This data privacy declaration informs you about how we process your personal data for use of the art of health app.

I. Definition of terms

'Personal data' is all information relating to an identified or identifiable natural person; a natural person is regarded as identifiable if they can be identified directly or indirectly, in particular via reference to an identifier such as a name, an identification number, location data, an online identifier or one or several special characteristics that are the expression of the physical, physiological, genetic, psychic, economic, cultural or social identity of this natural person;

'Processing' is any operation or set of operations that is performed on personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

'Person responsible' refers to the natural or legal person, public authority, agency or other body, which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by (European) Union or member state law, the responsible person or the specific criteria for its designation may be provided for by (European) Union or member state law;

'Recipient' refers to a natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under (European) Union or member state law shall not be considered as recipients; the processing of such data by the aforementioned authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing;

II. General information

1. Person responsible for the data processing

Marie Theres Steffen
An der Horeburg 13
21079 Hamburg
mail@mariesteffen.com

2. Contact data for the data privacy officer

We have not named a data privacy officer and we are not obligated to do so.

3. Information about processing procedures

We refer to the respective legal basis of individual processing operations. If we intend to transmit data to third countries outside the European Union (EU) or the European Economic Area (EEA), we will also point this out.

4. Data subject rights

As a data subject, you have the following rights:

According to Art. 15 GDPR, you can request information about your personal data that we are processing; furthermore, you can request information about the processing purposes, the categories of personal data processed, the recipient or categories of recipients to whom your data was published or will be published, the planned storage duration and the criteria for determining the storage duration, the origin of your data, insofar as it was not collected from you, the existence of automated decision-making with regard to profiling and if necessary, meaningful information about details of this such as logic, reach, and effects, the existence of a right to correction or deletion of your data, the right to restrict processing or object to this processing, the existence of a right to appeal to the supervisory authority; in the end, you have a right to information about whether personal data was transmitted to a third country or an international organization and – if this is the case – about the suitable guarantees in connection with the transmission;
According to Art. 16 GDPR, you can request the immediate correction of incorrect information or the completion of your personal data we have saved;
According to Art. 17 GDPR, you can request the deletion of the personal data we have saved about you, unless the processing is required for exercise of the right to free expression and information for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims;
According to Art. 18 GDPR, you can request the restriction of the processing of your personal data, insofar as you dispute the accuracy of the data, the processing is unlawful, but you object to its erasure and we no longer need the data, you need the data no longer required by us for the assertion, exercise or defense of legal claims, or you have objected to the processing pursuant to Art. 21 DSGVO, but it is not yet clear whether our legitimate grounds for data processing override your interest;
According to Art. 20 GDPR, you can request the surrender of your personal data, which you have provided to us, in a structured, common, and machine-readable format or the transmission to another responsible person;
According to Art. 21 GDPR, you can object to the processing of your personal data insofar as there are reasons for this that arise from your specific situation or the objection is to direct advertising and the legal basis for the processing of personal data is justified interests according to Art. 6 Para. 1 S. 1 let. f GDPR;
According to Art. 7 Para. 3 GDPR, you can revoke your consent once given to us at any time. The consequence of this is that we can no longer continue the data processing that relied on this consent in the future;
According to Art. 77 GDPR, you can appeal to a supervisory authority, in particular in the member state in which you usually reside, where your workplace is, or in the location of the alleged violation. For a list of the contact data for the data privacy officers in the states of the Federal Republic, click here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

If you want to assert the aforementioned data subject rights, you can contact us about this using the aforementioned contact data at any time.

5. Deletion and restriction of personal data

Insofar as nothing else is agreed upon in this data privacy declaration for the individual case, personal data will be deleted if the data is no longer required for the purposes for which it was collected or otherwise processed and no legal retention requirements prevent the deletion.

