In this privacy notice, we inform you about the processing of personal\ndata when using our website, our app, and in the context of further\nprocessing activities when using our services.
\nPersonal data means any information relating to an identified or\nidentifiable person. In particular, this includes information that\nenables us to draw conclusions about your identity, such as your name,\nyour telephone number, or your postal or email address. However,\npersonal data also includes certain identifiers such as your IP address\nor the device ID of the device you are using.
\nThis privacy notice applies to the processing of personal data by\nGymondo GmbH in connection with the following services:
\nIt applies to all processing activities related to the use of our\nwebsite, our app, and the features offered through them, including:
\nThe controller for the processing of your personal data when you visit\nthis website or use our apps within the meaning of the General Data\nProtection Regulation (GDPR) is
\nGymondo GmbH (hereinafter referred to as \"Gymondo\")
\nRitterstraße 12
\n10969 Berlin
\nE-Mail: service@gymondo.de
\nOur data protection team will be happy to respond to your information\nrequests and feedback on the subject of data protection. Simply email us\nat privacy@gymondo.de.
\nIf you have any questions about data protection in connection with our\nservices or the use of our website, you can also contact our data\nprotection officer at any time. The data protection officer can also be\ncontacted at the above postal address or by sending an email to the\naddress provided above (Subject: \"To the Attention of Data Protection\nOfficer\"). We expressly point out that emails sent to this address will\nnot be read solely by our data protection officer. If you wish to share\nconfidential information, please first use this email address to request\ndirect contact with our data protection officer.
\nIn principle, we will only pass on the data we collect if:
\nWhen processing personal data, we transfer data to the categories of\nrecipients listed below, where necessary. The specific transfer depends\non the respective purpose and is explained in more detail in the\nrelevant sections of this privacy notice.
\na) Data transfer within our group of companies
\nIn certain cases, we transfer personal data to affiliated companies\nwithin our group of companies, insofar as this is necessary for internal\nadministrative purposes, data analysis, financial management, or the\nimplementation of joint marketing measures. These include in particular:
\nWe have concluded an intercompany agreement within our group of\ncompanies that covers any data transfer processes within our group.
\nb) External data processors (Art. 28 GDPR)
\nWe use carefully selected external service providers who process\npersonal data exclusively on our behalf and at least on the basis of a\ndata processing agreement in accordance with Art. 28 GDPR. These include\nin particular:
\nIf we pass on data to our service providers, they may only use the data\nto fulfill their tasks. The service providers have been carefully\nselected and commissioned by us. They are contractually bound to our\ninstructions, have appropriate technical and organizational measures in\nplace to protect the rights of the data subjects, and are regularly\nmonitored by us.
\nc) Third parties as independent controllers
\nIn certain cases, data is transferred to third parties who process this\ndata on their own responsibility. This applies in particular to:
\nIn these cases, the responsibility for data protection lies with the\nrespective third-party provider. Further information can be found in the\nspecific privacy policies of the aforementioned providers or programs.
\nd) Public authorities
\nIf necessary for legal prosecution or enforcement, or if we are obliged\nto do so by an enforceable official order, we will transfer personal\ndata to the competent authorities, courts, or other public institutions.
\nAs explained in this privacy statement, we use services whose providers\nare partly located in what are known as third countries (outside the\nEuropean Union or the European Economic Area) or process personal data\nthere, i.e. countries where the level of data protection does not\ncorrespond to that of the European Union. Where this is the case and the\nEuropean Commission has not issued an adequacy decision (Art. 45 GDPR)\nfor these countries, or if a provider is not certified under the\nEU-U.S. Data Privacy\nFramework, we have taken\nappropriate measures to ensure an adequate level of data protection for\nany data transfers. These include but are not limited to the standard\ncontractual clauses of the European Union or binding corporate rules.
\nWhere this is not possible, we base the transfer of data on derogations\nunder Art. 49 GDPR, in particular your explicit consent or the necessity\nof the transfer for the performance of the contract or for taking steps\nprior to entering into a contract.
\nWhere a data transfer to a third country is planned and no adequacy\ndecision or appropriate safeguards are in place, it is possible and\nthere is a risk that authorities in the third country in question (e.g.\nintelligence agencies) may gain access to the transferred data in order\nto record and analyse it, and that enforceability of your rights as a\ndata subject cannot be guaranteed. You will also be informed of this\nwhen we obtain your consent via the cookie banner.
\nEvery time you use our website, we collect connection data automatically\ntransmitted by your browser in order to make visiting the website\npossible. This connection data comprises what is known as HTTP header\ninformation, including the user agent, and includes in particular:
\nIt is absolutely necessary to process this connection data to make it\npossible to visit the website, to guarantee the long-term functionality\nand security of our systems, and for the general administrative\nmaintenance of our website. The connection data is also stored in\ninternal log files for the purposes described above, temporarily and\nlimited to the absolute minimum, in order for example to find the cause\nof and take action against repeated or criminal requests that endanger\nthe stability and security of our website.
\nThe legal basis is Art. 6(1) Sentence 1(b) GDPR, insofar as the page\nview occurs in the course of the initiation or performance of a\ncontract, and otherwise Art. 6(1) Sentence 1(f) GDPR due to our\nlegitimate interest in making it possible to view our website and in the\nlong-term functionality and security of our systems. However, the\nautomatic transmission of the connection data and the resulting log\nfiles do not constitute access to the information in the terminal\nequipment in the sense of the EU Member States' laws implementing the\nePrivacy Directive, which in Germany means Sect. 25 of the\nTelecommunications Digital Services Data Protection Act (TDDDG). Apart\nfrom this, however, such access would be absolutely necessary anyway.
