EN

EN

PRIVACY POLICY

Please read the privacy policy carefully before using FIFTYNINE’s services.

Please read the privacy policy carefully before using FIFTYNINE’s services.

The protection of your privacy and your personal data (within the meaning of Article 4 paragraph 1 of the General Data Protection Regulation (EU) 2016/679 (hereinafter the “GDPR”)) and other data is one of the most important concerns of FIFTYNINE (hereinafter “us”, “our”, “ours” and “we”). It is crucial for us that our customers feel safe when using our products and services.

This privacy policy describes our data processing when you use our website and any other products and/or services we offer. Please read this privacy policy carefully to find out what categories of data we collect about you, how we use it, under what circumstances we share it with third parties and what rights you have with regard to your personal data.

  1. Who we are

This privacy policy applies to all personal data processed by FIFTYNINE GYM – Riegger GbR, located at Arnulfstraße 59, 80636 Munich, in its capacity as controller for all processing operations in connection with the services (according to Article 4 Paragraph 7 GDPR). You can send us questions, comments and requests regarding our privacy policy at any time using the  contact form.

2.  General overview of data processing in connection with our services

This section 2 provides you with a general overview of the data processing operations in connection with our services.

A detailed description of our data processing operations can be found in the following section 3 on the individual data processing operations and in sections 4 to 9 on

  • our Cookie and Tracking Policy (Section 4),

  • the storage location of your personal data (Section 5),

  • the conditions for disclosure of your personal data (Section 6),

  • the retention of data (Section 7),

  • your rights as a data subject (Section 8),

  • our change policy (Section 9).

Our website may contain links to third party sites. If you follow a link to such a site, please note that they have their own privacy policies and we do not accept any responsibility or liability for their policies and their processing of your personal data. Please check their policies before entering your personal data there.

3.  Specific processing activities, type and purpose of use

3.1 Web hosting and provision of the website

Categories of data: Usage data (e.g. websites visited, interest in content, access times); meta-communication data (e.g. device information, IP addresses); content data (e.g. entries in online forms).

Data subjects: Users (e.g. visitors to the website, users of our online services).

Purpose of processing: We use the data listed here to enable you to access our website, to ensure a smooth Internet connection to our website and its easy use, to analyze the security and stability of the system and for other administrative purposes. For this purpose, we use resources (software, storage space, etc.) that we rent from third parties (“web hosts”) or obtain from other sources. You can find more information about the web hosts used under 6.2. Furthermore, access to our website (e.g. in the form of IP addresses) is logged as “server log files”. The server log files are used for security purposes and to improve the stability of the website, in particular with regard to server stability in the event of abusive attacks (DDoS attacks).

Legal basis: Legitimate interests (Article 6 paragraph 1 letter f GDPR). Our legitimate interest is based on the data collection purposes listed under the heading “Purpose of processing”. Under no circumstances will we use the data collected to determine your identity. You are not obliged to provide the personal data mentioned above. However, access to our website is not possible without providing this personal data.

Storage period: 1 year

3.2 Contact form

Categories of data: Contact data (email); content data (entries in the contact form); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Data subjects: communication partners (website visitors who use the contact form).

Purpose of processing: We use the above data to enable you to contact us, to answer inquiries received and, if necessary, to evaluate feedback. The purpose of this is to improve the user-friendliness of our website and the quality of our services.

Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR); Contractual performance and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR).

Storage period: 1 year

3.3 Customer communication via messenger

Categories of data: Contact data (e.g. email, telephone numbers); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Affected person: Customers, communication partners

Purpose of processing: In order to be able to provide our services (e.g. personal training), we may contact our customers via messenger (specific name of the services under 6.2) (e.g. to arrange an appointment). Such communication is based on the customer’s consent. The customer can object to communication via messenger at any time (alternative communication e.g. via email, contact form).

Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR); Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Storage period: 1 year

3.4 Video chats, online meetings

Categories of data: inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Affected persons: customers, suppliers, communication partners.

Purpose of processing: As a rule, both our business meetings and our customer contact (e.g. personal training) take place in person. In exceptional cases (e.g. customer wants to continue training while traveling) we can also provide our contractual services (e.g. personal training) remotely. We also use video chats and online meetings on request for contact inquiries and communication as well as organizational procedures.

Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).

Storage period: 1 year

3.5 Use of cloud services

Categories of data: inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Affected persons: customers, employees, interested parties, communication partners, suppliers.

Purpose of processing: We use cloud services to store and manage our internal data.

Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Storage period: 1 year

3.6 Contact (sending emails)

Categories of data: inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); meta/communication data (e.g. device information, IP addresses).

Affected persons: Customers

Purpose of processing: We may send emails to our existing customers for general information (e.g. changed opening hours, discount campaigns, etc.). You can object to receiving emails of this type at any time.

Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR); Contractual performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR).

Storage period: 1 year

3.7 Web analysis and optimization

Categories of data: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Affected persons: Users (e.g. website visitors).

Purpose of processing: We use web analysis tools to improve our website and its user-friendliness and to determine important metrics to optimize our services. The analysis is carried out using cookies. You can find more information about this under section 4 and in our  cookie settings .

Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR).

Storage period: 1 year

3.8 Online marketing

Categories of data: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Data subjects: Users (e.g. website visitors, users of online services).

Purpose of processing: We use marketing tools to conduct online marketing, for reach measurement, tracking and conversion measurement

Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR).

