Vimeo within the Teejit software. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
When you visit one of our pages equipped with a Vimeo plugin, a connection to Vimeo’s servers is established. In doing so, the Vimeo server is informed which of our pages you have visited. Vimeo also receives your IP address. This also applies if you are not logged into Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to Vimeo servers in the USA.
If you are logged into your Vimeo account, Vimeo enables your browsing behaviour to be associated directly with your personal profile. You can prevent this by logging out of your Vimeo account.
The use of Vimeo is in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Where consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR. Consent may be revoked at any time.
Further information on the handling of user data can be found in Vimeo’s privacy policy at:
https://vimeo.com/privacy
Notice on data transfers to the USA and other third countries
Within the Teejit software, we use tools from companies based in the USA or other third countries that are not considered data-protection-safe under data protection law. If these tools are active, your personal data may be transferred to and processed in these third countries. Teejit selects these services carefully and according to the highest possible standards. Nevertheless, we would like to point out that a level of data protection comparable to that of the EU cannot be guaranteed in these countries. For example, U.S. companies are required to disclose personal data to security authorities without you as the data subject having any legal remedies against this. It therefore cannot be ruled out that U.S. authorities (e.g. intelligence services) may process, analyse and permanently store your data located on U.S. servers for monitoring purposes. We have no influence over these processing activities.
Part II: Information on data protection
(Data processing by Neusta destination.one GmbH)
Contents
Section 1: General information
- General
- Controller
- Data protection officer
- Your rights
- Objection or withdrawal of consent regarding the processing of your data
Section 2: Processing of personal data on our website
- Processing of personal data during purely informational use of our website
- Processing of personal data through cookies
- Additional functions and offers on our website
- Contact
- Newsletter
- Registration
- Single sign-on services
- Links to other third-party providers
- Use of paid functions
- Transfer of data in connection with the performance of contracts
- Transfer of payment data to external payment service providers
- Google Analytics
- Embedding of YouTube videos
- Integration of Braintree (PayPal)
- Integration of Zoho Desk
- Use of a chatbot / AI assistance system
- Use of Google AdWords Conversion
- Remarketing
- Awin
- A/B testing
- Balancing of interests
- Opt-out
Section 3: Processing of personal data through the mobile app
Collection of personal data when using our mobile app
General
(1) The term “personal data”, with reference to the definition in Art. 4 No. 1 of Regulation (EU) 2016/679 (hereinafter referred to as the “General Data Protection Regulation” or “GDPR”), means all data relating to you personally. This includes, for example, name, address, email addresses and user behaviour. With regard to other terminology, in particular the terms “processing”, “controller”, “processor” and “consent”, we refer to the statutory data protection definitions in Art. 4 GDPR.
(2) We generally process personal data only insofar as this is necessary to provide a functional website as well as the content and services we offer. Personal data is generally processed only if you have given us your consent within the meaning of Art. 6(1)(a) GDPR or if processing is permitted by statutory provisions, in particular on the basis of one of the legal grounds listed in Art. 6(1)(b) to (f) GDPR.
(3) The purposes underlying the processing of personal data are explained in the following sections with reference to the respective processing operations. If we further process personal data for a purpose that does not correspond to the purpose for which the personal data was originally collected, we will inform you of this again.
(4) Insofar as we use commissioned service providers or wish to use your data for advertising purposes, we will inform you in detail below about the respective procedures.
(5) Please note that you are not legally obliged to provide personal data. However, to provide certain functions of our website as well as the content and services we offer, we may require some of your personal data. We will inform you of this in detail below. Please also note that if you do not provide required data, we may not be able to offer and/or provide some functions of our website or some of the content and services we offer. Failure to provide voluntary information does not result in any disadvantages.
(6) In some cases, we use external service providers to process personal data. These service providers have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. Further information can be found in the following sections.
(7) Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this is provided for by national or European regulations to which we are subject; in such cases, the legal basis for further storage is Art. 6(1)(c) GDPR in conjunction with the respective national or European regulation. Blocking or deletion of the data will then take place once the retention period prescribed by the respective regulation has expired. This does not apply if further storage of the data is required for the conclusion or performance of a contract; in these cases, the legal basis for further storage is Art. 6(1)(b) GDPR.
(8) If third parties to whom we transfer data are located in a state outside the European Union (EU) or the European Economic Area (EEA), we will inform you separately in the following sections. We only process data in third countries if an adequate level of data protection within the meaning of Arts. 44 to 49 GDPR is ensured.
Controller
The controller within the meaning of Art. 4 No. 7 GDPR, the other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
Neusta destination.one GmbH
Gaberlplatz 5
D-93462 Lam
Phone +49 (0)9943 905225
Support: +49 89 – 21542401-0
Email: info@destination.one
Support: support@destination.one
Hosting
We host the content of our website with the following provider:
External hosting
This website is hosted externally. The personal data collected on this website is stored on the servers of the host(s). This may include, in particular, IP addresses, contact enquiries, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.
External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast and efficient provision of our online offering by a professional provider (Art. 6(1)(f) GDPR). Where consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
Our host(s) will process your data only to the extent necessary to fulfil its performance obligations and will follow our instructions with regard to such data.
We use the following host:
Neusta destination.one GmbH
Gaberlplatz 5
D-93462 Lam
Phone +49 (0)9943 905225
Support: +49 89 – 21542401-0
Email: info@destination.one
Support: support@destination.one
Your rights
With regard to the personal data concerning you, you have the following rights vis-à-vis us:
- the right of access (Art. 15 GDPR),
- the right to rectification (Art. 16 GDPR),
- the right to erasure (“right to be forgotten”) (Art. 17 GDPR),
- the right to restriction of processing (Art. 18 GDPR),
- the right to object to processing (Art. 21(1) GDPR),
- the right to data portability (Art. 20 GDPR).
You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data by us (Art. 77 GDPR).
Objection or withdrawal of consent regarding the processing of your data
(1) You may withdraw any consent you have given us for the processing of your data at any time. The withdrawal affects the permissibility of processing your personal data after it has been declared to us.
(2) Insofar as the processing of your personal data is based on a balancing of interests, you may object to the processing. In this context, we ask you to set out the reasons arising from your particular situation why you object to the processing of your personal data by us. If your objection is justified, we will examine the situation. We will then either discontinue the processing of your personal data, adapt the further processing accordingly, or demonstrate compelling legitimate grounds for continuing to process your personal data.
(3) You may also object at any time to the processing of your personal data for the purposes of advertising and data analysis.
(4) Please direct your withdrawal or objection to the contact details stated above.
Section 2: Processing of personal data on our website
Processing of personal data during purely informational use of our website
(1) When you access our website without registering or otherwise providing us with information (“purely informational use”), we collect only those personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display the website to you and to ensure stability and security:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request originates
- Browser
Operating system and its interface - Language and version of the browser software
The aforementioned data are also stored in so-called log files on our servers. This does not include your IP address or other data that would allow the data to be attributed to you personally. These data are not stored together with other personal data relating to you.
(2) The collection and temporary storage of the IP address are necessary in order to deliver our website to your device. For this purpose, your IP address must be stored for the duration of your visit to our website. The storage of the above-mentioned data in log files serves to ensure the functionality of the website and to optimise the website, as well as to ensure the security of our information technology systems. These data are not analysed for marketing purposes. These purposes also constitute our legitimate interest in data processing. The legal basis for the collection and temporary storage of the aforementioned data and the log files is Art. 6(1)(f) GDPR.
(3) We process and/or store the data on servers of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, and thus within the European Union. This ensures that the standards and provisions of European data protection law are complied with.
(4) The data collected to provide our website are deleted once the respective session has ended. Log file data are deleted no later than after 14 days. The collection of the above-mentioned data to provide our website is absolutely necessary for the operation of our website. There is no right to object.
