Privacy policy and consent
Data protection is a matter of trust and your trust is important to us. We respect your privacy and personal sphere. The protection and legally compliant collection, processing and use of your personal data is therefore an important concern for us. To ensure that you feel safe when visiting our website, we strictly observe the legal provisions when processing your personal data and would like to inform you here about our data collection and use.
You can print out this document by using the usual functions of your browser.
Secure data transmission
We use SSL encryption to protect your transmitted data in the best possible way. You can recognize such encrypted connections by the prefix"https://"in the page link in the address bar of your browser. Unencrypted pages are marked with "http://". Thanks to SSL encryption, all data that you transmit to this website - for example when making inquiries or logging in - cannot be read by third parties. Although no one can guarantee absolute protection, we use technical and organizational measures to secure our website and other systems against loss, destruction, access, modification or dissemination of your data by unauthorized persons.
1. objective of the data protection declaration and the responsible body
2. art. 12-14 GDPR: Duty to provide information
3. collection, processing and use of personal data
4. collection of access data
5. cookies
6. web analysis with Google (Universal) Analytics
7. google re/marketing services
8. Facebook Remarketing
9. use of Microsoft Clarity
10. customer match - customer audience
11. integration of third-party services and content
12. automatic opt-out / time monitoring
13. rights as a data subject
14. right to lodge a complaint
15. data protection information
16 Disclaimer
17. legal validity of this disclaimer
18. changes to the privacy policy
1. objective of the privacy policy and the responsible body
The data protection declaration is intended to make the type, purpose and scope of the processing of personal data visible. It shows how data is collected (and consent given) and how it is processed and used. This relates to our online offering. Of course, this also includes all the websites we maintain, their functions and content. In the following text, we will refer to this as "online offering" or "website" for short.
Of course, this privacy policy also applies regardless of the platforms, systems, domains and end devices used (i.e. PCs or mobile devices such as smartphones or tablet PCs) on which our offers can be displayed.
The responsible company is Flexyfit Plus GmbH. The address is: Dietrichgasse 27 E.EG2 in 1030 Vienna.
It is the controller under data protection law and is referred to in the following text as "provider", "us" or "we". Explicit contact persons and/or options can be found in the legal notice.
In the following text, "user" is used as a synonym for all interested parties and/or customers of our online offer.
We would also like to mention here that the terms used are not gendered due to the already difficult reading flow and are therefore to be regarded as gender-neutral.
2. art. 12-14 GDPR: Duty to provide information
It is very important to us to keep our users' sensitive and therefore personal data under lock and key. This means that we process this data strictly in accordance with the EU General Data Protection Regulation (GDPR) and thus help to reduce the data collected to the bare minimum (data minimization and avoidance). We therefore only store users' personal data under special conditions. A special condition could be, for example, a valid contract between the two parties or consent (interest) in accordance with the GDPR.
To ensure that no manipulation, loss or attacks by third parties can occur, we endeavour to always adapt all security measures (technical, contractual and organizational) to the latest state of the art. This ensures that all data entrusted to us is securely protected for users in accordance with data protection laws.
Within the scope of the privacy policy, content, tools or various other apps from other providers may be used. If these are based abroad, data may be transferred to the countries in which they are based. Such a data transfer can only take place if there is a legal permission as a basis (data security) or a special consent of the user or a contractual clause. In the following text, "other providers" is used as a synonym for all third-party providers of our online offering.
3 Collection, processing and use of personal data
All user data is used on the basis of the legal framework of the data protection declaration and exclusively for the following purposes.
A transfer of personal data to third-party providers only takes place if it is absolutely necessary to fulfill our contractual obligations (address notification to suppliers) or those of the users (transfer to payment service providers).
If a user contacts us - this can be via various media (social media, appointment calendar, contact form, email, telephone, visit to the Academy or chat) - they agree to their personal data being used to contact them. This only happens in a business context and not for personal reasons. We do not transmit any personal data to third parties unless the currently applicable data protection guidelines justify or legally compel us to do so. Of course, users can revoke their consent to the use of their data at any time with effect for the future. If a user withdraws their consent, their stored data will be deleted with immediate effect. The stored data will also be deleted if the purpose for which it was stored no longer applies or has been fulfilled. If it is not completely clear to a user what data we have stored about them, they can request information about this data at any time and then take further steps (e.g. deletion of all or individual data).