3.9 Social Media

Categories of data: contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Data subjects: Users (e.g. website visitors, users of online services).

Purpose of processing: We use social media channels to get in touch with our existing customers and to make new customers aware of our company (marketing).

Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Social media platforms used:

  • Instagram

Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

https://instagram.com/about/legal/privacy

  • Facebook

Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

https://www.facebook.com/about/privacy

  • YouTube Google

Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

https://policies.google.com/privacy

3.10 Use of plugins and embedded functions/content

Categories of data: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses); location data (information on the geographical position of a device or person); content data (e.g. entries in online forms).

Data subjects: Users (e.g. website visitors, users of online services).

Purpose of processing: We use plugins and embedded functions/content from third parties to provide our website and improve its user-friendliness. The content from third parties is integrated locally wherever possible (e.g. Google Fonts) in order to minimize data transfer.

Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).

Embedded content:

  • Integration of third-party software, scripts or frameworks (e.g. jQuery): We use software for our website that is provided by third parties (e.g. function libraries to improve user-friendliness). The respective providers may collect data (IP address) for the purposes of transmission, security or for evaluation and optimization; Legal basis; Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR).
  • Google Maps: We only integrate the maps from “Google Maps” from the provider Google on our contact page after separate consent has been given. The data processed may include, in particular, IP addresses and location data of users; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR), consent (Art. 6 Para. 1 Clause 1 lit. a) GDPR); Website:  https://mapsplatform.google.com/ ; Data protection declaration:  https://policies.google.com/privacy .
  • Google Tag Manager: Google Tag Manager manages so-called website tags to integrate other services into the website. The Tag Manager itself does not create user profiles and does not store cookies. Only the IP address is required to run the Tag Manager and is therefore collected by Google; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Clause 1 lit. a) GDPR); Website:  https://marketingplatform.google.com ; Privacy policy:  https://policies.google.com/privacy ; Order processing agreement:  https://business.safety.google/adsprocessorterms ; Standard contractual clauses (guaranteeing data protection level when processing in third countries):  https://business.safety.google/adsprocessorterms ; Further information: https://privacy.google.com/businesses/adsservices  (types of processing and data processed).

4. Cookies and tracking on our services

Our services use so-called cookies. These are text files that are stored either in or through your internet browser on your device (computer, tablet or phone). We use the term “cookies” to refer to all the tools that collect data on our website (e.g. IP addresses, location and time of visits). This type of processing is carried out on the basis of applicable law and, to the extent that it is required by law, on the basis of your consent.

The use of cookies that are not technically necessary is based on your consent. You can adjust your consent at any time in our  cookie settings  .

5. Where we store your personal data

The personal data collected from you is stored within the European Union and outside the European Union on cloud servers of our subcontractors (see section 6.2). The data collected may be processed on the basis of any data processing agreements by processors outside the European Economic Area (previously and hereinafter “EEA”) insofar as the additional requirements for the processing of personal data in third countries pursuant to Article 44 et seq. GDPR are met (e.g. if the subcontractor is able to offer appropriate guarantees pursuant to Article 46 GDPR, in particular standard data protection clauses, binding internal data protection rules, approved codes of conduct or exceptions for specific cases pursuant to Article 49 GDPR) and the additional measures that must be ensured on a case-by-case basis are taken.

Sensitive data is transmitted between your browser and our services in encrypted form. Transport Layer Security (“TLS”) is used here. When transmitting sensitive data, you should always make sure that your browser can verify our certificate.

Please direct any concerns regarding safeguards for the transfer of your personal data outside the EEA to us.

Note on the storage of your data by US providers (see section 6.1): The European Court of Justice considers the USA to be a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any legal recourse.

6. Disclosure of your personal data

6.1  We commission technical service providers to operate and maintain our services. These service providers then act as data processors within the meaning of the GDPR on the basis of data processing agreements. A complete list of the data processors we use in strict accordance with Section 3 above can be found under 6.2. Where we use service providers who process personal data outside the EEA (or in so-called “third countries”), we only do so with appropriate protective measures (e.g. IP anonymization in Google Analytics).

We use service providers in the USA, among others. In its decision C-311/18 (Schrems II), the ECJ found that the EU-US Privacy Shield is not sufficient to protect your rights as a data subject in the USA and is therefore invalid. As a result, there is a particular risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any legal remedies (see section 3.5). We would therefore like to point out again at this point that you have the right to withdraw your consent (see section 8).

Legal basis: The legal basis for the transmission and processing of your personal data by the processor in the third country is your express consent (Article 49 paragraph 1 letter a GDPR).

6.2 Processors and services used:

cm19:  Cookie consent management; Service provider: Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany; Website:  https://www.ccm19.de/ ; Privacy policy:  https://www.ccm19.de/datenschutzerklaerung.html ; Further information: A pseudonymous user ID with the consent status is stored.

Microsoft Cloud Services : Cloud storage, cloud infrastructure services, and cloud-based application software; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, Parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); Website:  https://microsoft.com/de-de ; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement , Security information:  https://www.microsoft.com/de-de/trustcenter ; Data processing agreement:  https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA ; Standard contractual clauses (ensuring data protection levels when processing in third countries):  https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA .

OptiOffice : Accounting and administration software for personal trainers and studios; Service provider: OptiOffice GbR, Mittelweg 149, 20148 Hamburg; Website:  https://optioffice.net/ ; Privacy policy:  https://optioffice.net/datenschutzerklaerung/ ; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

HostEurope: Services in the field of the provision of information technology infrastructure and related services (e.g. storage space and/or computing capacities); Service provider: Host Europe GmbH, Hansestrasse 111, 51149 Cologne, Germany; Legal basis: legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website:  https://www.hosteurope.de ; Privacy policy:  https://www.hosteurope.de/AGB/Datenschutzerklaerung ; Data processing agreement: https://www.hosteurope.de/Dokumente/ .

WordPress.com : Hosting and software for the creation, provision and operation of websites, blogs and other online offerings; Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website:  https://wordpress.com ; Privacy policy:  https://automattic.com/de/privacy/ ; Data processing agreement:  https://wordpress.com/support/data-processing-agreements/ .

Telegram Broadcasts : Telegram Broadcasts – messenger with end-to-end encryption; service provider: Telegram, Dubai; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); website:  https://telegram.org/ ; data protection declaration:  https://telegram.org/privacy .

WhatsApp : WhatsApp Messenger with end-to-end encryption; Service provider: WhatsApp Ireland Limited, 4 Grand Canal Quay, Dublin 2, D02 KH28, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR); Website:  https://www.whatsapp.com/ ; Privacy Policy:  https://www.whatsapp.com/legal .

Skype : Messenger and conference software; Service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); Website:  https://www.skype.com/de/ ; Privacy policy:  https://privacy.microsoft.com/de-de/privacystatement , Security information:  https://www.microsoft.com/de-de/trustcenter .

Zoom : video conferences, web conferences and webinars; service provider: Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; legal basis: legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); website:  https://zoom.us ; privacy policy:  https://zoom.us/docs/de-de/privacy-and-legal.html ; data processing agreement:  https://zoom.us/docs/de-de/privacy-and-legal.html  (referred to as Global DPA); standard contractual clauses (guaranteeing data protection level when processing in third countries):  https://zoom.us/docs/de-de/privacy-and-legal.html  (referred to as Global DPA).

Apple iCloud : cloud storage service; service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; legal basis: legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); website:  https://www.apple.com/de/ ; privacy policy: https://www.apple.com/legal/privacy/de-ww/ .

Google Analytics : web analysis, reach measurement and measurement of user flows; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal basis: consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); website: https://marketingplatform.google.com/intl/de/about/analytics/ ; privacy policy:  https://policies.google.com/privacy ; order processing agreement:  https://business.safety.google/adsprocessorterms ; standard contractual clauses (guaranteeing data protection level when processing in third countries):  https://business.safety.google/adsprocessorterms ; possibility of objection (opt-out): opt-out plug-in:  https://tools.google.com/dlpage/gaoptout?hl=de , settings for the display of advertisements:  https://adssettings.google.com/authenticated ; Further information: https://privacy.google.com/businesses/adsservices  (types of processing and data processed).

Google Ads and conversion measurement : We use the online marketing process “Google Ads” to place ads in the Google advertising network (e.g. in search results, in videos, on websites, etc.) so that they are shown to users who are likely to be interested in the ads (so-called “conversion”). We also measure the conversion of the ads. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page with a so-called “conversion tracking tag”. However, we ourselves do not receive any information that can be used to identify users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Clause 1 lit. a) GDPR); Website:  https://marketingplatform.google.com ; Privacy policy:  https://policies.google.com/privacy ; Further information: Types of processing and data processed:  https://privacy.google.com/businesses/adsservices ; Data processing conditions between controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms .

WeTransfer : transfer of files over the Internet; service provider: WeTransfer BV, Oostelijke Handelskade 751, Amsterdam, 1019 BW, Netherlands; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); website: https://wetransfer.com ; privacy policy:  https://wetransfer.com/legal/privacy .

6.3 European Union law or the laws of an EU Member State may require us to disclose or share personal data.

Legal basis: Fulfillment of a legal obligation (Article 6 paragraph 1 letter c GDPR).

7. Duration of storage of your personal data

We will keep your personal data for as long as necessary or as required by law or other regulatory requirements, but always in accordance with the principle of data minimization. The exact retention period for each type of processing is set out in section 3 above.

If your personal data is used for more than one purpose, we will retain it until the longest storage period expires, but we will stop using the data after the shortest storage period has expired (in accordance with the principle of purpose limitation). We restrict access to your personal data to people who need this data for the respective purposes. The principle of completeness and confidentiality always applies.

After the processing of your data for the purposes stated in Section 3 is no longer necessary, we will store and retain some of your data (e.g. email address, internal database ID and deletion request and time) securely and separately in accordance with statutory retention periods and justified operational requirements (e.g. for deletion documentation).

We retain data related to your use of our services for a period of three or ten years, depending on operational requirements, in order to be able to assert, exercise and defend legal claims.

If the purpose for processing personal data no longer applies, the data concerned will either be irreversibly anonymized (and stored in anonymized form) or securely deleted.

8. Your rights as a data subject

Under the GDPR, you have various rights (listed below) in relation to your personal data.

You can exercise your rights by sending us a message to the contact details below.

