Data Protection Declaration
Unless stated otherwise below, the provision of your personal data is neither legally nor contractually obligatory, nor required for the conclusion of a contract. You are not obliged to provide your data. Not providing it will have no consequences. This only applies as long as the processing procedures below do not state otherwise, e.g. if you use individual services and offers on our website or in our app.
"Personal data" is any information relating to an identified or identifiable natural person. The legal basis for data protection can be found in the General Data Protection Regulation (GDPR).
Controller for data processing
The Controller according to Art. 4, para. 7 General Data Protection Regulation (GDPR) is
Freeletics GmbH
represented by Company Director Daniel Sobhani
Berg-am-Laim-Straße 111
81673 Munich
+49 (89) 4520 5180
Email: support@staedium.com
Server log files
You can use our websites without submitting personal data. Every time our website is accessed, user data is transferred to us or our web hosts/IT service providers by your internet browser and stored in server log files. This stored data includes information on your browsing behavior (such as browser name and type, IP address, the name of the site called up, date and time of the request, the IP address, amount of data transferred, the provider making the request and page visits). We cannot use this data to identify an individual user. Please bear in mind, however, that in the case of a static IP address, personal identification is possible by RIPE query in individual cases, although we do not perform this. Nevertheless, this website is accessible for both static and dynamic IP addresses assigned.
The processing is carried out on the basis of Article 6(1) f) GDPR due to our legitimate interests in ensuring the smooth operation of our website as well as improving our services.
In the context of the balance of interests in accordance with Article 6 (1) (f) GDPR, we have considered and weighed our interest in website and app provisioning and your interest in data protection compliant processing of your personal data. As the data is technically required for the provision of our service in order to offer you our services and also guarantee stability and security, in particular protection against misuse, we have reached the conclusion that, with a state-of-the-art oriented data security guarantee, this data can be processed whereby appropriate consideration will be given to your interest in data protection compliant processing.
The collection of data for website and app provision and the storage of data in log files is imperative for website and operation. Consequently, users may not object to this.
Collection, processing, and transfer of personal data
Apart from what was mentioned above under “Server Log files”, we only collect personal data if you provide it to us, for example when you contact us, in particular by registering a customer account, placing an order, using the STÆDIUM app, requesting information or publishing personal data in our STÆDIUM app in your profile or elsewhere. We use the personal data you provide only to the extent that your data is necessary for rendering or processing our services.
We store your data for as long as is necessary to achieve the intended purpose or until you delete your account or for as long as legal retention periods require data to be stored. Your data is subsequently deleted in accordance with legal requirements or processing is restricted.
Orders
When you submit an order we only collect and use your personal data insofar as this is necessary for the fulfillment and handling of your order as well as processing of your queries. This is, for example, full name and address details (for delivery of the order) as well as email address and password (for communication around the order and creation of a customer account to make use of the STÆDIUM subscription). In addition, you must take note of our Data Protection Declaration as well as accept our General Terms and Conditions of Business for Using Freeletics, General Freeletics STÆDIUM Sales Conditions, and Withdrawal Policy.
The provision of data is necessary for the conclusion of a contract. Failure to provide it will prevent the conclusion of any contract. The processing will occur on the basis of Article 6(1) b) GDPR and is required for the fulfillment of a contract with you. Your data connected to the order will subsequently be deleted in compliance with statutory retention periods.
Your data is transferred here, for example, to the shipping companies and dropshipping providers, payment service providers, service providers for handling the order and IT service providers that you have selected. We will comply strictly with legal requirements in every case. The scope of data transmission is restricted to a minimum. If your data is transferred to a third country, the transfer of data is based, among other things, on standard contractual clauses as appropriate guarantees for the protection of personal data.
We use information from your order such as email and purchase information (e.g. purchase date, subscription start and end date, language) for the creation of a customer account, so that you can make use of the STÆDIUM subscription. In addition, we use this information for newsletter personalization. For more information please see below “Newsletter and email personalization, and analysis of user behavior”.
As a service provider for the sale of our STÆDIUM products (equipment and subscription), we use Shopify (Shopify Inc., 150 Elgin Street, Suite 800, Ottawa, ON K2P 1L4, Canada), a cloud store system for online retailers. Shopify stores the data collected from you during the order. Shopify saves information in Canada. The European Commission has decided that Canada provides an adequate level of data protection with regard to Art. 45 GDPR. You can find the privacy policy of Shopify here.
Customer account
Registering a STÆDIUM Account
When you place an order (for the STÆDIUM equipment and the STÆDIUM subscription) Freeletics uses the email address that you use for the order to set up a customer account for STÆDIUM (“STÆDIUM account” or “customer account”). You will receive an account confirmation link sent to the email address you entered during the order process. Within this email, we provide you with a temporary password, which you can use to log in and choose your own password. After you have confirmed your account via this link, and reset your password, your STÆDIUM account will be completed and you can access our services. After you have logged in to your customer account on www.staedium.com, you can view your personal details (name, email address, password), order history, track the delivery status, or check the details around your subscription. You may also change your data at any time.
