Book a demo
Visit our Instagram
spirofit
login
DE

DATA PROTECTION

1. General Information and Principles of Data Processing

Protecting your privacy and safeguarding your personal data—referred to as "personal data"—during the use of our product is a priority for us.
This privacy policy is in accordance with the General Data Protection Regulation (GDPR) and the Swiss Federal Data Protection Act (DPA).

Personal data, as defined in Art. 4 No. 1 GDPR, includes all information related to an identified or identifiable natural person. This may include information such as first and last names, address, phone number, email address, as well as an IP address.

Data that cannot be linked to your identity, for example, due to anonymization, is not considered personal data. The processing of personal data (e.g., collection, storage, retrieval, consultation, use, transfer, deletion, or destruction) according to Art. 4 No. 2 GDPR requires a legal basis or consent. Processed personal data must be deleted once the purpose of processing has been fulfilled and there are no legally mandated retention requirements.

According to Article 5(a) DPA, personal data includes all information relating to a specific or identifiable natural person.

Below, we outline the type, scope, purpose, legal basis, and retention period for each data processing activity.

2. Responsible Party - Name and Contact Information

SENDSOR GmbH
Am Brucker Feld 7
85567 Grafing
Phone: +49 8092 863 363 1
E-Mail: info@sendsor.de

3. Collection and Processing of Personal Data:

a) Visiting the Website:

When you visit our website, data is automatically collected by the web hosting provider and stored in server log files. This data includes:

- IP address of the accessing device
- Date and time of access
- Name and URL of the accessed file
- Website from which access is made (referrer URL)
- Browser and operating system of the accessing device

This data is used solely to ensure the smooth operation of the website and to improve our services. The legal basis for data processing is Art. 6 Para. 1 lit. f GDPR, based on our legitimate interest in ensuring the security and stability of our website.

b) Calendly:

For appointment scheduling, we use the Calendly tool. When using Calendly, personal data such as name, email address, and possibly additional information for scheduling appointments is collected. You can find the privacy policy of Calendly at Calendly Privacy. The legal basis for using Calendly is Art. 6 Para. 1 lit. f GDPR, based on our legitimate interest in efficient appointment scheduling.

c) WPForms:

For contact inquiries and forms, we use the WPForms plugin. The data you submit is stored for the purpose of processing your inquiry. You can find the privacy policy of WPForms at WPForms Privacy. The legal basis for using WPForms is Art. 6 Para. 1 lit. f GDPR, based on our legitimate interest in efficiently handling inquiries.

d) Instagram Links:

Our website contains links to our Instagram profile. Clicking on the link establishes a connection to Instagram, and data may be transmitted. You can find the privacy policy of Instagram at Instagram Privacy. The legal basis for linking to Instagram is Art. 6 Para. 1 lit. f GDPR, based on our legitimate interest in presenting our company attractively.

e) Google Analytics:

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"). Google Analytics uses so-called "cookies," text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie regarding your use of this website is usually transmitted to a Google server in the USA and stored there.

Privacy Policy for Using Google Analytics
This website uses Google Analytics with the "_anonymizeIp()" extension, so that IP addresses are only processed in shortened form to exclude direct personal reference.

Objection to Data Collection
You can prevent the storage of cookies by adjusting your browser software settings; however, we would like to point out that you may not be able to fully utilize all features of this website in this case. Additionally, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: [Link to browser plugin]

f) Pipedrive

To manage and organize our sales activities, we use the CRM tool Pipedrive. In this system, we store the contact details of leads and customers to coordinate communication and make the sales process efficient. You can find the privacy policy of Pipedrive at Pipedrive Privacy. Data processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in ensuring structured and targeted customer support. Your data will be stored and processed in compliance with applicable data protection laws.

g) Sales Partners:

To market our products, we work with selected partner companies that support us in market development. These partners, including Invatio GmbH (Germany and Austria), Prevedo GmbH (Switzerland), and PHE Ideas LLC (International), gain access to your contact details as part of their activities. These partners use the data to inform you about our products and offers and to ensure smooth execution of the sales process. The sharing of your data is carried out exclusively on the basis of Art. 6 Para. 1 lit. b and f GDPR, to fulfill contractual obligations and to maintain our legitimate interest in effective market presence.