Processing of personal data through cookies
(1) In addition to the data mentioned above, we use technical tools for various functions when you use our website, in particular cookies, which may be stored on your terminal device. Cookies are small text files that are stored on the storage medium of your terminal device (for example on a hard drive) and through which certain information is transmitted to us as the entity that sets the cookie. Cookies cannot execute programs or transmit viruses to your terminal device. When accessing our website and at any time thereafter, you may choose whether to allow cookies in general or which individual additional functions you wish to select. You can make changes in your browser settings or via our consent manager. This website uses the following types of cookies, the scope and functionality of which are explained below.
(a) Cookies associated with your browser:
Transient cookies: These cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called session ID, which allows various requests from your browser to be assigned to the same session. This makes it possible to recognise your device when you return to our website. Session cookies are deleted when you log out or close the browser.
Persistent cookies: These cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete these cookies at any time in your browser settings.
Other technologies: These functions are not based on cookies, but on similar technical mechanisms, such as flash cookies, HTML5 objects or an analysis of your browser settings. You may also give or refuse consent here.
(b) Cookies also store data and information such as multilingual settings (language selection) and entered search terms (search function). Details can be found in our consent manager and on our cookies information page.
(2) The processing of personal data through the aforementioned cookies serves the following purposes:
(a) Technically necessary cookies: The technical structure of our website requires that we use techniques such as cookies. Without them, our website cannot be displayed or used properly or without errors. Some functions of our website require that your browser can be recognised even after a page change. In these cases, these are generally transient cookies that are deleted at the end of your visit, at the latest when you close your browser. These cookies cannot be deselected if you wish to use our website. The individual cookies are listed in our consent manager and on our cookies information page. Insofar as technically necessary cookies are used, our legitimate interest lies in the aforementioned purposes. The legal basis in these cases is Art. 6(1)(f) GDPR.
(b) Optional cookies (with your consent): Certain cookies are set only with your consent, which you may select when you first visit our website via the cookie consent tool. These functions are activated only if you give your consent. These cookies serve in particular to analyse visits to our website and thereby improve our website and/or individual functions as well as the overall user experience, for example by making it easier to use across different browsers or devices, recognising returning visitors or displaying advertising (including interest-based advertising, measuring the effectiveness of advertisements or displaying personalised ads). The legal basis for this processing is Art. 6(1)(a) GDPR. You may revoke your consent at any time. The lawfulness of the processing carried out prior to the withdrawal remains unaffected. The functions used, cookies set, data processed and purposes of processing are described in detail in the consent manager and on our cookies information page.
(3) The cookies described above are stored on your terminal device and transmitted by it to our server. You can therefore configure the processing of data and information by cookies yourself. You may make corresponding settings in your browser, for example to reject third-party cookies or all cookies. We would like to point out that you may then not be able to use all functions of our website properly. If you wish to prevent the processing of data by flash cookies, you must make appropriate settings in your flash player or install an add-on. If you wish to prevent the use of HTML5 storage objects, you must use your browser in private mode, where available. Alternatively, you may also make corresponding settings in our consent manager. Regardless of this, we recommend regularly deleting cookies and your browser history manually.
Additional functions and offers on our website
(1) In addition to purely informational use of our website, we offer various services that you may use if interested. For this purpose, the provision of additional personal data is generally required. We need these data in order to provide the respective service. The above principles on data processing apply accordingly.
(2) We collect web traffic data (e.g. page views, downloads and other actions) within the portal and the apps. For this purpose, we collect, among other things, the affected content, the time of the action, as well as the user ID and/or a session ID or device ID, which enable us to track various actions carried out within the platform across devices, even if users are not logged in.
(3) For certain actions within the app (e.g. recording tracks, buddy beacon, as well as proximity searches and accessing the map), the user’s location is transmitted. For logged-in users, these locations are also stored beyond the request, including the user ID, device ID, timestamp and, where applicable, additional information. The collection of these data is necessary to enable personalised services (e.g. personalised recommendations and notices) and to gain a more precise understanding of the impact of various measures on our platform (e.g. A/B tests). Furthermore, these data are used to provide B2B partners with an overview of the use of their region (e.g. via a heat map); this is done in a fully anonymised manner. By using our services, users consent to the aforementioned use of their data.
(4) For certain personalised services and analyses, location and web traffic data are combined, including across devices (e.g. combining recorded tracks in a specific region with web traffic data for that region).
(5) In part, we use external service providers to process these data. These service providers are carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.
(6) If personal data are disclosed to third parties in the course of services that we offer jointly with partners, further information can be found in the following descriptions of the individual services.
(7) If such third parties are based in a country outside the European Economic Area, further information on the consequences of this circumstance can be found in the following descriptions of the individual services.
Contact
(1) If you contact us by email, the personal data transmitted to us with your email will be stored. These data are used exclusively for responding to your enquiry. The data will not be passed on to third parties.
(2) The processing of the aforementioned personal data serves solely to process your enquiries. These purposes also constitute our legitimate interest in processing the data. If you have given us your consent, the legal basis for processing these data is Art. 6(1)(a) GDPR. Otherwise, the legal basis for processing these data, in particular if the data are transmitted to us by sending an email, is Art. 6(1)(f) GDPR. If you wish to conclude a contract by sending an email, Art. 6(1)(b) GDPR constitutes an additional legal basis.
(3) The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case once we have conclusively processed your enquiry.
(4) You may withdraw your consent to the processing of your personal data at any time. If you contact us by email, you may also object to the storage of your personal data at any time. Please note that in this case we will no longer be able to process your enquiry. The withdrawal or objection can be declared by sending an email to the email address stated in the legal notice (imprint).
Newsletter
(1) With your consent, you may subscribe to our newsletter, with which we inform you about our current offers of interest. The advertised goods and services are specified in the consent declaration.
(2) We use the double opt-in procedure to register for our newsletter. This means that after you register, we send you an email to the email address provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the times of registration and confirmation in each case. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
(3) The only mandatory information required for sending the newsletter is your email address. The provision of further data, which are separately marked, is voluntary and is used to address you personally. After your confirmation, we store your email address for the purpose of sending the newsletter. The legal basis is Art. 6(1)(a) GDPR.
(4) You may withdraw your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare the withdrawal by clicking on the link provided in each newsletter email or by sending a message to the contact details stated in the legal notice (imprint).
(5) Please note that we analyse your user behaviour when sending the newsletter. For this analysis, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. For the analyses, we link the data collected in the case of purely informational use (technical data and your IP address) and the web beacons with your email address and an individual ID. Links contained in the newsletter also include this ID. Using the data obtained in this way, we create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters and which links you click on, and derive your personal interests from this. We link these data with actions you have taken on our website. You may object to this tracking at any time by clicking on the separate link provided in each email or by informing us via another contact channel. The information is stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely for statistical purposes and in anonymised form. Such tracking is also not possible if you have deactivated the display of images by default in your email program. In this case, the newsletter will not be displayed in full and you may not be able to use all functions. If you manually display the images, the tracking described above will take place.
Mailjet
(1) We inform you that we use the external provider “Mailjet” to send newsletters. The provider is Mailjet SAS, 13-13 bis, Rue de l’Aubrac, 75012 Paris, France. Mailjet is a service that can be used to organise and analyse the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) are stored on Mailjet servers within the EU.
Our newsletters sent via Mailjet allow us to analyse the behaviour of newsletter recipients. This includes, among other things, analysing how many recipients have opened the newsletter message and how often a particular link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analysed whether a predefined action (e.g. purchase of a product on our website) was carried out after clicking a link in the newsletter. Further information on data analysis through Mailjet newsletters can be found at: https://www.mailjet.de/funktion/tracking-tools/. Mailjet also enables us to segment newsletter recipients according to various categories (“segmentation”). Newsletter recipients can be segmented based on the data provided during registration. This allows newsletters to be better tailored to the respective target groups. Detailed information on Mailjet’s functions can be found at: https://www.mailjet.de/funktion/.
