Fitogram GmbH Privacy Policy

Table of Contents

  1. 1. General Information and Mandatory Information
    1. 1.1. Privacy Policy
    2. 1.2. Information on the Responsible Body 
  2. 2. Processing Security Measures in accordance with Article 32 GDPR
    1. 2.1. SSL and TLS Encryption
    2. 2.2. Encrypted Payment Transactions on this Website
  3. 3. Collection, Processing and Use of Personal Data
    1. 3.1. Personal Data
  4. 4. Data Collection on our Website
    1. 4.1. Contact Form
    2. 4.2. Registration on this Website
    3. 4.3. Processing of Data (Customer and Contract Data)
    4. 4.4. Data Transfer upon Conclusion of Contract for Services and Digital Content
    5. 4.5. Newsletter Data
  5. 5. Data Transfer to Third Countries or International Organisations
    1. 5.1. Mailchimp
  6. 6. Cookies
  7. 7. Visiting our Website
  8. 8. Analytical Tools and Advertising
    1. 8.1. Use of Tracking Tools
      1. 8.1.1. Google Analytics
        1. 8.1.1.1. IP Anonymisation
        2. 8.1.1.2. Browser Plugin
        3. 8.1.1.3. Opposition to Data Collection
      2. 8.1.2. Google Analytics Remarketing
      3. 8.1.3. Google AdWords and Google Conversion Tracking
      4. 8.1.4. Facebook Pixel
      5. 8.1.5. Intercom
      6. 8.1.6. Hotjar
      7. 8.1.7. Hubspot
      8. 8.1.8. Looker
    2. 8.2. Plugins and Tools
      1. 8.2.1. Google Web Fonts
      2. 8.2.2. Google Maps
      3. 8.2.3. SoundCloud
      4. 8.2.4. Google Web Fonts
  9. 9. Payment Providers
    1. 9.1. PayPal
    2. 9.2. Stripe
  10. 10. Other Processing on the Basis of a Legitimate Interest
  11. 11. Duration of Data Storage
  12. 12. Your Rights
    1. 12.1. Revocation of Given Consent
    2. 12.2. Information
    3. 12.3. Correction and Deletion
    4. 12.4. Processing Restrictions
    5. 12.5. Right to Object
    6. 12.6. Release of Data and Data Transfer
    7. 12.7. Right of Appeal
  13. 13. Other
    1. 13.1. Objection to Advertising Mail
    2. 13.2. Amendments to our Privacy Policy

Privacy Policy

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any information with which you can be personally identified. For more detailed information on the subject of data protection, please refer to our privacy policy described below this text.

  1. 1. General Information and Mandatory Information

1.1 Privacy Policy

Fitogram GmbH takes the protection of your personal data very seriously. We handle your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is information with which you can be personally identified. This privacy policy explains which information we collect and how we use it. It also explains how and for what purpose this is done.

We wish to point out that data transfer via the internet (e.g. email communication) may be subject to security holes. A complete protection of the data against third-party access is not possible.

1.2 Information on the Responsible Body

The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).

The responsible body for the collection, processing and use of your personal data within the meaning of Art. 4 No. 7 GDPR is Fitogram GmbH (hereinafter also referred to as “we” or “Fitogram”). You can contact us as follows:

Fitogram GmbH
Probsteigasse 15-17
50670 Cologne

Telephone: +49 (0 )221 370 500 23
Headquarters: Cologne
Local Court – Registration Court – Cologne (HRB 76187)

Email: service@fitogram.de
Legally represented by the Managing Director: Francois Xavier Casanova

You may contact our data protection officer at:

Fresh Compliance GmbH
RA Philipp Heindorff
Schlesische Str. 26 
10997 Berlin
dsb@freshcompliance.de

  1. 2. Processing Security Measures in accordance with Article 32 GDPR

2.1 SSL and TLS Encryption

This site uses SSL and TLS encryption for security reasons and to protect the transfer of confidential content, such as orders or requests that you send to us as the site operator. An encrypted connection can be recognised by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data which you transfer to us cannot be read by third parties.