4. Provision and Use of the App / Server Log Files

a) Type and Scope of Data Processing

When you access our app (meaning simply viewing it without registration or providing us with information in any other way), we process the following personal data that your browser automatically transmits to our server:
Date and time of the request

• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (visited page)
• Access status / HTTP status code
• Amount of data transmitted
• Internet address from which the page or file was accessed or the desired function was initiated (referrer URL)
• IP address
• Browser used
• Language and version of the browser software
• Operating system

Additionally, to provide the services of our mobile app, we require your device identification, a unique number of the end device (IMEI = International Mobile Equipment Identity), a unique number of the network subscriber (IMSI = International Mobile Subscriber Identity), a mobile phone number (MSISDN), MAC address for WLAN use, name of your mobile device, and an email address.

b) Purpose of Data Processing

The aforementioned data is technically necessary to enable you to use our app. Furthermore, the data is essential to ensure the stability of the website and IT security, particularly to protect our IT systems from misuse and to defend against attacks.

c) Legal Basis

The legal basis for processing this data is Art. 6 Para. 1 Sentence 1 lit. f GDPR and § 25 Para. 2 No. 2 of the Telecommunications-Telemedia Data Protection Act (TTDSG).

d) Storage Duration

The data mentioned above is stored for the duration of the communication process; the IP address is retained for IT security purposes for a short period of up to seven calendar days.

e) Right to Object

You have the right to object to the processing of your personal data according to Art. 6 Para. 1 Sentence 1 lit. f GDPR pursuant to Art. 21 GDPR. However, in this specific data processing operation, we have compelling legitimate grounds for processing the data, as we cannot provide and operate our website without processing this data.

5. User Account

a) Type and Scope of Data Processing

When you create a user account, we collect and store the data you enter in the input fields (last name, first name, email address, confirmation of legal age). You may also voluntarily provide additional information such as name, age, height, and gender.

b) Purpose of Data Processing

Your registration is necessary for the fulfillment of a contract or to carry out pre-contractual measures. After registration, you are free to change the personal data provided during registration at any time or to have it completely deleted from the records of the data controller.

c) Legal Basis

The legal basis for processing in connection with the creation of the user account is Art. 6 Para. 1 Sentence 1 lit. b GDPR. If you voluntarily provide additional data, the legal basis for processing may be Art. 6 Para. 1 Sentence 1 lit. a GDPR in conjunction with Art. 9 Para. 2 lit. a GDPR.

d) Storage Duration

The data collected during registration will be stored by us as long as you are registered on our website. Legal retention periods remain unaffected.

6. Payment Options

a) Type and Scope of Data Processing

We collect the data necessary for payment of our service, particularly the following information:

• First and last name
• Address details
• Email address
• Credit card number
• Name of the credit card holder
• Expiration date of the credit card

b) Purpose of Data Processing

We use this data for the purpose of processing payments and preventing misuse.

c) Legal Basis

The legal basis for data processing is Art. 6 Para. 1 Sentence 1 lit. b GDPR, provided that this data is necessary for the fulfillment of a contract or for the execution of pre-contractual measures.

d) Storage Duration

The data will be deleted as soon as it is no longer needed for the purpose of processing. Additionally, there may be legal retention obligations, such as commercial or tax-related retention requirements under the Commercial Code (HGB) or the Fiscal Code (AO). If such retention obligations exist, we will block or delete your data at the end of these obligations.

7. Data During the Use of SpiroFit

a) Type and Scope of Data Processing

When using SpiroFit, heart rate (beats per minute), oxygen and carbon dioxide concentrations, and airflow are measured, from which fitness data is calculated. Additionally, position data (Local Position Measurement - LPM) is collected.
The data is initially stored locally on the mobile phone. To analyze the data, you must manually send it to "my.spirofit.de" and provide your consent for data processing in this context.

b) Purpose of Data Processing

We process the personal data—provided that you give your consent to transmit it to "my.spirofit.de"—for the following purposes:
Evaluation of Measurements, Position Data, and Fitness Data:

• The data will be used to analyze measurement values, position data, and fitness data.
• Personalization of Data: The data will be used to personalize SpiroFit products and services. For example, data such as height, weight, gender, and age can be used to calculate burned calories or distances covered.
• Improvement of Products and Services: The data will be used exclusively in an anonymized form to fix errors and improve the reliability and safety of SpiroFit products and services.

c) Legal Basis for Data Processing

The legal basis for data processing is Art. 6 Para. 1 Sentence 1 lit. a and Art. 9 Para. 2 lit. a GDPR.

c) Storage Duration

The data will be deleted as soon as it is no longer necessary for the purpose of processing. Data processing will cease for the future when you revoke your consent.