All data that you enter into your account is stored within a database of Freeletics GmbH with the service provider named below. To make use of your STÆDIUM subscription, you will have to log in to the STÆDIUM app with your customer account login credentials. This way, we will be able to verify that you already purchased the STÆDIUM subscription and grant you access to the STÆDIUM app.
The processing will occur on the basis of Article 6(1) b) GDPR and is required for the fulfillment of a contract with you.
Instead of creating a new customer account during purchase, we offer you the possibility to log in to our shop with your Freeletics account. When you have logged into your Freeletics account, your client information in the shop is pre-filled with your name and email address. In addition, your User ID will be added to your customer account in the shop.
With the customer account you used for the STÆDIUM order, you will be able to log in to your STÆDIUM app and all of our other Freeletics services (Freeletics apps and Website, and Freeletics Essentials). In the process, we use cookies – small files – on your browser in order to identify you. When you log in to the STÆDIUM app with your Freeletics account, STÆDIUM will use your name, email address, user ID, and profile picture from your Freeletics customer account. The data processing is also used for the purpose of improving your shopping experience and simplifying order processing. This does not affect the legality of any processing carried out so far on the basis of that consent. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent.
We use AWS (Amazon Web Services) as a service provider for data storage. Please find more information about AWS's compliance with data protection laws here. If AWS transfers personal data to the USA, it does so on the basis of an agreement with the EU standard contractual clauses. The legal basis is Art. 6 para. 1 lit. b) GDPR.
You may request to delete your personal data at all times. We will store your personal data in your customer account for up to 30 days after the deletion of your customer account.
Data collection, processing, and use in the context of STÆDIUM Services
Profile and Training
You need a STÆDIUM account in order to use the STÆDIUM app. The data collected for this purpose has already been explained above. In addition to that data, the following information will be stored in your profile, which is accessible in the STÆDIUM app. When you do a STÆDIUM workout, our app automatically collects information about your workout history, such as your total number of workouts taken, the dates you did the workouts, as well as training and fitness information (including leaderboard rank, STÆDIUM points, repetitions).
- public profile (photo, first name, surname)
- fitness information (ranking, STÆDIUM points)
- training information (statistics e.g. about repetitions and weights)
In addition, you become visible in the STÆDIUM app on the STÆDIUM leaderboard with the following information
- public profile (photo, first name, surname)
- STÆDIUM points
Consequently, this information is available to other users in the STÆDIUM app. Our goal with STAEDIUM is to fight boring training and bring users together. Instead, users’ performance is appreciated and can become an incentive for new members.This information helps other users to compete against you in the STÆDIUM and keeps you motivated. You have already agreed under our General Terms and Conditions of Business that upon beginning that all STÆDIUM users will be able to view your public profile and your fitness information without special consent.
If you do not want to make it possible to link your performance to yourself, you are free to refrain from providing any personal data on your profile. Moreover, you may refrain from adding a profile picture of yourself. For this reason, we have ensured that each user can change their personal information, which can be viewed by other users, and each user is free to use their own name or a fictitious name in the STÆDIUM app.
We use AWS (Amazon Web Services) as a service provider for data storage. Please find more information about AWS's compliance with data protection laws here. If AWS transfers personal data to the USA, it does so on the basis of an agreement with the EU standard contractual clauses. The legal basis is Art. 6 para. 1 lit. b) GDPR.
You may request to delete your personal data at all times. We will store your personal data in your customer account for up to 30 days after the deletion of your customer account.
Motion Tracking
Via your phone camera, the STÆDIUM app detects your body movements so that every repetition is counted and so you can get feedback with regards to your technique within the app. You may connect your STÆDIUM equipment with your app so that the used weights are detected automatically. You will receive STÆDIUM points for repetitions, chosen weights, and correct technique.
Access to your camera is only used for motion tracking. We will not record any of your training, hence no videos or the like will be stored. We use this information to help you track your progress and to enable and facilitate a good training experience and progress.
The legal basis is Art. 6 para. 1 lit. b) GDPR. You may request to delete your personal data at all times. We will store your personal data in your customer account for up to 30 days after the deletion of your customer account.
Access rights
We require these access options and information to ensure the technical function of our app and to provide the services offered with the app. During the installation procedure or before you use the app for the first time, we request permission to access individual functions and information. We will only access these functions with your approval. You can revoke access rights manually in the settings for each operating system. You can find out how this works in the manufacturer instructions for your mobile OS. However, please note that you can only use the app to a limited extent or you cannot use it at all without the relevant approval.
The legal basis is consent (Article 6(1)(a) GDPR).
Before you either use the app for the first time or use a function for the first time, we ask the user for the permissions for the purpose described below:
Permission | Purpose |
---|---|
Camera | Scan QR code to connect STÆDIUM equipment with App, taking profile picture, motion tracking |
Photo library | Selection of photos for profile |
Mobile data/WLAN (granted by the operating system) | Use of Internet and downloading of new content |
Contact
Proactive contact of the customer by email or contact form
If you make contact with us proactively via email or contact form, we shall collect your personal data (e.g. name, email address, message text) only to the extent provided by you. We also collect your IP address at login for the sole purpose of sending the form content to the web server. Your IP address will be stored until the end of the connection. We may request entries in our contact form that are required for establishing contact. We use this information to put your request into specific terms and handle your concern more effectively. Providing this information is entirely voluntary and with your consent. If the information in question refers to communication channels (for example, email address or phone number), you also give consent for us to contact you via these communication channels to respond to your concern.