2.2 Encrypted Payment Transactions on this Website

If, after the conclusion of a fee-based contract, there is an obligation to provide us with your payment details (e.g. account number for direct debit authorisation), this data is required for payment processing.

Payment transactions via the usual means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. An encrypted connection can be recognised by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

With encrypted communication, payment details which you transfer to us cannot be read by third parties.

  1. 3. Collection, Processing and Use of Personal Data

3.1 Personal Data

Personal data includes individual details about the personal or factual circumstances of a specific or identifiable natural person. These are, for example, your name, email address or postal address.

  1. 4. Data Collection on our Website
    1. 4.1. Contact Form

If you send us an enquiry via the contact form, the details which you provided in the contact form, including the contact details you listed there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. This data will not be passed on without your consent.

The processing of the data entered in the contact form is therefore carried out exclusively on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You may revoke this consent at any time. An email notification to us is sufficient for this purpose. The legality of the data processing operations carried out up until the revocation remains unaffected by the revocation.

The data entered by you in the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose of storing your data no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

  1. 4.2. Registration on this Website

You can register on our website in order to use additional features on the site. We only use the data entered by you for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will refuse the registration. 

In the event of important changes, for example in the scope of our services or in the event of necessary technical changes, we will use the email address provided during registration to inform you in this way.

The data entered during registration will be processed on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You may revoke your consent at any time. An informal email notification to us is sufficient for this purpose. The legality of the data processing already carried out remains unaffected by the revocation. 

The data collected during registration will be stored by us for as long as you are registered on our website and will then subsequently be deleted. Legal retention periods remain unaffected.

  1. 4.3. Processing of Data (Customer and Contract Data)

We collect, process and use personal data only to the extent necessary for the establishment, content-related design or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 Para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data relating to the use of our internet pages (usage data) only to the extent necessary to enable the user to make use of the service or to bill the user.

The collected customer data will be deleted after completion of the contract or termination of the business relationship. Legal retention periods remain unaffected.

  1. 4.4. Data Transfer upon Conclusion of Contract for Services and Digital Content

We transfer personal data to third parties only if this is necessary in the context of contract processing, for example to the bank responsible for processing the payment.

A further transfer of data does not take place or only takes place if you have expressly agreed to the transfer. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6 Para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

  1. 4.5. Newsletter Data

If you wish to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. Further data will not be collected or will only be collected on a voluntary basis. We use this data exclusively to send the requested information and do not pass this on to third parties. 

The data entered in the newsletter registration form will be processed exclusively on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You may revoke your consent to the storage of data, email address and the use thereof to send the newsletter at any time, for example via the “Unsubscribe” link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. 

The data you have provided us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you cancel the newsletter. This does not affect data stored by us for other purposes (e.g. email addresses for the member area).

  1. 5. Data Transfer to Third Countries or International Organisations

We work together with various service providers. If a transfer to a third country is necessary, this will be carried out exclusively on the basis of contract data processing in accordance with Article 28 GDPR.

  1. 5.1. Mailchimp

This website uses the services of Mailchimp to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

Mailchimp is a service which can be used, among other things, to organise and analyse the sending of newsletters. If you enter data for newsletter subscription purposes (e.g. email address), it will be stored on Mailchimp’s servers in the USA.

Mailchimp is certified according to the “EU-US Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA which is intended to ensure compliance with European data protection standards in the USA.

Mailchimp enables us to analyse our newsletter campaigns. When you open an email sent with Mailchimp, a file contained in the email (known as a web beacon) connects to the Mailchimp servers in the USA. In this way, it can be determined whether a newsletter message has been opened and which links have been clicked. In addition, technical information (e.g. time of retrieval, IP address, browser type and operating system) is recorded. This information cannot be assigned to the respective newsletter recipient. It is simply used for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you do not wish to be analysed by Mailchimp, you must unsubscribe from the newsletter. We provide a corresponding link in every newsletter update for this purpose. You can also unsubscribe directly on the website.