\nWe use cookies and similar technologies on our website to ensure the\noperation of the site, analyze usage, and provide marketing measures and\npersonalized content. This also includes third-party services such as\nGoogle (e.g., Google Ads), which help us measure the success of our\nadvertising campaigns.
\nThe storage or reading of information on your device is carried out --\nwhere necessary -- on the basis of your consent in accordance with\nSection 23 TDDDG in conjunction with Article 6(1)(a) GDPR. For\ntechnically necessary cookies, the legal basis is Article 6(1)(f) GDPR.
\nWe also use Google Consent Mode v2 to take your consent decision into\naccount when displaying Google services in a manner that complies with\ndata protection regulations.
\nFor detailed information on the use of cookies on our services, please\nrefer to our Cookie\nPolicy.
\nShould you use services that require registration, we will collect,\nprocess and use the data required for those services from you, in\nparticular in order to make the services available to you.
\nWhen you register, we collect the following data from you (provided you\nenter it yourself): first name, last name, date of birth, email address,\ngender, and SEPA data. We determine your country of origin and thus the\ndisplay language and preferred units of measurement based on the IP\naddress you use to visit our online offering. You can adjust this\ninformation at any time in your user profile according to your\npreferences. We have marked the data that you are required to provide\nwith an asterisk (\"*\") as mandatory fields.
\nThe personal data you provide during registration is collected,\nprocessed, and used by us for the purpose of establishing the\ncorresponding contract, for contract execution and processing, and for\nbilling purposes. The legal basis for the aforementioned data processing\nis Art. 6 (1) lit. b GDPR in the case of mandatory fields. For all other\ndata, the legal basis is our legitimate interest pursuant to Art. 6 (1)\nlit. f GDPR in order to enable you to customize, adapt, and change your\naccount, or your consent pursuant to Art. 6 (1) lit. a GDPR, if you have\ngiven us such consent.
\nOur website and app also offer you the option of logging in with an\nexisting account on the social networks listed below:
\nOnce you have logged in with one of your existing accounts, additional\nregistration is no longer required. If you wish to use this feature, you\nwill first be redirected to the relevant social network. There you will\nbe asked to log in with your username and password. It goes without\nsaying that we do not gain any knowledge of these login details. The\nserver to which a connection is established may be located in the US or\nin other third countries.
\nBy confirming the corresponding login button on our website, the\ncorresponding social network learns that you have logged in to our site\nwith your account and links your social network account to your account\non our website. The following data is also transmitted to us:
\nThe personal data you provide when registering is collected, processed\nand used by Gymondo for the purpose of creating the relevant contract,\nfor performing and processing the contract, as well as for billing\npurposes. The legal basis for data processing in this case is Art. 6(1)\nSentence 1(a), (b) GDPR.
\nAfter registration, we process personal data within the scope of regular\nuse of our platform in order to provide the basic functions of our app.\nThe type of data depends on the functions you use and your respective\ninteractions within the app:
\na) Use of workouts and mindfulness videos, programs, and challenges
\nb) Goal setting and progress documentation
\nc) Use of recipe and nutrition functions
\nThis data processing is carried out exclusively within the scope of your\nchosen use of the standard functions and is necessary to provide the\ncontractually agreed services (Art. 6 (1) (b) GDPR). Any further\nevaluation or processing -- in particular in connection with health data\nor individualized recommendations -- is carried out exclusively on the\nbasis of separately granted consent (see section 3).
\nThere are a number of ways for you to contact us. This includes the\ncontact form on our Help and\nSupport page or the email\nand postal address listed under section 1.2. In this context we process\ndata exclusively for the purpose of communicating with you.
\nThe legal basis for this is Art. 6 (1) (b) GDPR, insofar as your\ninformation is required to respond to your inquiry or to initiate or\nexecute a contract, and otherwise Art. 6 (1) (f) GDPR based on our\nlegitimate interest in responding to your inquiries and measuring the\nsatisfaction of our (potential) customers with customer service.
\nThe data collected by us when you contact us will be automatically\ndeleted after your request has been fully processed, unless we still\nneed your request to fulfill contractual or legal obligations (see\nsection 6 \"Storage period\").
\nTo enable you to contact us via our contact form and chat, we use the\ncustomer relationship management (CRM) service provided by Zendesk,\nInc., 1019 Market Street, San Francisco, CA 94103, USA (\"Zendesk\"). We\nuse Zendesk to integrate contact forms and forward your direct inquiries\nto us if you have general or specific questions and problems regarding\nour products, website, or company. You also have the option of\ncontacting us via Zendesk Chat. In this context, we process your data\nexclusively for the purpose of communicating with you.
\nWhen processing your inquiries, Zendesk uses AI-based support to help us\nhandle your request more quickly and efficiently. This artificial\nintelligence analyzes the information you enter and supports our\ncustomer service team by suggesting appropriate responses or\nautomatically answering frequently asked questions. The AI does not\npermanently store any personal data, but only processes your information\ntemporarily to improve customer service. Your data will not be used for\nany other purpose or passed on to third parties.