The purpose of the data processing is to handle and respond to your contact request. If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, this data processing takes place on the basis of Article 6(1)(b) GDPR.
If the initial contact occurs for other reasons, this data processing takes place on the basis of Article 6(1)(f) GDPR for the purposes of our overriding, legitimate interest in handling and responding to your request. In this case, on grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of Article 6(1)(f) GDPR.
We will only use your email address to process your request. Your data will subsequently be deleted in compliance with statutory retention periods, unless you have agreed to further processing and use. Your data will be forwarded to the service provider Zendesk (Zendesk Inc., 1019 Market St., San Francisco, CA 94103 USA). For more information about Zendesk's compliance with data protection laws, please visit www.zendesk.com/company/agreements-and-terms/privacy-policy. It will not be forwarded to other third parties. Your data will be transferred to a third country. The transfer of data is based, among other things, on standard contractual clauses as appropriate guarantees for the protection of personal data.
Use of your email address for mailing of newsletters
We use your email address outside of contractual processing exclusively to send you a newsletter for our own marketing purposes, if you have explicitly agreed to this. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. To collect your consent, we use WisePops (WisePops SAS, 49 Rue Jean De La Fontaine, 75016 Paris, France) as well as Shopify (Shopify Inc., 150 Elgin Street, Suite 800, Ottawa, ON K2P 1L4, Canada). WisePops is a service provider that allows us to collect personal data through pop-up forms, e.g., to send out newsletters. These data can be your email address, your name, or similar. We use this collected data for marketing purposes and to show you personalized advertising. Please find more information on Wisepops below under “Use of Wisepops”. Shopify is a cloud store system for online retailers. Shopify saves information in Canada. The European Commission has decided that Canada provides an adequate level of data protection with regard to Art. 45 GDPR. You can find the privacy policy of Shopify here.
Your data collected for the newsletter will then be forwarded to a service provider for email marketing in the course of order processing. It will not be forwarded to other third parties. We use Braze (Braze, Inc, 330 West 34th St, New York, NY 10001 USA). For more information about Braze's compliance with data protection laws, please visit www.braze.com/privacy. Your data will be transferred to a third country. The transfer of data is based, among other things, on standard contractual clauses as appropriate guarantees for the protection of personal data.
You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal. You can unsubscribe from the newsletter at any time using the relevant link in the newsletter or by contacting us. Your email address will then be removed from the distributor.
To make doubly sure that you actually want to receive information from us, we use the double opt-in procedure. Once you have subscribed, you will receive a link by email which you can use to activate the newsletter service. In other words, we will send an email to the address given when you subscribed in which we ask for confirmation that you want to receive the newsletter. If you do not confirm your subscription, your data will not be saved in our email dispatch tool. In addition, we save your IP address and dates of newsletter subscription and confirmation. The purpose of this procedure is to verify your subscription and, where appropriate, shed light on any misuse of your personal data.
Use of your email address for mailing of direct marketing
We use your email address, which we obtained in the course of selling a good or service, for the electronic transmission of marketing for our own goods or services which are similar to those you have already purchased from us unless you have objected to this use. You must provide your email address in order to conclude a contract. Failure to provide it will prevent the conclusion of any contract.
The processing will be carried out on the basis of art. 6 (1) lit. f GDPR due to our justified interest in direct marketing. You can object to this use of your email address at any time by contacting us. You will find the contact details for exercising your right to object in our imprint. You can also use the link provided in the marketing email.
This will not involve any costs other than transmission costs at basic tariffs.
Your data will be forwarded to a service provider for email marketing during the course of order processing. We use Braze (Braze, Inc, 330 West 34th St, New York, NY 10001 USA). For more information about Braze's compliance with data protection laws, please visit www.braze.com/privacy/. It will not be forwarded to other third parties. Your data will be transferred to a third country.
The transfer of data is based, among other things, on standard contractual clauses as appropriate guarantees for the protection of personal data.
Newsletter and email personalization, and analysis of user behavior
We draw your attention to the fact that in sending the newsletter, we evaluate your user behavior, i.e. opening behavior and click behavior. Technically speaking, the evaluation of your user behavior occurs via the service provider. This allows us to draw conclusions about your behavior in order to improve our newsletter and to ensure that you only receive the newsletter you are interested in. The legal basis for tracking your user behavior in emails for the purpose of direct marketing is Art. 6 paragraph 1 f) GDPR.
If you want to prohibit personalization and tracking, or do not agree with processing for the purposes mentioned, you can object and unsubscribe from the newsletter by sending an email to support@staedium.com or by clicking on the unsubscribe link which can be found in every email.
Your data will be forwarded to a service provider for email marketing during the course of order processing. We use Braze (Braze, Inc, 330 West 34th St, New York, NY 10001 USA). For more information about Braze's compliance with data protection laws, please visit www.braze.com/privacy. It will not be forwarded to other third parties. Your data will be transferred to a third country. The transfer of data is based, among other things, on standard contractual clauses as appropriate guarantees for the protection of personal data.