Data processing is based on your consent (Art. 6 Para. 1 lit. a GDPR). You may revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data you have provided us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the Mailchimp servers after unsubscribing from the newsletter. Data stored by us for other purposes (e.g. email addresses for the member area) remain unaffected.

For more information, please refer to Mailchimp’s privacy statement at: https://mailchimp.com/legal/terms/.

We have concluded a “Data Processing Agreement” with Mailchimp, in which we oblige Mailchimp to protect the data of our customers and not to pass it on to third parties. This agreement can be viewed at the following link: https://mailchimp.com/legal/data-processing-addendum/.

  1. 6. Cookies

The web pages sometimes use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and more secure. Cookies are small text files that are stored on your computer by your browser.

Most of the cookies we use are known as “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognise your browser during your next visit.

You can set your browser so that you are informed about the use of cookies and only allow cookies in individual cases, accept cookies in certain cases, or generally prevent the use of them and activate the automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of this website may be restricted. 

Cookies which are necessary for the execution of the electronic communication process or for the provision of certain functions desired by you (e.g. shopping basket function) are stored on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of its services. Insofar as other cookies (e.g. cookies for analysing your browsing behaviour) are stored, these are dealt with separately in this privacy policy.

  1. 7. Visiting our Website

Your visit to our pages is stored in a log file (so-called server logfiles). This data is automatically recorded by our IT systems when you visit our website. This is mainly technical data (e.g. internet browser, operating system or the time the page was viewed). This data is collected automatically as soon as you enter our website.

  1. 8. Analytical Tools and Advertising

When you visit our website, information is collected which is used to statistically evaluate your browsing behaviour. This is done primarily with cookies and so-called analysis programs. The analysis of your browsing behaviour is usually anonymous; the browsing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. More detailed information on this can be found in the following privacy policy.

8.1 Use of Tracking Tools

In connection with our web pages, we use technologies in order to be able to evaluate information on the type and extent of the use of our web pages (tracking tools).

  1. 8.1.1. Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website will generally be transferred to and stored by Google on servers in the USA.

Google Analytics cookies are stored on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

  1. 8.1.1.1. IP Anonymisation

We have activated the IP anonymisation function on this website. This will cause Google to shorten your IP address within member states of the European Union or other treaty states of the Agreement on the European Economic Area before it is transferred to the USA. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. On behalf of the website operator, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services relating to website activity and internet usage to the website operator. The IP address transferred by your browser as part of Google Analytics is not combined with other data from Google.

  1. 8.1.1.2. Browser Plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) as well as from processing this data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

  1. 8.1.1.3. Opposition to Data Collection

You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie is set to prevent your information from being collected on future visits to this website: Disable Google Analytics.

For more information on how Google Analytics handles user data, please refer to Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

We have concluded a contract with Google for contract data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

  1. 8.1.2. Google Analytics Remarketing

Our sites use Google Analytics Remarketing features in conjunction with the cross-device features of Google AdWords and Google DoubleClick. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This feature allows Google Analytics Remarketing to link advertising target groups with the cross-device capabilities of Google AdWords and Google DoubleClick. In this way, interest-related, personalised advertising messages which have been adapted to you depending on your previous usage and browsing behaviour on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC).

If you have given your consent, Google will link your web and app browser history to your Google account for this purpose. In this way, the same personalised advertising messages can be displayed on every device on which you log in with your Google account. 

To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target audiences for cross-device advertising.

You can permanently opt out of cross-device remarketing/targeting by opting out of personalised advertising in your Google account using this link:  https://www.google.com/settings/ads/onweb/.