(2) Data processing is carried out on the basis of your consent (Art. 6(1)(a) GDPR). You may withdraw this consent at any time by unsubscribing from the newsletter. The legality of data processing operations already carried out remains unaffected by the withdrawal. If you do not wish analysis by Mailjet, you must unsubscribe from the newsletter. A corresponding link is provided in each newsletter message. You can also unsubscribe directly via the website. The data stored by us for the purpose of receiving the newsletter will be deleted by us and by Mailjet’s servers after you unsubscribe. Data stored by us for other purposes (e.g. email addresses for the members’ area) remain unaffected.
(3) Information on the third-party provider: Mailjet SAS, 13-13 bis, Rue de l’Aubrac, 75012 Paris, France. Further information can be found in Mailjet’s information on “Security and Data Protection” at https://www.mailjet.de/sicherheit-datenschutz/ and in Mailjet’s privacy policy at https://www.mailjet.de/privacy-policy/.
Zoho Campaigns
(1) We inform you that we use the external provider “Zoho Campaigns” to send newsletters. Further information on the purpose and scope of data collection and its processing by Zoho can be found in the privacy policy communicated below. There you will also find further information on your related rights and settings options to protect your privacy: https://www.zoho.com/de/campaigns/terms.html. Further information on data protection at Zoho Campaigns can be found at: https://www.zoho.com/de/crm/gdpr/. Information on security measures at Zoho Campaigns can be found at: https://www.zoho.com/security.html.
Registration
(1) In order to use additional functions of our website, you may register by providing personal data. The data are entered into an input form, transmitted to us and stored. Mandatory information requested during registration is marked accordingly and must be provided in full. Otherwise, we will reject the registration. Additional information is voluntary. As part of the registration process, the user’s consent to the processing of these data is obtained. If we also offer you registration or login via a single sign-on service (“single login service”) of a third-party provider, you will find the information on the processing of personal data when using such a service in a separate section of this privacy policy.
(2) Registration is required in order to provide certain content and services on our website. We use the data entered solely for the purpose of using the respective offer or service or for providing the services for which you have registered. In the event of important changes to our offers, services or content, for example regarding the scope of services or technically necessary changes, we will use the email address provided during registration to inform you accordingly. The legal basis for processing the data is Art. 6(1)(a) GDPR. If registration serves to conclude or perform a contract, Art. 6(1)(b) GDPR constitutes an additional legal basis. Where processing is otherwise based on our legitimate interests, Art. 6(1)(f) GDPR constitutes a further legal basis.
(3) You may withdraw any consent you have given at any time. The legality of data processing carried out prior to the withdrawal remains unaffected.
(4) The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case if the registration on our website is cancelled or modified. You may cancel your registration at any time. You can have the data stored about you modified at any time. Statutory retention periods remain unaffected.
Single sign-on services
In addition to using our registration and login forms, we offer you the option of using the following single sign-on services for registration or login:
Facebook Connect
(1) We use “Facebook Connect” on our website, a service provided by Meta Platforms, Inc., 1601 Willow Rd, Menlo Park, CA 94025, USA (“Facebook”). Facebook Connect simplifies registration and login for online services. Instead of using our website’s registration or login forms, you may enter your Facebook login details and then use our services. When using Facebook Connect, your browser automatically establishes a direct connection to Facebook’s servers. You are redirected to Facebook’s page for login. By doing so, your Facebook user account is linked to our service.
We have no influence on the scope and further use of the data collected by Facebook via Facebook Connect. If you have a Facebook user account and are registered, Facebook can associate the visit with your user account. Even if you are not registered with Facebook or not logged in, Facebook may still obtain and store your IP address and possibly other identifying information. The type and scope of data processing, the purposes pursued by Facebook and your rights and settings options can be found in Facebook’s privacy policy: http://www.facebook.com/policy.php.
(2) We use Facebook Connect to simplify and shorten the registration and login process. This also constitutes our legitimate interest. If you have given consent, the legal basis is Art. 6(1)(a) GDPR. If processing serves to initiate a contractual relationship, the legal basis is Art. 6(1)(b) GDPR. Otherwise, the legal basis is Art. 6(1)(f) GDPR.
(3) You can prevent processing by Facebook by not using Facebook Connect and instead using our registration forms. You may withdraw any consent at any time. The legality of prior processing remains unaffected.
(4) Third-party provider information: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Further information can be found at: https://www.facebook.com/about/privacy.
Sign in with Google
(1) On our website, we use “Sign in with Google”, a service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Sign-In facilitates registration and login for services on the internet. Instead of using the registration or login forms on our website, you can enter your Google login credentials and then use our services. By using “Sign in with Google”, your web browser automatically establishes a direct connection to Google’s server. For authentication, you will be redirected to Google’s website. There you can log in with your user credentials. As a result, your Google user account will be linked to our service.
We have no influence over the scope and further use of data collected by Google through the use of Google Sign-In. If you have a Google user account and are registered, Google may associate your visit with your user account. Even if you are not registered with Google or not logged in, it is possible that Google may obtain and store your IP address and possibly other identifiers. For details on the type and scope of data processing carried out by Google, the purposes pursued, your rights in this regard, and settings options to protect your personal data, please refer to Google’s privacy policy: https://policies.google.com/privacy
(2) We use Google Sign-In to simplify and shorten the registration and login process for you. This also constitutes our legitimate interest in processing the above-mentioned data. If you have given us consent, the legal basis for processing the data is Art. 6(1) sentence 1 lit. a) GDPR. If the processing of the above-mentioned data serves to initiate a contractual relationship, the legal basis is Art. 6(1) sentence 1 lit. b) GDPR. Otherwise, the legal basis is Art. 6(1) sentence 1 lit. f) GDPR.
(3) You can prevent the processing of the above-mentioned information by Google by using our login and registration forms and not using Google Sign-In. You may revoke any consent you have given at any time. The lawfulness of the data processing already carried out remains unaffected by the revocation.
(4) Third-party information: Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Further information on Google Sign-In and privacy settings can be found in Google Ireland Limited’s privacy policy (https://policies.google.com/privacy) and terms of service (https://policies.google.com/terms).
Sign in with apps
(1) On our website, we use “Sign in with Apple”, a service provided by Apple Inc., Invinite Loop, Cupertino, CA 95014. Apple Sign-in facilitates registration and login for services on the internet. Instead of using the registration or login forms on our website, you can enter your Apple ID login credentials and then use our services. By using “Sign in with Apple”, your web browser automatically establishes a direct connection to Apple’s server. For authentication, you will be redirected to Apple’s website. There you can log in with your user credentials. As a result, your Apple user account will be linked to our service.
We have no influence over the scope and further use of data collected by Apple through the use of Apple Sign-In. If you have an Apple user account and are registered, Apple may associate your visit with your user account. Even if you are not registered with Apple or not logged in, it is possible that Apple may obtain and store your IP address and possibly other identifiers. For details on the type and scope of data processing carried out by Apple, the purposes pursued, your rights in this regard, and settings options to protect your personal data, please refer to Apple’s privacy policy: https://www.apple.com/privacy/
(2) We use Apple Sign-In to simplify and shorten the registration and login process for you. This also constitutes our legitimate interest in processing the above-mentioned data. If you have given us consent, the legal basis for processing the data is Art. 6(1) sentence 1 lit. a) GDPR. If the processing of the above-mentioned data serves to initiate a contractual relationship, the legal basis is Art. 6(1) sentence 1 lit. b) GDPR. Otherwise, the legal basis is Art. 6(1) sentence 1 lit. f) GDPR.
(3) You can prevent the processing of the above-mentioned information by Apple by using our login and registration forms and not using Apple Sign-In. You may revoke any consent you have given at any time. The lawfulness of the data processing already carried out remains unaffected by the revocation.
