Notes on the use and protection of your data and your rights - Information under Articles 13, 14 and 21 of the European General Data Protection Regulation (GDPR)
In the following, we, the miha bodytec GmbH, inform you about how we process and use your personal data in the context of the use of our offers and services.
The most important thing first: Sensitive and responsible handling of your personal data is an essential part of a serious and customer-oriented business activity. Already in the data collection the principle of the data economy is of great importance. We collect and process your personal data only insofar as you have given us consent for this, or the legislator expressly allows us or prescribes us or you allow us. We guarantee that no personal data will be passed on to third parties without authorization.
Please note that the General Data Protection Regulation and a new version of the German Federal Data Protection Act apply (BDSG) from 25.05.2018.
1. What is personal information?
Personal information is all data about personal and factual circumstances of a specific or identifiable natural person (§ 3 paragraph 1 BDSG) or a user. Examples of personal information include information such as your name, address, location, online ID or telephone number.
The offer of miha bodytec is basically aimed at adult users. Use by minors without the consent of the guardians is not permitted. miha bodytec therefore reserves the right to delete all data relating to minor users, as long as there is no consent of the parent or guardian.
3. Responsible party
Responsible party for the collection, processing and use of your personal data within the meaning of the GDPR is miha bodytec GmbH, Siemensstraße 1, 86343 Gersthofen.
If you have a concern about privacy at miha bodytec, please contact us via the following ways:
miha bodytec GmbH
Phone: +49 821 45 54 92 - 0
4. Contact details of the data protection officer
As Data Protection Officer, Mr. Michael Tetté is appointed. He carries out the activities in accordance with Art. 38 and Art. 39 GDPR. You can contact the Privacy Officer via firstname.lastname@example.org at any time for privacy-related concerns.
5. How do we collect and process your personal information? Which sources and data do we use?
Your personal information will be collected by us or by public access. This may be e.g. data that you enter in person, by telephone, by e-mail or via a contact form.
Other data is collected automatically when visiting the website through our IT systems. These are above all technical data (for example Internet browser, operating system or time of the page request). The collection of this data is automatic as soon as you enter our website.
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
If you would like to receive a newsletter offered by miha bodytec, we need an e-mail address from you, as well as information that will allow us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data is not collected. We use this data exclusively for the delivery of the requested information and do not pass it on to third parties.
The granted consent to the storage of the data, the e-mail address and their use for sending the newsletter can be revoked at any time.
Information about the newsletter and consent
With the following information, we will inform you about the contents of our newsletter as well as the registration, shipping and statistical evaluation procedures as well as your right of objection. By subscribing to our newsletter, you agree to the receipt and the procedures described.
Content of the newsletter
We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter "newsletter") only with the consent of the recipient or a legal permission. Insofar as the contents of a newsletter are concretely described, they are authoritative for the consent of the users. Incidentally, our newsletters contain information on topics in the fitness market, in particular EMS training, as well as about our company and partner organizations. (this may include references to blog posts, lectures or workshops, our services or online presence).
Double opt-in and logging
The registration for our newsletter takes place in a so-called double opt-in procedure. After registration, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with external e-mail addresses.
The registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Similarly, the changes to your data stored with MailChimp will be logged.
Use of the mail service provider "MailChimp"
The newsletter is sent by means of "MailChimp", a newsletter shipping platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The e-mail addresses of our Newsletter recipients, as well as their other information described in these notes, are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletters on our behalf. Furthermore, MailChimp may, according to its own information, use this data to optimize or improve its own services, e.g. for the technical optimization of the shipping and the presentation of the newsletter or for economic purposes, to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to send e-mails for its own purposes or to pass them on to third parties.
To subscribe to the newsletter, it is sufficient to enter your e-mail address. We only use this information to adapt the content of the newsletter to the interests of our readers.
Statistical survey and analyses
The newsletters contain a so-called "web-beacon", i. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. This will initially collect technical information, such as information about the browser and your system, as well as your IP address and time of retrieval. This information is used to improve the technical performance of services based on their specifications or audience and their reading habits, based on their locations (which can be determined using the IP address) or access times.
Statistical surveys also include determining if the newsletters will be opened, when they will be opened and which links will be clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our desire nor that of MailChimp to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
Online call and data management
Termination / Revocation
You can terminate the receipt of our newsletter at any time, i.e. revoke your consent. At the same time, your consent to sending it via MailChimp and the statistical analyses expire. A separate revocation of the dispatch via MailChimp or the statistical evaluation is unfortunately not possible.