  • The right to withdraw consent : If the processing of your data is based on your prior consent, you have the right to withdraw it at any time here. However, exercising your right of withdrawal will not affect the lawfulness of processing carried out on the basis of your consent before your withdrawal.
  • Right to object : You have the right to object under the conditions set out in Article 21 GDPR. You can find more detailed information on this below:
  • The right to object to processing based on legitimate interests : As a data subject, you have the right to object at any time to the processing of personal data concerning you based on Article 6 (1) (e) or (f) GDPR, for reasons related to your particular situation; this also applies to profiling based on these provisions. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
  • The right to object to processing for statistical purposes : If we process your personal data for statistical purposes in accordance with Article 9 paragraph 2 letter j of the GDPR or Section 27 paragraph 1 of the BDSG, you have the right to object to this processing at any time for reasons arising from your particular situation. We will then no longer process the personal data for the respective purposes, unless the processing is absolutely necessary for the performance of tasks in the public interest or the cessation of such processing would with a high degree of probability make the performance of statistical purposes impossible or seriously hinder it and the continuation of the processing would therefore be essential for the performance of statistical purposes.
  • The right to object to the processing of personal data for public health purposes : If we process your personal data for public health purposes within the meaning of Article 9 Paragraph 2 Letter i of GDPR or Section 22 Paragraph 1 No. 1 Letter c of Federal Data Protection Act (BDSG), you have the right to object to this processing at any time for reasons arising from your particular situation. We will then no longer process the personal data for this purpose, unless the processing is absolutely necessary for the performance of tasks in the public interest or the cessation of such processing would with a high probability make the fulfilment of public health purposes impossible or seriously hinder it and the continuation of the processing would therefore be essential for the fulfilment of public health purposes.
  • The right to object to direct marketing : If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct marketing. We will then no longer process your personal data for this purpose. To exercise your rights of objection in this regard, reply by email to the promotional email you received from us or contact us here at any time.
  • Right to information : As a data subject, you have a right to information under the conditions of Article 15 of the GDPR. More specifically, this means that you have the right to request confirmation from us as to whether or not personal data concerning you are being processed by us. If this is the case, you also have a right to information about this personal data and to the information listed in Article 15 paragraph 1 of the GDPR. This includes information about the purposes of the processing, the categories of personal data being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed.
  • Right to erasure (“right to be forgotten”) : Under the conditions of Article 17 of the GDPR, you as the data subject have the right to erasure (“right to be forgotten”). This means that in general you have the right to request that we erase personal data concerning you without undue delay and we are then obliged to erase personal data without undue delay if one of the reasons set out in Article 17(1) GDPR applies. You can exercise this right at any time by deleting your account. If we have made your personal data public and are obliged to erase it, we will take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to inform data controllers which process your personal data that you have requested them to erase all links to these personal data or copies or replications of these personal data (Article 17(2) GDPR). The right to erasure (“right to be forgotten”) does not apply on the basis of the exception if the processing is necessary for a reason stated in Article 17 paragraph 3 GDPR. This is the case, for example, if the processing is necessary to comply with legal obligations or to assert, exercise or defend legal claims (Article 17 paragraph 3 letters b and e GDPR).
  • Right to restriction of processing : As a data subject, you have the right to request that we restrict processing if one of the conditions listed in Article 18 GDPR is met. If one of the conditions listed in Article 18 Paragraph 1 GDPR is met, you can therefore request that we restrict the processing of your personal data. This is the case, for example, if you contest the accuracy of your personal data. In such a case, processing will be restricted for a period that enables us to verify the accuracy of the personal data (Article 18 Paragraph 1 Letter a GDPR). “Restriction of processing” means marking stored personal data with the aim of restricting its future processing (Article 4 Paragraph 3 GDPR).
  • Right to data portability : Under the conditions described in Article 20 GDPR, you as the data subject have the right to the portability of your personal data. This means that you generally have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transmit this data to another controller without hindrance from us, provided that the processing is based on consent (pursuant to Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a GDPR) or on a contract (pursuant to Article 6 Paragraph 1 Letter b GDPR) and the processing is carried out using automated procedures (Article 20 Paragraph 1 GDPR). When exercising your right to data portability, you also have the right to have the personal data transmitted directly by us to another controller, where technically feasible (Article 20 Paragraph 2 GDPR).
  • Right to rectification : Under the conditions set out in Article 16 of the GDPR, you as the data subject have the right to rectification. In particular, you have the right to request that we immediately rectify any inaccurate personal data concerning you and complete any incomplete personal data.
  • Right to complain : As a data subject, you have the right to complain to a supervisory authority under the conditions set out in Article 77 GDPR. The supervisory authority responsible for us is the Bavarian State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach, Tel.: +49 981 180093-0,  poststelle@lda.bayern.de ,  www.lda.bayern.de .

If you ask us to delete or no longer process your personal data, this means that you will no longer be able to use our services or at least those sub-services that require the processing of the data you have requested to be deleted. As a result, you may no longer have any access to our services.

9. Changes to this Privacy Policy

Any changes we may make to this privacy policy in the future will be posted on this page and, where appropriate, notified to you by email or other available means. We therefore recommend that you check this page regularly to stay informed about how we process your data.

This privacy policy is currently valid and is dated January 2023.

Do you have any questions? Feel free to write to us at  office@fiftynine-gym.de

PRIVACY POLICY

Please read the privacy policy carefully before using FIFTYNINE’s services.

Please read the privacy policy carefully before using FIFTYNINE’s services.