3.1 Personal data
Personal data is information about the factual or personal circumstances of an identified or identifiable natural and/or legal person. This includes, for example, name, customer number, telephone number, address and all inventory data provided to us during registration and when creating a customer account (e.g. Academy account). This does not include statistical data that we collect, for example, when users visit our websites or our online store and which cannot be directly linked to users.
3.2 Customer account (e.g. Academy account)
For each user (e.g. participant) who registers accordingly, we set up password-protected direct access to their inventory data stored by us (customer account/academy account). The user undertakes to treat the personal access data confidentially and not to make it accessible to unauthorized third parties. We cannot accept any liability for misused passwords unless we are responsible for the misuse.
3.2.1 Newsletter
We use the so-called double opt-in procedure to send the newsletter, i.e. we will only send users a newsletter by email if they have expressly confirmed to us beforehand that we should activate the newsletter service. We will then send users a notification e-mail and ask them to confirm that they wish to receive our newsletter by clicking on a link contained in this e-mail.
If you subscribe to our newsletter, we will use the data required for this or separately provided by you to regularly send you our email newsletter based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
If the user no longer wishes to receive newsletters from us, they can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form (e.g. e-mail, fax, letter) is sufficient for this. Of course, users will also find an unsubscribe link in every newsletter.
3.2.2 WhatsApp® campaign channel
We use the so-called double opt-in procedure for sending messages in the Flexyfit® WhatsApp® campaign channel. We will only send users a message via the WhatsApp® campaign channel if they have expressly confirmed their wish to activate the WhatsApp® campaign channel.
If you register for our WhatsApp® campaign channel, we will use the data required for this or separately provided by you to send you regular messages based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
If the user no longer wishes to receive messages from us, they can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form (e.g. e-mail, fax, letter) is sufficient for this. Users will also find an unsubscribe button in every message.
3.2.3 Job, service and product recommendations by email, newsletter or via our WhatsApp® campaign channel
As a user (e.g. participant with a customer account/academy account) of Flexyfit Plus GmbH, you will be added to our newsletter system and the Flexyfit WhatsApp® campaign channel in order to receive regular customer account information, job, service and product recommendations.
We use personal data for advertising purposes, with the aim of providing the user with information about our offer, which could be of interest to the user based on recent purchases (e.g. course bookings, workshop bookings) with us. We only use email advertising or the WhatsApp® campaign channel, among other things, to the extent permitted by law or if the user has specifically authorized us to do so. If the user no longer wishes to receive recommendations or advertising messages from us, the user can object to this at any time without incurring any costs other than the transmission costs according to the basic rates.
A message in text form (e.g. e-mail, fax, letter) is sufficient for this. Users will also find an unsubscribe button in every message.
3.2.4 Competitions, market and opinion research
In competitions, we use personal data for the purpose of notifying winners and advertising our offers. Users may find detailed information in our conditions of participation for the respective competition.
We also use personal data for market and opinion research. Of course, we only use this data anonymously for statistical purposes and only for Flexyfit Plus GmbH.
The user can object to the use of data for market and opinion research at any time without incurring any costs other than the transmission costs according to the basic rates. A notification in text form (e.g. e-mail, fax, letter) is sufficient for this. Users will also find an unsubscribe button in every message.
4. collection of access data
When a user visits our website on the Internet, data is collected which is stored by us in so-called server log files. This involves the following data: the website accessed, including the date and time of access and the volume of data transferred. In addition, general information about the web browser used, the operating system used and the corresponding IP address is collected. Furthermore, the referrer URL (previously visited website) and the requested provider are saved.
The aforementioned log data of the user is not assigned to any person (whether natural or legal) for profiling purposes, but is used solely for the purpose of downstream statistical analysis. By statistical evaluation, we mean a purely quantitative data analysis with the aim of ensuring the security and ongoing optimization of our online offering.
Naturally, the data collected is used within the framework of the statutory provisions.