Registration data for (personalized) newsletters (*) | Purpose of processing | Legal basis of processing | Storage period |
---|---|---|---|
IP address at login | Proof of double opt-in (DOI) | Consent | Up to 30 days after deletion of the customer account |
Time of registration | Proof of double opt-in (DOI) | Consent | Up to 30 days after deletion of the customer account |
IP address during DOI | Proof of double opt-in (DOI) | Consent | Up to 30 days after deletion of the customer account |
Time of DOI verification | Proof of double opt-in (DOI) | Consent | Up to 30 days after deletion of the customer account |
Email address | Newsletter dispatch | Consent | Until revocation/objection |
Gender | Direct approach | Consent | Until revocation/objection |
First name | Direct approach | Consent | Until revocation/objection |
Last name | Direct approach | Consent | Until revocation/objection |
Birthday | Usability for marketing purposes | Consent | Until revocation/objection |
Date in the context of tracking | Purpose of processing | Legal basis of processing | Storage period |
---|---|---|---|
IP address | Establishing a connection using the email evaluation tool | Consent (for the newsletter) | Until revocation/objection |
Personalized link | Measurement of click behavior | Consent (for the newsletter) | Until revocation/objection |
Device Information | Sending to your device | Consent (newsletter), legitimate interest (direct marketing) | Until revocation/objection |
Usage data | Direct address as well as analysis and assessment of registration behavior | Consent (newsletter), legitimate interest (direct marketing) | Until revocation/objection |
Campaign Information | Direct address as well as analysis and assessment of registration behavior | Consent (newsletter), legitimate interest (direct marketing) | Until revocation/objection |
Payment service providers
STÆDIUM by Freeletics offers various payment options. Depending on which payment option you choose, payment data may be transmitted to the respective payment service provider for this purpose. If your data is processed outside the EU, the payment service provider has undertaken to comply with the EU standard contractual clauses. In some cases, the payment service providers also collect this data themselves on their own responsibility. For more information on the processing of personal data by payment service providers, please refer to their privacy policies:
- Google Wallet (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). You can find more information in the privacy policy of Google Wallet.
- Shop Pay (Shopify International Limited, Intertrust Ireland 2nd Floor 1-2 Victoria Buildings Haddington Road Dublin 4, D04 XN32, Ireland). You can find more information in the privacy policy of Shop Pay.
- Stripe, Inc, 354 Oyster Point Boulevard, South San Francisco, California, 94080, USA. You can find more information in the privacy policy of Stripe.
The legal basis for this processing is Art. 6 paragraph 1 sentence 1 letter b GDPR (performance of a contract) and Art. 6 paragraph 1 sentence 1 letter a GDPR (consent).
Cookies, tracking pixels, and similar technologies
To improve our web service and make your experience as comfortable as possible, we use cookies, tracking pixels, or similar technologies.
Cookies are small text files which are saved in a user’s internet browser or by the user’s internet browser on their computer system. When a user calls up a website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic character string which allows the browser to be clearly identified when the website is called up again.
Cookies will be stored on your computer. You therefore have full control over the use of cookies. By choosing corresponding technical settings in your internet browser, you can be notified before the setting of cookies and you can decide whether to accept this setting in each individual case as well as prevent the storage of cookies and transmission of the data they contain. Cookies which have already been saved may be deleted at any time. We would, however, like to point out that this may prevent you from making full use of all the functions of this website.
Using the links below, you can find out how to manage cookies (or deactivate them, among other things) in major browsers:
We use cookies and tracking pixels for different purposes, which also means they have different legal bases and storage periods. You will find more information about that in the following sections:
Technically necessary cookies
Insofar as no other information is given in the data protection declaration below we use only these technically necessary cookies to make our offering more user-friendly, effective and secure. Without these cookies, you will not be able to view our site properly. Cookies also allow our systems to recognize your browser after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. These services require the browser to be recognised again after a page change. We also use functional cookies, which help us to improve our website and app performance.
- Analytics services are used to analyze data based on your browsing behavior (e.g. which pages you have visited on the website or how you use our App) and to improve the functionality and design of our website / App. For this purpose, we use only your User ID (if you are logged in) or a unique identifier, but no information that can be used to identify you (such as your name or email address).
- Quality assurance tools are used to measure errors presented on a website, to make sure we fix bugs or any issues promptly.
- A/B testing tools or multivariate testing tools are used to ensure a consistent design of the website and app and a consistent user experience in the current and subsequent sessions.
- Affiliate tracking — We need to let our affiliate marketing partners or service providers have certain information if you came to our site, and purchased products, through a visit to theirs. This is required as we may need to provide them a fee for such services. For this purpose, we will share information about your visit, including the products you have purchased.
Processing is carried out on the basis of art. 6 (1) lit. f GDPR due to our largely justified interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our range of services. You have the right to veto this processing of your personal data according to art. 6 (1) lit. f GDPR, for reasons relating to your personal situation.