(4) Third-party information: Apple Inc., Invinite Loop, Cupertino, CA 95014. Further information on Apple Sign-In and privacy settings can be found in Apple’s privacy policy (https://www.apple.com/privacy/) and terms of service (https://www.apple.com/legal/internet-services/terms/site.html).
Links with other third-party providers
When using our services, we offer you the option to link your user profile with other external services or applications. This results in a transfer to us of data collected by the respective service provider. However, you must actively establish the link and thereby consent to the data processing pursuant to Art. 6(1) sentence 1 lit. a) GDPR.
Data collected by us will not be transferred to the respective third party unless you have explicitly agreed to this.
These are the following services that may transfer the following data to us.
Adidas Running
(1) On our website, we use “Connect with Adidas Running”, a service provided by Runtastic GmbH, FN 334397k, Pluskaufstraße 7, 4061 Pasching, Austria (hereinafter referred to as “Runtastic”). By using “Connect with Adidas Running”, your web browser automatically establishes a direct connection to Runtastic’s server. To link the accounts, you will be redirected to Runtastic’s website. There you can log in with your user credentials. As a result, your Runtastic user account will be linked to our service.
We have no influence over the scope and further use of data collected by Runtastic through this use. If you have a Runtastic user account and are registered, Runtastic may associate your visit with your user account. Even if you are not registered with Runtastic or not logged in, it is possible that Runtastic may obtain and store your IP address and possibly other identifiers. For details on the type and scope of data processing carried out by Runtastic, the purposes pursued, your rights in this regard, and settings options to protect your personal data, please refer to Runtastic’s privacy policy: www.runtastic.com/de/datenschutz.
(2) We use Runtastic to facilitate and shorten the exchange of your training and activity data. This also constitutes our legitimate interest in processing the above-mentioned data. If you have given us consent, the legal basis for processing the data is Art. 6(1) sentence 1 lit. a) GDPR. If the processing of the above-mentioned data serves to initiate a contractual relationship, the legal basis is Art. 6(1) sentence 1 lit. b) GDPR. Otherwise, the legal basis is Art. 6(1) sentence 1 lit. f) GDPR.
(3) You can prevent the processing of the above-mentioned information by Runtastic by not using this option. You may revoke any consent you have given at any time. The lawfulness of the data processing already carried out remains unaffected by the revocation.
(4) Third-party information: Runtastic GmbH, FN 334397k, Pluskaufstraße 7, 4061 Pasching, Austria. Further information from the third party on data protection can be found at the following website: https://www.runtastic.com/de/datenschutz.
Garmin
(1) On our website, we use “Connect with Garmin”, a service provided by Garmin Deutschland GmbH, Parkring 35, 85748 Garching, Germany (hereinafter referred to as “Garmin”). By using “Connect with Garmin”, your web browser automatically establishes a direct connection to Garmin’s server. To link the accounts, you will be redirected to Garmin’s website. There you can log in with your user credentials. As a result, your Garmin user account will be linked to our service.
We have no influence over the scope and further use of data collected by Garmin through the use of Garmin Connect. If you have a Garmin user account and are registered, Garmin may associate your visit with your user account. Even if you are not registered with Garmin or not logged in, it is possible that Garmin may obtain and store your IP address and possibly other identifiers. For details on the type and scope of data processing carried out by Garmin, the purposes pursued, your rights in this regard, and settings options to protect your personal data, please refer to Garmin’s privacy policy: www.garmin.com/de-DE/privacy/.
(2) We use Garmin to facilitate and shorten the exchange of your training and activity data. This also constitutes our legitimate interest in processing the above-mentioned data. If you have given us consent, the legal basis for processing the data is Art. 6(1) sentence 1 lit. a) GDPR. If the processing of the above-mentioned data serves to initiate a contractual relationship, the legal basis is Art. 6(1) sentence 1 lit. b) GDPR. Otherwise, the legal basis is Art. 6(1) sentence 1 lit. f) GDPR.
(3) You can prevent the processing of the above-mentioned information by Garmin by not using this option. You may revoke any consent you have given at any time. The lawfulness of the data processing already carried out remains unaffected by the revocation.
(4) Third-party information: Garmin Deutschland GmbH, Parkring 35, 85748 Garching, Germany. Further information from the third party on data protection can be found at the following website: https://www.garmin.com/de-DE/privacy/global/.
Strava
(1) On our website, we use “Connect with Strava”, a service provided by Strava, Inc. 208 Utah Street, San Francisco, CA 94103, USA (hereinafter referred to as “Strava”). By using “Connect with Strava”, your web browser automatically establishes a direct connection to Strava’s server. To link the accounts, you will be redirected to Strava’s website. There you can log in with your user credentials. As a result, your Strava user account will be linked to our service.
We have no influence over the scope and further use of data collected by Strava through the use of this connection. If you have a Strava user account and are registered, Strava may associate your visit with your user account. Even if you are not registered with Strava or not logged in, it is possible that Strava may obtain and store your IP address and possibly other identifiers. For details on the type and scope of data processing carried out by Strava, the purposes pursued, your rights in this regard, and settings options to protect your personal data, please refer to Strava’s privacy policy: https://www.strava.com/legal/privacy.
(2) We use Strava to facilitate and shorten the exchange of your training and activity data. This also constitutes our legitimate interest in processing the above-mentioned data. If you have given us consent, the legal basis for processing the data is Art. 6(1) sentence 1 lit. a) GDPR. If the processing of the above-mentioned data serves to initiate a contractual relationship, the legal basis is Art. 6(1) sentence 1 lit. b) GDPR. Otherwise, the legal basis is Art. 6(1) sentence 1 lit. f) GDPR.
(3) You can prevent the processing of the above-mentioned information by Strava by not using this option. You may revoke any consent you have given at any time. The lawfulness of the data processing already carried out remains unaffected by the revocation.
(4) Third-party information: Strava, Inc. 208 Utah Street, San Francisco, CA 94103, USA. Further information from the third party on data protection can be found at the following website: https://www.strava.com/legal/privacy.
Suunto
(1) On our website, we use “Connect with Suunto”, a service provided by Suunto, Tammiston kauppatie 7 A, FI-01510 Vantaa, Finland (hereinafter referred to as “Suunto”). By using “Connect with Suunto”, your web browser automatically establishes a direct connection to Suunto’s server. To link the accounts, you will be redirected to Suunto’s website. There you can log in with your user credentials. As a result, your Suunto user account will be linked to our service.
We have no influence over the scope and further use of data collected by Suunto through this use. If you have a Suunto user account and are registered, Suunto may associate your visit with your user account. Even if you are not registered with Suunto or not logged in, it is possible that Suunto may obtain and store your IP address and possibly other identifiers. For details on the type and scope of data processing carried out by Suunto, the purposes pursued, your rights in this regard, and settings options to protect your personal data, please refer to Suunto’s privacy policy: www.suunto.com/de-de/Datenschutzrichtlinie/.
(2) We use Suunto to facilitate and shorten the exchange of your training and activity data. This also constitutes our legitimate interest in processing the above-mentioned data. If you have given us consent, the legal basis for processing the data is Art. 6(1) sentence 1 lit. a) GDPR. If the processing of the above-mentioned data serves to initiate a contractual relationship, the legal basis is Art. 6(1) sentence 1 lit. b) GDPR. Otherwise, the legal basis is Art. 6(1) sentence 1 lit. f) GDPR.
(3) You can prevent the processing of the above-mentioned information by Suunto by not using this option. You may revoke any consent you have given at any time. The lawfulness of the data processing already carried out remains unaffected by the revocation.
(4) Third-party information: Suunto, Tammiston kauppatie 7 A, FI-01510 Vantaa, Finland. Further information from the third party on data protection can be found at the following website: https://www.suunto.com/de-de/Datenschutzrichtlinie/.