The data collected in your Google account will only be aggregated on the basis of your consent, which you may give to or revoke from Google (Art. 6 Para. 1 lit. a GDPR). In the case of data collection processes that are not consolidated in your Google account (e.g. because you do not have a Google account or have objected to the consolidation), the data collection is based on Art. 6 Para. 1 lit. f GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymous analysis of website visitors for advertising purposes.

Further information and the privacy policy can be found in Google’s privacy statement at: https://www.google.com/policies/technologies/ads/.

  1. 8.1.3. Google AdWords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising program of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).

As part of Google AdWords, we use what is known as conversion tracking. When you click on an ad placed by Google, a conversion tracking cookie is set. Cookies are small text files which the internet browser places on the user’s computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not expired, ourselves and Google may recognise that the user clicked on the ad and was directed to that page.

Each Google AdWords customer receives a different cookie. Cookies cannot be tracked through AdWords customer websites. The information collected from the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers will know the total number of users who clicked on their ad and were directed to a page with a conversion tracking tag. However, they will not receive information which personally identifies you. If you do not wish to participate in tracking, you can opt out of this use by easily disabling the Google conversion tracking cookie in your internet browser. You will then not be included in the conversion tracking statistics.

Conversion cookies are stored on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

More information on Google AdWords and Google conversion tracking can be found in Google’s privacy statement: https://www.google.de/policies/privacy/.

You can set your browser so that you are informed about the use of cookies and only allow cookies in individual cases, accept cookies in certain cases, or generally prevent the use of them and activate the automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of this website may be restricted. 

  1. 8.1.4. Facebook Pixel

To measure conversion, our website uses the visitor action pixel of Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).

This enables us to track the behaviour of site visitors after they are redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and to optimise future advertising efforts.

The data collected is anonymous to us as the operator of this website, and we cannot draw any conclusions about the identity of the users. However, data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with Facebook Data Usage Guidelines. This may allow Facebook to place ads on Facebook pages and outside of Facebook. This use of data cannot be influenced by us as the site operator.

See Facebook’s privacy notice for more information about protecting your privacy: https://www.facebook.com/about/privacy/.

You can also disable the “Custom Audiences” remarketing function in the advertisement settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook to do so.

If you do not have a Facebook account, you can disable Facebook’s usage-based advertising on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

  1. 8.1.5. Intercom

In order to improve our user experience in our applications, we use the Intercom service of the company Intercom Inc. to send email notifications and live chat. We provide Intercom with your email address and name as personal information. 

Intercom, Inc. has joined the “Safe Harbor” programme to achieve a higher level of data protection for non-EU companies. For more information about Intercom’s privacy policy, please visit: https://www.intercom.com/legal/privacy.

  1. 8.1.6. Hotjar

We use Hotjar to better understand the needs of our users and to optimise the offers on this website.  Hotjar’s technology helps us to better understand our users’ experiences (e.g. how much time users spend on which pages, which links they click on, what they like and dislike, etc.) and helps us tailor our offers to our users’ feedback. Hotjar uses cookies and other technologies to collect information about the behaviour of our users and their devices (including, but not limited to, the IP address of the device (collected and stored only in an anonymous form), screen size, unique device identifiers, information about the browser used, location (country only), preferred language for viewing our website).  Hotjar stores this information in a pseudonymous user profile. The information will not be used by Hotjar nor by us to identify individual users or merged with other information about individual users. For more information, please refer to Hotjar’s privacy policy here.

8.1.7 Hubspot

We use the services of HubSpot Inc., 25 First St., 2nd floor Cambridge, Massachusetts 02141, USA (“Hubspot”), to collect statistical information about the use of our website and improve our services accordingly as well as to provide downloads of white papers, ebooks and similar materials plus as well as to operate email marketing. The legal basis for using Hubspot’s services are our legitimate interests according to Article 6 (1) (f) GDPR, i.e. our interest to optimize our marketing activities and the service quality of our website. Hubspot is a certified company under the EU-US privacy shield and therefore guarantees to adhere to European data protection law.