5. cookies
What are cookies? Cookies and flash cookies are small files that are stored on the user's data carrier and that store certain settings and data for exchange with our system via your browser. There are basically two different types of cookies, so-called session cookies, which are deleted as soon as the user closes their browser, and temporary/permanent cookies, which are stored on the user's data carrier for a longer period of time or permanently. This storage helps us to design our website and our offers for users accordingly and makes it easier for the user to use them, for example by storing certain entries in such a way that they do not have to be constantly repeated.
Of course, it is also possible to view our website without using cookies if a user does not wish to do so. In this case, the user is requested to make the appropriate setting on their own computer under browser settings. If unwanted cookies have already been saved, these can also be deleted in the browser settings. Finally, it should be mentioned here that the exclusion of cookies can lead to restrictions in the functionality of our online services!
For the sake of completeness, we would like to draw the user's attention to the possibility of managing the majority of online advertising cookies from companies via the US website http://www.aboutads.info/choices orthe EU website http://www.youronlinechoices.com/uk/your-ad-choices.
6. web analysis with Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc (www.google.de). Google (Universal) Analytics uses methods that enable your use of the website to be analyzed, such as so-called "cookies", text files that are stored on your computer. The information generated about your use of this website is anonymized on an internal server before it is transferred to Google in the USA and, if necessary, stored there. By activating IP anonymization on this website, the IP address is shortened before transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. as soon as you log in to your Academy account and have agreed to the use of Google Analytics, this website uses the Google Analytics UserID functions to track interaction data.
You can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
7 Google Re/Marketing Services
We use the marketing and remarketing services ("Google Marketing Services" for short) of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").
Google Marketing Services allow us to display advertisements for and on our website in a more targeted manner in order to present users only with advertisements that potentially match their interests. If, for example, users are shown ads for products that they have shown an interest in on other websites, this is referred to as "remarketing". For these purposes, when our and other websites on which Google marketing services are active are accessed, a code from Google is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, what content they are interested in and which offers they have clicked on, as well as technical information about the browser and operating system, referring websites, time of visit and other information about the use of the online offer. The IP address of the user is also recorded, whereby we inform you in the context of Google Analytics that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases transmitted in full to a Google server in the USA and shortened there. The IP address is not merged with the user's data within other Google offers. This aforementioned information may also be combined with such information from other sources. If the user subsequently visits other websites, they can be shown ads tailored to their interests.
User data is processed pseudonymously as part of Google marketing services. This means that Google does not store and process the user's name or email address, for example, but processes the relevant data in relation to cookies within pseudonymous user profiles, i.e. from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by "DoubleClick" about users is transmitted to Google and stored on Google's servers in the USA.
The Google marketing services we use include the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Cookies can therefore not be tracked via the websites of AdWords customers. The information collected with the help of the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, Google Inc. does not receive any information with which users can be personally identified.
We integrate third-party advertisements on the basis of the Google marketing service "DoubleClick". DoubleClick uses cookies to enable Google and its partner websites to place ads based on users' visits to this website or other websites on the Internet.
We also integrate third-party advertisements on the basis of the Google marketing service "AdSense". AdSense uses cookies to enable Google and its partner websites to display ads based on users' visits to this website or other websites on the Internet.
Another Google marketing service we use is the "Google Tag Manager", which can be used to integrate other Google analysis and marketing services into our website (e.g. "AdWords", "DoubleClick" or "Google Analytics").
Interested users can find further information on the use of data for marketing purposes by Google on the overview page: https: //www.google.com/policies/technologies/ads, Google's privacy policy is availableat https://policies.google.com/privacy.
If our users wish to object to the collection by Google marketing services, they can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences.
8 Facebook Remarketing
Within our online offer, so-called "Facebook pixels" of the social network Facebook, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if users are resident in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), are used. With the help of the Facebook pixel, Facebook is able to determine the visitors to our website as a target group for the display of advertisements, so-called "Facebook ads". Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our website. This means that with the help of the Facebook pixel, we want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook ad.
The Facebook pixel is integrated directly by Facebook when our website is accessed and can store a so-called cookie, i.e. a small file, on the user's end device. If a user subsequently logs in to Facebook or visits Facebook while logged in, the visit to our website is noted in the user profile. The data collected about the user is anonymous to us and therefore does not allow us to draw any conclusions about the identity of the respective user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible. The data is processed by Facebook in accordance with Facebook's data usage policy. Accordingly, users can find more information on how the remarketing pixel works and how Facebook ads are displayed in general in Facebook's data usage policy: https://www.facebook.com/policy.php.
