Information on data protection for the FITvigo App

1 – SUBJECT MATTER OF THIS PRIVACY POLICY

This information on data protection informs you which data we will collect when using our FITvigo App (hereinafter referred to as “App”) and how the data will be processed and used by us. We warrant that all personal data will be collected, processed and stored in strict compliance with all data protection regulations, in particular with the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG). We point out that online data transmission (e.g. communication by e-mail) may show gaps in security. A complete protection of data against access by third parties is not possible.

2 – RESPONSIBLE BODY AND SERVICE PROVIDER

Responsible in the sense of the GDPR and the German Federal Data Protection Act (BDSG) is the ADE Germany GmbH, Neuer Höltigbaum 15, 22143 Hamburg (hereinafter referred to as “ADE”), who is also the service provider within the meaning of the German Telemedia Act (TMG). Full details are available in the App under the heading “Settings”. In case of queries or comments about this privacy policy or generally concerning data protection, the user may use the following e-mail address: datenschutz@fitvigo.de.
We have appointed a data protection officer for our company.
Data Protection Officer:
Dr. Siegfried Jansen, HF-Computersysteme e.K., Käthe-Kruse-Weg 2, 25524 Itzehoe, +49 48 21 60 49 97-0, datenschutz@hf-c.de

3 – INFORMATION ON PERSONAL DATA

According to Art. 4 GDPR, personal information is understood to mean all information relating to an identified or identifiable natural person. These include, for example, name, address, telephone number and e-mail address if the user becomes identifiable with it. If only information is concerned that does not identify the user, then this information shall not be classified as personal data. All personal data are subject to special protection in accordance with data protection regulations, which we ensure through technical and organisational measures.

4 – COLLECTING AND USING DATA

Our app offers the presentation and evaluation of previously measured vital parameters (hereinafter referred to as “Measurement Data”). This is also the purpose of the data collection and processing, it is based on a previously granted consent of the user in accordance with Art. 6, par. 1 lit. a GDPR. Normally the Measurement Data is collected by a product of the FITvigo program (to be purchased separately in retail or online) and transferred to the app via Bluetooth. Upon the user`s explicit consent it is also possible to access, evaluate and integrate Measurement Data on the user`s smartphone (e.g. as a result of the integration of “Apple Health”, “Google Fit” or “Samsung S-Health”). In the App – or if applicable already in the product of the FITvigo program – the Measurement Data will be encrypted via a 128bit key and, after an explicit registration-process by the user, sent to the ADE Server via internet. Data stored on the server can user-related be transferred back to the App via internet and displayed in the App upon registration or login. All ADE servers used for evaluating the Measurement Data are located in ISO-27001 certified datacenters in Germany. The FITvigo App by itself will not transmit the Measurement Data outside of Germany.

When the app is used for the first time, the following data of the user are collected in the app after the user has given his consent (with the exception of the location, all data is freely selectable, also fantasy data possible):

• name
• gender
• height
• weight
• year of birth and month of birth
• location (requirement of Android 6.0 or higher)

It is not verified if the entered information is correct. The user can therefore also use fantasy information. During this phase, the above listed information of the user are stored only locally in the app and are not transmitted to ADE servers. As far as the Measurement Data were collected by products of the FITvigo program, without prior registration these data are also only linked to the created profile within the app and also stored only locally in the app. In the process the app also stores records about which product of the FITvigo program is being used. This is done by means of a number of the FITvigo product, which is transmitted together with the Measurement Data to the app for evaluation. Without registration, we have no access to personal characteristics, Measurement Data, or the product information and hence cannot link them to any particular person. If the user wishes to register, in addition to the above listed information, the e-mail address will be collected during the registration process, whereby a linkage to the user becomes possible. From then on, the user data will be linked to the e-mail address (user profile) and stored on ADE servers in order to make them permanently available for the user.
An active transfer of the user’s data to third parties is not done by ADE.
Measurement Data, which upon consent will be imported from the smartphone of the user (e.g. via “Apple Health”, “Google Fit” or “Samsung S-Health”) to the App may be linked to the user on the basis of the user ID in the smartphone. This import as well as the encrypted data transmission to the German ADE servers takes place only upon the explicit consent of the user, who has granted this with his initial approval to use the Measured Data collected by the smartphone/these third party programs. With this agreement the user also approves the data exchange with the above mentioned smartphone functions (i.e. via “Apple Health”, “Google Fit” or “Samsung S-Health”) and thus the data use by the smartphone manufacturer according to his own privacy policies. ADE accepts no responsibility for that use of data.

