This data privacy declaration informs you about how we process your personal data for use of the art of health app.

I. Definition of terms

'Personal data' is all information relating to an identified or identifiable natural person; a natural person is regarded as identifiable if they can be identified directly or indirectly, in particular via reference to an identifier such as a name, an identification number, location data, an online identifier or one or several special characteristics that are the expression of the physical, physiological, genetic, psychic, economic, cultural or social identity of this natural person;

'Processing' is any operation or set of operations that is performed on personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

'Person responsible' refers to the natural or legal person, public authority, agency or other body, which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by (European) Union or member state law, the responsible person or the specific criteria for its designation may be provided for by (European) Union or member state law;

'Recipient' refers to a natural or legal person, public authority, agency or other body to whom personal data is disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under (European) Union or member state law shall not be considered as recipients; the processing of such data by the aforementioned authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing;

II. General information

1. Person responsible for the data processing

Marie Theres Steffen
An der Horeburg 13
21079 Hamburg
mail@mariesteffen.com

2. Contact data for the data privacy officer

We have not named a data privacy officer and we are not obligated to do so.

3. Information about processing procedures

We refer to the respective legal basis of individual processing operations. If we intend to transmit data to third countries outside the European Union (EU) or the European Economic Area (EEA), we will also point this out.

4. Data subject rights

As a data subject, you have the following rights:

If you want to assert the aforementioned data subject rights, you can contact us about this using the aforementioned contact data at any time.

5. Deletion and restriction of personal data

Insofar as nothing else is agreed upon in this data privacy declaration for the individual case, personal data will be deleted if the data is no longer required for the purposes for which it was collected or otherwise processed and no legal retention requirements prevent the deletion.

We will delete the personal data we have processed at your request under the provisions of Art. 17 GDPR. Personal data the is required for other and legally permissible purposes will not be deleted. This applies, for example, to personal data that is required for the pursuit of any claims to which we are entitled or for the defense against claims asserted against us, or that must be retained by us for reasons of commercial or tax law.

6. Consent for transmission of personal data to the USA

If we ask for your content according to Art. 49. Para. 1 let. A GDPR as legal basis for the data transmission to the USA and/or other third countries, the following prerequisites apply for this consent:

a. Your personal data can be transmitted to a country or an international organization outside of the European Union (EU) or European Economic Area (EEA), whose level of data privacy laws does not correspond to European or German data privacy law. Personal data will be transmitted subject to legal or contractual permissions in accordance with the conditions set out in Article 44 ff. GDPR. This means that for the relevant land, there is an adequacy decision of the EU Commission according to Art. 45 GDPR, there are appropriate data protection safeguards pursuant to Article 46 GDPR or binding internal data protection rules exist pursuant to Article 47 GDPR. The explanations of the respective processing procedures in this data privacy declaration contain additional information about this.

b. For some countries, especially the USA, there is no adequacy decision of the EU Commission according to Art. 45 GDPR, and it is possible that an appropriate level of data privacy that corresponds to data privacy in the European Union cannot be established either through suitable guarantees for data privacy according to Art. 46 GDPR or through binding internal data privacy provisions according to Art. 47 GDPR. There is a risk that these third countries do not offer an appropriate level of protection. These third countries may not have a supervisory authority and/or data processing policies and/or you as a data subject may not have data privacy rights in the third country. You may thus not have sufficient legal remedies to defend yourself against violations of your rights in these countries.

III. Processing procedures for provision and use of the art of health app

1. Provision of the app

The art of health app is provided via the app stores that you use with your end device. For this, the provider of the app store in question can collect and process data such as your user name, e-mail address, the customer number of your account and the time of the download, payment information, and the individual device ID of the end device you are using.

We have no influence on the collection and processing of this data. Only the provider of the app store in question is responsible for this data processing. We assume no responsibility for this.

2. Usage data

In order to be able to provide the functions of the art of health app, particular personal data about you is processed, which you must enter for the purpose of usage. In some cases, this includes health data that belongs to special categories of personal data in the sense of Art. 9 Para. 1.

In particular, this includes:

To determine precisely which data is at issue, consult the current version of the app. We reserve the right to make changes to the types of data we process in order to enhance and improve the art of health app.

In connection with and for the purpose of fulfilling pre-contractual measures and contractual obligations via our internet offerings, which come at your request, the art of health app processes the data required to fulfill the contract. Without your consent and this processing of your data, you cannot use the art of health app or you can only use it with imprecise results.

The data will be processed and saved and deleted if necessary only by you personally on your end device. We have no access to this data. The data will also not be transmitted to third parties. You yourself are responsible for the security of the data on your end device.

3. Contract data

In connection with, and for the purpose of the fulfillment of pre-contractual measures and contractual obligations in the use of the art of health app, which take place at your request, we process the data required for the fulfillment of the contract.

If you purchase a subscription for the use of the art of health app and therefore conclude a usage contract, the operator of the app store transmits the following data to us:

The legal basis for the data processing is Art. 6 Para. 1 S. 1 let. b GDPR.

We use a cloud-based merchandise information system that is hosted by a provider of such systems and handles our business processes and manages inventories. Personal data is processed by the cloud provider on our account. The legal basis for data processing is our justified interest in an efficient management and control of our business processes according to Art. 6 Para. 1 S. 1 let. f GDPR.

The data is only forwarded to third parties to the extent required for the fulfillment of pre-contractual measures and contractual obligations according to Art. 6 Para. 1 let. b GDPR (e.g. to banks, payment processors, credit card companies for the handling of payment and to shipping providers for sending goods) or to pursue any claims to which we are entitled or defend against claims made against us according to Art. 6 Para. 1 let. f GDPR or if there is a legal obligation according to Art. 6 Para. 1 let. c GDPR. Documents according to § 257 Para. 1 No. 2 and 3 HGB and § 147 Para. 1 No. 2, 3, 5 AO will be retained for 6 years, documents according to § 257 Para. 1 No. 1 and 4 HGB and according to § 147 Para. 1 No. 1, 4, 4a AO will be retained for 10 years.

4. Access data and log files

During use of the art of health app, there is an automatic query to our internet provider's server whether new content, for example training plans, has been provided for you. If we have provided new content, this content shall be called up, for this your end device automatically sends information to our internet provider's server. We or our hosting provider save(s) this information is saved in so-called log files.

The following information is saved:

This data is processed for the following purposes:

This data is deleted after six months insofar as it is no longer required for other purposes (for example, defense against or pressing of claims).

The legal basis for the data processing to enable you to use the art of health app by providing content is Art. 6 Para. 1 S. 1 let. b GDPR. The legal basis for the data processing beyond this is Art. 6 Para. 1 S. 1 let. b GDPR. Our justified interested follows from the purposes described above.

The provision of content for the art of health app is done on our account by ALL-INKL.COM - Neue Medien Münnich, owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf.

IV. Tracking with Google Analytics

The provider of Google Analytics is Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (called 'Google' below).

The information and personal collected by Google in connection with the provision of Google Analytics may possibly be transferred to Google servers in the USA and saved there. The personal data recorded can be saved on servers in the USA. Google has concluded standard contract clauses to fulfill the requirements of the EU for the legitimation of the data transfer of personal data to third countries outside the EU or the EEA. Information about Google's use of standard contract clauses can be viewed at https://policies.google.com/privacy/frameworks?hl=en&fg=1.For additional information about Google handles your personal data, see Google's data privacy declaration: https://www.google.com/intl/de/policies/privacy/.

The legal basis for use of Google Analytics is your voluntarily granted consent according to Art. 6 Para. 1 S. 1 let. A GDPR. The legal basis for the data transmission to the USA is also your voluntarily granted consent according to Art. 49. Para. 1 let. a GDPR. For your consent for transmitting your data to third countries outside the EU or the EEA, the prerequisites under Number II. 6 apply.

The art of health app uses Google Analytics from Google without cookies. Google Analytics collects anonymized data about the users of the art of health app and analyzes their behavior. This data serves the purpose of ensuring a needs-based design and ongoing optimization of the art of health app, measuring the success of marketing measures, and creating statistical evaluations. In this context, pseudonymized usage profiles are created.

Google Analytics logs the following events for this:

Among other things, Google Analytics also collects details about the operating system your end device uses, the host name of the accessing end device (IP address), and the time of the event. None of this information is read from the memory of your end device or saved on your end device.

The art of health app only transmits the data detailed above about the logged events to Google Analytics. In addition, no additional data, especially no usage data that you entered when using the art of health app (see Number II. 2) above, is transmitted to Google.

The data collected via your end device is encrypted through calculation of a hash value using a randomly selected sequence of characters that is attached to the hash function before entry (so-called “salt”), so that the assignment to individual users is nearly impossible. The information gained this way is saved on servers operated by Google. If necessary, this information is also transmitted to third parties, insofar as this is specified by law or insofar as third parties process this data on our account or that of Google.

V. Other processing procedures

1. Applications

If you apply to us, our data privacy declaration at https://the-art-of-health.de/datenschutz/ applies for the data processing.

2. General contact information

If you contact us using the contact data published as part of our app (e.g., by e-mail) and provide us with personal data in the process, our privacy policy applies at https://the-art-of-health.de/datenschutz/.

3. Transfer of business operations

If we sell our business operations to another company or transfer our business operations in another way, we shall transfer your data to this company. We shall inform you about this in timely fashion and enable you to object to the transmission of your data.

4. Newsletter

If you would like to receive our newsletter, we process your e-mail address. Your data shall be processed according to Art. 6 Para.1 S.1 let.a GDPR on the basis of your consent granted voluntarily via the so-called double opt-in process. If you do not grant this consent, you cannot receive our newsletter.

Your data shall be used and saved for this purpose until you revoke your consent or unsubscribe from the newsletter. It is possible to unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you can send your revocation/desire to unsubscribe to the e-mail address named under No II at any time.

We send our newsletter with a so-called tracking pixel. A tracking pixel is a miniature graphic that is embedded in the HTML format of the newsletter sent in order to analyze reading behavior. In this context, we save whether and at what time you opened a newsletter and which links in the newsletter you called up. We use this data to create statistical evaluations of the success or lack of success of a marketing campaign using pseudonymized usage profiles in order to optimize newsletter dispatch and attune the content of future newsletters better to your interests. The data collected is not forwarded to third parties and is deleted after the statistical evaluation. The legal basis for the processing is our justified interest in an optimized evaluation of our newsletter dispatch according to Art. 6 Para S. 1 let. f GDPR.

KlickTipp handles the subscription to and dispatch of our newsletter. Provider is KlickTipp Ltd., 15 Cambridge Court, 210 Shepherd’s Bush Road, London W6 7NJ, United Kingdom, represented by the Waterton Knowledge Center WKC UG, Friedrichstr. 53a, 15537 Erkner, this is represented by Ulf Castelle, DSGVO- Vertreter@klicktipp.com (called 'KlickTipp' below). Your data for the subscription and dispatch of our newsletter is processed by KlickTipp on our account and then transmitted to KlickTipp in the United Kingdom. There is an adequacy decision of the EU Commission for the United Kingdom; it can be called up at https://ec.europa.eu/info/files/decision-adequate-protection-personal-data-united-kingdom-general-data-protection-regulation_de. Thus, according to Art. 45 Para 1 GDPR, it is permissible to transmit personal data to the United Kingdom.