A link to cancel the newsletter can be found at the end of each newsletter.
Legal basis General Data Protection Regulation
In accordance with the provisions of the European General Data Protection Regulation (GDPR), which will apply from 25 May 2018, we inform you that the consents to the sending of e-mail addresses on the basis of Art. 6 para. 1 lit. a, 7 GDPR and § 7 (2) no. 3 and (3) UWG. The use of the mail service provider MailChimp, carrying out the statistical surveys and analyses as well as logging the registration process, are based on our legitimate interests in accordance with. Art. 6 para. 1 lit. f GDPR. We are interested in using a user-friendly and secure newsletter system that serves both our business interests and the expectations of our users.
[„The Policy’s design is based on a draft of Rechtsanwalt Dr. Thomas Schwenke„]
We further point out that you are the future processing of your personal data in accordance with the statutory requirements. Art. 21 GDPR can contradict at any time. The objection may in particular be made against processing for direct marketing purposes.
Server log files
The provider of our websites automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:
• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data to fulfil a contract or for measures preliminary to a contract.
Our websites use Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analysing user behaviour to optimize both its website and its advertising.
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.
Google AdWords and Google Conversion-Tracking
Our websites may use Google AdWords. AdWords is an online advertising program of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google").
As part of Google AdWords, we use the so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that the Internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used for the personal identification of the users. If the user visits certain pages of this website and the cookie has not expired yet, Google and we can recognize that the user clicked on the ad and was redirected to this page.
Each Google AdWords customer receives a different cookie. The cookies cannot be tracked through the websites of advertisers. The information gathered using the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie through its Internet browser under User Preferences. You will not be included in the conversion tracking statistics.
The storage of "conversion cookies" is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimize both its website and its advertising.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, the acceptance of cookies for certain cases or generally exclude and enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
Facebook plugins (Like & Share buttons)
Our websites include plugins for the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the Like button on our site. For an overview of Facebook plugins, see https://developers.facebook.com/docs/plugins/.
If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.
Our websites use Facebook's visitor action pixel for conversion measurement, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook").
This way, the behaviour of the site visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. As a result, the effectiveness of Facebook advertisements can be evaluated for statistical and market research purposes and future advertising measures optimized.
The collected data are anonymous to us as the operator of this website, we cannot draw conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage directive. As a result, Facebook can enable ads to be displayed on Facebook and outside of Facebook. This use of data cannot be influenced by us as the site operator.
You can also disable the remarketing Custom Audiences feature in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.
If you do not have a Facebook account, you can opt-out of Facebook-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/preferentialmanagement/.
You can change your privacy settings on Twitter in the Account Settings at http://twitter.com/account/settings.
On our pages, we use social plugins from the Pinterest social network operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA ("Pinterest"). When you visit a page containing such a plugin, your browser connects directly to the servers of Pinterest. The plugin transmits protocol data to the server of Pinterest in the USA. This log data may include your IP address, the address of the websites visited, which also includes Pinterest features, browser type and settings, the date and time of the request, how you use Pinterest, and cookies.
Our websites may use plugins from the Google-powered YouTube page. Site operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
When you visit one of our YouTube plug-in-enabled sites, you will be connected to the servers of YouTube. It tells the YouTube server which of our pages you've visited.
If you're logged into your YouTube account, YouTube will allow you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
Functions of the service Instagram are integrated on our sides. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, United States. If you are logged in to your Instagram account, you can link the contents of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We point out that we as the provider of the pages do not receive knowledge of the content of the transmitted data and their use by Instagram.
Our online shop accepts payments via PayPal. The provider of this service is PayPal (Europe) S.à.r.l & Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg.
If you select payment via PayPal, the payment data you provide will be supplied to PayPal based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) GDPR (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.
miha bodytec LogX Software
The miha bodytec training devices can communicate with the miha bodytec LogX software via a firmly encoded access device ("Access Point") to be acquired by the customer. It is an online platform for optimal commercial use of miha bodytec training equipment.
The following data is processed in the miha bodytec LogX software:
- Master data collected by the EMS operator (name, date of birth, address and contact details, duration of my training contract, etc.)