\nIf you have contacted us via our contact form, you will receive a\nfollow-up email to the email address you provided, asking if you were\nsatisfied with our customer service.
\nZendesk also uses cookies and similar technologies. For further\ninformation about this, please refer to our cookie\npolicy.
\nThe data recorded in this context may be transferred to a Zendesk server\nin the US and stored there. In the event that personal data is\ntransferred to the USA or other third countries, Zendesk Inc. has joined\nthe EU-US Data Privacy Framework, which is why the transfer in this case\nis made based on the adequacy decision for the USA pursuant to Art. 45\nGDPR.
\nTo further measure customer satisfaction after contact, we use the\nservices of Dovetail Research Pty. Ltd., Level 1, 276 Devonshire Street,\nSurry Hills, New South Wales, 2010, Australia. Dovetail helps us to\nsystematically evaluate user feedback and continuously improve our\ncustomer service. To this end, Dovetail transmits anonymized and\naggregated evaluations of feedback data to our central data warehouse in\norder to perform statistical analyses and identify trends. Your personal\ndata collected by us for this purpose will not be passed on to Dovetail.\nThe legal basis for the use of Dovetail is Art. 6 (1) lit. f GDPR, our\nlegitimate interest in improving the quality of our customer service.
\nDovetail usually stores the data in Australia. For this purpose, we have\nconcluded a data processing agreement with Dovetail in accordance with\nArt. 28 GDPR, which includes the standard contractual clauses of the\nEuropean Commission.
\nFor further details on data processing by Zendesk and Dovetail, please\nrefer to the privacy policies of\nZendesk and\nDovetail.
\nIf you do not wish to communicate via email, you also have the option of\ncontacting us by post, ideally as a registered letter. In this case, we\nwill respond to your inquiry via the same communication channel if\npossible. However, if you request your personal data from us, we have\nrespond to you by email for technical and security reasons. For more\ninformation, please read our Customer Support\nFAQ.
\nWe use the tool Braze from Braze, Inc., 330 West 34th Street, 18th\nFloor, New York City, NY 10001, USA, for advertising purposes. Braze\nstores your data in the EU by default. In the event that personal data\nis nevertheless transferred to the USA or other third countries, Braze\nhas joined the EU-US Data Privacy Framework, which means that in this\ncase the transfer is based on the adequacy decision for the USA in\naccordance with Art. 45 GDPR.
\nInformation on data protection at Braze can be found in their privacy\npolicy.
\nBelow, you can learn more about the different ways we use Braze for\nadvertising purposes.
\nIf you create an account with us, we will also use your contact\ninformation to send you emails containing relevant information about our\nproducts and services, as well as related news, promotions, offers,\nfeedback and other surveys. These emails are sent regardless of whether\nyou have subscribed to our newsletter or not. You can object to the use\nof your data for advertising purposes at any time by
\na) sending an email to service@gymondo.de or
\nb) by clicking on the unsubscribe link in the advertising email
\nc) by visiting the Braze preference center. You can find a link at the\nbottom of each email we send you.
\nThe legal basis for this data processing is our legitimate interest in\nusing your email address to send you advertising in the form of\nadvertising to existing customers pursuant to Art. 6(1) Sentence 1(f)\nGDPR in conjunction with Sect. 7(3) of the German Act against Unfair\nCompetition (UWG).
\nIf you are not an existing customer, we will only send you promotional\nemails based on your consent, see section 2.6.2. The legal basis in this\ncase is Art. 6 (1) (a) GDPR in conjunction with § 7 (2) No. 1 or 2 UWG\n(German Unfair Competition Act).
\nWe offer you the opportunity to subscribe to a newsletter, in which we\nregularly inform you about our new products, services and news from the\nworld of fitness and lifestyle, as well as interesting offers from the\n7NXT group and our partners.
\n2.6.2.1 Newsletter registration
\nFor newsletter subscriptions we use what's known as a double opt-in\nprocedure, which means that we will only send you newsletters by email\nif you click on a link in our confirmation email to confirm that you are\nthe owner of the email address provided. If you confirm your email\naddress, we will store your email address, the time of registration and\nthe IP address you used when registering until you unsubscribe from the\nnewsletters. The sole purpose of storing this data is to be able to send\nyou the newsletters and to document the fact that you registered. In\naddition, we measure whether our newsletter can be delivered at all. You\ncan unsubscribe from the newsletter at any time. A corresponding\nunsubscribe link can be found in every newsletter, as well as a link to\nthe Braze preference center where you can further adjust your email\nsettings. It is of course also sufficient if you notify us (e.g. by\nemail or letter) using the contact details provided above or in the\nnewsletter. The legal basis of this processing is your consent pursuant\nto Art. 6(1) Sentence 1(a) GDPR. You can withdraw your consent at any\ntime. To do this, please use the unsubscribe link at the end of a\nnewsletter or contact us using the information in the \"Data controller\nand contact\" section.
\n2.6.2.2 Newsletter tracking
\nIn our newsletters we use market-standard technologies to allow us to\nmeasure interactions with the newsletters (e.g. opening of the email,\nwhich links are clicked on). We use this data in pseudonymous form for\ngeneral statistical evaluations as well as to optimise and further\ndevelop our content and customer communication. On the one hand, this is\ndone with the help of small graphics (pixels) that are embedded in the\nnewsletters and establish a connection to the server of the images when\nthe email is opened. On the other hand, we use links that, when clicked,\nfirst register the click and then redirect the user to the desired\ntarget page.