The protection of your privacy and your personal data (within the meaning of Article 4 paragraph 1 of the General Data Protection Regulation (EU) 2016/679 (hereinafter the “GDPR”)) and other data is one of the most important concerns of FIFTYNINE (hereinafter “us”, “our”, “ours” and “we”). It is crucial for us that our customers feel safe when using our products and services.

This privacy policy describes our data processing when you use our website and any other products and/or services we offer. Please read this privacy policy carefully to find out what categories of data we collect about you, how we use it, under what circumstances we share it with third parties and what rights you have with regard to your personal data.

  1. Who we are

This privacy policy applies to all personal data processed by FIFTYNINE GYM – Riegger GbR, located at Arnulfstraße 59, 80636 Munich, in its capacity as controller for all processing operations in connection with the services (according to Article 4 Paragraph 7 GDPR). You can send us questions, comments and requests regarding our privacy policy at any time using the  contact form.

2.  General overview of data processing in connection with our services

This section 2 provides you with a general overview of the data processing operations in connection with our services.

A detailed description of our data processing operations can be found in the following section 3 on the individual data processing operations and in sections 4 to 9 on

  • our Cookie and Tracking Policy (Section 4),

  • the storage location of your personal data (Section 5),

  • the conditions for disclosure of your personal data (Section 6),

  • the retention of data (Section 7),

  • your rights as a data subject (Section 8),

  • our change policy (Section 9).

Our website may contain links to third party sites. If you follow a link to such a site, please note that they have their own privacy policies and we do not accept any responsibility or liability for their policies and their processing of your personal data. Please check their policies before entering your personal data there.

3.  Specific processing activities, type and purpose of use

3.1 Web hosting and provision of the website

Categories of data: Usage data (e.g. websites visited, interest in content, access times); meta-communication data (e.g. device information, IP addresses); content data (e.g. entries in online forms).

Data subjects: Users (e.g. visitors to the website, users of our online services).

Purpose of processing: We use the data listed here to enable you to access our website, to ensure a smooth Internet connection to our website and its easy use, to analyze the security and stability of the system and for other administrative purposes. For this purpose, we use resources (software, storage space, etc.) that we rent from third parties (“web hosts”) or obtain from other sources. You can find more information about the web hosts used under 6.2. Furthermore, access to our website (e.g. in the form of IP addresses) is logged as “server log files”. The server log files are used for security purposes and to improve the stability of the website, in particular with regard to server stability in the event of abusive attacks (DDoS attacks).

Legal basis: Legitimate interests (Article 6 paragraph 1 letter f GDPR). Our legitimate interest is based on the data collection purposes listed under the heading “Purpose of processing”. Under no circumstances will we use the data collected to determine your identity. You are not obliged to provide the personal data mentioned above. However, access to our website is not possible without providing this personal data.

Storage period: 1 year

3.2 Contact form

Categories of data: Contact data (email); content data (entries in the contact form); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Data subjects: communication partners (website visitors who use the contact form).

Purpose of processing: We use the above data to enable you to contact us, to answer inquiries received and, if necessary, to evaluate feedback. The purpose of this is to improve the user-friendliness of our website and the quality of our services.

Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR); Contractual performance and pre-contractual inquiries (Art. 6 Para. 1 Clause 1 Letter b) GDPR).

Storage period: 1 year

3.3 Customer communication via messenger

Categories of data: Contact data (e.g. email, telephone numbers); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Affected person: Customers, communication partners

Purpose of processing: In order to be able to provide our services (e.g. personal training), we may contact our customers via messenger (specific name of the services under 6.2) (e.g. to arrange an appointment). Such communication is based on the customer’s consent. The customer can object to communication via messenger at any time (alternative communication e.g. via email, contact form).

Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR); Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Storage period: 1 year

3.4 Video chats, online meetings

Categories of data: inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Affected persons: customers, suppliers, communication partners.

Purpose of processing: As a rule, both our business meetings and our customer contact (e.g. personal training) take place in person. In exceptional cases (e.g. customer wants to continue training while traveling) we can also provide our contractual services (e.g. personal training) remotely. We also use video chats and online meetings on request for contact inquiries and communication as well as organizational procedures.

Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).

Storage period: 1 year

3.5 Use of cloud services

Categories of data: inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Affected persons: customers, employees, interested parties, communication partners, suppliers.

Purpose of processing: We use cloud services to store and manage our internal data.

Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Storage period: 1 year

3.6 Contact (sending emails)

Categories of data: inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); meta/communication data (e.g. device information, IP addresses).

Affected persons: Customers

Purpose of processing: We may send emails to our existing customers for general information (e.g. changed opening hours, discount campaigns, etc.). You can object to receiving emails of this type at any time.

Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR); Contractual performance and pre-contractual inquiries (Article 6 (1) sentence 1 lit. b) GDPR).

Storage period: 1 year

3.7 Web analysis and optimization

Categories of data: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Affected persons: Users (e.g. website visitors).

Purpose of processing: We use web analysis tools to improve our website and its user-friendliness and to determine important metrics to optimize our services. The analysis is carried out using cookies. You can find more information about this under section 4 and in our  cookie settings .

Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR).

Storage period: 1 year

3.8 Online marketing

Categories of data: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Data subjects: Users (e.g. website visitors, users of online services).

Purpose of processing: We use marketing tools to conduct online marketing, for reach measurement, tracking and conversion measurement

Legal basis: Consent (Article 6 (1) sentence 1 lit. a) GDPR).