- Training data (settings of training equipment and data collected during use of the equipment, such as time and scope of training)
- Voluntary information provided by the exerciser (e.g., height, weight, blood pressure, injuries, medications, exercise goals and the like)
- The trainee may at any time at his discretion provide further information: Training results and ratings of the training will be delivered.
6. How do we handle cookies? What can you do about cookies?
Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
7. Does miha bodytec transfer personal data to third parties? Who gets your data?
If necessary, we will pass on your personal data to third parties. Such data transfer may be required if necessary for the purposes of the contract, such as the companies entrusted with the delivery of the goods or the bank responsible for processing the payment. Further, data sharing may be required to give you access to our services, to comply with our legal obligations, to enforce our terms and conditions, to conduct our marketing and promotional activities, and to prevent fraud or illegal activity associated with our services to recognize, curb and investigate.
A further transmission of the data does not take place or only if you have expressly consented to the transmission.
We will never share your personal information with third parties for their marketing and promotional purposes without your explicit consent.
8. How is the data encrypted and secured?
miha bodytec secures its processes and web sites by technical and organizational measures against loss, destruction, access, change or spreading of your data by unauthorized persons, nevertheless nobody can guarantee an absolute protection.
Our sites use SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Encrypted payments in our online shop
If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.
Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon in your browser line is visible.
In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.
9. How long will your data be stored?
We adhere to the principles of data avoidance and data economy. Therefore, we store your personal data only as long as this is necessary for the performance of the service you requested or ordered, that is, as long as there is a contractual relationship with you and / or your consent exists. After discontinuation of the respective processing purpose or in the case of termination / termination of a contractual relationship or after revocation of your consent, the corresponding data will be blocked or deleted by miha bodytec, unless further storage is due to statutory retention periods (in accordance with the provisions of the German HGB), which we must comply.
10. Are data transmitted to a third country or to an international organization?
Servers where miha bodytec stores customer data are located within the European Union / European Economic Area (EEA).
We will inform you about exceptions separately. In this context, we refer in particular to item 5. Information on the newsletter and consent
11. What rights do you have?
Each data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16, the right to cancellation under Article 17, the right to restriction of processing under Article 18, and the right to data portability Art. 20. With regard to the right to information and the right to erase, the restrictions under §§34 and 35 of the BDSG apply. In addition, there is a right of appeal to a data protection authority (Article 77 i.V.m. § 19 BDSG).
12. To what extent is your data used for profiling or automated decision making?
In principle, we do not use automated decision-making pursuant to Art. 22 GDPR to justify and conduct the business relationship. If we use these procedures in individual cases, we will inform you about this separately, if this is required by law.
There is also no "profiling" with us. Profiling means any kind of automated processing of personal data that consists in using that personal information to evaluate certain personal aspects relating to a natural person, in particular aspects related to job performance, economic situation, health, personal To analyse or predict preferences, interests, reliability, behaviour, whereabouts or relocation of that natural person. Examples of such profiling include i.e. analysis of the data (e.g., based on statistical methods) with the aim of displaying personalized advertisements or giving job advertisements to the user.
13. What do we use to process your data (purpose of processing) and on what legal basis
Art. 6 I lit. a GDPR serves our company as the legal basis for processing operations in which we obtain consent for a particular processing purpose.
If the processing of personal data is necessary to fulfil a contract of which the data subject is a party, as is the case, for example, in processing operations necessary for the supply of goods or the provision of any other service or consideration, processing shall be based on Art. 6 I lit. b GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries regarding our products or services.
If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c GDPR.
In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and his or her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR are based.
Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. On this legal basis, processing operations that are not covered by any of the above legal bases are required if processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the person concerned prevail. Such processing operations are particularly allowed to us because they have been specifically mentioned by the European legislator. In that regard, it considered that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, sentence 2, GDPR). Likewise, the processing of personal data for the purpose of direct marketing may be considered as processing of legitimate interest (recital 47, sentence 7 GDPR).
15. Here's how you can change and delete your data: your revocation options
You have the right to get free information on your stored personal data, their origin and recipient and the purpose of the data processing and, if necessary, a right to rectification, blocking or deletion of this data. For further information on personal data you can contact us at any time at the address given in the imprint.
If you request us to delete your personal data, we will comply with this request without delay. However, this may require a termination of your use in individual cases. Furthermore, we may - as far as this is legally permissible - only block data (for example, because we are legally obliged to keep them.
16. Information about your right of objection according to Art. 21 of the GDPR:
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of personal data concerning you.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.