Privacy Policy

This privacy policy governs your use of the software application Fitness Point ("Application") for mobile devices that was created by Zero One GmbH. The Application is basic description of the app (features, functionality and content). The Application can be used without providing personal data. The use of individual services on our website can therefore entail divergent regulations which in this case are explained separately below. The legal basis for data protection can be found in the General Data Protection Regulation (GDPR).

The recent updates due to the new EU General Data Protection Regulation (GDPR), effective as of May 25, 2018:

- make it easier for you to understand which data we collect and how we use it

- give you increased control over your data

- and provide a detailed explanation of your rights as a user.

What information does the Application obtain and how is it used?

User Provided Information 

The Application obtains the information you provide when you download and register the Application. Registration with us is optional. However, please keep in mind that you may not be able to use some of the features offered by the Application unless you register with us.

a) Mandatory Information: You have to provide us with certain information in order to register with us:

- email address and password

b) Optional Information: Certain information is optional during registration and can also be added or deleted later on by you, such as:

- your first and last name

- birthdate

- gender 

- profile picture

- height and weight

c) information you provide us when you contact us for help;

d) Health & Fitness Activity Information

- fitness activities: e.g. start time, duration, calories, heart rate;

e)Public profile

- public profile (photo, first name, last name, email)

You become visible in the Application with the data in your public profile. This information helps other users to find you in the Application. At the same time, other users can see your first and last name (if provided), or your email address, your profile photo and they can recognize you using this information if necessary.

f) Friendship Information

- sent friendship requests: time, user;

- accepted friendship requests: time, user;

g)Payment and Subscription Information. We use payment providers (e.g. Apple, Google,) to process payments. Although we do not store any credit card information ourselves, we store a payment ID number that is given out by the respective provider and can be allocated to a person by that payment provider, as well as duration of your subscription, price, currency, VAT (based on country info), and payment provider.

Automatically Collected Information 

In addition, the Application may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile devices unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browsers you use, and information about the way you use the Application. 

 Registration via Facebook

If you register an account via social login, we will receive the following information:

Facebook Inc. (1601 South California Avenue, Palo Alto, CA 94304, USA, “Facebook”): First and last name, email address, gender, birthdate, profile picture;

 Import Fitness Activity Information from Connected Accounts

Apple HealthKit. We use Apple’s (Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA; “Apple”) HealthKit  framework, which provides a central repository for health and fitness data on iPhone and Apple Watch and – with the user’s explicit consent – lets apps communicate with the HealthKit store to access and share this data. We process the following Data, obtained through the HealthKit framework and the Apple CoreMotion processor, for the purposes described below and with explicit consent by the user: workouts, calories, distance, duration, and heart rate. New data attributes may be added to the HealthKit framework, which will be portrayed in the Product and which you have to consent to. Zero one GmbH does not use information gained through the HealthKit framework for advertising or similar services. You can always stop the Application from accessing your data by changing the settings of your mobile device.

Google Analytics

We use the Google Analytics service from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to analyze our website visitors. Google uses cookies to track the use of the online product or service by users and the information is generally transferred to a Google server in the USA and stored there.

Google will use this information on our behalf to evaluate the use of our online products and services by users, to compile reports on the activities within these online products and services and to provide us with further services associated with the use of these online products and services and the use of the internet. Pseudonymous user profiles can be created from the processed data.

We use Google Analytics only with IP anonymization enabled. This means that Google will truncate the IP address of users within Member States of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent cookies from being stored by adjusting the settings to their browser software accordingly.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. Users can prevent the collection of data generated by cookies by downloading and installing the browser plug-in that is available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)

Google Marketing Services

On our apps we use the marketing and re-marketing services of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) that allow us to display advertisements in a more targeted manner in order to present advertisements of interest to users. Through (re-)marketing ads and products are displayed to users relating to an interest established by activity on other apps within the Google Network. For these purposes, a code is used by Google when our app is accessed and what are referred to as (re-)marketing tags are incorporated into the app. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies may also be used instead of cookies). Cookies can be set by various domains. This file records which apps users have visited, which content they are interested in and which offers have been used. In addition, technical information about the browser and operating system, referring apps, the length of the visit as well as any additional data about the use of the online products and services are stored. The IP address of users is also recorded, although we would like inform you that within the framework of Google Analytics, IP addresses within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area are truncated.

All user data will only be processed as pseudonymous data. Google does not store any names or email addresses. All displayed ads are therefore not displayed specifically for a person, but for the owner of the cookie. This information is collected by Google and transmitted to and stored by servers in the USA.

One of the Google marketing services we use is the online advertising program Google AdWords. In the case of Google AdWords, each AdWords customer receives a different conversion cookie. Cookies can therefore not be tracked through the apps of AdWords customers. The information collected by the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they will not receive any information that personally identifies users.