\nThe legal basis for this is your consent in accordance with Art. 6 (1)\n(a) GDPR. Access to the information on the end device is then based on\nthe implementing laws of the EU Member States' ePrivacy Directive, in\nGermany in accordance with Section 25 (1) TDDDG. With our newsletter,\nour aim is to share content that is as relevant as possible for our\ncustomers and to better understand what they are actually interested in.\nIf you do not want your usage behaviour to be analysed in this way, you\ncan unsubscribe from the newsletter. To prevent the measurement of\nwhether an email has been opened, you can adjust the settings in your\nemail client so that graphics are disabled, or HTML content is not\ndisplayed.
\nWe use Braze's \"Dynamic Audience Sync\" feature to enable certain target\ngroup synchronizations with social media and advertising networks such\nas Facebook, Instagram, Google Ads or TikTok.
\nWe use the \"Dynamic Audience Sync\" feature for various purposes:
\nFor example, we can exclude you from certain advertising measures if you\nare already a customer of ours. For you, this means that you will see\nfewer of our ads because we avoid showing you ads that are no longer\nrelevant to you. For this purpose, we base the processing on Article\n6(1)(f) GDPR, i.e., our legitimate interest in only displaying our ads\nto potential new customers. In addition, the data we use for this\npurpose is only processed in pseudonymized form, i.e., we do not\ntransmit email addresses in plain text to our advertising partners.
\nOn the other hand, we use this data for targeted advertising,\nretargeting, and the creation of so-called lookalike audiences by social\nnetworks or third parties. For these purposes, we base the processing on\nyour consent in accordance with Article 6(1)(a) GDPR. You can revoke\nyour consent at any time with future effect by clicking on the link to\nyour cookie settings at the top of this privacy notice and turning off\nthe slider \"Conversion tracking with email address\". Once you have\nwithdrawn your consent, you will no longer see targeted advertisements\nfrom us and/or for products of our sister companies (depending on your\npreferences), but only general advertisements, and you will no longer be\nconsidered for the creation of target groups such as lookalike\naudiences.
\nIn addition, you can also restrict the use of your data for personalized\nadvertising directly in the settings of the social networks you use. For\nexample, on Facebook and Instagram, you can control the display of\npersonalized ads under \"Settings → Ads\"; on Google, you can adjust your\ninterests or completely disable personalized advertising in the \"Ad\nSettings\"; and on TikTok, you can restrict the use of your data for\nadvertising purposes in the \"Privacy and Security Settings\" under\n\"Personalization and Data.\"
\nIf you have given us your consent to process personal data (in\naccordance with Art. 6 (1) (a) GDPR), this consent primarily forms the\nbasis for our data processing. Your consent is voluntary and can be\nwithdrawn at any time without giving reasons. The type of data processed\ndepends on the specific purpose for which you have given your consent.\nExamples of such purposes could be:
\nThe processing of particularly sensitive data for personalization\npurposes, such as:
\nAs part of your customer account, you have the option to upload photos\nof your meals and have them analyzed for their nutritional content and\ncalorie count. When you upload photos for this purpose in your user\nprofile, we analyze them using Google Gemini AI technology, provided by\nGoogle Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.\nThe photos you upload and the analysis results are subsequently stored\nin your profile.
\nTo analyze your meal, the photo you upload is encrypted and integrated\ninto our Gemini-based model through an interface. Google Gemini then\nprocesses your photo to determine the nutritional values and calorie\ncount of the photographed meal. These values are then encrypted and\nreturned to us, after which they are linked to the corresponding photo\nand uploaded to your customer account.
\nThe use of this service is offered on a voluntary basis. The legal basis\nfor data processing in this context is your consent under Article\n6(1)(a) of the GDPR. A general prerequisite for using this service is\nthe prior activation of the photo option in your account settings. You\ncan also withdraw your consent for future use at any time via this\ntoggle. We have entered into a data processing agreement with Google\nunder Article 28 of the GDPR. Your personal data may also be transferred\nby Google Ireland Limited to Google LLC in the USA. Google LLC has\njoined the EU-US Data Privacy Framework, and such transfers are\ntherefore based on the adequacy decision for the USA in accordance with\nArticle 45 of the GDPR.
\nFor more information on data protection in the context of Gemini and at\nGoogle, please visit Google's Privacy\nPolicy.
\nWithin your customer account, you have the option of creating\npersonalized training plans. To do this, you can specify your training\npreferences (e.g., training goal, fitness level, preferred types of\ntraining, available time).
\nThe processing is carried out using Google Gemini AI technology from\nGoogle Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.\nThe information you enter is encrypted and anonymized and processed\nexclusively for the purpose of creating your individual plan in real\ntime. It is not stored by Google. The generated plan, consisting of\nsuitable workouts from our course offerings, is then displayed to you\nand can be saved in your training programs if you like it.
\nUse of this service is voluntary. The legal basis is your express\nconsent in accordance with Art. 6 (1) lit. a in conjunction with Art. 9\n(2) lit. a GDPR. You can revoke your consent to the transfer of data to\nGoogle Gemini at any time for the future via the settings in your user\nprofile.
\nWe have concluded a data processing agreement with Google Ireland\nLimited in accordance with Art. 28 GDPR. Any transfer of personal data\nto the parent company Google LLC in the USA that cannot be excluded is\nbased on the adequacy decision in accordance with Art. 45 GDPR, as\nGoogle LLC has joined the EU-US Data Privacy Framework.
