Twenty Billion Neurons GmbH ("Company", "We", "Us", "Our") is responsible for the data processing within the Service. Our full contact details are:
Twenty Billion Neurons GmbH
You can reach our data protection officer at: .
Naturally, using our App is voluntary. However, when you do use it, you are required to provide us with some Personal Information for example in the registration of a user account for the App. Furthermore, the provision of some information is technically required for the App to function. As a result, you will be unable to access and use it in case of your refusal.
As a user of our Service, you are not subject to any automated decision-making according to Art. 22 GDPR.
2. PERSONAL INFORMATION WE PROCESS
Personal information is defined as information that we can relate to you or that we or our service providers and affiliates could combine with other information to relate to you ("Personal Information").
The Personal Information we collect will depend on how you interact with the App and any surveys or communications sent between you and us. The App is focused on collecting information:
- About how you use the App and interact with it, when you access or use the App in any way;
- About the performance of the App; and/or
- On your experience with the App, and/or our website through surveys or communications with you.
2.1 Personal Information necessary for performing our services
Our primary purpose in collecting Personal Information is to provide you with a secure, smooth, and efficient user experience,
We may use your Personal Information to:
- Provide you with the services of the App;
- Authenticate you when you sign into your account;
- Prevent loss or fraud;
- Prevent potentially prohibited or illegal activities and enforce our Terms and Conditions of Use;
We process your Personal Information in order to fulfill our duties and exercise our rights under the agreement when you register for our App. To use the App, you must create an account. When you create an account, we collect Personal Information about you, including:
- Contact information, such as your full name, email address, phone number, and other similar information and other information you provide in your account
- Payment data (only when you register a fee-based account)
- You age, height, and weight; and/or
- Your fitness goals
- Your exercise results
- Other personal data on the pages or services you access, your location, mobile network information, device type, standard web log data, and Internet protocol address; and any other Personal Information that you choose to submit to us.
Our Service operates by creating and analyzing audio and video recordings of you through your mobile device. These audio and video recordings will only be stored and processed in your mobile device as long as you use our App and are logged into your account. The recordings will be deleted as soon as you log off.
The legal basis for this data processing is the necessity for the performance of a contract (e.g. the user agreement) with you according to Art. 6 Ssec. I b) GDPR.
2.2 Integration with music apps
If you have an account with the music streaming services „Spotify“ by Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden or „Apple Music“ by Apple, Inc., 1 Apple Park Way Cupertino, California, 95014-0642, United States, you can connect our App to these services so that you can listen to your own music during your workout. In this case, we will transfer your email address to the streaming service. The service provider will in turn request you to log on to your user account with the streaming service. If you log on, we will get access to some of the personal information in your user account such as albums, songs, artists, playlists, music videos, stations, ratings, charts, recommendations, and the user's most recently played content. We will process this data only to execute the playback of your music in our App.
The legal basis for this data processing is your consent according to Art. 6 Ssec. 1 a) GDPR.
2.3 Additional Data Processing
We may also process Personal Information in order to provide you with a customized user experience, and to refine, test, and improve our App. We may use your Personal Information to:
- Commercial Purposes, direct communication
- Track your use of the app in order to better understand your preference and to measure the effectiveness of our ad campaigns and deliver targeted marketing
- Send you service update notices, promotional offers, and campaign updates based on your communication preferences;
- Send you things in the mail, such as for a campaign or promotion you opted into; and
- Compare information for accuracy, compile it with other information for completeness, and verify it with third parties;
- Customize, measure, and improve the Service;
- Create a data set for training our algorithms;
- Carry out other purposes that are disclosed to you and to which you consent.
We may combine all the Personal Information we collect in order to understand your interests better and to analyze customer trends.
For the above-mentioned use of your data for commercial purposes as well as direct communication with you about our products and services, we will specifically ask you for your consent. This consent is the legal basis for the data processing according to Art. 6 Ssec. 1 a) GDPR.
For any direct communication with you via email, we use the service provider ActiveCampaign, LLC., 1 North Dearborn St, 5th Floor Chicago, IL 60602, USA (“ActiveCampaign”). ActiveCampaign acts as a data processor in accordance with our instructions. We have concluded a data processing agreement in accordance with Article 28 of the GDPR. Active Campaign is certified under the EU-US Privacy Shield and as such guarantees a sufficient level of data protection. More information on the GDPR compliance of Active Campaign can be found here: https://www.activecampaign.com/gdpr-updates/.
In all other instances, we process your Personal Information based on our legitimate interest to improve our Service and to provide you with information about additional services we think might interest you according to Art. 6 Ssec. 1 f) GDPR.
2.4 Data Processing for the establishment, exercise or defence of and against legal claims
We may process your Personal Information in order to collect a debt from you; to establish, exercise, defend our claims against you or to defend against claims by you in judicial or extrajudicial proceedings.