We may include third-party advertisements based on the Google Marketing Service called DoubleClick. DoubleClick uses cookies to enable Google and its partner apps to place ads based on users’ visits to this app or other apps on the Internet.

Google services make use of Google’s Tag Manager. For more information about Google’s use of data for marketing purposes, please see the summary page: https://www.google.com/policies/technologies/ads, Google’s privacy policy is available at https://www.google.com/policies/privacy.

The legal basis for the use of this service is Article Art. 6 paragraph 1 sentence 1 letter f GDPR. If you wish to object to interest-based advertising by Google marketing services, you can do so using the settings and opt-out options provided by Google: http://www.google.com/ads/preferences. Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Fabric Data Collection Policies

Identifiable data collected

Fabric services process some of your end users’ personal data to provide the service to you. The chart below has examples of how various Fabric services use and handle end-user personal data.

Answers

Effective with SDK versions 1.3.7 on iOS or 1.4.2 on Android and higher.

Personal Data collected:

  • Installation UUID
  • IP Addresses - once received it is geo-coded to a city and displayed on Audience Insights map for 10 seconds. Retained temporarily.

For versions prior to 1.3.7 on iOS and 1.4.2 on Android:

How data helps provide the service:

  • Provides customers with analytics information based on segmented device data. IP addresses are used to provide geolocation information to customers.

Retention:

  • Answers retains Installation UUID data for 90 days.

Beta

Personal Data collected:

  • User information - name and email address provided by application’s customer.
  • UDID on iOS
  • Secure Android ID
  • GCM Token

How data helps provide the service:

  • Helps customers distribute app builds to testers, monitor beta tester activity, and associate Crashlytics data with specific beta testers.

Retention:

  • User information is stored until requested for deletion by the customer and then removed within 180 days.

Crashlytics

Personal Data collected:

  • Installation UUID
  • Crash traces

How data helps provide the service:

  • Helping a customer associate crash data with specific instances of their app.

Retention:

  • Crash traces and their associated identifiers are kept for 90 days.

Yourt rights

Information on the rights of data subjects

Each data subject has the right of access in accordance with Article 15 GDPR, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to restriction of processing in accordance with Article 18 GDPR, the right to object in Article 21 GDPR and the right to data portability in Article 20 GDPR. The limitations according to Articles 34 and 35 BDSG apply to the right of access and to the right to erasure.

Information on the option to lodge a complaint

You also have the right to lodge a complaint with the competent data protection authority about our processing of your personal data.

Information on withdrawal of consent

You can withdraw your consent with us to process personal data at any time. This also applies to withdrawals of a declaration of consent that were given to us before the General Data Protection Regulation came into effect, i.e. before May 25, 2018. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to a withdrawal.

Right in the event that data is processed for direct marketing purposes

You have the right pursuant to Article 21 (2) GDPR to object to the processing of personal data concerning you. In the event that you object to processing for direct marketing purposes, we will no longer process your personal data for this purpose. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to a withdrawal.

Information on right to object in the case of balance of interests

If we process your personal data based on a balance of interests, you can object to such processing. If you exercise this right to object, please state the reasons why we should not process your data as we have described. If your objection is justified, we will review the situation and either stop or adjust data processing or explain our compelling legitimate reasons for processing to you.

You can stop all collection of information by the Application easily by uninstalling the Application. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network. You can also request to opt-out via email, at contact@fitnesspointapp.com.

Data Retention Policy, Managing Your Information

We will retain User Provided data for as long as you use the Application and for a reasonable time thereafter. We will retain Automatically Collected information for up to 24 months and thereafter may store it in aggregate. If you’d like us to delete User Provided Data that you have provided via the Application, please contact us at contact@fitnesspointapp.com and we will respond in a reasonable time. Please note that some or all of the User Provided Data may be required in order for the Application to function properly.

Children

We do not use the Application to knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at contact@fitnesspointapp.com. We will delete such information from our files within a reasonable time.

Security

We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to operate, develop or improve our Application. Please be aware that, although we endeavor provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.

Changes

This Privacy Policy may be updated from time to time for any reason. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy here and informing you via email or text message. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes. You can check the history of this policy by fitnesspointapp.com.

Your Consent

By using the Application, you are consenting to our processing of your information as set forth in this Privacy Policy now and as amended by us. "Processing,” means using cookies on a computer/hand held device or using or touching information in any way, including, but not limited to, collecting, storing, deleting, using, combining and disclosing information, all of which activities will take place in the Germany. If you reside outside the Germany your information will be transferred, processed and stored there under Germany privacy standards. 

Controller and data protection officer

The controller and data protection officer of data processing is Zero One GmbH, Tewaagstr. 4, 44141 Dortmund, Germany. You can contact us via email at contact@fitnesspointapp.com.