8. Categories of Recipients of Personal Data

We only share your personal data with third parties when:
a) You have given your explicit consent in accordance with Art. 6 (1) sentence 1 lit. a, Art. 9 (2) lit. a of the GDPR.
b) This is legally permissible and necessary under Art. 6 (1) sentence 1 lit. b of the GDPR for the fulfillment of a contractual relationship with you or for the implementation of pre-contractual measures.
c) There is a legal obligation for the transfer under Art. 6 (1) sentence 1 lit. c of the GDPR. We are legally obliged to transmit data to government authorities (e.g., tax authorities, financial supervision, law enforcement agencies).
d) The transfer is necessary under Art. 6 (1) sentence 1 lit. f of the GDPR for the protection of legitimate business interests, as well as for the assertion, exercise, or defense of legal claims, and there is no reason to believe that you have a predominant legitimate interest in not disclosing your data.
e) We use external service providers (so-called processors) for the processing of personal data in accordance with Art. 28 (3) of the GDPR. These providers have been carefully selected by us and are obligated by a processing agreement to handle personal data in compliance with data protection laws.

We engage such external service providers in the following areas:

• Hosting

When transferring personal data to so-called third countries, i.e., outside the EU or EEA, we ensure that your personal data is treated with the same care as within the EU or EEA. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of data protection or where we have ensured careful handling of personal data through contractual agreements or other appropriate safeguards.

9. Obligation to Provide Personal Data

Regarding the creation of the user account, it is contractually required that personal data must be provided. If you do not provide your data, the contract cannot be fulfilled. Providing fitness data to “my.spirofit.de” is neither contractually nor legally mandated. If you do not consent to this, the evaluation of the data cannot be carried out.

10. Your Rights as a Data Subject

a) According to the DSG (Data Protection Act), you have the following rights:

aa) Right of access under Article 25 DSG

You have the right to request information about whether we are processing personal data concerning you. If this is the case, you have the right to be informed about your personal data and to receive additional information, including the identity and contact details of the data controller; the processed personal data itself; the purposes of processing; the retention period for the personal data or, if that is not possible, the criteria used to determine that period; available information about the source of the personal data, insofar as it was not obtained from the data subject; any existence of automated decision-making, including profiling, and the logic involved in such decisions; if applicable, the recipients or categories of recipients to whom personal data is disclosed, as well as the information specified in Article 19, paragraph 4. We may refuse to provide information or restrict or delay the provision of information according to Articles 26 and 27 DSG.

ab) Right to data release or transfer under Article 28 DSG

You have the right to request the release of your personal data that you have provided in a common electronic format. The data controller may refuse, restrict, or delay the release or transfer of personal data for the reasons listed in Articles 26, paragraphs 1 and 2. The data controller must state the reasons for refusing, restricting, or delaying the release or transfer.

ac) Right to rectification under Article 32, paragraph 1 DSG

You have the right to have inaccurate personal data corrected, unless: a legal provision prohibits the modification or the personal data is processed for archiving purposes in the public interest.

b) Under the GDPR, you have the following rights:

ba) Right to withdraw your data protection consent under Article 7, paragraph 3 GDPR

You can withdraw your consent to the processing of your personal data at any time with future effect. The legality of the processing based on the consent prior to the withdrawal remains unaffected.

bb) Right of access under Article 15 GDPR

You have the right to request confirmation as to whether we are processing personal data concerning you. If this is the case, you have the right to access this personal data and to receive further information, such as the purposes of processing, the categories of personal data processed, the recipients, and the planned duration of storage or the criteria for determining that duration.

bc) Right to rectification and completion under Article 16 GDPR

You have the right to request the immediate rectification of inaccurate data. Considering the purposes of processing, you have the right to request the completion of incomplete data.

bd) Right to erasure ("right to be forgotten") under Article 17 GDPR

You have the right to erasure, provided that the processing is not necessary. This is the case, for example, if your data is no longer necessary for the original purposes, you have withdrawn your data protection consent, or the data has been processed unlawfully.

be) Right to restriction of processing under Article 18 GDPR

You have the right to restriction of processing, for example, if you believe that the personal data is inaccurate.

bf) Right to data portability under Article 20 GDPR

You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format.

bg) Right to object under Article 21 GDPR

You may object to the processing of your data for reasons arising from your particular situation. In the case of direct marketing, you as the data subject have the right to object at any time to the processing of personal data concerning you for the purposes of direct marketing; this also applies to profiling insofar as it is related to such direct marketing.

bh) Automated individual decision-making, including profiling under Article 22 GDPR

You shall not be subject to a decision based solely on automated processing of your data, including profiling, that has legal effects concerning you or similarly significantly affects you.

bi) Complaint to a data protection authority under Article 77 GDPR

You can file a complaint with a data protection authority at any time if you believe that the data processing is not in compliance with data protection regulations.