Performance Cookies and Advertising Cookies
These cookies allow us to analyze site usage so we can measure and improve performance. They are also used by advertising companies to serve ads that are relevant to your interests. These cookies contain a unique key to distinguish individual users’ browsing habits. We also use these cookies to limit the number of times a user sees a particular ad on a website and to measure the effectiveness of a particular campaign. The identifier stored by these cookies is provided by our partners. We cannot use the same identifier in our own systems.
If you want to prevent performance cookies and advertising cookies from being saved, you can change your cookie preferences at any time by changing your cookie settings above.
The legal basis for performance cookies and advertising cookies is consent in accordance with Art. 25 para. 1 sentence 1 TTDSG. The legal basis for the processing is consent according to Art. 6 para. 1 sent. 1(a) GDPR. Obviously, you can withdraw your declarations of consent for the future at any time.
If you no longer agree to us providing your data to the service providers mentioned in our privacy policy, you can opt-out in the cookie settings on our website .
Please note: it is possible that you can still see advertisements from Freeletics on third-party platforms even if you do not choose this functionality, but these advertisements are at random and won’t be personalized.
Personalized advertisement on our and our partners’ websites
We use services of third-party advertising platforms such as Facebook (for example Instagram and Facebook), and Google (for example Gmail, YouTube, Google Discover) that allow us to show targeted campaigns and messages to users within their platforms based on the users’ behavior. For this, we use services such as Facebook Custom Audience and Google Audience, and similar services by providing them with customer lists that include the personal data you provide to us when you register, such as an email address or the device ID.
This allows the service provider to create a profile about your usage patterns in our app and on our website in order to display advertisements in a more targeted manner in order to present advertisements of interest to users on other apps and websites within the network of the respective service providers. Please find more information about the services here:
The legal basis for our processing is Art. 6 Para. 1 Sentence 1 Letter a GDPR. We only actively provide the service provider mentioned above with customer lists that include your email address or other personal data with your consent. Obviously, you can withdraw your declarations of consent for the future at any time. If you no longer agree to us providing your data to the service providers mentioned above, you can opt-out in our app settings. We will store the data as long as you do not withdraw your consent. It is possible that you can then still see advertisements from Freeletics (e.g. for STÆDIUM) even if you withdraw your consent or did not consent in the first place, but these advertisements on third-party platforms are at random.
Below you will find more information about the cookies, tracking pixel, and similar technologies we use.
Google Marketing Services
On our app, we use the marketing and re-marketing services of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) that allow us to display advertisements in a more targeted manner in order to present advertisements of interest to users. Through (re-)marketing, ads and products are displayed to users relating to an interest established by activity on other apps within the Google Network. For these purposes, a code is used by Google when our app is accessed and what are referred to as (re-)marketing tags are incorporated into the app. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies may also be used instead of cookies). Cookies can be set by various domains. This file records which apps users have visited, which content they are interested in, and which offers have been used. In addition, technical information about the browser and operating system, referring apps, the length of the visit, as well as any additional data about the use of the online products and services are stored. The IP address of users is also recorded, although we would like to inform you that within the framework of Google Analytics, IP addresses within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area are truncated.
All user data will only be processed as pseudonymous data. Google does not store any names or email addresses. All displayed ads are therefore not displayed specifically for a person, but for the owner of the cookie. This information is collected by Google and transmitted to and stored by servers in the USA.
One of the Google marketing services we use is the online advertising program Google AdWords. In the case of Google AdWords, each AdWords customer receives a different conversion cookie. Cookies can therefore not be tracked through the apps of AdWords customers. The information collected by the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they will not receive any information that personally identifies users.
We may include third-party advertisements based on the Google Marketing Service called DoubleClick. DoubleClick uses cookies to enable Google and its partner apps to place ads based on users’ visits to this app or other apps on the Internet.
The legal basis for the use of this service is Article Art. 6 paragraph 1 sentence 1 letter f GDPR.
If you wish to object to interest-based advertising by Google marketing services, you can do so using the settings and opt-out options provided by Google. As a guarantee pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), Google has signed the EU standard contractual clauses.
There is another Google service we use called Google Audience, that allows us to show targeted messages to users within the Google Network (such as Gmail, YouTube, Google Discover, etc.). For this, we may provide Google with a customer list that includes the email address or other data such as the device ID you provide to us when you register. This allows Google to create a profile about your usage patterns in our app and on our website in order to display advertisements in a more targeted manner in order to present Freeletics advertisements of interest to users on other apps and websites within the Google Network.
Please find more information about the Google Personalized Advertising Service here.
The legal basis for our processing is Art. 6 Para. 1 Sentence 1 Letter a GDPR. We only actively provide Google with customer lists that include your email address or other personal data with your consent. Obviously, you can withdraw your declarations of consent for the future at any time. If you no longer agree to us providing your data to Google, you can opt-out in our app settings. It is possible, that you can then still see advertisements from Freeletics even if you withdrew your consent or did not consent in the first place, but these advertisements on third-party platforms are at random.
Facebook Marketing Services
We use the “visitor action pixels” from Facebook (Meta Platforms Inc., Menlo Park, California) on our website so that user behavior can be tracked after users have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads.