Furthermore we collect and use those data, which are sent to us automatically by the user`s device, such as:

• date and time of the use of our App
• data volume transmitted and access status (file transmitted, file not found, etc.)
• the user`s IP-address
• if applicable the browser type (when using the FITvigo website)
• if applicable the last page that the user visited (when using the FITvigo website).

The above listed device data is collected and used during an informative visit only in non-personal form. This is done in order to make the use of the website by the user possible at all, for statistical purposes, as well as to improve our internet presence. We store the IP address only for the duration of the visit on our website; an individual-related evaluation does not take place.

5 – DATA PROCESSING BY THIRD PARTIES

If third parties collect, process, or use personal data of the user, for example when purchasing a product of the FITvigo program or when downloading the app from a platform, we are not liable / responsible for such actions. However, if we use any services of third parties when operating the App and such third parties collect, process or use such personal data on our behalf, this will always be exercised in compliance with the legal requirements of order data processing, in particular according to § 11 BDSG.

6 – CONSENT TO MAKE CONTACT

If during the registration process the user voluntarily discloses his e-mail address, we would like to send out e-mails on interesting news from time to time, provided the user has given his explicit consent to do so. We are thus authorised to use the e-mail address as a means of contact for information, advertising and market research purposes. This consent must be given separately by the user as part of the registration. Once consent is given, it may be revoked at any time with effect for the future. Information concerning revocation is given in section 8.

7 – RIGHTS OF THE PERSON CONCERNED, DELETION OF DATA

At any time the user has the right to obtain information about the data stored at ADE (Art. 15 GDPR) as well as to have them corrected (Art. 16 GDPR) or deleted (Art. 17 GDPR). He also has the right to restrict processing (Art. 18 GDPR) as well as to enter an objection to the processing (Art. 21 DSGV) and the right of data transferability (Art. 20 GDPR). In order to determine the legitimacy of the respective request, an identity check is mandatory to protect the personal rights of the user in accordance with Articles 12 to 18 of the General Data Protection Regulation (GDPR). In the case of the FITvigo app, this is only possible via the e-mail address used by the user for registration, since all other personal data provided, according to Section 4 of this data protection declaration, can also be imaginary information. The respective request must therefore be sent directly from the e-mail address under which the FITvigo account was registered and send to: datenschutz@fitvigo.de. Alternatively, a deletion request can be made directly from the FITvigo app. This is possible in the app menu under user information.

We point out that the right to delete data may be limited by statutory storage obligations, which we must observe, and therefore only a processing restriction may be possible. In addition, courts, law enforcement agencies or other statutory authorities may, on a legal basis, retrieve data or request information. Without a deletion request, the user data will be deleted at the latest if the user account has not been used for a period of 2 years. In the process of data deletion, the entire user account is deleted from the ADE server, therefore the user – if he has not logged out already – is also automatically logged out of the FITvigo app and thus all local data of the FITvigo app on the user’s smartphone is deleted as well. If at any time during the use of the FITvigo app the user actively enabled the synchronisation of his FITvigo account to a third-party app such as Google Fit, Samsung S-Health or Apple Health, the user must contact these third-party providers directly in order to get his data deleted from their apps too, since we have no access to the data storage of these third-party apps and the privacy policies of the individual third-party providers apply.

8 – REVOCATION AND RIGTH TO OPPOSE

We point out that the user can revoke his legal consent regarding his data at any time, with effect for the future (Art.7 III GDPR). For doing this, sending an informal e-mail to datenschutz@fitvigo.de or a letter to the above mentioned postal address will be sufficient.

9 – RIGHT OF COMPLAINT, VOLUNTARY PROVISION OF DATA

The user has a right to complain to the supervisory authority according to Art. 77 GDPR. The above mentioned Measurement Data are provided voluntarily, a legal or contractual obligation does not exist. Without consent, however, the app cannot be used because the use of the App requires the collection of personal data (see section 4 above).

10 – CHANGE OF THE PRIVACY POLICY

We reserve the right to change this data protection policy at any time in order to adapt it to the functions of the service. In this respect the provisions of our terms of use in section 9.2. shall apply.