Users can object to the collection by the Facebook pixel and use of personal data to display Facebook ads. To do this, they can go to the page set up by Facebook and follow the instructions on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads or declaretheir objection via the US site http://www.aboutads.info/choices orthe EU site http://www.youronlinechoices.com. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
9. use of Microsoft Clarity
We use Microsoft Clarity to better understand the needs of our users and to optimize the offer on this website. With the help of Clarity technology, we gain a better understanding of how our users use our website. This helps us to better tailor our offering to our users. Microsoft Clarity works with cookies and other technologies to collect information about the behavior of our users and their end devices (in particular IP address of the device (is only recorded and stored in anonymized form), screen size, device type (Unique Device Identifiers), information about the browser used, location (country only), preferred language for displaying our website). Clarity stores this information in a pseudonymized user profile. The information is not used by Clarity or by us to identify individual users or merged with other data about individual users. You can find out which cookies Microsoft Clarity sets on the Microsoft website at https://docs.microsoft.com/en-us/clarity/cookie-list#what-cookies-does-clarity-set MicrosoftClarity is GDPR-compliant as a data controller for visitors and secure. If you would like to read more about Microsoft Clarity or how Microsoft may use your data, please visit Microsoft's privacy policy at https://privacy.microsoft.com/de-DE/privacystatement.
10 Customer Match - Customer Audience
To ensure that our offer reaches our target groups, we use customer match lists that are used as part of our Google AdWords and Facebook advertising activities. To enable matching, your e-mail address is encrypted and forwarded to Facebook and/or Google. This allows us to show you content and advertising based on your interests. By accepting the privacy policy, you consent to the transfer of your data for this purpose. You can revoke this consent at any time.
11. integration of third-party services and content
As we occasionally use content, applications or services from third-party providers within our online offering, we would like to draw our users' attention to this point. For our users, the integration of third-party providers means that the IP address is forwarded to them. This is the only way to guarantee an optimal display of the integrated content. These providers may also use cookies. The data collected in this way could subsequently be used for their own commercial interests (e.g. to create a user profile). Unfortunately, we have no influence over this. We therefore use third-party services as rarely as possible in order to be able to act in a data-saving and data-avoiding manner. In addition, we only work with reliable third-party providers with regard to data security and protection.
The following list serves as an overview for the user. All third-party providers, their content and the links to their privacy policies are listed. This enables the user to find out how the data collected is processed and used. In addition, the user is informed about possible objection options (so-called opt-out):
-
Live chat via homepage with us through the third-party provider of Userlike UG, Probsteigasse 44-46, 50670 Cologne.
-
External fonts from Google, Inc ,https://fonts.google.com/ ("Google Fonts"). The integration of Google Fonts takes place via a server call at Google (usually in the USA). Privacy policy: https: //policies.google.com/privacy, Opt-Out: https://www.google.com/settings/ads.
-
Maps provided by the "Google Maps" service of the third-party provider Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https: //policies.google.com/privacy, opt-out: https://www.google.com/settings/ads.
-
Videos from the "YouTube" platform of the third-party provider Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https: //policies.google.com/privacy, opt-out: https://www.google.com/settings/ads.
-
Videos from the "Vimeo" platform of the third-party provider IAC/InterActiveCorp 555 West 18th Street, New York, New York 10011 Attention: Legal Department. Privacy policy at: https: //www.vimeo.com.
-
Instant bank transfer in the online store area by the third-party provider Klarna Bank AB (publ) Sveavägen 46, 111 34 Stockholm, Sweden. Privacy policy: https: //www.klarna.com/at/datenschutz.
-
Technical support in the Academy account by the third-party provider TeamViewer GmbH, Jahnstr. 30, 73037 Göppingen, Germany. Privacy policy: https: //www.teamviewer.com/de/datenschutzerklaerung/.
-
SMS dispatch when contacting us by the third-party provider sms.at mobile internet services GmbH, Klosterwiesgasse 101b/Ge01, A-8010 Graz, Austria. Privacy policy: https: //www.websms.at.