3.9 Social Media

Categories of data: contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Data subjects: Users (e.g. website visitors, users of online services).

Purpose of processing: We use social media channels to get in touch with our existing customers and to make new customers aware of our company (marketing).

Legal basis: Legitimate interests (Article 6 (1) sentence 1 lit. f) GDPR).

Social media platforms used:

  • Instagram

Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

https://instagram.com/about/legal/privacy

  • Facebook

Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

https://www.facebook.com/about/privacy

  • YouTube Google

Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

https://policies.google.com/privacy

3.10 Use of plugins and embedded functions/content

Categories of data: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses); location data (information on the geographical position of a device or person); content data (e.g. entries in online forms).

Data subjects: Users (e.g. website visitors, users of online services).

Purpose of processing: We use plugins and embedded functions/content from third parties to provide our website and improve its user-friendliness. The content from third parties is integrated locally wherever possible (e.g. Google Fonts) in order to minimize data transfer.

Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).

Embedded content:

  • Integration of third-party software, scripts or frameworks (e.g. jQuery): We use software for our website that is provided by third parties (e.g. function libraries to improve user-friendliness). The respective providers may collect data (IP address) for the purposes of transmission, security or for evaluation and optimization; Legal basis; Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR).
  • Google Maps: We only integrate the maps from “Google Maps” from the provider Google on our contact page after separate consent has been given. The data processed may include, in particular, IP addresses and location data of users; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR), consent (Art. 6 Para. 1 Clause 1 lit. a) GDPR); Website:  https://mapsplatform.google.com/ ; Data protection declaration:  https://policies.google.com/privacy .
  • Google Tag Manager: Google Tag Manager manages so-called website tags to integrate other services into the website. The Tag Manager itself does not create user profiles and does not store cookies. Only the IP address is required to run the Tag Manager and is therefore collected by Google; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Clause 1 lit. a) GDPR); Website:  https://marketingplatform.google.com ; Privacy policy:  https://policies.google.com/privacy ; Order processing agreement:  https://business.safety.google/adsprocessorterms ; Standard contractual clauses (guaranteeing data protection level when processing in third countries):  https://business.safety.google/adsprocessorterms ; Further information: https://privacy.google.com/businesses/adsservices  (types of processing and data processed).

4. Cookies and tracking on our services

Our services use so-called cookies. These are text files that are stored either in or through your internet browser on your device (computer, tablet or phone). We use the term “cookies” to refer to all the tools that collect data on our website (e.g. IP addresses, location and time of visits). This type of processing is carried out on the basis of applicable law and, to the extent that it is required by law, on the basis of your consent.

The use of cookies that are not technically necessary is based on your consent. You can adjust your consent at any time in our  cookie settings  .

5. Where we store your personal data

The personal data collected from you is stored within the European Union and outside the European Union on cloud servers of our subcontractors (see section 6.2). The data collected may be processed on the basis of any data processing agreements by processors outside the European Economic Area (previously and hereinafter “EEA”) insofar as the additional requirements for the processing of personal data in third countries pursuant to Article 44 et seq. GDPR are met (e.g. if the subcontractor is able to offer appropriate guarantees pursuant to Article 46 GDPR, in particular standard data protection clauses, binding internal data protection rules, approved codes of conduct or exceptions for specific cases pursuant to Article 49 GDPR) and the additional measures that must be ensured on a case-by-case basis are taken.

Sensitive data is transmitted between your browser and our services in encrypted form. Transport Layer Security (“TLS”) is used here. When transmitting sensitive data, you should always make sure that your browser can verify our certificate.

Please direct any concerns regarding safeguards for the transfer of your personal data outside the EEA to us.

Note on the storage of your data by US providers (see section 6.1): The European Court of Justice considers the USA to be a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any legal recourse.

6. Disclosure of your personal data

6.1  We commission technical service providers to operate and maintain our services. These service providers then act as data processors within the meaning of the GDPR on the basis of data processing agreements. A complete list of the data processors we use in strict accordance with Section 3 above can be found under 6.2. Where we use service providers who process personal data outside the EEA (or in so-called “third countries”), we only do so with appropriate protective measures (e.g. IP anonymization in Google Analytics).

We use service providers in the USA, among others. In its decision C-311/18 (Schrems II), the ECJ found that the EU-US Privacy Shield is not sufficient to protect your rights as a data subject in the USA and is therefore invalid. As a result, there is a particular risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any legal remedies (see section 3.5). We would therefore like to point out again at this point that you have the right to withdraw your consent (see section 8).

Legal basis: The legal basis for the transmission and processing of your personal data by the processor in the third country is your express consent (Article 49 paragraph 1 letter a GDPR).

6.2 Processors and services used:

cm19:  Cookie consent management; Service provider: Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany; Website:  https://www.ccm19.de/ ; Privacy policy:  https://www.ccm19.de/datenschutzerklaerung.html ; Further information: A pseudonymous user ID with the consent status is stored.

Microsoft Cloud Services : Cloud storage, cloud infrastructure services, and cloud-based application software; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, Parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); Website:  https://microsoft.com/de-de ; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement , Security information:  https://www.microsoft.com/de-de/trustcenter ; Data processing agreement:  https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA ; Standard contractual clauses (ensuring data protection levels when processing in third countries):  https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA .

OptiOffice : Accounting and administration software for personal trainers and studios; Service provider: OptiOffice GbR, Mittelweg 149, 20148 Hamburg; Website:  https://optioffice.net/ ; Privacy policy:  https://optioffice.net/datenschutzerklaerung/ ; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

HostEurope: Services in the field of the provision of information technology infrastructure and related services (e.g. storage space and/or computing capacities); Service provider: Host Europe GmbH, Hansestrasse 111, 51149 Cologne, Germany; Legal basis: legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website:  https://www.hosteurope.de ; Privacy policy:  https://www.hosteurope.de/AGB/Datenschutzerklaerung ; Data processing agreement: https://www.hosteurope.de/Dokumente/ .

WordPress.com : Hosting and software for the creation, provision and operation of websites, blogs and other online offerings; Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website:  https://wordpress.com ; Privacy policy:  https://automattic.com/de/privacy/ ; Data processing agreement:  https://wordpress.com/support/data-processing-agreements/ .

Telegram Broadcasts : Telegram Broadcasts – messenger with end-to-end encryption; service provider: Telegram, Dubai; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); website:  https://telegram.org/ ; data protection declaration:  https://telegram.org/privacy .

WhatsApp : WhatsApp Messenger with end-to-end encryption; Service provider: WhatsApp Ireland Limited, 4 Grand Canal Quay, Dublin 2, D02 KH28, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 Letter f) GDPR); Website:  https://www.whatsapp.com/ ; Privacy Policy:  https://www.whatsapp.com/legal .

Skype : Messenger and conference software; Service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Legal basis: Legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); Website:  https://www.skype.com/de/ ; Privacy policy:  https://privacy.microsoft.com/de-de/privacystatement , Security information:  https://www.microsoft.com/de-de/trustcenter .

Zoom : video conferences, web conferences and webinars; service provider: Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; legal basis: legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); website:  https://zoom.us ; privacy policy:  https://zoom.us/docs/de-de/privacy-and-legal.html ; data processing agreement:  https://zoom.us/docs/de-de/privacy-and-legal.html  (referred to as Global DPA); standard contractual clauses (guaranteeing data protection level when processing in third countries):  https://zoom.us/docs/de-de/privacy-and-legal.html  (referred to as Global DPA).

Apple iCloud : cloud storage service; service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; legal basis: legitimate interests (Art. 6 Para. 1 Clause 1 lit. f) GDPR); website:  https://www.apple.com/de/ ; privacy policy: https://www.apple.com/legal/privacy/de-ww/ .

Google Analytics : web analysis, reach measurement and measurement of user flows; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal basis: consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); website: https://marketingplatform.google.com/intl/de/about/analytics/ ; privacy policy:  https://policies.google.com/privacy ; order processing agreement:  https://business.safety.google/adsprocessorterms ; standard contractual clauses (guaranteeing data protection level when processing in third countries):  https://business.safety.google/adsprocessorterms ; possibility of objection (opt-out): opt-out plug-in:  https://tools.google.com/dlpage/gaoptout?hl=de , settings for the display of advertisements:  https://adssettings.google.com/authenticated ; Further information: https://privacy.google.com/businesses/adsservices  (types of processing and data processed).

Google Ads and conversion measurement : We use the online marketing process “Google Ads” to place ads in the Google advertising network (e.g. in search results, in videos, on websites, etc.) so that they are shown to users who are likely to be interested in the ads (so-called “conversion”). We also measure the conversion of the ads. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page with a so-called “conversion tracking tag”. However, we ourselves do not receive any information that can be used to identify users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Clause 1 lit. a) GDPR); Website:  https://marketingplatform.google.com ; Privacy policy:  https://policies.google.com/privacy ; Further information: Types of processing and data processed:  https://privacy.google.com/businesses/adsservices ; Data processing conditions between controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms .

WeTransfer : transfer of files over the Internet; service provider: WeTransfer BV, Oostelijke Handelskade 751, Amsterdam, 1019 BW, Netherlands; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); website: https://wetransfer.com ; privacy policy:  https://wetransfer.com/legal/privacy .

6.3 European Union law or the laws of an EU Member State may require us to disclose or share personal data.

Legal basis: Fulfillment of a legal obligation (Article 6 paragraph 1 letter c GDPR).

7. Duration of storage of your personal data

We will keep your personal data for as long as necessary or as required by law or other regulatory requirements, but always in accordance with the principle of data minimization. The exact retention period for each type of processing is set out in section 3 above.

If your personal data is used for more than one purpose, we will retain it until the longest storage period expires, but we will stop using the data after the shortest storage period has expired (in accordance with the principle of purpose limitation). We restrict access to your personal data to people who need this data for the respective purposes. The principle of completeness and confidentiality always applies.

After the processing of your data for the purposes stated in Section 3 is no longer necessary, we will store and retain some of your data (e.g. email address, internal database ID and deletion request and time) securely and separately in accordance with statutory retention periods and justified operational requirements (e.g. for deletion documentation).

We retain data related to your use of our services for a period of three or ten years, depending on operational requirements, in order to be able to assert, exercise and defend legal claims.

If the purpose for processing personal data no longer applies, the data concerned will either be irreversibly anonymized (and stored in anonymized form) or securely deleted.

8. Your rights as a data subject

Under the GDPR, you have various rights (listed below) in relation to your personal data.

You can exercise your rights by sending us a message to the contact details below.