Responsible data protection authority:

Bavarian State Office for Data Protection Supervision
Promenade 18
91522 Ansbach
Mailing address: P.O. Box 1349, 91504 Ansbach
Phone: 0981/180093-0
Fax: 0981/180093-800
Email: poststelle@lda.bayern.de
Website: https://www.lda.bayern.de

11. Changes to the Privacy Policy

Our privacy policy serves to fulfill legal information obligations. We update our privacy policy as necessary.

11. Cookies

To manage the cookies and similar technologies (tracking pixels, web beacons, etc.) used, as well as related consents, we use the consent tool "Real Cookie Banner." Details about the functionality of "Real Cookie Banner" can be found at https://devowl.io/de/rcb/datenverarbeitung/.

The legal bases for processing personal data in this context are Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to manage the cookies and similar technologies and the related consents.

Providing personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obligated to provide personal data. If you do not provide the personal data, we cannot manage your consents.

Information on Data Protection for Customers

1. General Information and Principles of Data Processing

We are pleased that you are visiting our website. The protection of your privacy and the protection of your personal data, i.e., personal data when using our product, is an important concern for us.

This privacy policy applies to the General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (DSG).

According to Art. 4 No. 1 GDPR, personal data includes all information that relates to an identified or identifiable natural person. This includes, for example, information such as first and last name, address, telephone number, email address, and also an IP address.

Data that cannot be linked to you, such as data obtained through anonymization, is not considered personal data. The processing of personal data according to Art. 4 No. 2 GDPR always requires a legal basis or consent. Processed personal data must be deleted as soon as the purpose of processing has been achieved and there are no longer any legal retention obligations to be observed.

According to Article 5 lit. a DSG, personal data refers to all information relating to an identified or identifiable natural person.

Here you will find information about how we handle your personal data when you visit our website. To provide the functions and services of our website, it is necessary for us to collect personal data about you.

We will explain below the type and scope, purpose, legal basis, and storage duration of the respective data processing.

This privacy policy does not apply to other websites to which we refer via a hyperlink. We cannot accept responsibility for the confidential handling of your personal data on these third-party websites as we have no influence over whether these companies comply with data protection regulations. Please inform yourself directly on their websites about how they handle your personal data.

2. Responsible Party - Name and Contact Details

SENDSOR GmbH
Am Brucker Feld 7
85567 Grafing
Phone: +49 8092 863 363 1
E-Mail: info@sendsor.de

3. Data Processing for Product Purchases

a) Type and Scope of Data Processing

If you purchase something from us, we collect the data necessary for payment and providing the product. Currently, we offer bank transfer as a payment method. We process the following data:

  • First and last name
  • Address data
  • Email address
  • Account details

b) Purpose of Data Processing

We use this data for the purpose of processing payments and preventing misuse.

c) Legal Basis

The legal basis for data processing is, if the GDPR applies, Art. 6 para. 1 S. 1 lit. b GDPR, provided the customer is a natural person. This data is necessary for the fulfillment of a contract or for carrying out pre-contractual measures.
In the context of establishing and performing contracts, the legal basis for legal entities, if the GDPR applies, is Art. 6 para. 1 S. 1 lit. f GDPR. We have a legitimate interest in being able to communicate with the contacts of our contractual partners.

d) Storage Duration

The data will be deleted as soon as they are no longer necessary for the purpose of processing. Additionally, there may be legal retention obligations, such as commercial or tax retention obligations under the German Commercial Code (HGB) or the German Fiscal Code (AO). If such retention obligations exist, we will block or delete your data at the end of these retention periods.

4. Data Processing to Fulfill Legal Obligations

a) Type and Scope of Data Collection and Processing, Purpose

We process your personal data if this is necessary to fulfill legal obligations. This includes, for example:

    • Fulfillment of reporting or disclosure obligations to authorities
    • Commercial or tax-related retention obligations
    • Inquiries and requests from supervisory or law enforcement authorities
    • Prevention of money laundering

Furthermore, the disclosure of personal data in the context of official/court measures for the purpose of evidence collection, prosecution, or enforcement of civil claims may be necessary.

b) Legal Basis for Data Processing

The legal basis for data processing is, if the GDPR applies, Art. 6 para. 1 S. 1 lit. c GDPR.

c) Storage Duration

The data will be deleted as soon as they are no longer necessary for the purpose of their processing. Additionally, there may be legal retention obligations, such as commercial or tax-related retention obligations under the German Commercial Code (HGB) or the German Fiscal Code (AO). If such retention obligations exist, we will delete your data at the end of these retention periods.