-
Online live distance learning courses by the third-party provider Citrix Systems GmbH, Erika-Mann-Str. 67-69, 80636 Munich. Data protection: https://www.citrix.com/de-de/
-
"Content Delivery Network" (CND) by the third-party provider Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA. Privacy policy: https://www.cloudflare.com/privacypolicy.
11.1 Use of social media plugins
We use plugins of the following social network(www.facebook.com, www.youtube.com) which is operated by the company (Facebook Inc., YouTube). For this purpose, we use a two-stage procedure in which you can give your consent to the processing of data by the operator of the social network in accordance with Art. 6 para. 1 lit. a GDPR. Data is only transferred to the operator of the social network when users click on one of the icons displayed and thus consent to the transfer of data to the operator of the social network. A connection from your browser to the respective social network is only established after such consent has been given.
The social network receives information about your visit to our websites via the plugin. If you are logged in to (Facebook Inc., YouTube), your visit can be assigned to your social network account. Any interactions with the plugin can be saved by the operator of the network.
Information about the use of the data collected by the respective social network can be found on the company's website (Facebook Inc., YouTube) in the "Data protection" or "Privacy" section.
List of social networks
Company data of the best-known social networks:
-
Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA, www.facebook.comData protection information: https://www.facebook.com/about/privacy
-
YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, www.youtube.comPrivacy policy: https://policies.google.com/privacy
-
Twitter, Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA, www.twitter.com
-
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, www.linkedin.com
-
XING AG, Gänsemarkt 43, 20354 Hamburg, Germany, www.xing.com
-
Yahoo! Inc, 701 First Avenue, Sunnyvale, CA 94089, USA, www.yahoo.com
12. automatic logout / time monitoringTo properly log out of our customer account (Academy account, online store), the user must always click on the "Log out" button. This is listed in the main navigation. If the user forgets to do this, our system automatically logs the user out after 120 minutes of inactive online time for security reasons. This is not an error, but merely serves to protect personal data.
13. right as a data subjectYou have the right to information about your personal data, as well as the right to rectification or erasure or restriction of processing. You can also object to the processing and have the right to transfer your personal data in a structured, machine-readable form. For all these rights, please use the contact details of the controller.
14. right to lodge a complaintYou also have the right to lodge a complaint with a supervisory authority. For Austria, this is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, telephone: +43 1 52 152-0, e-mail:
[email protected], web:
https://www.dsb.gv.at/.15. data protection informationIf you have any questions regarding the collection, processing or use of your personal data, for information, correction, blocking or deletion of data, as well as revocation of any consent given or objection to a specific use of data, please contact our data protection coordinator in writing:
Thomas Freissler |
[email protected]
16 Disclaimer
The content of these pages has been compiled with the utmost care. However, no guarantee can be given for the accuracy, completeness and topicality of the content and the site is for presentation purposes only. Liability claims relating to material or non-material damage caused by the use or non-use of the information or by the use of incorrect or incomplete information are therefore excluded, unless there is evidence of wilful intent or gross negligence. All offers are subject to change and non-binding. The service provider also expressly reserves the right to change, supplement or delete parts of the pages or the entire offer without prior notice or to cease publication temporarily or permanently. The website contains links to third-party websites over whose content the service provider has no influence. For this reason, no liability can be assumed for this third-party content; the respective provider or operator of the pages is always responsible for this content. At the time of linking, the respective pages were checked for possible legal violations; this check revealed that no illegal content was discernible at that time. However, permanent monitoring of the content of the linked pages is unreasonable without concrete evidence of an infringement. If we become aware of illegal links, these will be removed immediately. However, liability in this respect is only possible from the time we become aware of a specific infringement. If the user is aware of such infringements, he is requested to inform us immediately and the corresponding content will then be removed immediately.
17 Legal validity of this disclaimer
This disclaimer is to be regarded as part of the internet publication which you were referred from. If sections or individual terms of this statement are not legal or correct, the content or validity of the other parts remain uninfluenced by this fact.
18. changes to the privacy policy
We reserve the right to amend the data protection declaration in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies with regard to declarations on data processing. If user consent is required or components of the privacy policy contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users. Users are requested to inform themselves regularly about the content of the privacy policy.
Status: 29.03.2024