Wahoo
(1) On our website, we use “Connect with Wahoo”, a service provided by Wahoo Fitness, LLC Attn: Privacy Policy Inquiry 90 West Wieuca Rd NE #110 Atlanta, Georgia 30342 USA (hereinafter referred to as “Wahoo”). By using “Connect with Wahoo”, your web browser automatically establishes a direct connection to Wahoo’s server. To link the accounts, you will be redirected to Wahoo’s website. There you can log in with your user credentials. As a result, your Wahoo user account will be linked to our service.
We have no influence over the scope and further use of data collected by Wahoo through this use. If you have a Wahoo user account and are registered, Wahoo may associate your visit with your user account. Even if you are not registered with Wahoo or not logged in, it is possible that Wahoo may obtain and store your IP address and possibly other identifiers. For details on the type and scope of data processing carried out by Wahoo, the purposes pursued, your rights in this regard, and settings options to protect your personal data, please refer to Wahoo’s privacy policy: de-eu.wahoofitness.com/privacy-policy.
(2) We use Wahoo to facilitate and shorten the exchange of your training and activity data. This also constitutes our legitimate interest in processing the above-mentioned data. If you have given us consent, the legal basis for processing the data is Art. 6(1) sentence 1 lit. a) GDPR. If the processing of the above-mentioned data serves to initiate a contractual relationship, the legal basis is Art. 6(1) sentence 1 lit. b) GDPR. Otherwise, the legal basis is Art. 6(1) sentence 1 lit. f) GDPR.
(3) You can prevent the processing of the above-mentioned information by Wahoo by not using this option. You may revoke any consent you have given at any time. The lawfulness of the data processing already carried out remains unaffected by the revocation.
(4) Third-party information: Wahoo Fitness, LLC Attn: Privacy Policy Inquiry 90 West Wieuca Rd NE #110 Atlanta, Georgia 30342 USA. Further information from the third party on data protection can be found at the following website: https://de-eu.wahoofitness.com/privacy-policy.
Fitbit
(1) On our website, we use “Connect with Fitbit”, a service provided by Fitbit International Limited, 76 Lower Baggot Street, Dublin 2, Ireland (hereinafter referred to as “Fitbit”). By using “Connect with Fitbit”, your web browser automatically establishes a direct connection to Fitbit’s server. To link the accounts, you will be redirected to Fitbit’s website. There you can log in with your user credentials. As a result, your Fitbit user account will be linked to our service.
We have no influence over the scope and further use of data collected by Fitbit through this use. If you have a Fitbit user account and are registered, Fitbit may associate your visit with your user account. Even if you are not registered with Fitbit or not logged in, it is possible that Fitbit may obtain and store your IP address and possibly other identifiers. For details on the type and scope of data processing carried out by Fitbit, the purposes pursued, your rights in this regard, and settings options to protect your personal data, please refer to Fitbit’s privacy policy: https://www.fitbit.com/global/de/legal/privacy-policy.
(2) We use Fitbit to facilitate and shorten the exchange of your training and activity data. This also constitutes our legitimate interest in processing the above-mentioned data. If you have given us consent, the legal basis for processing the data is Art. 6(1) sentence 1 lit. a) GDPR. If the processing of the above-mentioned data serves to initiate a contractual relationship, the legal basis is Art. 6(1) sentence 1 lit. b) GDPR. Otherwise, the legal basis is Art. 6(1) sentence 1 lit. f) GDPR.
(3) You can prevent the processing of the above-mentioned information by Fitbit by not using this option. You may revoke any consent you have given at any time. The lawfulness of the data processing already carried out remains unaffected by the revocation.
(4) Third-party information: Fitbit International Limited, 76 Lower Baggot Street, Dublin 2, Ireland. Further information from the third party on data protection can be found at the following website: https://www.fitbit.com/global/de/legal/privacy-policy.
Polar
(1) On our website, we use “Connect with Polar”, a service provided by Polar Electro Oy, Professorintie 5, 90440 Kempele, Finland (hereinafter referred to as “Polar”). By using “Connect with Polar”, your web browser automatically establishes a direct connection to Polar’s server. To link the accounts, you will be redirected to Polar’s website. There you can log in with your user credentials. As a result, your Polar user account will be linked to our service.
We have no influence over the scope and further use of data collected by Polar through this use. If you have a Polar user account and are registered, Polar may associate your visit with your user account. Even if you are not registered with Polar or not logged in, it is possible that Polar may obtain and store your IP address and possibly other identifiers. For details on the type and scope of data processing carried out by Polar, the purposes pursued, your rights in this regard, and settings options to protect your personal data, please refer to Polar’s privacy policy: https://www.polar.com/de/legal/privacy-notice.
(2) We use Polar to facilitate and shorten the exchange of your training and activity data. This also constitutes our legitimate interest in processing the above-mentioned data. If you have given us consent, the legal basis for processing the data is Art. 6(1) sentence 1 lit. a) GDPR. If the processing of the above-mentioned data serves to initiate a contractual relationship, the legal basis is Art. 6(1) sentence 1 lit. b) GDPR. Otherwise, the legal basis is Art. 6(1) sentence 1 lit. f) GDPR.
(3) You can prevent the processing of the above-mentioned information by Polar by not using this option. You may revoke any consent you have given at any time. The lawfulness of the data processing already carried out remains unaffected by the revocation.
(4) Third-party information: Polar Electro Oy, Professorintie 5, 90440 Kempele, Finland. Further information from the third party on data protection can be found at the following website: https://www.polar.com/de/legal/privacy-notice.
A consent that has been granted may be revoked at any time by notification. You also have the option at any time to undo the connection between your account and external services or applications.
Use of paid features
(1) If you have a customer account, you can use paid features we offer, in particular conclude paid memberships. We use the data you provide to make the paid features you have selected available to you, to enable you to use them, and to be able to record these processes in our systems. In the event of important changes to our offerings, services, or features, e.g. regarding the scope of the offering or technically necessary changes, we use the email address provided during registration to inform you about this.
(2) To the extent that the processing of the above-mentioned data is based on consent you have given, the legal basis for processing the data is Art. 6(1) sentence 1 lit. a) GDPR. To the extent that the processing serves the conclusion or performance of a contract, Art. 6(1) sentence 1 lit. b) GDPR is an additional legal basis.
(3) You may revoke any consent you have given at any time. The lawfulness of the data processing already carried out remains unaffected by the revocation.
(4) The data will be deleted as soon as it is no longer necessary for achieving the purpose for which it was collected. This is the case if you no longer make use of any paid features we offer or if your customer account is cancelled or modified. Statutory retention periods remain unaffected. We point out that under statutory commercial and tax regulations (in particular Section 257 (4) of the German Commercial Code (HGB) and Section 147 (3) of the German Fiscal Code (AO)), we are obliged to retain accounting documents for ten years and commercial or business letters for six years; any personal data contained therein must therefore be stored by us by law for these periods.
Data transfer in connection with the performance of contracts
(1) We only transfer personal data to third parties if this is necessary in the context of contract processing.
(2) If you have given us consent, the legal basis for processing the data is Art. 6(1) sentence 1 lit. a) GDPR. Otherwise, the legal basis is Art. 6(1) sentence 1 lit. b) GDPR.
(3) You may revoke any consent you have given at any time. The lawfulness of the data processing already carried out remains unaffected by the revocation.
Transfer of payment data to external payment service providers
(1) For the purpose of processing payments, we transfer the payment data you have provided to us to the payment service provider(s) named in our payment terms.
(2) The transfer of payment data and the processing by the payment service provider are carried out for the purpose of processing payments. The use of external payment service providers enables us to offer you a choice of different payment methods and thus to make payment processing more flexible both for you and for us. This also constitutes our legitimate interest. If you have given us consent, the legal basis for processing the data is Art. 6(1) sentence 1 lit. a) GDPR. If the processing of the above-mentioned data is carried out for the settlement and performance of the contractual relationship, the legal basis is Art. 6(1) sentence 1 lit. b) GDPR. Otherwise, the legal basis is Art. 6(1) sentence 1 lit. f) GDPR.