\nFor more information on data protection in the context of Gemini and at\nGoogle, please visit Google's Privacy\nPolicy.
\nWe offer you the option of connecting the Gymondo app to third-party\napplications such as Apple Health, Google Health Connect, Fitbit,\nGarmin, and other platforms via the API of the provider Spike\nTechnologies, Inc., 242 West 53rd Street, New York, 10019, USA. This\nallows us to use your health and fitness data to show you personalized\nrecommendations and challenges. By giving your consent, you expressly\nauthorize Gymondo to process the following data:
\nYour data will not be passed on to third parties or used for other\npurposes. Your data is processed on the basis of your explicit consent\nin accordance with Art. 6 (1) (a) GDPR in conjunction with Art. 9 (2)\n(a) GDPR. You can revoke your consent at any time in your user account.
\nFor more information on how third-party applications use your data,\nplease refer to the privacy policy of the respective provider of your\nwearable device.
\nWithin your customer account, you have the opportunity to sign up to\nvarious ticket-based contests aimed at improving fitness and health.\nOnce you sign up, you receive tickets for completed activities, which\nare then entered into a prize draw.
\nIn order to run the contests and select and notify the winners, we\nprocess your personal data, in particular contact details and activity\ndata and sometimes vital data such as your weight at the start and end\nof the contests. If you have connected your wearable device to our app,\nwe may use the data sent by your device in this context (more on\nwearables in section 3.3 of this privacy notice). Your data will only be\nprocessed for the duration of the contests and will be deleted after its\ncompletion if it is no longer needed. We do not share your personal data\nfrom contests with third parties unless you are selected as a winner. In\nthat case we may publish your name, photos, and personal summary on our\nwebsites and, if applicable, on our social media profiles (Facebook,\nInstagram, Youtube) with your express consent.
\nThe legal basis for the processing of your personal data in the context\nof contests is your voluntary consent in accordance with Art. 6 (1) (a)\nGDPR. For the processing of particularly sensitive data, such as health\ndata, processing is based on your express consent in accordance with\nArt. 9 (2) (a) GDPR.
\nParticipation in contests is completely voluntary and not a prerequisite\nfor using the app. You can decide at any time whether you want to\nparticipate without this affecting your use of the other functions of\nthe app. If you decide to participate, you can withdraw your\nparticipation at any time without any disadvantages.
\nWe offer various payment options, such as payment by credit card or SEPA\ndirect debit or via external payment service providers, such as PayPal.\nFor this purpose, payment data may be transmitted to payment service\nproviders with whom we cooperate. The legal basis for this data\nprocessing is Art. 6(1) Sentence 1(b) GDPR. Some payment service\nproviders also collect this data themselves, and if they do so they are\nresponsible for this. For more information about how payment service\nproviders process personal data, please refer to their privacy policies:
\nWhere a contract is concluded within the framework of a cooperation, we\nmay also disclose your personal data to the respective partner (e.g.\nyour telecommunications provider or your health insurance provider), for\nexample to verify your membership or contract status with the partner or\nfor billing purposes in connection with the cooperation. Depending on\nthe cooperation, the legal basis for this is Art. 6(1) Sentence 1(a) or\n(b) GDPR.
\nIf you use our service as part of an employee offer from your employer,\nwe process certain data to enable and manage this cooperation. In doing\nso, we process a voucher code provided to you to verify your eligibility\nto use the offer and, if necessary, your business email address. We do\nnot share any personal data with your employer, and your employer does\nnot share any personal data with us.
\nFor further processing of data when using our offer, please read the\npreceding sections of this privacy notice, in particular section 2.
\nThe legal basis for this processing is Art. 6 (1) lit. b GDPR, as data\nprocessing is necessary to enable you to access our service as part of\nthe employee offer. The creation of any anonymized usage statistics for\nyour employer is based on our legitimate interest in fulfilling the\ncontract in accordance with Art. 6 (1) lit. f GDPR.
\nYour employer is responsible for data processing on their side, such as\nselecting authorized employees or distributing access data. For more\ninformation, please refer to your employer's employee privacy notice.
\nIf you register for our service as part of an offer from one of our\ndirect cooperation partners (such as 1&1 or Freenet), we will create a\ntechnical token and send it to the respective partner -- in the case of\n1&1, after the partner has sent us your email address. You will then\nreceive a voucher code by email, either from the partner or, in the case\nof 1&1, from us, which you can use to activate the offer on a specially\nset up registration page. We do not exchange any other personal data\nwith the partner. The partner is solely responsible for the processing\nof further personal data on their side. Further information on this can\nbe found in the privacy policy of the respective partner.
\nFor further processing of data when using our offer, please read the\npreceding sections of this privacy policy, in particular section 2.
\nThe legal basis for the processing of the token on our site is Art. 6\n(1) lit. b GDPR, as data processing is necessary to enable you to access\nour service within the framework of the contractual relationship or to\ncarry out pre-contractual measures at your request.
\nWithin the framework of certain advertising partnerships with mobile\nphone providers, we work together with Mondia Media Germany GmbH, Große\nElbstraße 145 c, 22767 Hamburg, Germany (\"Mondia\"). In this context, we\nprocess certain personal data together with Mondia as joint controllers\nwithin the meaning of Article 26 GDPR. The cooperation relates in\nparticular to the joint analysis and use of certain usage data when you\nbecome aware of us through partner channels. For this purpose, an\nagreement on joint responsibility has been concluded between both\nparties, which regulates the respective obligations to comply with data\nprotection requirements.