For more information about Hubspot ’s privacy policy, please visit: https://legal.hubspot.com/privacy-policy

8.1.8  Looker

Looker is a business intelligence software and big data analytics platform that helps us explore, analyze, and share real-time business analytics with our customers easily.  

Looker maintains a privacy program aligned with global privacy requirements, including the General Data Protection Regulation (GDPR) and with the EU-U.S., Swiss-U.S. Privacy Shield Principles and Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information about individuals in the European Union, United Kingdom (UK) and Switzerland, processed within the United States. 

The legal basis for using Looker’s services are our legitimate interests according to Article 6 (1) (f) GDPR, i.e. our interest to monitor your user experience on the Platform., to administer your user accounts and provide customer service and support.

For more information about Looker ’s privacy policy, please visit: https://looker.com/trust-center/privacy/policy.

  1. 8.2. Plugins and Tools
  1. 8.2.1. Google Web Fonts

This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. 

For this purpose, the browser you are using must connect to Google’s servers. This enables Google to recognise that your IP address has been used to access our website. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.

If your browser does not support web fonts, a standard font will be used by your computer.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/.

  1. 8.2.2. Google Maps

This site uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

In order to use the features of Google Maps, it is necessary to store your IP Address. This information is usually transferred to a Google server in the USA and is stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy discoverability of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.

You can find more information on the handling of user data in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.

  1. 8.2.3. SoundCloud

Plugins of the social network SoundCloud (SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, Great Britain) may be integrated on our pages. You can recognise the SoundCloud plugins by the SoundCloud logo on the pages concerned.

When you visit our pages, a direct connection will be established between your browser and the SoundCloud server. SoundCloud receives the information that you have visited our page with your IP address. If you click the “Like” or “Share” button while logged into your SoundCloud account, you can link and/or share the content of our pages with your SoundCloud profile. This allows SoundCloud to associate the visit of our pages with your user account. We wish to point out that, as provider of these pages, we do not have any knowledge of the content of the transferred data or its use by SoundCloud. Further information on this can be found in SoundCloud’s privacy policy at: https://soundcloud.com/pages/privacy.

If you do not want SoundCloud to associate visits to our pages with your SoundCloud user account, please log out of your SoundCloud account before activating any content from the SoundCloud plugin.

  1. 8.2.4. Google Web Fonts

This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. 

For this purpose, the browser you are using must connect to Google’s servers. This enables Google to know that your IP address has been used to access our website. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.

If your browser does not support web fonts, a standard font will be used by your computer.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/.

  1. 9. Payment Providers
  1. 9.1. PayPal

On our website, we offer payment via PayPal among others. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

If you choose to pay via PayPal, the payment details you enter will be sent to PayPal.

The transfer of your data to PayPal is based on Art. 6 Para. 1 lit. a GDPR (consent) and Art. 6 Para. 1 lit. b GDPR (processing to fulfil a contract). You have the option to revoke your consent to data processing at any time. A revocation has no effect on the effectiveness of past data processing operations. 

  1. 9.2. Stripe

On our website, we offer payment via Stripe among others. The provider of this payment service is Stripe, Inc. 510 Townsend Street San Francisco, CA 94103, USA (hereinafter “Stripe”).

If you choose to pay via Stripe, the payment details you enter will be sent to Stripe.

The transfer of your data to Stripe is based on Art. 6 Para. 1 lit. a GDPR (consent) and Art. 6 Para. 1 lit. b GDPR (processing to fulfil a contract). You have the option to revoke your consent to data processing at any time. A revocation has no effect on the effectiveness of past data processing operations. 

  1. 10. Other Processing on the basis of a Legitimate Interest

To the extent necessary, we process your data beyond the fulfilment of a contract concluded with you or consent given by you to protect our legitimate interests or those of third parties, unless a consideration in individual cases shows that your legitimate fundamental rights and freedoms, which require the protection of personal data, prevail (cf. Art 6 Para. 1f) GDPR). This may include:

  • Examination and optimisation of procedures for needs analysis and direct customer contact
  • Assertion of legal claims and defence in legal disputes
  • Safeguarding our IT security and operations
  • Prevention and investigation of criminal offences 
  • Measures for business management and further developments of services and products.

  1. 11. Duration of Data Storage

The collected customer data will be deleted following the completion of the contract or upon completion of the business relationship. Legal retention periods remain unaffected.

Such retention periods may result, for example, from the German Commercial Code (HGB) or German Fiscal Code (AO). The periods specified there for storage or documentation are up to ten years. 

Finally, the storage period is also assessed according to statutory limitation periods which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), can generally be three years, but in certain cases may also be up to thirty years.

  1. 12. Your Rights
  1. 12.1. Revocation of Given Consent

You may revoke any express or implied consent given to us at any time with effect for the future.

  1. 12.2. Information

You may request information from us regarding the personal data stored about you. In addition, you are therefore entitled to details on the information provided in Art. 15 GDPR.

  1. 12.3. Correction and Deletion

You also have the right to have incorrect personal data corrected in accordance with Art. 16 GDPR as well as have your personal data deleted in accordance with Art. 17 GDPR.

  1. 12.4. Processing Restrictions

Under the conditions set out in Art. 18 GDPR, you may restrict the processing of your personal data. 

  1. 12.5. Right to Object

In accordance with Art. 21 GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, insofar as this takes place on the basis of Art. 6 Para. 1 e) or f) GDPR. In the event of such an objection, we will no longer process such data unless we can prove that there are compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise of defence of legal claims. 

  1. 12.6. Release of Data and Data Transfer

Furthermore, you have the right to receive a copy of the personal data which you provided us with in a structured, common and machine-readable format. You also have the right, insofar as this is technically feasible, for us to transfer this data to another responsible person upon your request. The right to data transfer only applies to personal data for which the processing is based on consent (express or implied) in accordance with Article 6 Paragraph 1 a) GDPR or on a contract in accordance with Article 6 Para. 1 b) GDPR and processing is carried out by automated means. The right to transfer data to another responsible party is excluded if this would affect the rights and freedoms of other persons (e.g. personal data of third parties, our business and company secrets or copyrights).

The assertion of the aforementioned rights is generally free of charge for you. 

However, in the event of manifestly unfounded or – in particular in the case of frequent repetition – excessive claims, we may, in accordance with Art. 12 Para. 5 GDPR, either demand an appropriate fee which takes into account the administrative costs of the information or notification or implementation of the requested measure or refuse to act on the basis of the claim.

  1. 12.7. Right of Appeal

In connection with your personal rights, you have the right to appeal to the following responsible supervisory authority with regard to the protection of personal data: 

State Official for Data Protection and Freedom of Information in North Rhine-Westphalia

Helga Block

P.O. Box 20 04 44
40102 Düsseldorf

Kavalleriestraße 2-4
40213 Düsseldorf


Telephone: 02 11/384 24-0
Fax: 02 11/384 24-10


Email: poststelle@ldi.nrw.de

Homepage: http://www.ldi.nrw.de

  1. 13. Other
  2. 13.1. Objection to Advertising Mail

The use of contact data as published within the framework of imprint obligations in order to send unwanted advertising and information material is hereby expressly rejected. The operators of this website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising materials, such as spam emails. 

  1. 13.2. Amendments to our Privacy Policy

Fitogram GmbH will update this privacy policy when necessary and adapt it to new requirements and laws. It is therefore recommended that you check this document regularly so that you are informed about the protection of your data.

This privacy policy was last updated on: January, 4th,  2021

Should you have any questions regarding data protection, please contact datasecurity@fitogram.pro