(3) You may revoke any consent you have given at any time. You may object to the processing of your personal data at any time. However, we would like to point out that without the transfer of payment data and/or the processing by the payment service provider, no payment methods, or at least not all payment methods, can be made available to you and that performance of the contract may not be possible.
Google Analytics
(1) On our website, we use “Google Analytics”, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) (hereinafter referred to as “Google”). Google uses cookies, i.e. small text files that are stored on your device and enable an analysis of your use of our website. The information generated by the cookie about your use of our website is generally transmitted to a Google server in Ireland and stored there. If IP anonymization is activated on the website (“IP anonymization”), your IP address will first be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google will use this information on our behalf to evaluate your use of our website, to compile reports on website activity, and to provide us with other services related to website usage and internet usage. In doing so, pseudonymous user profiles may be created from the processed data. The IP address transmitted by Google Analytics will not be merged with other Google data. We use Google Analytics only with the IP anonymization described above enabled. This means that your IP address is processed further by Google only in shortened form. This excludes personal identifiability. Further information can be found on the Google website linked below: https://support.google.com/analytics/answer/12017362?hl=de.
(2) We use Google Analytics for the purpose of analyzing the use of our website and continuously improving individual functions and offerings as well as the user experience. Through the statistical evaluation of user behavior, we can improve our offering and make it more interesting for you as a user. This data processing takes place only if you have previously given us your consent. The legal basis is Art. 6(1) sentence 1 lit. a) GDPR.
(3) You can prevent the storage of cookies generated by Google Analytics by setting your web browser accordingly. We would like to point out that in this case you may not be able to use all functions of our website. If you want to prevent the collection of the data generated by the cookie and related to your user behavior (including your IP address) and the processing of this data by Google, you can download and install the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
(4) The data will be deleted as soon as it is no longer necessary for achieving the purpose for which it was collected. Data at user and event level that is linked to cookies, user identifiers (e.g. User ID) and advertising IDs (e.g. DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers]) is deleted no later than 14 months after collection.
(5) In order to oblige Google, as a processor, to process the transmitted data only in accordance with our instructions and to comply with applicable data protection regulations, we have concluded a data processing agreement with Google (Art. 28 GDPR).
(6) Even though, for the European region, Google Ireland Limited (address see above) is responsible for all Google services, we would like to point out that it cannot be completely ruled out that Google Analytics may also process personal data outside the EU or the EEA, such as in the USA, by the parent company Google LLC (address see above). If, in individual cases, personal data is transferred to a third country for which there is currently no adequacy decision by the Commission, we have concluded a contract with Google incorporating the new EU standard contractual clauses adopted by the EU Commission on 04 June 2021 within the meaning of Art. 46(2)(c) GDPR (further information can be found on the EU websites listed below: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en and https://ec.europa.eu/germany/news/20210604- datentransfers-eu_de) in order to ensure an adequate level of data protection for the processing of personal data in the third country.
In addition, prior to any transfer of personal data to a third country for which there is no adequacy decision by the Commission, we obtain a specifically informed consent pursuant to Art. 49(1)(a) GDPR. An additional legal basis for the transfer to the third country is therefore also your consent pursuant to Art. 49(1)(a) GDPR. In the event of the transfer and processing of personal data in the USA, we additionally point out that, according to the legal opinion of the Court of Justice of the European Union (judgment of 16 July 2020, Case C-311/18 – Schrems II), given the extensive access powers of US (intelligence) authorities, there is currently no adequate level of protection for data transfers to the USA. From a data protection law perspective, the USA is considered an “unsafe third country” for which there is currently no adequacy decision by the EU Commission. Please therefore note that US authorities may have unrestricted access to your personal data under applicable US laws and regulations (such as FISA Section 702, Executive Order 12.333) and that, as an EU citizen, you may not have legal remedies against such access. We have no influence over measures and access by US (intelligence) authorities. By giving your consent, you declare that you are aware of these risks and agree to them.
(7) Third-party information: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.
Further information on Google’s use of data, settings and objection options, and data protection can be found on the following Google websites:
Terms of service for Google services: https://policies.google.com/terms?hl=de
Privacy policy for Google services: https://policies.google.com/privacy?hl=de
Legal framework for data transfers: https://policies.google.com/privacy/frameworks
Google’s use of data when you use websites or apps that use Google services: https://policies.google.com/technologies/partner-sites?hl=de
Use of data for advertising purposes: https://policies.google.com/technologies/ads?hl=de
Settings for personalized advertising by Google: http://www.google.de/settings/ads
Embedding YouTube videos
(1) We have embedded YouTube videos in our online offering that are stored on http://www.YouTube.com and can be played directly from our website. They are all embedded in “enhanced privacy mode”, meaning that no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transmitted. We have no influence over this data transmission.
(2) By visiting the website, YouTube receives the information that you have accessed the relevant subpage of our website. In addition, the data collected in the case of purely informational use (technical data and your IP address) is transmitted. This occurs regardless of whether YouTube provides a user account that you are logged into or whether no user account exists. If you are logged into Google, your data will be directly associated with your account. If you do not want YouTube to associate the data with your profile, you must log out before activating the button. YouTube stores your data as user profiles and uses it for purposes of advertising, market research and/or tailoring its website to meet needs. Such an evaluation takes place in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right you must contact YouTube.
(3) The export-to-YouTube option is implemented as a YouTube Data API client application. Use of the API client is subject to the YouTube Terms of Service (ToS) (https://www.youtube.com/t/terms) and Google’s privacy policy (https://policies.google.com/privacy).
(4) Further information on the purpose and scope of data collection and processing by YouTube can be found in YouTube’s privacy policy. There you will also find further information about your rights and settings options for protecting your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA.
The legal basis is your consent, Art. 6(1) sentence 1 lit. a) GDPR.
Integration of Braintree (PayPal)
(1) On our website, you have the option to pay for your products via Braintree. Braintree is a PayPal service. If you decide to purchase something via Braintree, your personal data will be transmitted to Braintree/PayPal. When using or opening a Braintree/PayPal account, among other things, your name, address, telephone number and email address must be transmitted to PayPal. The legal basis for the transfer of data is Art. 6(1)(a) GDPR and Art. 6(1)(b) GDPR.
(2) The operator of the PayPal payment service is:
PayPal (Europe) S.à r.l. et Cie, S.C.A.,22-24 Boulevard Royal,L-2449 Luxembourg
Email address: impressum@paypal.com
(3) Further information on the use of data and the protection of your privacy can be found in the PayPal and Braintree privacy policies at the following links: https://www.paypal.com/de/webapps/mpp/ua/privacy-full and https://www.braintreepayments.com/ende/legal/braintree-privacy-policy.
The legal basis is your consent, Art. 6(1) sentence 1 lit. a) GDPR.
Integration of Zoho Desk
(1) Requests by email that reach us via support@outdooractive.com or service@outdooractive.com, or requests entered via the support form, are processed automatically using Zoho’s “Desk” software. This enables us to route support quickly and in a targeted manner to the right channels.
(2) In doing so, the personal data you provide to us (e.g. name, email address, your request, etc.) is processed. We do not pass any data on to Zoho. Depending on the content of your request, the data required to process the request may vary. Providing additional data is voluntary. We use the data you transmit only to process your specific requests. The data provided is treated confidentially. This data is transmitted to Zoho Desk servers in Europe (the Netherlands and Ireland) and thus within the European Union, and processed there by Zoho on our behalf.
(3) Your data will not be processed by Zoho Desk if you use our website purely for informational purposes and do not contact us. The use of Zoho Desk is therefore optional.
(4) In order to oblige Zoho Desk, as a processor, to process the transmitted data only in accordance with our instructions and to comply with applicable data protection regulations, we have concluded a data processing agreement with Zoho Desk.