The legal basis for this processing is Art. 6 paragraph 1 sentence 1 letter a GDPR.
As a guarantee pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), Facebook has signed the EU standard contractual clauses. If you do not wish to be tracked by Facebook in the future, you can opt-out at any time by writing an email to privacy@staedium.com.
Use of Pandectes
Our website uses the consent management tool „GDPR Cookie Bar +ePrivacy Page“ from Pandectes. The tool enables you to grant consents to data processing via the website, in particular the placing of cookies, and to make use of your right of revocation for consents already granted. The processing of data serves the purpose of obtaining necessary consents for data processing and to document these, thereby complying with statutory obligations. Cookies may be deployed for this purpose. No personal data is forwarded to Pandectes.
The data processing is carried out on the basis of Article 6(1)(c) GDPR to comply with a legal obligation. More information on data protection at Pandectes can be found at: www.pandectes.io
Use of the Google Analytics
Our website uses the web analysis service Google Analytics from Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). If you are ordinarily resident in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller responsible for your data. Google Ireland Limited is therefore the company affiliated with Google responsible for processing your data and for compliance with the applicable data protection legislation. The processing of data serves to analyse this website and its visitors and for marketing and advertising purposes. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity and to provide other services to the website operator relating to website and internet use. In this process the following information, inter alia, can be collected: IP address, date and time of the website access, click path, information on the browser and the device you are using, the pages visited, referrer URL (website via which you accessed our website), location data, purchasing activities. The IP address transmitted from your browser within the scope of Google Analytics is not associated with any other data held by Google.
Google Analytics uses technology such as cookies, web storage in the browser and tracking pixels which enable an analysis of your use of the website. The information generated by these regarding your use of this website is usually transferred to a Google server in the USA and stored there. IP anonymization is activated on this website. Google uses this to shorten your IP address beforehand within Member States of the European Union or in other signatories to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. There is no adequacy decision by the EU Commission for the USA.
The data transfer is carried out on the basis of EU-Standard Contractual Clauses as appropriate guarantees for the protection of personal data, among other things, which can be viewed at: policies.google.com/privacy/frameworks.
Both Google and US state authorities have access to your data. Google may combine your information with other information, such as your search history, personal accounts, usage data from other devices, and any other information Google has about you. The use of cookies or comparable technologies is based on § 25 para. 1 p. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR. The data processing, is carried out with your consent on the basis of Article 6(1)(a) GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal. You can find more detailed information on the terms and conditions of use and data protection at www.google.com/analytics/terms/de.html and/or at www.google.de/intl/de/policies and at policies.google.com/technologies/cookies?hl=de.
Use of Hotjar
On our website, we use the analysis tool provided by Hotjar Ltd. (Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julians STJ1000, Malta; "Hotjar"). The data processing serves the purpose of designing, optimizing, and analyzing our website according to your needs. The tool is used to randomly record the movements of visitors to the website. This creates a protocol of mouse movements, scrolling behavior, dwell time, and clicks on the website (what is known as the heat map).
For this purpose, Hotjar uses, among other things, cookies. These can involve the collection of, among other things, the following information: IP address (in anonymous form), information about the device you are using (screen size, devices, unique device identifier), information about the browser you are using, location data (country only), preferred language for displaying the website, operating system used. Detailed information on the cookies used and the function and the storage period of these can be found here: help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies This data is used to create user profiles under a pseudonym. The data is not used to personally identify the visitor of the website and is not merged with personal data of the bearer of the pseudonym. Hotjar is contractually prohibited from selling the collected data to other third parties. Your data may be transferred to the USA. There is no adequacy decision of the EU Commission for the USA. The data transfer is based, among other things, on appropriate protective measures. Hotjar will provide you with further information on the measures taken upon request. The use of cookies or comparable technologies is carried out on the basis of Art. 25 (2) no. 2 TTDSG in conjunction with Art. 6 (1) lit. (f) GDPR.
Data processing, in particular the setting of cookies, is carried out on the basis of Article 6(1)(f) GDPR on the basis of our overriding legitimate interest in the needs-based and targeted design of the website. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of Article 6(1)(f) GDPR.
To prevent Hotjar from collecting and storing data, you can set an opt-out cookie here: www.hotjar.com/legal/compliance/opt-out/s. Opt-out cookies prevent the future collection of your data when you visit this website. You must set the opt-out cookie on all systems and devices used in order to make it work across devices. If you delete the opt-out cookie, data will be transferred to Hotjar again. For more information about data protection when using Hotjar, please visit: www.hotjar.com/legal/policies/privacy/#enduserenglish.
Use of Braze
We use Braze (Braze, Inc, 330 West 34th St, New York, NY 10001 USA) on our website in order to analyze your web usage behavior. When you visit our website the information listed below is collected and analyzed by Braze, which uses an identifier (ID) that allows analysis of your use of our services. Braze collects information about your newsletter registration, user behavior regarding the newsletter (e.g. opening rates) and the usage of our website, purchase information and campaign information for the purpose of direct targeting (direct marketing) as well as analysis and campaign optimization.