We will delete the personal data we have processed at your request under the provisions of Art. 17 GDPR. Personal data the is required for other and legally permissible purposes will not be deleted. This applies, for example, to personal data that is required for the pursuit of any claims to which we are entitled or for the defense against claims asserted against us, or that must be retained by us for reasons of commercial or tax law.

6. Consent for transmission of personal data to the USA

If we ask for your content according to Art. 49. Para. 1 let. A GDPR as legal basis for the data transmission to the USA and/or other third countries, the following prerequisites apply for this consent:

a. Your personal data can be transmitted to a country or an international organization outside of the European Union (EU) or European Economic Area (EEA), whose level of data privacy laws does not correspond to European or German data privacy law. Personal data will be transmitted subject to legal or contractual permissions in accordance with the conditions set out in Article 44 ff. GDPR. This means that for the relevant land, there is an adequacy decision of the EU Commission according to Art. 45 GDPR, there are appropriate data protection safeguards pursuant to Article 46 GDPR or binding internal data protection rules exist pursuant to Article 47 GDPR. The explanations of the respective processing procedures in this data privacy declaration contain additional information about this.

b. For some countries, especially the USA, there is no adequacy decision of the EU Commission according to Art. 45 GDPR, and it is possible that an appropriate level of data privacy that corresponds to data privacy in the European Union cannot be established either through suitable guarantees for data privacy according to Art. 46 GDPR or through binding internal data privacy provisions according to Art. 47 GDPR. There is a risk that these third countries do not offer an appropriate level of protection. These third countries may not have a supervisory authority and/or data processing policies and/or you as a data subject may not have data privacy rights in the third country. You may thus not have sufficient legal remedies to defend yourself against violations of your rights in these countries.

III. Processing procedures for provision and use of the art of health app

1. Provision of the app

The art of health app is provided via the app stores that you use with your end device. For this, the provider of the app store in question can collect and process data such as your user name, e-mail address, the customer number of your account and the time of the download, payment information, and the individual device ID of the end device you are using.

We have no influence on the collection and processing of this data. Only the provider of the app store in question is responsible for this data processing. We assume no responsibility for this.

2. Usage data

In order to be able to provide the functions of the art of health app, particular personal data about you is processed, which you must enter for the purpose of usage. In some cases, this includes health data that belongs to special categories of personal data in the sense of Art. 9 Para. 1.

In particular, this includes:

Your name;
The training plans to which you have subscribed and use;
time and scope of the inputs you have provided;
Height, sex, weight, body fat percentage, duration of the training, training intervals, degree of everyday activity, classification of the metabolism, training goal, daily calorie intake;
Composition and energy content of your nutrition, especially fiber, protein, fat, salt consumption, liquid intake, carbohydrates, as well as calorie balance and adherence to the planned calorie balance and quality of the food;
General data about your state of health, especially energy-focus in everyday life, energy level in training, general queries about illness and/or medications taken, digestion, regeneration, how long you have slept, quality of your sleep, stress level, and self-evaluations of attractiveness and mental condition;
general data about your training behavior, especially duration of the training, type and execution of the exercises, steps taken, improvement potential, and enjoyment of training; and
Data about the state of your body, in particular the measurements of your hips, upper arms, thighs, shoulders, waist.

To determine precisely which data is at issue, consult the current version of the app. We reserve the right to make changes to the types of data we process in order to enhance and improve the art of health app.

In connection with and for the purpose of fulfilling pre-contractual measures and contractual obligations via our internet offerings, which come at your request, the art of health app processes the data required to fulfill the contract. Without your consent and this processing of your data, you cannot use the art of health app or you can only use it with imprecise results.

The data will be processed and saved and deleted if necessary only by you personally on your end device. We have no access to this data. The data will also not be transmitted to third parties. You yourself are responsible for the security of the data on your end device.

3. Contract data

In connection with, and for the purpose of the fulfillment of pre-contractual measures and contractual obligations in the use of the art of health app, which take place at your request, we process the data required for the fulfillment of the contract.