(5) The above transmission and processing of data serves the purpose of being able to respond to your requests quickly and efficiently. This also constitutes our legitimate interest in the processing of the above-mentioned data by the third-party provider. If you have given consent, the legal basis is Art. 6(1) sentence 1 lit. a) GDPR. If the use of the content or function of Zoho Desk serves the initiation or performance of a contract with us, Art. 6(1) sentence 1 lit. b) GDPR provides an additional legal basis for processing. Otherwise, Art. 6(1) sentence 1 lit. f) GDPR is the legal basis for processing.
You may revoke any consent you have given us to process your personal data at any time. You may also object to the storage of your personal data at any time. We would like to point out that in this case you may not be able to use our website or individual functions of our website to their full extent.
(6) Stored data will be deleted, subject to statutory retention obligations, as soon as it is no longer necessary for achieving the purpose for which it was collected.
Third-party information: ZOHO CORPORATION B. V., Beneluxlaan 4B, 3527 HT UTRECHT, Netherlands. www.zoho.eu/gdpr.html
Further information on data protection, data processing, settings options to protect your personal data and your rights can be found on the following Zoho Desk websites:
Privacy policy: https://www.zoho.com/de/privacy.html?lb=de
Information on the GDPR: https://www.zoho.com/de/desk/gdpr.html
Security whitepaper: https://www.zoho.com/de/security.html?lb=de
Cookie policy: https://www.zoho.com/de/privacy/cookie-policy.html
Terms of service: https://www.zoho.com/de/terms.html
The legal basis is your consent, Art. 6(1) sentence 1 lit. a) GDPR.
Use of a chatbot/AI assistance system
(1) We have integrated a chatbot or an AI-assisted support system into our online offering that you can use voluntarily. As long as you do not actively use the chatbot (e.g. do not enter/send a message), no content is transmitted to the AI services used. Only when you start the chat and make entries will the data mentioned in paragraph 2 be processed.
(2) When using the chatbot, the content you enter (including any personal data contained therein), conversation and context data, technical usage and log data (e.g. IP address, timestamps, browser/device, session and request IDs), as well as security/abuse signals are processed in order to generate responses, ensure system stability, and prevent abuse. The legal bases are Art. 6(1)(b) GDPR (contract/pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in efficient and secure support). If we personalize the chat, reuse content for training/optimization purposes, or provide optional features, this is done on the basis of your consent under Art. 6(1)(a) GDPR; you may revoke any consent you have given at any time with effect for the future. Automated decision-making with legal effect within the meaning of Art. 22 GDPR does not take place. Please do not transmit special categories of personal data (e.g. health data) in the chat.
(3) The integration is implemented via the APIs of the providers OpenAI (OpenAI, L.L.C., USA) and Mistral AI (Mistral AI, France). Use of the API clients is subject to the providers’ terms, in particular the OpenAI Terms of Use (https://openai.com/policies/terms-of-use) and the OpenAI Privacy Policy (https://openai.com/policies/privacy-policy) as well as the Mistral Terms (https://mistral.ai/terms/) and the Mistral Privacy Policy (https://mistral.ai/privacy). The providers are used by us as processors pursuant to Art. 28 GDPR. The providers will use the data provided for their own training purposes only if this has been configured by us accordingly and—where required—consented to by you.
(4) Further information on the purpose and scope of data processing by the aforementioned providers can be found in their privacy notices. A transfer to third countries (including the USA) may occur. In these cases, we ensure an adequate level of data protection by concluding the EU Standard Contractual Clauses and implementing appropriate supplementary measures. We store chat content only for as long as it is necessary for the purposes stated above; beyond that, retention is governed by statutory requirements and/or your account settings (e.g. manual deletion/history).
Use of Google Adwords Conversion
(1) We use Google Adwords to draw attention to our attractive offers on external websites by means of advertising material (so-called Google Adwords). In relation to the data from advertising campaigns, we can determine how successful individual advertising measures are. We pursue the interest of showing you advertising that is relevant to you, making our website more interesting for you, and achieving a fair calculation of advertising costs.
(2) These advertising materials are delivered by Google via so-called “ad servers”. For this purpose, we use ad server cookies, which can measure certain parameters for success measurement, such as the display of ads or clicks by users. If you reach our website via a Google ad, a cookie is stored on your device by Google Adwords. These cookies generally lose their validity after 30 days and are not intended to identify you personally. The following are usually stored as analysis values for this cookie: the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marker that the user no longer wishes to be addressed).
(3) These cookies enable Google to recognize your internet browser. If a user visits certain pages of the website of an Adwords customer and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to that page. Each Adwords customer is assigned a different cookie. Cookies therefore cannot be tracked across the websites of Adwords customers. We ourselves do not collect or process any personal data in the advertising measures mentioned. We only receive statistical evaluations from Google. Based on these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising materials; in particular, we cannot identify users on the basis of this information.
(4) Due to the marketing tools used, your browser automatically establishes a direct connection to Google’s server. We have no influence over the scope and further use of the data collected by Google through the use of this tool and therefore inform you based on our level of knowledge: By integrating AdWords Conversion, Google receives the information that you have accessed the relevant part of our website or clicked on an ad from us. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or not logged in, it is possible that the provider may obtain and store your IP address.
(5) You can prevent participation in this tracking procedure in various ways:
a) by adjusting your browser software settings accordingly; in particular, suppressing third-party cookies will result in you not receiving ads from third parties;
b) by disabling cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”, https://www.google.de/settings/ads, whereby this setting will be deleted if you delete your cookies;
c) by disabling interest-based ads from providers that are part of the “About Ads” self-regulatory campaign via the link http://www.aboutads.info/choices, whereby this setting will be deleted if you delete your cookies;
d) by permanently disabling in your browsers Firefox, Internet Explorer or Google Chrome via the link http://www.google.com/settings/ads/plugin.
We would like to point out that in this case you may not be able to use all functions of this offering to their full extent.
(6) Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.
The legal basis is your consent, Art. 6(1) sentence 1 lit. a) GDPR.
Remarketing
In addition to Adwords Conversion, we use Google Remarketing. This is a procedure by which we wish to address you again. With this application, our ads can be displayed to you after you have visited our website when you continue using the internet. This is done by means of cookies stored in your browser, through which your usage behavior when visiting various websites is recorded and evaluated by Google. In this way, Google can determine your previous visit to our website. According to Google, there is no merging of the data collected in the context of remarketing with your personal data that may be stored by Google. In particular, according to Google, pseudonymization is used in remarketing.
The legal basis is your consent, Art. 6(1) sentence 1 lit. a) GDPR.
Awin
The controller has integrated components of Awin on this website. Awin is a German affiliate network that offers affiliate marketing. Affiliate marketing is an internet-based form of distribution that enables commercial operators of websites, the so-called merchants or advertisers, to display advertising—usually remunerated via click or sale commissions—on third-party websites, i.e. distribution partners also known as affiliates or publishers. The merchant provides advertising material via the affiliate network, such as an advertising banner or other suitable means of internet advertising, which is subsequently integrated by an affiliate into its own websites or promoted via other channels, such as keyword advertising or email marketing.
The operating company of Awin is Awin AG, Eichhornstraße 3, 10785 Berlin, Germany.
Awin sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. The tracking cookie from Awin does not store any personal data. Only the identification number of the affiliate, i.e. the partner referring the potential customer, as well as the order number of the visitor to a website and the clicked advertising material are stored. The purpose of storing this data is to handle commission payments between a merchant and the affiliate, which are processed via the affiliate network, i.e. Awin.
The data subject can prevent the setting of cookies by our website at any time by making the appropriate setting in the internet browser used, thereby permanently objecting to the setting of cookies. Such a setting in the internet browser used would also prevent Awin from setting a cookie on the information technology system of the data subject. In addition, cookies already set by Awin can be deleted at any time via an internet browser or other software programs. Awin’s applicable data protection provisions can be accessed at http://www.Awin.com/de/ueber-Awin/datenschutz/.