For more information about Braze's compliance with data protection laws, please visit www.braze.com/privacy. If Braze transfers personal data to the USA, it does so on the basis of an agreement with the EU standard contractual clauses. The legal basis is Art. 6 para. 1 lit. f) GDPR. If you do not wish to be tracked by Braze in the future, you can opt out at any time by writing an email to privacy@staedium.com.
Use of WisePops
We work with WisePops (WisePops SAS, 49 Rue Jean De La Fontaine, 75016 Paris, France). WisePops is a provider that allows us to play pop-ups. We use WisePops to provide you with customized information during your visit to our website with overlay pop-ups. For this purpose, WisePops collects data and sets corresponding cookies.
This data includes details about your browsing history, such as when you last visited our website or pop-up campaigns you’ve interacted with. Your browsing information is stored in a cookie and placed on your computer. This information is not stored on our servers or elsewhere. It can’t be accessed by other applications, and it is not used to track you across different websites. To erase these details, you can simply empty your cookies.
We also use Wisepops to collect personal details through pop-up forms, e.g., to send out newsletters. These details can be your email address, your name, or similar. We use this collected data for marketing purposes and to show you personalized advertising.
When you enter personal details through a pop-up form, we also collect your IP address and your country.
You can find more information on the terms of use of Wisepops here and about how Wisepops is using your data in their privacy policy. As a guarantee pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), WisePops has signed the EU standard contractual clauses.
The use of cookies when using WisePops is carried out with your consent on the basis of Art. 25 para. 1 p. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data when using WisePops is carried out with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time by sending an email to privacy@staedium.com without affecting the legality of the processing carried out with your consent up to the withdrawal.
Use of Databricks
We use Databricks (Databricks Inc, 160 Spear Street, 13th Floor, San Francisco, CA 94105, USA) for processing and analyzing data on our website and performance channels (e.g. Newsletter). This data provides us with information on how you interact with our website and products. For this purpose, we use your IP address as well as mobile usage data.
The legal basis for the deployment of Databricks is Art. 6 paragraph 1 sentence 1 letter f GDPR. Databricks saves information in the USA. As a guarantee pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), Databricks has signed the EU standard contractual clauses. You can find the privacy policy of Databricks here.
Social media fan pages
STÆDIUM maintains so-called fan pages with social media providers like Instagram and Facebook (both: Facebook Inc. Menlo Park, California) in order to communicate with customers, interested parties, and users who are active there, and to inform them about our products, services, and events. In doing so, the users’ data can be processed outside of the EU. The above-mentioned US providers have signed the EU standard contractual clauses and thus guarantee the observance of European data protection laws.
In the opinion of the European Court of Justice (ECJ), we are responsible, together with Facebook, for the processing of your personal data. You can find the decision of the ECJ dated June 5, 2018 here.
A Joint Controller Agreement exists with Facebook Inc. pursuant to Art. 26 GDPR. Facebook Ireland pledges to assume the main responsibility in the context of the General Data Protection Regulation (GDPR) for the processing of Insights data and to fulfill all applicable obligations in the context of the GDPR with reference to the processing of Insights data (including, but not limited to Articles 12 and 13 GDPR, Articles 15 to 22 GDPR, and Articles 32 to 34 GDPR). Facebook Ireland will also make available the essential information of this Page Insights Addendum to the affected parties. Please contact Facebook to assume your rights as affected parties. The Data Policy of Facebook can be found here.
When using the Facebook fan page, the following data will be collected from you for the purpose of user communication and target group advertising:
- user interactions (posts, likes, etc.)
- Facebook cookies
- demographic data (e.g., based on information regarding age, place of residence, language, or gender)
- statistical data on user interactions in aggregated form, that is, without the possibility to relate the information to any particular persons (e.g., page activities, page impressions, page previews, likes, recommendations, articles, videos, page subscriptions, incl. source, times of day)
The usage of personal data for advertising purposes is of particular importance for Facebook. We use the statistics function to find out more about visitors to our fan page. The use of the function enables us to adapt our content to the respective target group. In this way, we also use, for example, the demographic information about the users’ age and location, whereby it is not at all possible for us to relate this information to persons.
In order to provide the social media service in the form of our Facebook fan page and to use the Insight function, Facebook generally saves cookies on the end device of the user. These include session cookies, which are deleted when the browser is closed, and persistent cookies that remain on the end device until they expire or are deleted by the user.
We use the Facebook Insights function for statistical evaluation purposes. In this connection, we receive anonymized data concerning the users of our Facebook fan page. As a result, it is not possible for us to trace them back to your person. For more information, you can refer to the cookie guideline of Facebook.
The personal data of users are processed on the basis of our justified interest in effectively providing information to users and maintaining communication with the users, as well as for the purposes of statistical evaluation pursuant to Art. 6(I) (f) GDPR.