If you purchase a subscription for the use of the art of health app and therefore conclude a usage contract, the operator of the app store transmits the following data to us:

If you are using Google Play, your name and e-mail address;
if you are using the Apple app store, your unique subscription ID;
confirmation of the payment received for your subscription.

The legal basis for the data processing is Art. 6 Para. 1 S. 1 let. b GDPR.

We use a cloud-based merchandise information system that is hosted by a provider of such systems and handles our business processes and manages inventories. Personal data is processed by the cloud provider on our account. The legal basis for data processing is our justified interest in an efficient management and control of our business processes according to Art. 6 Para. 1 S. 1 let. f GDPR.

The data is only forwarded to third parties to the extent required for the fulfillment of pre-contractual measures and contractual obligations according to Art. 6 Para. 1 let. b GDPR (e.g. to banks, payment processors, credit card companies for the handling of payment and to shipping providers for sending goods) or to pursue any claims to which we are entitled or defend against claims made against us according to Art. 6 Para. 1 let. f GDPR or if there is a legal obligation according to Art. 6 Para. 1 let. c GDPR. Documents according to § 257 Para. 1 No. 2 and 3 HGB and § 147 Para. 1 No. 2, 3, 5 AO will be retained for 6 years, documents according to § 257 Para. 1 No. 1 and 4 HGB and according to § 147 Para. 1 No. 1, 4, 4a AO will be retained for 10 years.

4. Access data and log files

During use of the art of health app, there is an automatic query to our internet provider's server whether new content, for example training plans, has been provided for you. If we have provided new content, this content shall be called up, for this your end device automatically sends information to our internet provider's server. We or our hosting provider save(s) this information is saved in so-called log files.

The following information is saved:

IP address of your end device;
date and time of the access;
Name and URL of the file called up;
status codes and data quantity transmitted;
name of your access provider.

This data is processed for the following purposes:

Provision of the art of health app including all functions and content;
guarantee of the smooth establishment of a connection;
Guarantee of convenient use of the art of health app;
Sensuring of system security and stability;
Anonymized statistical evaluation of the access;
optimization of the art of health app;
In case of (possible) legal disputes, for defense against or pressing of claims
Forwarding to authorities in case of suspicion of illegal actions, for example in case of unlawful intervention in/access to our systems or a corresponding suspicion or other criminal acts;

This data is deleted after six months insofar as it is no longer required for other purposes (for example, defense against or pressing of claims).

The legal basis for the data processing to enable you to use the art of health app by providing content is Art. 6 Para. 1 S. 1 let. b GDPR. The legal basis for the data processing beyond this is Art. 6 Para. 1 S. 1 let. b GDPR. Our justified interested follows from the purposes described above.

The provision of content for the art of health app is done on our account by ALL-INKL.COM - Neue Medien Münnich, owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf.

IV. Tracking with Google Analytics

The provider of Google Analytics is Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (called 'Google' below).

The information and personal collected by Google in connection with the provision of Google Analytics may possibly be transferred to Google servers in the USA and saved there. The personal data recorded can be saved on servers in the USA. Google has concluded standard contract clauses to fulfill the requirements of the EU for the legitimation of the data transfer of personal data to third countries outside the EU or the EEA. Information about Google's use of standard contract clauses can be viewed at https://policies.google.com/privacy/frameworks?hl=en&fg=1.For additional information about Google handles your personal data, see Google's data privacy declaration: https://www.google.com/intl/de/policies/privacy/.

The legal basis for use of Google Analytics is your voluntarily granted consent according to Art. 6 Para. 1 S. 1 let. A GDPR. The legal basis for the data transmission to the USA is also your voluntarily granted consent according to Art. 49. Para. 1 let. a GDPR. For your consent for transmitting your data to third countries outside the EU or the EEA, the prerequisites under Number II. 6 apply.