5. Provision and Use of the App / Server Log Files (SpiroFit)

a) Type and Scope of Data Processing

When you access our app "SpiroFit" (i.e., when simply viewing the data without registering and without you providing us with information), we process the following personal data that your browser automatically transmits to our server:

  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (visited page)
  • Access status/ HTTP status code
  • Data volume transmitted
  • Internet address from which the page or file was retrieved or the desired function was initiated (Referrer URL)
  • IP address
  • Browser used
  • Language and version of the browser software
  • Operating system

Furthermore, we need your device identification, a unique number of the end device (IMEI = International Mobile Equipment Identity), a unique number of the network subscriber (IMSI = International Mobile Subscriber Identity), a mobile phone number (MSISDN), MAC address for WLAN usage, name of your mobile device, and an email address to provide the services of our mobile app.

b) Purpose of Data Processing

The above-mentioned data is technically required to enable you to use our app. Additionally, the data is technically necessary to ensure the stability of the website and IT security, especially to protect our IT systems from abuse and to defend against attacks.

c) Legal Basis

The legal basis for processing this data is, if the GDPR applies, Art. 6 para. 1 S. 1 lit. f GDPR or § 25 para. 2 No. 2 Telecommunications-Telemedia Data Protection Act (TTDSG).

d) Storage Duration

The aforementioned data will be stored for the duration of the communication process, and the IP address will be stored for a short period of up to seven calendar days for IT security purposes.

e) Right to Object

You have a right to object to the processing of your personal data in accordance with Art. 6 para. 1 S. 1 lit. f GDPR. However, in this specific data processing instance, we have compelling legitimate reasons for processing the data, as without processing this data we cannot provide and operate our website.

6. Data Processing in the Context of the User Account (SpiroFit)

a) Type and Scope of Data Processing

When you create a user account with SpiroFit, we collect and store the data you enter in the input mask (last name, first name, email address, serial number). It is also possible to voluntarily provide additional data such as name, age, height, and gender.

b) Purpose of Data Processing

Your registration is necessary for the fulfillment of a contract or for carrying out pre-contractual measures. After registration, you are free to modify the personal data provided during registration or have it completely deleted from the database of the data controller.

c) Legal Basis

The legal basis for processing in the context of creating the user account is, if the GDPR applies, Art. 6 para. 1 S. 1 lit. b GDPR. If you voluntarily provide additional data, Art. 6 para. 1 S. 1 lit. a GDPR in conjunction with Art. 9 para. 2 lit. a GDPR may be the relevant legal basis for processing.

d) Storage Duration

The data collected during registration will be stored as long as you are registered. Legal retention periods remain unaffected.

7. Data When Using SpiroFit

a) Type and Scope of Data Processing

When using SpiroFit, heart rate (beats per minute), oxygen and carbon dioxide concentration, and airflow are measured, and fitness data is calculated. Additionally, position data (Local Position Measurement (LPM)) is collected.

The data is initially stored locally on the mobile phone. To analyze the data, you must first manually send it to “my.spirofit.de” and consent to the data processing in this regard.

b) Purpose of Data Processing

We process the personal data—if you consent to the transmission to “my.spirofit.de”—for the following purposes:

  • Evaluation of measurement values, position data, and fitness data
  • Personalization of data

The data is used to personalize Spirofit products and services. For example, based on data such as height, weight, gender, and age, an individual fitness goal can be set.

c) Legal Basis

The legal basis for data processing is, if the GDPR applies, Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR.

d) Storage Duration

The data will be deleted as soon as it is no longer needed to achieve the purpose of processing or you withdraw your consent.

8. Categories of Recipients of Personal Data

Your personal data will only be shared with third parties if:

  • You have given your explicit consent.
  • The disclosure is necessary for the performance of a contract with you.
  • There is a legal obligation to do so.
  • It is necessary to protect legitimate interests.

In addition, we may share your personal data with external service providers (data processors) who have been carefully selected and are contractually obliged to handle your data with care and only according to our instructions.

9. Obligation to Provide Personal Data

For the creation of a user account, the provision of personal data is required. The provision of fitness data is voluntary. Failure to provide personal data will result in the inability to create an account.

10. Your Rights as a Data Subject

 In accordance with the DSG and the GDPR, you have the following rights:

  • Right to access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to deletion (Art. 17 GDPR)
  • Right to restrict processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7 para. 3 GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

11. Changes to the Privacy Policy

We will update this privacy policy as necessary to comply with legal information obligations.
 © 2024 SpiroFit
crossmenu linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram