Data Protection Declaration
Unless stated otherwise below, the provision of your personal data is neither legally nor contractually obligatory, nor required for the conclusion of a contract. You are not obliged to provide your data. Not providing it will have no consequences. This only applies as long as the processing procedures below do not state otherwise.
Personal data” is any information relating to an identified or identifiable natural person.
Controller for data processing
The Controller according to Art. 4, para. 7 General Data Protection Regulation (GDPR) is
represented by Company Director Daniel Sobhani
Berg-am-Laim-Straße 111, 81673 Munich
+49 (89) 4520 5180
Server log files
You can use our websites without submitting personal data. Every time our website is accessed, user data is transferred to us or our web hosts/IT service providers by your internet browser and stored in server log files. This stored data includes, for example, the name of the site called up, date and time of the request, the IP address, amount of data transferred and the provider making the request.
The processing is carried out on the basis of Article 6(1) f) GDPR due to our legitimate interests in ensuring the smooth operation of our website as well as improving our services.
Customer account / Orders
When you open a customer account, we will collect your personal data in the scope given there. The data processing is for the purpose of improving your shopping experience and simplifying order processing. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. Your customer account will then be deleted.
After you have logged in to your customer account, you can view your orders, track the delivery status or change your data at any time.
Collection, processing, and transfer of personal data in orders
When you submit an order we only collect and use your personal data insofar as this is necessary for the fulfillment and handling of your order as well as processing of your queries. The provision of data is necessary for the conclusion of a contract. Failure to provide it will prevent the conclusion of any contract.
The processing will occur on the basis of Article 6(1) b) GDPR and is required for the fulfillment of a contract with you.
Your data is transferred here, for example, to the shipping companies and dropshipping providers, payment service providers, service providers for handling the order and IT service providers that you have selected. We will comply strictly with legal requirements in every case. The scope of data transmission is restricted to a minimum. If your data is transferred to a third country, the transfer of data is based, among other things, on standard contractual clauses as appropriate guarantees for the protection of personal data.
Contact / Evaluations / Newsletter
Proactive contact of the customer by e-mail
If you make contact with us proactively via email, we shall collect your personal data (name, email address, message text) only to the extent provided by you. The purpose of the data processing is to handle and respond to your contact request. If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, this data processing takes place on the basis of Article 6(1)(b) GDPR.
If the initial contact occurs for other reasons, this data processing takes place on the basis of Article 6(1)(f) GDPR for the purposes of our overriding, legitimate interest in handling and responding to your request. In this case, on grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of Article 6(1)(f) GDPR.
We will only use your email address to process your request. Your data will subsequently be deleted in compliance with statutory retention periods, unless you have agreed to further processing and use. Your data will be forwarded to the service provider Zendesk (Zendesk Inc., 1019 Market St., San Francisco, CA 94103 USA). For more information about Zendesk's compliance with data protection laws, please visit https://www.zendesk.com/company/agreements-and-terms/privacy-policy/. It will not be forwarded to other third parties. Your data will be transferred to a third country. The transfer of data is based, among other things, on standard contractual clauses as appropriate guarantees for the protection of personal data.
Use of your email address for mailing of newsletters
We use your email address outside of contractual processing exclusively to send you a newsletter for our own marketing purposes, if you have explicitly agreed to this. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal. You can unsubscribe from the newsletter at any time using the relevant link in the newsletter or by contacting us. Your email address will then be removed from the distributor.
To make doubly sure that you actually want to receive information from us, we use the double opt-in procedure. Once you have subscribed, you will receive a link by email which you can use to activate the newsletter service. In other words, we will send an email to the address given when you subscribed in which we ask for confirmation that you want to receive the newsletter. If you do not confirm your subscription, your data will not be saved in our email dispatch tool. In addition, we save your IP address and dates of newsletter subscription and confirmation. The purpose of this procedure is to verify your subscription and, where appropriate, shed light on any misuse of your personal data.
Your data will be forwarded to a service provider for email marketing in the course of order processing. It will not be forwarded to other third parties. We use Braze (Braze, Inc, 330 West 34th St, New York, NY 10001 USA). For more information about Braze's compliance with data protection laws, please visit https://www.braze.com/privacy/. Your data will be transferred to a third country. The transfer of data is based, among other things, on standard contractual clauses as appropriate guarantees for the protection of personal data.
We draw your attention to the fact that in sending the newsletter, we evaluate your user behavior, i.e. opening behavior and click behavior. Technically speaking, the evaluation of your user behavior occurs via the service provider. This allows us to draw conclusions about your behavior in order to improve our newsletter and to ensure that you only receive the newsletter you are interested in.
If you want to prohibit personalization and tracking, or do not agree with processing for the purposes mentioned, you can object and unsubscribe from the newsletter by sending an email to email@example.com or by clicking on the unsubscribe link which can be found in every email.
Use of your email address for mailing of direct marketing
We use your email address, which we obtained in the course of selling a good or service, for the electronic transmission of marketing for our own goods or services which are similar to those you have already purchased from us unless you have objected to this use. You must provide your email address in order to conclude a contract. Failure to provide it will prevent the conclusion of any contract.
The processing will be carried out on the basis of art. 6 (1) lit. f GDPR due to our justified interest in direct marketing. You can object to this use of your email address at any time by contacting us. You will find the contact details for exercising your right to object in our imprint. You can also use the link provided in the marketing email.
This will not involve any costs other than transmission costs at basic tariffs.
Your data will be forwarded to a service provider for email marketing during the course of order processing. We use Braze (Braze, Inc, 330 West 34th St, New York, NY 10001 USA). For more information about Braze's compliance with data protection laws, please visit https://www.braze.com/privacy/. It will not be forwarded to other third parties. Your data will be transferred to a third country.
The transfer of data is based, among other things, on standard contractual clauses as appropriate guarantees for the protection of personal data.
Payment service providers - Credit check
If during the ordering process, you select the payment service PayPal, your data are transmitted automatically to the payment service provider. By choosing PayPal as a payment option, you consent to the transfer of personal data required for payment processing. The provider is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. Data that are necessary for payment processing are transmitted. This includes, for example, first name, last name, address, email address, IP address, telephone number, mobile phone number and order details. The processing is done on the basis of Art. 6 (1)(a) and (b) GDPR with your consent and is also required for the fulfillment of a contract with you.
All PayPal transactions are covered by the PayPal Data Privacy Statement. You can find this at https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en
Use of Amazon Payments
We use Amazon Payments payment service on our website, from Amazon Payments Europe s.c.a. (38 avenue John F. Kennedy, L-1855 Luxembourg; "Amazon Payments"). It is essential that Amazon Payments collects, stores and analyses data when accessing the website (e.g. IP address, device type, operating system, browser type, device location) to integrate this payment service. Cookies may be used for this purpose. Cookies allow your internet browser to be recognised. Data processing allows you to pay using the Amazon Payments payment service. This data processing is carried out on the basis of Article 6(1)(f) GDPR due to our legitimate interest in a customer-oriented range of varying payment methods. By selecting and using "Amazon Payments", the data required for payment processing will be submitted to Amazon Payments to execute the agreement with you using the selected payment method. The data is processed on the basis of Article 6(1)(b) GDPR. Further information on data processing when using the Amazon Payments payment service can be found here in the associated data privacy statement: https://pay.amazon.com/uk/help/201212490
Use of Klarna Checkout
Use of personal data if you choose Klarna as payment method
If you have chosen Klarna’s payment services Klarna invoice and/or Klarna hire purchase as a payment option, you have agreed to us collecting and transmitting to Klarna the following required personal data for the handling of purchase on account and an identity and credit check such as first name, last name, date of birth, gender, email address, IP address and phone number as well as the data required for handling the purchase on account connected to the order, such as the number of items, item numbers, invoice amount and taxes in percentage. The data processing allows us to offer the payment methods of purchase on account and hire purchase as well as the required credit check. The processing will be carried out on the basis of art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by contacting us without affecting the legality of the processing carried out with your consent up to the withdrawal. This data is transmitted so that Klarna can produce an invoice for the handling of your purchase with your desired invoice processing method and carry out an identity and credit check. Klarna requires the buyer’s personal data in order to collect information from credit agencies for the purposes of identity and credit checking. In Germany these may be the following credit agencies: - Schufa Holding AG, Kormoranweg 5, 65203 Wiesbaden - Bürgel Wirtschaftsinformationen GmbH & Co. KG, Postfach 5001 66, 22701 Hamburg - Creditreform Bremen Seddig KG, Contrescarpe 17, 28203 Bremen - infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden. In the course of deciding on the foundation, execution or termination of the contractual relationship, Klarna will, along with an address check, collect and use information on the buyer’s previous payment behavior as well as probability values on this behavior in the future. Klarna will calculate these score values on the basis of a scientifically recognised mathematical and statistical procedure. Klarna will use your address data, among other things, for this purpose. If this calculation shows that you are not creditworthy, Klarna will inform you of this immediately.
Revocation of the use of personal data by Klarna
- You may withdraw your consent to the use of personal data to Klarna at any time. Klarna may, however, remain entitled to process, use and transmit personal data if this is necessary for the contractually compliant handling of payment by Klarna’s services, is legally prescribed or is encouraged by a court or an authority.
- Of course, you can get information on the personal data stored by Klarna at any time. This right is guaranteed by the Bundesdatenschutzgesetz (Federal Data Protection Act). If you as a buyer should want this or wish to share changes relating to the stored data with Klarna, you can send an email to firstname.lastname@example.org.
Using the links below, you can find out how to manage cookies (or deactivate them, among other things) in major browsers:
- Chrome Browser: https://support.google.com/accounts/answer/61416?hl=en
- Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
- Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Technically necessary cookies
- Analytical tools are used to analyze data based on your browser behavior in order to improve the functionality and design of our site.
- Quality assurance tools are used to measure errors presented on a website, to make sure we fix bugs or any issues promptly.
- A/B testing tools or multivariate testing tools are used to ensure a consistent design of the website and a consistent user experience in the current and subsequent sessions.
- Affiliate tracking — We need to let our affiliate marketing partners or service providers have certain information if you came to our site, and purchased products, through a visit to theirs. This is required as we may need to provide them a fee for such services. For this purpose, we will share information about your visit, including the products you have purchased.
Processing is carried out on the basis of art. 6 (1) lit. f GDPR due to our largely justified interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our range of services. You have the right to veto this processing of your personal data according to art. 6 (1) lit. f GDPR, for reasons relating to your personal situation.
Performance Cookies and Advertising Cookies
These cookies allow us to analyze site usage so we can measure and improve performance. They are also used by advertising companies to serve ads that are relevant to your interests. These cookies contain a unique key to distinguish individual users’ browsing habits. We also use these cookies to limit the number of times a user sees a particular ad on a website and to measure the effectiveness of a particular campaign. The identifier stored by these cookies is provided by our partners. We cannot use the same identifier in our own systems.
If you want to prevent performance cookies and advertising cookies from being saved, you can change your cookie preferences at any time by changing your cookie settings above.
The legal basis for performance cookies and advertising cookies is consent in accordance with Art. 6 para. 1 sent. 1(a) GDPR. Obviously, you can withdraw your declarations of consent for the future at any time.
Please note: it is possible that you can still see advertisements from Freeletics on third-party platforms even if you do not choose this functionality, but these advertisements are at random and won’t be personalized.
Use of Pandectes
Our website uses the consent management tool „GDPR Cookie Bar +ePrivacy Page“ from Pandectes. The tool enables you to grant consents to data processing via the website, in particular the placing of cookies, and to make use of your right of revocation for consents already granted. The processing of data serves the purpose of obtaining necessary consents for data processing and to document these, thereby complying with statutory obligations. Cookies may be deployed for this purpose. No personal data is forwarded to Pandectes.
The data processing is carried out on the basis of Article 6(1)(c) GDPR to comply with a legal obligation. More information on data protection at Pandectes can be found at: https://www.pandectes.io/
Use of the Google Analytics
Our website uses the web analysis service Google Analytics from Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). If you are ordinarily resident in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller responsible for your data. Google Ireland Limited is therefore the company affiliated with Google responsible for processing your data and for compliance with the applicable data protection legislation. The processing of data serves to analyse this website and its visitors and for marketing and advertising purposes. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity and to provide other services to the website operator relating to website and internet use. In this process the following information, inter alia, can be collected: IP address, date and time of the website access, click path, information on the browser and the device you are using, the pages visited, referrer URL (website via which you accessed our website), location data, purchasing activities. The IP address transmitted from your browser within the scope of Google Analytics is not associated with any other data held by Google.
Google Analytics uses technology such as cookies, web storage in the browser and tracking pixels which enable an analysis of your use of the website. The information generated by these regarding your use of this website is usually transferred to a Google server in the USA and stored there. IP anonymization is activated on this website. Google uses this to shorten your IP address beforehand within Member States of the European Union or in other signatories to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. There is no adequacy decision by the EU Commission for the USA.
The data transfer is carried out on the basis of EU-Standard Contractual Clauses as appropriate guarantees for the protection of personal data, among other things, which can be viewed at: https://policies.google.com/privacy/frameworks.