The legal basis is your consent, Art. 6(1) sentence 1 lit. a) GDPR.
A/B testing
(1) This website also analyzes user behavior by means of so-called A/B testing. In doing so, we may show you our websites with slightly varied content depending on a profile assignment. This allows us to analyze our offering, regularly improve it, and make it more interesting for you as a user. The legal basis for A/B testing is Art. 6(1) sentence 1 lit. f) GDPR.
(2) Cookies are stored on your computer for this evaluation. The controller stores the information collected in this way exclusively on its server in Germany. You can prevent the evaluation by deleting existing cookies and preventing cookies from being stored. If you prevent the storage of cookies, we would like to point out that you may not be able to use our website to its full extent. Preventing the storage of cookies is possible by adjusting your browser settings.
The legal basis is your consent, Art. 6(1) sentence 1 lit. a) GDPR.
Balancing of interests
If the tracking software or plug-ins mentioned above do not comply with European data protection standards regarding lawful processing under Art. 6 GDPR contrary to their statements, the following balancing of interests is made on a precautionary basis:
The processing of the data is lawful if the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Legitimate interests include legal as well as factual, economic, or non-material interests.
The purpose of data processing is the findability of the website and the analysis of user behavior.
The tracking software and plug-ins used are suitable for achieving this purpose.
Necessity is given because they are necessary to achieve the purpose.
It is appropriate because it is reasonable for the user and the appropriate level of data protection is not jeopardized.
Opt-out
To the extent that the processing of personal data by the tracking software or plug-ins mentioned is based on our overriding legitimate interests, you may object to the processing of personal data at any time. You can declare your objection by clicking the link below. This sets an opt-out cookie to prevent the collection of data by the tracking software or plug-ins mentioned within this website in the future. This opt-out cookie prevents data collection only for the browser you are currently using and only for the domain of our website.
In addition, we would like to point out that you can prevent the installation of cookies at any time by deleting existing cookies and disabling the storage of cookies in your web browser settings. You can also prevent the installation of cookies for advertising and analysis purposes by many providers by setting an opt-out cookie on certain websites such as http://optout.networkadvertising.org/, http://optout.aboutads.info or http://www.youronlinechoices.com/de/praferenzmanagement/. We would like to point out that in these cases you may not be able to use all functions of the affected websites to their full extent.
Section 3: Processing of personal data by the mobile app
Below we inform you about the collection and processing of personal data when using our mobile app, insofar as this goes beyond the data processing listed in Section 2:
Collection of personal data when using our mobile app
(1) When downloading the mobile app, the required information is transferred to the app store, in particular user name, email address and customer number of your account, time of download, payment information and the individual device identifier. We have no influence over this data collection and are not responsible for it. We process the data only insofar as it is necessary for downloading the mobile app to your mobile device.
(2) When using the mobile app, we collect the personal data described below to enable convenient use of the functions. If you wish to use our mobile app, we collect the following data, which is technically necessary for us to offer you the functions of our mobile app and to ensure stability and security (legal basis is Art. 6(1) sentence 1 lit. f) GDPR):
IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request originates
Browser
Operating system and its interface
Language and version of the browser software
(3) We also require your device identifier, unique device number (IMEI = International Mobile Equipment Identity), unique subscriber number (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), MAC address for WLAN use, name of your mobile device, email address. If you are a “Pro” customer, your bank details will also be collected.
(4) In addition to the data mentioned above, cookies are stored on your device when you use our mobile app. Cookies are small text files that are stored in the memory of your mobile device and assigned to and stored by the mobile app you use. Cookies can provide certain information to the entity that sets the cookie (here: us). Cookies cannot execute programs or transmit viruses to your mobile device. They serve to make mobile apps more user-friendly and effective overall.
This mobile app uses the following types of cookies, the scope and function of which are explained below:
Transient cookies: Transient cookies are automatically deleted when you close our mobile app. This includes in particular session cookies. These store a so-called session ID with which various requests from your mobile app can be assigned. This enables your mobile device to be recognized when you use our mobile app again. Session cookies are deleted when you log out or close the app.
Persistent cookies: Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can configure the settings of your mobile operating system and the app according to your preferences and, for example, reject the acceptance of third-party cookies or all cookies. We would like to point out that you may not be able to use all functions of our mobile app.
(5) For advertising purposes, we use the so-called “Advertising Identifier” (IDFA). This is a unique, but non-personalized and non-permanent identifier for a specific device provided by iOS. The data collected via the IDFA is not linked to other device-related information. We use the IDFA to provide you with personalized advertising and to evaluate your usage. If you activate the “Limit Ad Tracking” option in the iOS settings under “Privacy” – “Advertising”, we can only take the following measures: measure your interaction with banners by counting the number of displays of a banner without a click (“frequency capping”), click rate, determination of unique usage (“unique user”) as well as security measures, fraud prevention and troubleshooting. You can delete the IDFA at any time in the device settings (“Reset Ad Identifier”), then a new IDFA will be created, which is not merged with previously collected data. We would like to point out that you may not be able to use all functions of our app if you restrict the use of the IDFA.
(6) Collection of your location data
Our offering includes so-called “location-based services”, with which we provide you with special offers tailored to your respective location. You can only use these functions after you have agreed via a pop-up that we may collect your location data via GPS and your IP address in anonymized form for the purpose of providing services. You can allow or revoke the function at any time in the settings of the app or your operating system by setting the necessary parameters under “Settings”.
After your confirmation, your location is transmitted to us regularly, whereby we only use the most recently reported location and delete previous location reports. If location collection is active, your smartphone indicates the data processing with a compass icon in the top bar.
For the purposes of advertising, market research and tailoring the offering to meet needs, we create usage profiles using pseudonyms. This data is not merged with other personal data. You can object to this by pressing the corresponding button in the app settings. You may also contact info@outdooractive.com or the address provided in the legal notice.
(7) Use of your address book and photos
At the start of using our mobile app, we ask you in a pop-up for permission to use your address book, calendar, photos and reminders. This access is optional and required for the use of certain app functions. If you grant access, the mobile app will access your personal data only to the extent and transmit it to our server only to the extent necessary for the respective functionalities as described below:
In the case of the address book, access is required only to provide an emergency call function. When using this function, a fictitious contact with an emergency number is created for emergencies. In an emergency, you can then make a call to this contact. Personal data is processed only on your device. It is not transmitted to us or to third parties.
Access to the photo storage is only necessary if you want to add photos online to your content. Photos are never processed automatically. You decide yourself when and which photos you want to upload.
Granting this access is voluntary on the basis of the consent you have given. The legal basis is Art. 6(1) sentence 1 lit. a) GDPR. You can revoke this consent at any time in the system settings of your mobile device. For completeness, we would like to point out that you may not be able to use all functions of our app if you do not grant consent or revoke it.
Your data will be treated confidentially by us and deleted if you revoke the rights to use it or if it is no longer necessary for the provision of services and there are no statutory retention obligations requiring further storage.
(8) Apple Health
You can choose whether you want to share your activity with Apple Health. Settings to control this can be found in the Health app. Apple Health data is displayed during training in the Apple Watch app. Your age, height, gender and weight are used only to make better estimates of calorie consumption if you do tracking only with the iPhone. During tracking, the distance covered can be transferred to Health. Data from Health is not used for marketing or advertising purposes. Outdooractive uses your heart rate to record your heart rate in tracks and to display your current heart rate during recording.
(9) Health Connect via Android
You can choose whether you want to share your activities with Health Connect. Settings to control/delete data can be found in the Health Connect app and in the settings of the Android app. After recording the route, the distance covered, speed, altitude and duration can be transferred to Health Connect. The data collected as part of Health Connect is not used for marketing or advertising purposes. The Android app does not read any data from Health Connect. User data is handled securely and appropriately in the app by protecting the user account with a password in order to prevent unauthorized access/destruction/loss/alterations.
Status: October 2025