Plug-ins and others
Use of the Google Tag Manager
Our website uses the Google Tag Manager from Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). If you are ordinarily resident in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller responsible for your data. Google Ireland Limited is therefore the company affiliated with Google responsible for processing your data and for compliance with the applicable data protection legislation. This application manages JavaScript tags and HTML tags which are used in particular to implement tracking and analysis tools. The data processing serves to facilitate the needs-based design and optimization of our website. The Google Tag Manager itself neither stores cookies nor processes personal data. It does, however, enable the triggering of further tags which may collect and process personal data. You can find more detailed information on the terms and conditions of use and data protection at www.google.com/intl/de/tagmanager/use-policy.html
Use of Amplitude
We use the Amplitude service (Amplitude Inc, 501 2nd Street, Suite 100, San Francisco, CA 94107, USA) on our website in order to derive application behavioral analytics. We collect device-related data (such as device type model, operating system, browser type and version) as well as usage-related information (such as geographic location, language, pages visited).We use that information to see how users interact with our website and so can be used by us for the purpose of improving website design for different device groups. Your IP address is not stored with us.
Your data will be forwarded to the service provider within the framework of order processing. Your data will not be forwarded to other third parties. Your data will be transferred to a third country. The transfer of data is based, among other things, on standard contractual clauses as appropriate guarantees for the protection of personal data.
The legal basis for this processing is Art. 6 paragraph 1 sentence 1 letter f GDPR. You can view Amplitude's privacy policy here. If you do not wish to be tracked by Amplitude in the future, you can opt out at any time by writing an email to privacy@staedium.com.
Transfer of data to third parties
We only pass your personal data on to third parties if:
- you have given your explicit consent to this,
- forwarding data is necessary for the assertion, exercise, or defense of legal claims and there is no reason to assume you have an overriding legitimate interest in your data not being passed on,
- in the event that we have a legal obligation to forward data, and
- this is legally permissible and required for the performance of the contractual relationship with you.
In the case of data transfer outside the European Union, the high European level of data protection essentially does not exist. It may be the case with a transfer that an EU Commission adequacy decision in accordance with Article 45 (1) (3) GDPR is not currently in place. This means the EU Commission has not yet decided that the level of data protection in the respective country corresponds to the level of protection in the European Union based on the GDPR. Consequently, we have put the appropriate guarantees referred to above in place.
Potential risks, which cannot be ruled out completely in connection with data transfer, are in particular:
- your personal data could be processed over and above the intended purpose.
- Moreover, there is a possibility that you may not be able to exercise your rights in relation to data protection, for example, your right of access, to rectification, erasure, or data portability, on a consistent basis and enforce these.
- It may also be highly likely that data is processed incorrectly and in quantitative and qualitative terms, the protection of personal data fails to meet the requirements of the GDPR in full.
Rights of persons affected and storage duration
Duration of storage
After contractual processing has been completed, the data is initially stored for the duration of the warranty period, then in accordance with the retention periods prescribed by law, especially tax and commercial law, and then deleted after the period has elapsed, unless you have agreed to further processing and use.
Rights of the affected person
If the legal requirements are fulfilled, you have the following rights according to art. 15 to 20 GDPR: Right to information, correction, deletion, restriction of processing, data portability. You also have a right of objection against processing based on art. 6 (1) GDPR, and to processing for the purposes of direct marketing, according to art. 21 (1) GDPR.
Contact us at any time. Our contact details can be found in our imprint. You can contact our data protection officers directly at:
Freeletics GmbH
Personal/confidential FAO Data Protection Officer
Berg-am-Laim-Straße 111
81673 Munich
Email: privacy@staedium.com
Right to erasure
You have the right to have your data erased. Deleting your STÆDIUM account also deletes all data associated with that account. All of your training results and progress will be deleted permanently. It is not possible to delete your account partially.
Via the app
- Go to your Settings under the profile tab.
- Scroll down to “Legal”.
- Choose “Security and your data”.
- Click on “Delete Account”.
- A verification email will be sent to your email address. Please confirm this to complete the deletion.
Please note that deleting your account doesn’t automatically cancel your STÆDIUM subscription. For this reason, it is very important to remember to cancel your subscription additionally to deleting your account. You can cancel your STÆDIUM subscription by logging in to your account on the STÆDIUM website. If you need help deleting your account, please contact privacy@staedium.com.
Rights to complain to the regulatory authority
You have the right to complain to the regulatory authority according to art. 77 GDPR if you believe that your data is not being processed legally.
The following supervisory authority is responsible for Freeletics GmbH:
Bayerisches Landesamt für Datenschutzaufsicht
Postfach 606
91511 Ansbach
Germany
Right to object
If the data processing outlined here is based on our legitimate interests in accordance with Article 6(1)f) GDPR, you have the right for reasons arising from your particular situation to object at any time to the processing of your data with future effect. If the objection is successful, we will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests or rights and freedoms, or the processing is intended for the assertion, exercise or defense of legal claims.
If personal data is being processed for the purposes of direct advertising, you can object to this at any time by notifying us. If the objection is successful, we will no longer process the personal data for the purposes of direct advertising.
Links to other websites
Our website may contain links to the websites of other providers. Please note that this Data Protection declaration applies only to the STÆDIUM website. We have no influence on or control over the compliance of other providers with applicable data protection regulations.
Amendments to the Data Protection Declaration
We reserve the right to amend or adjust this Data Protection declaration at any time subject to compliance with applicable data protection regulations.
last update: 10.08.2022