The art of health app uses Google Analytics from Google without cookies. Google Analytics collects anonymized data about the users of the art of health app and analyzes their behavior. This data serves the purpose of ensuring a needs-based design and ongoing optimization of the art of health app, measuring the success of marketing measures, and creating statistical evaluations. In this context, pseudonymized usage profiles are created.

Google Analytics logs the following events for this:

If the starting calorie questionnaire is filled out;
if the health journal is opened;
If the health journal is filled out;
if the weekly check-in is begun;
If the weekly check-in is completed;
if a training plan is opened;
If a training plan is downloaded;
If a training plan is identified as active;
If a training plan is identified as completed;
if a diet break is started;
If a diet break is ended and
if the art of health app is opened.

Among other things, Google Analytics also collects details about the operating system your end device uses, the host name of the accessing end device (IP address), and the time of the event. None of this information is read from the memory of your end device or saved on your end device.

The art of health app only transmits the data detailed above about the logged events to Google Analytics. In addition, no additional data, especially no usage data that you entered when using the art of health app (see Number II. 2) above, is transmitted to Google.

The data collected via your end device is encrypted through calculation of a hash value using a randomly selected sequence of characters that is attached to the hash function before entry (so-called “salt”), so that the assignment to individual users is nearly impossible. The information gained this way is saved on servers operated by Google. If necessary, this information is also transmitted to third parties, insofar as this is specified by law or insofar as third parties process this data on our account or that of Google.

V. Other processing procedures

1. Applications

If you apply to us, our data privacy declaration at https://the-art-of-health.de/datenschutz/ applies for the data processing.

2. General contact information

If you contact us using the contact data published as part of our app (e.g., by e-mail) and provide us with personal data in the process, our privacy policy applies at https://the-art-of-health.de/datenschutz/.

3. Transfer of business operations

If we sell our business operations to another company or transfer our business operations in another way, we shall transfer your data to this company. We shall inform you about this in timely fashion and enable you to object to the transmission of your data.

4. Newsletter

If you would like to receive our newsletter, we process your e-mail address. Your data shall be processed according to Art. 6 Para.1 S.1 let.a GDPR on the basis of your consent granted voluntarily via the so-called double opt-in process. If you do not grant this consent, you cannot receive our newsletter.

Your data shall be used and saved for this purpose until you revoke your consent or unsubscribe from the newsletter. It is possible to unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you can send your revocation/desire to unsubscribe to the e-mail address named under No II at any time.

We send our newsletter with a so-called tracking pixel. A tracking pixel is a miniature graphic that is embedded in the HTML format of the newsletter sent in order to analyze reading behavior. In this context, we save whether and at what time you opened a newsletter and which links in the newsletter you called up. We use this data to create statistical evaluations of the success or lack of success of a marketing campaign using pseudonymized usage profiles in order to optimize newsletter dispatch and attune the content of future newsletters better to your interests. The data collected is not forwarded to third parties and is deleted after the statistical evaluation. The legal basis for the processing is our justified interest in an optimized evaluation of our newsletter dispatch according to Art. 6 Para S. 1 let. f GDPR.

KlickTipp handles the subscription to and dispatch of our newsletter. Provider is KlickTipp Ltd., 15 Cambridge Court, 210 Shepherd’s Bush Road, London W6 7NJ, United Kingdom, represented by the Waterton Knowledge Center WKC UG, Friedrichstr. 53a, 15537 Erkner, this is represented by Ulf Castelle, DSGVO- Vertreter@klicktipp.com (called 'KlickTipp' below). Your data for the subscription and dispatch of our newsletter is processed by KlickTipp on our account and then transmitted to KlickTipp in the United Kingdom. There is an adequacy decision of the EU Commission for the United Kingdom; it can be called up at https://ec.europa.eu/info/files/decision-adequate-protection-personal-data-united-kingdom-general-data-protection-regulation_de. Thus, according to Art. 45 Para 1 GDPR, it is permissible to transmit personal data to the United Kingdom.