\nWe collect certain information about your interactions with our\nplatform, such as whether you have visited our registration page,\nwhether a registration has been successfully completed, whether you are\nconsidered active or inactive on a particular day, when you log in, how\nmuch time you spend on our product, or what content you use. This data\nis linked to technical metadata such as timestamps and a pseudonymized\nuser ID and transmitted to Mondia via a technical interface (API).
\nThe processing of this data on our site is based on our legitimate\ninterest in accordance with Article 6(1)(f) GDPR. It serves to analyze\nthe effectiveness of campaigns and user interactions, improve our\nservices, and provide aggregated performance metrics. On the other hand,\nwe and Mondia process this data for marketing and optimization purposes\non the basis of your consent in accordance with Article 6(1)(a) GDPR,\nwhich we obtain from you and pass on to Mondia. Mondia also relies on\nthis consent for further processing. You can revoke your consent at any\ntime with effect for the future by sending an email to\n[privacy@gymondo.de] or [privacy@mondia.com].
\nYou have various rights under the GDPR, as described in section 7 of\nthis privacy notice. You can assert these rights both against us and\nagainst Mondia. Joint responsibility also includes the obligation to\nprovide mutual support in processing such requests. Both parties may\nexchange certain information about you for this purpose, insofar as this\nis necessary for lawful processing.
\nIf you have any questions or wish to exercise your rights, you can\ncontact either us or Mondia. Further information on data protection at\nMondia and the contact details of the data protection officer there can\nbe found in Mondia's privacy\npolicy.
\nWe offer you the opportunity to take part in preventive courses\nsubsidised by the statutory health insurance funds in accordance with\nSect. 20 of Book V of the German Social Code (SGB). In this context, we\nwill regularly send you important information and participant documents\nfor the specific course to the email address you provided. As we are\nalso obliged to conduct evaluations for continuous quality assurance and\nimprovement, you will occasionally receive emails on this sent to the\nemail address you provided. The legal basis for data processing in\nconnection with preventive courses is Art. 6(1) Sentence 1(a) in\nconjunction with Art. 9(2)(a) GDPR.
\n4.2.4.1 Data Processing in the Context of Voucher Campaigns
\nFrom time to time, we offer voucher campaigns, possibly in collaboration\nwith our partners, such as health insurance companies, as part of a\nprevention program. In this context, we collect additional data (e.g.,\nthe voucher code) in addition to the registration data typically\nrequested by us during registration. The legal basis for this processing\nis Article 6(1)(b) of the GDPR. Additionally, you will receive our\npartner's newsletter if you have consented to receiving it. This\nnewsletter provides further information about our partner's benefits and\nservices. For this purpose, we pass on your email address to the\npartner. The legal basis for the aforementioned processing is your\nconsent in accordance with Article 6(1)(a) of the GDPR. You can withdraw\nthis consent at any time with future effect. A corresponding unsubscribe\nlink is included in every newsletter. Notification to the contact\ninformation provided in the newsletter (e.g., via email or letter) is\nalso sufficient for this purpose. For the collection and transmission of\nthe above-mentioned personal data in connection with the voucher\ncampaign, both we and our partner are jointly responsible. The mutual\nobligations have been set forth in a joint contract.
\nAffected individuals can exercise their rights both with our partner and\nwith Gymondo. Regardless of which party is contacted, individuals will\nnot be disadvantaged in the exercise of their rights. For more\ninformation, please refer to our partner's privacy policy.
\nWe use the review system provided by Trustpilot A/S, Pilestræde 58, 5,\n1112 Copenhagen, Denmark (\"Trustpilot\"). We ask users of our services\nfor their consent to send them a review invitation. Provided users have\ngiven their consent, they will receive a review invitation containing a\nlink to a review page. We transmit the following required data to\nTrustpilot for verification purposes to ensure that users have used our\nservices: name, email address, reference number. The legal basis for the\nprocessing of the user's data in the context of the review system is\nconsent pursuant to Art. 6(1) Sentence 1(a) GDPR.
\nIn order to submit a review, it is necessary to open a customer account\nwith Trustpilot. In order to maintain the neutrality and objectivity of\nreviews, we have no direct influence on the reviews and cannot delete\nthem ourselves. To this end, we ask users to contact Trustpilot. Users\ncan find more information about how Trustpilot processes their data, as\nwell as their rights to object and other rights as data subjects, in\nTrustpilot's privacy\npolicy.
\nWe maintain online presences on social networks in order, among other\nthings, to communicate with customers and other interested parties and\nto inform them about our products and services. The respective social\nnetworks usually process user data for market research and advertising\npurposes. In this way, usage profiles can be created based on the users'\ninterests. For this purpose, cookies and other identifiers are stored on\ndata subjects' computers. Based on these usage profiles, ads are then\nshown on the social networks, for example, but also on third-party\nwebsites.