  • The right to withdraw consent : If the processing of your data is based on your prior consent, you have the right to withdraw it at any time here. However, exercising your right of withdrawal will not affect the lawfulness of processing carried out on the basis of your consent before your withdrawal.
  • Right to object : You have the right to object under the conditions set out in Article 21 GDPR. You can find more detailed information on this below:
  • The right to object to processing based on legitimate interests : As a data subject, you have the right to object at any time to the processing of personal data concerning you based on Article 6 (1) (e) or (f) GDPR, for reasons related to your particular situation; this also applies to profiling based on these provisions. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
  • The right to object to processing for statistical purposes : If we process your personal data for statistical purposes in accordance with Article 9 paragraph 2 letter j of the GDPR or Section 27 paragraph 1 of the BDSG, you have the right to object to this processing at any time for reasons arising from your particular situation. We will then no longer process the personal data for the respective purposes, unless the processing is absolutely necessary for the performance of tasks in the public interest or the cessation of such processing would with a high degree of probability make the performance of statistical purposes impossible or seriously hinder it and the continuation of the processing would therefore be essential for the performance of statistical purposes.
  • The right to object to the processing of personal data for public health purposes : If we process your personal data for public health purposes within the meaning of Article 9 Paragraph 2 Letter i of GDPR or Section 22 Paragraph 1 No. 1 Letter c of Federal Data Protection Act (BDSG), you have the right to object to this processing at any time for reasons arising from your particular situation. We will then no longer process the personal data for this purpose, unless the processing is absolutely necessary for the performance of tasks in the public interest or the cessation of such processing would with a high probability make the fulfilment of public health purposes impossible or seriously hinder it and the continuation of the processing would therefore be essential for the fulfilment of public health purposes.
  • The right to object to direct marketing : If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct marketing. We will then no longer process your personal data for this purpose. To exercise your rights of objection in this regard, reply by email to the promotional email you received from us or contact us here at any time.
  • Right to information : As a data subject, you have a right to information under the conditions of Article 15 of the GDPR. More specifically, this means that you have the right to request confirmation from us as to whether or not personal data concerning you are being processed by us. If this is the case, you also have a right to information about this personal data and to the information listed in Article 15 paragraph 1 of the GDPR. This includes information about the purposes of the processing, the categories of personal data being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed.
  • Right to erasure (“right to be forgotten”) : Under the conditions of Article 17 of the GDPR, you as the data subject have the right to erasure (“right to be forgotten”). This means that in general you have the right to request that we erase personal data concerning you without undue delay and we are then obliged to erase personal data without undue delay if one of the reasons set out in Article 17(1) GDPR applies. You can exercise this right at any time by deleting your account. If we have made your personal data public and are obliged to erase it, we will take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to inform data controllers which process your personal data that you have requested them to erase all links to these personal data or copies or replications of these personal data (Article 17(2) GDPR). The right to erasure (“right to be forgotten”) does not apply on the basis of the exception if the processing is necessary for a reason stated in Article 17 paragraph 3 GDPR. This is the case, for example, if the processing is necessary to comply with legal obligations or to assert, exercise or defend legal claims (Article 17 paragraph 3 letters b and e GDPR).
  • Right to restriction of processing : As a data subject, you have the right to request that we restrict processing if one of the conditions listed in Article 18 GDPR is met. If one of the conditions listed in Article 18 Paragraph 1 GDPR is met, you can therefore request that we restrict the processing of your personal data. This is the case, for example, if you contest the accuracy of your personal data. In such a case, processing will be restricted for a period that enables us to verify the accuracy of the personal data (Article 18 Paragraph 1 Letter a GDPR). “Restriction of processing” means marking stored personal data with the aim of restricting its future processing (Article 4 Paragraph 3 GDPR).
  • Right to data portability : Under the conditions described in Article 20 GDPR, you as the data subject have the right to the portability of your personal data. This means that you generally have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transmit this data to another controller without hindrance from us, provided that the processing is based on consent (pursuant to Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a GDPR) or on a contract (pursuant to Article 6 Paragraph 1 Letter b GDPR) and the processing is carried out using automated procedures (Article 20 Paragraph 1 GDPR). When exercising your right to data portability, you also have the right to have the personal data transmitted directly by us to another controller, where technically feasible (Article 20 Paragraph 2 GDPR).
  • Right to rectification : Under the conditions set out in Article 16 of the GDPR, you as the data subject have the right to rectification. In particular, you have the right to request that we immediately rectify any inaccurate personal data concerning you and complete any incomplete personal data.
  • Right to complain : As a data subject, you have the right to complain to a supervisory authority under the conditions set out in Article 77 GDPR. The supervisory authority responsible for us is the Bavarian State Office for Data Protection Supervision, Promenade 18, 91522 Ansbach, Tel.: +49 981 180093-0,  poststelle@lda.bayern.de ,  www.lda.bayern.de .

If you ask us to delete or no longer process your personal data, this means that you will no longer be able to use our services or at least those sub-services that require the processing of the data you have requested to be deleted. As a result, you may no longer have any access to our services.

9. Changes to this Privacy Policy

Any changes we may make to this privacy policy in the future will be posted on this page and, where appropriate, notified to you by email or other available means. We therefore recommend that you check this page regularly to stay informed about how we process your data.

This privacy policy is currently valid and is dated January 2023.

Do you have any questions? Feel free to write to us at  office@fiftynine-gym.de