Both Google and US state authorities have access to your data. Google may combine your information with other information, such as your search history, personal accounts, usage data from other devices, and any other information Google has about you. The data processing, particularly the placing of cookies, is carried out with your consent on the basis of Article 6(1)(a) GDPR. You can withdraw your consent at any time without affecting the legality of the processing carried out with your consent up to the withdrawal. You can find more detailed information on the terms and conditions of use and data protection at https://www.google.com/analytics/terms/de.html and/or at https://www.google.de/intl/de/policies/ and at https://policies.google.com/technologies/cookies?hl=de.
Use of Hotjar
On our website, we use the analysis tool provided by Hotjar Ltd. (Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julians STJ1000, Malta; "Hotjar"). The data processing serves the purpose of designing, optimizing, and analyzing our website according to your needs. The tool is used to randomly record the movements of visitors to the website. This creates a protocol of mouse movements, scrolling behavior, dwell time, and clicks on the website (what is known as the heat map).
Data processing, in particular the setting of cookies, is carried out on the basis of Article 6(1)(f) GDPR on the basis of our overriding legitimate interest in the needs-based and targeted design of the website. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you and carried out on the basis of Article 6(1)(f) GDPR.
To prevent Hotjar from collecting and storing data, you can set an opt-out cookie here: https://www.hotjar.com/legal/compliance/opt-out/s. Opt-out cookies prevent the future collection of your data when you visit this website. You must set the opt-out cookie on all systems and devices used in order to make it work across devices. If you delete the opt-out cookie, data will be transferred to Hotjar again. For more information about data protection when using Hotjar, please visit: https://www.hotjar.com/legal/policies/privacy/#enduserenglish.
Use of Braze
We use Braze (Braze, Inc, 330 West 34th St, New York, NY 10001 USA) on our website in order to analyze your web usage behavior. When you visit our website the information listed below is collected and analyzed by Braze, which uses an identifier (ID) that allows analysis of your use of our services. Braze collects information about your newsletter registration, user behavior regarding the newsletter (e.g. opening rates) and the usage of our website, purchase information and campaign information for the purpose of direct targeting (direct marketing) as well as analysis and campaign optimization.
For more information about Braze's compliance with data protection laws, please visit https://www.braze.com/privacy/. If Braze transfers personal data to the USA, it does so on the basis of an agreement with the EU standard contractual clauses. The legal basis is Art. 6 para. 1 lit. f) DSGVO. If you do not wish to be tracked by Braze in the future, you can opt out at any time by writing an email to email@example.com.
Use of Databricks
We use Databricks (Databricks Inc, 160 Spear Street, 13th Floor, San Francisco, CA 94105, USA) for processing and analyzing data on our website. This data provides us with information on how you interact with our website. For this purpose, we use your IP address as well as mobile usage data.
Social media fan pages
Freeletics STÆDIUM maintains so-called fan pages with social media providers like Instagram, Facebook (both: Facebook Inc. Menlo Park, California) and Twitter (Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA) in order to communicate with customers, interested parties, and users who are active there, and to inform them about our products, services, and events. In doing so, the users’ data can be processed outside of the EU. The above-mentioned US providers have signed the EU standard contractual clauses and thus guarantee the observance of European data protection laws.
In the opinion of the European Court of Justice (ECJ), we are responsible, together with Facebook, for the processing of your personal data. You can find the decision of the ECJ dated June 5, 2018 here.
A Joint Controller Agreement exists with Facebook Inc. pursuant to Art. 26 GDPR. Facebook Ireland pledges to assume the main responsibility in the context of the General Data Protection Regulation (GDPR) for the processing of Insights data and to fulfill all applicable obligations in the context of the GDPR with reference to the processing of Insights data (including, but not limited to Articles 12 and 13 GDPR, Articles 15 to 22 GDPR, and Articles 32 to 34 GDPR). Facebook Ireland will also make available the essential information of this Page Insights Addendum to the affected parties. Please contact Facebook to assume your rights as affected parties. The Data Policy of Facebook can be found here.
When using the Facebook fan page, the following data will be collected from you for the purpose of user communication and target group advertising:
- user interactions (posts, likes, etc.)
- Facebook cookies
- demographic data (e.g., based on information regarding age, place of residence, language, or gender)
- statistical data on user interactions in aggregated form, that is, without the possibility to relate the information to any particular persons (e.g., page activities, page impressions, page previews, likes, recommendations, articles, videos, page subscriptions, incl. source, times of day)
The usage of personal data for advertising purposes is of particular importance for Facebook. We use the statistics function to find out more about visitors to our fan page. The use of the function enables us to adapt our content to the respective target group. In this way, we also use, for example, the demographic information about the users’ age and location, whereby it is not at all possible for us to relate this information to persons.