\nIn connection with operating our online presences, it is possible that\nwe may access information provided by the social networks, such as\nstatistics about how our online presences are used. These statistics are\naggregated and may include, in particular, demographic information (e.g.\nage, gender, region, country) as well as data about how you interact\nwith our online presences (e.g. likes, subscriptions, shares, viewing of\nimages and videos) and the posts and content distributed via them. This\ncan also provide us with information about users' interests and which\ncontent and topics are particularly relevant to them. This information\nmay also be used by us to adapt the design and our activities and\ncontent on the online presence, and to optimise them for our audience.\nPlease refer to the list below for details and links to the social\nnetwork data that we, as operators of the online presences, can access.\nThe collection and use of these statistics is usually subject to what is\nknown as joint controllership.
\nThe legal basis for this data processing is Art. 6(1) Sentence 1(f)\nGDPR, based on our legitimate interest in effectively informing and\ncommunicating with users, or Art. 6(1) Sentence 1(b) GDPR, in order to\nstay in contact with and inform our customers and to take steps prior to\nentering into contracts with interested parties.
\nIf you have an account with the social network, it is possible that we\nmay see your publicly available information and media when we retrieve\nyour profile. In addition, the social network may allow us to contact\nyou. This can be done by means of direct messages or posts. In this\nrespect, communication via the social network is subject to the\nresponsibility of the social network as a messaging and platform\nservice.
\nThe legal basis of the data processing carried out by the social\nnetworks, for which they are responsible, can be found in the privacy\npolicy of the relevant social network. The following links also provide\nyou with further information about the respective data processing\noperations and the possibilities for objecting.
\nWe would like to point out that the most efficient way to assert data\nprotection requests is with the relevant social network provider, as\nonly these providers have access to the data and can take appropriate\nmeasures directly. If you contact us with your request, we will forward\nyour request to the provider of the social network. Below is a list of\ninformation about the social networks where we maintain online\npresences:
\nFacebook (US and Canada: Facebook Inc., 1601 Willow Road, Menlo\nPark, California 94025, US; all other countries: Facebook Ireland\nLtd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2,\nIreland)
\nInstagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal\nHarbour, Dublin 2, Ireland)
\nGoogle/YouTube (Google Ireland Limited, Gordon House, Barrow Street,\nDublin 4, Ireland)
\nLinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2,\nIreland)
\nXing/Kununu (XING SE, Dammtorstraße 30, 20354 Hamburg)
\nWe conduct online interviews on Gymondo products at irregular intervals.\nIf you register as a product tester, we will save your data (name,\nemail, activity level, and self-assessment of your fitness habits) for a\nperiod of 12 months. Based on this information, we will decide whether\nyou are eligible for a product test in the form of an online interview\nand contact you via email. Your participation will be remunerated with\nan expense allowance. There is no obligation to participate.
\nAfter this 12-month period, your data will be automatically deleted. You\ncan also request that we delete your stored data at any time by sending\nan email to research@gymondo.de.
\nDuring the online interview, we collect various personal data from you,\nwhich may vary depending on the aim of the conversation. This data is\nstored with us either in written form or as video or audio recordings.\nThe data is used solely for internal purposes. We will inform you in\nadvance about the specific data being collected. You can end the\nconversation at any time without providing a reason or withdraw consent\nfor the processing of data already collected. The legal basis for\ninclusion in the product tester pool and your participation in surveys\nis Art. 6 para. 1 lit. a GDPR, meaning your given consent.
\nThe data collected during the interviews is stored and processed in our\nDovetail tool from Dovetail Research Pty. Ltd., Level 1, 276 Devonshire\nStreet, Surry Hills, New South Wales, 2010, Australia, so we can use the\ninsights we get for our product development. Dovetail stores and\nprocesses this data exclusively for this purpose and uses aggregated and\nanonymized data to identify patterns and trends in the feedback from\ntest users.
\nDovetail generally stores the data in Australia. For this purpose, we\nhave concluded a data processing agreement with Dovetail in accordance\nwith Art. 28 GDPR, which includes the standard contractual clauses of\nthe European Commission. For further details on this data processing,\nplease refer to Dovetail's privacy\npolicy.
\nIn principle, we only store personal data for as long as necessary to\nfulfil the purposes for which we have collected the data. We then erase\nthe data without undue delay, unless we still require the data until the\nend of the statutory limitation period for documentation purposes for\nclaims under civil law or due to statutory retention obligations.
\nFor documentation purposes, we are required to keep contract data for\nanother three years after the end of the year in which the business\nrelationship with you ends. After the standard statutory period of\nlimitation, any claims become statute-barred at this point in time at\nthe earliest.
\nEven after that, we are still required to store some of your data for\naccounting reasons. We are obliged to do so due to statutory\ndocumentation obligations, which may arise on the basis of the German\nCommercial Code, the Fiscal Code, the Banking Act, the Money Laundering\nAct and the Securities Trading Act. The periods specified therein for\nretaining documents range from two to ten years.
\nAs a data subject, you always have the following rights as set out in\nArt. 7(3), Art. 15--21, and Art. 77 GDPR:
\nIn order to establish your rights described here, you can contact us at\nany time using the contact details provided. This also applies if you\nwish to receive copies of safeguards in order to prove an adequate level\nof data protection. Subject to the respective legal requirements, we\nwill comply with your data protection request.
\nWe will keep your enquiries regarding the establishment of rights under\ndata protection law, and our responses to these, for a period of up to\nthree years for documentation purposes and, where necessary in\nindividual cases, beyond this period if we need to establish, exercise\nor defend legal claims. The legal basis is Art. 6(1) Sentence 1(f) GDPR,\nbased on our interest in defending ourselves against any civil-law\nclaims under Art. 82 GDPR, avoiding administrative fines under Art. 83\nGDPR and fulfilling our accountability under Art. 5 Sentence 2 GDPR.