In order to provide the social media service in the form of our Facebook fan page and to use the Insight function, Facebook generally saves cookies on the end device of the user. These include session cookies, which are deleted when the browser is closed, and persistent cookies that remain on the end device until they expire or are deleted by the user.
We use the Facebook Insights function for statistical evaluation purposes. In this connection, we receive anonymized data concerning the users of our Facebook fan page. As a result, it is not possible for us to trace them back to your person. For more information, you can refer to the cookie guideline of Facebook.
The personal data of users are processed on the basis of our justified interest in effectively providing information to users and maintaining communication with the users, as well as for the purposes of statistical evaluation pursuant to Art. 6(I) (f) GDPR.
Plug-ins and others
Use of the Google Tag Manager
Use of Amplitude
We use the Amplitude service (Amplitude Inc, 501 2nd Street, Suite 100, San Francisco, CA 94107, USA) on our website in order to derive application behavioral analytics. We collect device-related data (such as device type model, operating system, browser type and version) as well as usage-related information (such as geographic location, language, pages visited).We use that information to see how users interact with our website and so can be used by us for the purpose of improving website design for different device groups. Your IP address is not stored at Freeletics.
Your data will be forwarded to the service provider within the framework of order processing. Your data will not be forwarded to other third parties. Your data will be transferred to a third country. The transfer of data is based, among other things, on standard contractual clauses as appropriate guarantees for the protection of personal data.
Transfer of data to third parties
We only pass your personal data on to third parties if:
- you have given your explicit consent to this,
- forwarding data is necessary for the assertion, exercise, or defense of legal claims and there is no reason to assume you have an overriding legitimate interest in your data not being passed on,
- in the event that we have a legal obligation to forward data, and
- this is legally permissible and required for the performance of the contractual relationship with you.
In the case of data transfer outside the European Union, the high European level of data protection essentially does not exist. It may be the case with a transfer that an EU Commission adequacy decision in accordance with Article 45 (1) (3) GDPR is not currently in place. This means the EU Commission has not yet decided that the level of data protection in the respective country corresponds to the level of protection in the European Union based on the GDPR. Consequently, we have put the appropriate guarantees referred to above in place.
Potential risks, which cannot be ruled out completely in connection with data transfer, are in particular:
- your personal data could be processed over and above the intended purpose.
- Moreover, there is a possibility that you may not be able to exercise your rights in relation to data protection, for example, your right of access, to rectification, erasure, or data portability, on a consistent basis and enforce these.
- It may also be highly likely that data is processed incorrectly and in quantitative and qualitative terms, the protection of personal data fails to meet the requirements of the GDPR in full.
Rights of persons affected and storage duration
Duration of storage
After contractual processing has been completed, the data is initially stored for the duration of the warranty period, then in accordance with the retention periods prescribed by law, especially tax and commercial law, and then deleted after the period has elapsed, unless you have agreed to further processing and use.
Rights of the affected person
If the legal requirements are fulfilled, you have the following rights according to art. 15 to 20 GDPR: Right to information, correction, deletion, restriction of processing, data portability. You also have a right of objection against processing based on art. 6 (1) GDPR, and to processing for the purposes of direct marketing, according to art. 21 (1) GDPR.
Contact us at any time. Our contact details can be found in our imprint. You can contact our data protection officers directly at:
Personal/confidential FAO Data Protection Officer
Rights to complain to the regulatory authority
You have the right to complain to the regulatory authority according to art. 77 GDPR if you believe that your data is not being processed legally.
The following supervisory authority is responsible for Freeletics GmbH:
Bayerisches Landesamt für Datenschutzaufsicht
Right to object
If the data processing outlined here is based on our legitimate interests in accordance with Article 6(1)f) GDPR, you have the right for reasons arising from your particular situation to object at any time to the processing of your data with future effect. If the objection is successful, we will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests or rights and freedoms, or the processing is intended for the assertion, exercise or defense of legal claims.
If personal data is being processed for the purposes of direct advertising, you can object to this at any time by notifying us. If the objection is successful, we will no longer process the personal data for the purposes of direct advertising.
Amendments to the Data Privacy Statement
We reserve the right to amend or adjust this Data Privacy Statement at any time subject to compliance with applicable data protection regulations.
last update: 01.11.2021