\nYou have the right to withdraw the consent you have given to us at any\ntime. As a result of this, we will cease the data processing based on\nthis consent with future effect. This withdrawal of your consent will\nnot affect the lawfulness of the processing carried out on the basis of\nthe consent prior to the withdrawal.
\nInsofar as we process your data on the basis of legitimate interests,\nyou have the right to object to the processing of your data at any time\nfor reasons arising from your particular situation. If your objection is\nto data processing for direct marketing purposes, you have a general\nright of objection, which we will implement without requiring you to\ngive reasons.
\nIf you would like to make use of your right of withdrawal or\nobjection, it is sufficient to simply notify us using the contact\ndetails provided in section 1.2 above.
\nFinally, you have the right to lodge a complaint with a data protection\nsupervisory authority. You can assert this right, for example, by\ncontacting a supervisory authority in the Member State of your habitual\nresidence, your place of work or the place of the alleged infringement.\nThe competent supervisory authority in Berlin, where we are\nheadquartered, is: Berlin Commissioner for Data Protection and Freedom\nof Information, Friedrichstr. 219, 10969 Berlin.
\nDatenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin.
\nYou are not obliged to provide your data.
\nHowever, if the provision of your data is necessary for the conclusion\nof a contract (e.g., for account registration or subscription), for the\nfulfillment of legal obligations (e.g., for registration forms), for\nestablishing contact, or for the use of other services and functions\n(e.g., for newsletter registration), the corresponding input fields are\nmarked as mandatory with an asterisk (\"*\"). In this case, without this\ndata, it will not be possible to conclude a contract, provide the\nspecific service, or use the function.
\nOther information not marked as mandatory fields is voluntary. The entry\nof such data is not necessary for the conclusion of a contract, the\nprovision of the service, or the use of the function and has no\ninfluence on the execution of the contract.
\nAutomated decision-making, including profiling pursuant to Art. 22 GDPR,\nwith legal or similarly significant adverse effects does not take\nplace.
\nHowever, in the context of using technologies to personalize our\nservices, automated decisions may be made regarding personalized content\nand advertising that is displayed or sent. These decisions are then\nbased on the usage data previously collected automatically or the\ninformation you have provided yourself, for example in form fields. We\nuse this data to create a profile that helps us select the appropriate\ncontent and advertising. Personalized advertising is only displayed with\nyour prior consent.
\nWe will update this Privacy Notice from time to time, for example if we\nadapt our website or if there are changes to the legal or regulatory\nrequirements. We therefore recommend that you read this Privacy Notice\nagain from time to time.
\nLast amended: November 2025
","headings":[{"value":"Privacy Notice","depth":1},{"value":"1. General information","depth":2},{"value":"1.1 Scope of the privacy notice","depth":3},{"value":"1.2 Data controller and contact","depth":3},{"value":"1.3 Disclosure of data to third parties; service providers","depth":3},{"value":"1.4 Data transfers to third countries","depth":3},{"value":"2. Data processing on our website","depth":2},{"value":"2.1 Visiting our website / connection data","depth":3},{"value":"2.2 Use of cookies","depth":3},{"value":"2.3 Registration","depth":3},{"value":"2.3.1 Social Login","depth":4},{"value":"2.4 Use of basic membership functions","depth":3},{"value":"2.5 Making contact","depth":3},{"value":"2.6 Data processing for advertising purposes","depth":3},{"value":"2.6.1 Sending of advertising to existing customers","depth":4},{"value":"2.6.2 Newsletter","depth":4},{"value":"2.6.3 Dynamic advertising campaigns","depth":4},{"value":"3. Data processing based on your consent","depth":2},{"value":"3.1 Data Processing Related to the Food Scanner (Meal Analysis)","depth":3},{"value":"3.2 Data processing for the creation of personalized plans","depth":3},{"value":"3.3 Integration of health/fitness tracking from third-party apps","depth":3},{"value":"3.4 Data processing in the context of contests","depth":3},{"value":"4. Data transfer to third parties for contract fulfillment","depth":2},{"value":"4.1 Disclosure of data to banks and payment service providers","depth":3},{"value":"4.2 Disclosure of data to partners","depth":3},{"value":"4.2.1 Corporate Health Partnerships","depth":4},{"value":"4.2.2 Use of registration tokens for partner offers","depth":4},{"value":"4.2.3 Partnerships via the Mondia Media network","depth":4},{"value":"4.2.4 Participation in preventive courses","depth":4},{"value":"5. Further data processing","depth":2},{"value":"5.1 Feedback","depth":3},{"value":"5.2 Online presence on social media","depth":3},{"value":"5.2.3 Data processing associated with registration as a test user","depth":4},{"value":"6. Storage period","depth":2},{"value":"7. Your rights","depth":2},{"value":"8. Obligation to provide your data","depth":2},{"value":"9. Automated decision-making","depth":2},{"value":"10. Changes to this privacy notice","depth":2}]}}]}},"pageContext":{"showCookieSettings":true,"locale":"en","page":"privacy","regex":"/page/generic/privacy/content/gymondo.en.md$/","noHeader":false,"view":""}},"staticQueryHashes":[]}