Our legal basis to do so is our legitimate interest according to Art. 6 Ssec. 1 f) GDPR.
2.5 Data Processing as required by law
We may process your Personal Information if it is necessary or where we have reason to believe that it is necessary for an investigation or decision to investigate a breach of the laws of Germany, the European Union, or a foreign jurisdiction, and we are legally permitted to do so. We also may disclose your Personal Information where we are required by law to do so, especially to disclose it to an authority. In this case we will process your Personal Information on the legal basis of Art. 6 Ssec. 1 c) GDPR.
2.6 Data processing through embedded technological means
When you use our App, we may collect Personal Information that is automatically sent to us by the App. This information may include your numerical IP address. We may also collect other information, such as the device you use, which pages you view, and the files you request.
We use embedded technological means to offer you certain functionalities, to recognize you as a customer, to customize the Service, content, advertising, marketing, and targeting, and to measure promotional effectiveness.
The legal basis for the data processing described below is the consent you provided during your registration or by voluntarily using the third-party service, Art. 6 Ssec. I lit. a GDPR.
In this respect, we use the following tools:
We have integrated the Adjust Software-Development Kit into our App in order to analyze through which marketing channel you came to Fitness Ally and to better understand how effective our ad campaigns are. To this end, Adjust uses your pseudonymized ip address as well as other mobile identifiers. Your data is not used for any other purpose or combined with your other personal data.
Further information about Adjust can be found here:
GDPR Statement: https://www.adjust.com/terms/gdpr/
Authenticate by Google
You can register to our service using "Authenticate by Google", a service of Google Ireland Ltd. , Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
When you register with Google, you will be redirected to a Google page, embedded in our App, where you can log in directly with your Google account data. If you register or login with Google, the following personal data will be transmitted to us by Google: first name, last name and email address. Google can also inform you which of your data will be transmitted, for which you can give your consent or refuse it. We use the information transmitted by Google to identify you and to verify the authenticity of the information you provide. No personal data will be transmitted by Google to us without your consent. Conversely, Google can determine via your registration via Google that and when you have registered with us.
The data collected during registration will be stored by us as long as you are registered on our website and will subsequently be deleted. Legal retention periods remain unaffected.
The login to your account can also be done via an existing account at the social media platform Facebook of Facebook Inc. 1601 S. California Ave Pal Alto, CA 94304 USA ("Facebook"). If you select this option, you will be redirected to the Facebook page where you can log in with the username and password of your Facebook account. Your registration will enable our App to exchange data with Facebook. We only have limited influence on the extent of the data exchange. We only use the necessary data to identify you as a user.
Sign in with Apple
You can login to your account using “Sign in with Apple” by Apple, Inc. One Apple Park Way, Cupertino, CA 95014, USA (“Apple”). If you select this option, you will be redirected to the Apple Login page where you can log in with your Apple ID. Using Apple ID, you can select which date is transferred back to us. If you choose so, we will only receive a pseudonymous identifier.
Further Information on Sign in with Apple can be found here: https://support.apple.com/en-us/HT210318
The legal basis for the processing of personal data when using the Authenticate , Facebook Connect or “Sign in with Apple” registration is Art. 6 para. 1 lit. a GDPR (your consent).
3. HOW COMPANY DISCLOSES PERSONAL INFORMATION
3.1 Third Parties
We may transfer or provide access to your Personal Information to third party service providers that assist us with the data processing detailed above. Some of our third-party affiliates may be in Canada, USA and other countries. We use the following service providers:
- Google Ireland Limited, with offices at Gordon House, Barrow Street, Dublin 4, Ireland (Google Firebase as App backend)
- Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg (Hosting of Web Application)
- Twenty Billion Neurons Inc., 310 Spadina Avenue, Suite 301, Toronto, Ontario, M5T 2E7, Canada (Development and Support Services)
- Stripe, Inc., 510 Townend Street, San Francisco, CA 94103, USA
- Adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin
Google, Microsoft Corporation and Stripe, Inc. are certified under the EU-US Privacy Shield, the EU Commission has issued an adequacy decision according to Art. 45 GDPR for private sector controllers in Canada. As such, an adequate level of protection is ensured.
Those third parties are engaged as data processors based on a data processing agreement according to Art. 28 GDPR. In certain instances where this is not the case, we require that our service providers and/or third-party affiliates use the same standards we use in safeguarding your Personal Information. However, if your Personal Information is used or stored outside of the European Union, it might also be subject to the laws of the country in which it is used or stored.
3.2 Sale of Data
We may share or sell aggregated, non-personally identifiable (anonymized) information with or to our service providers and third-party affiliates. We may also share anonymized information publicly, for example to show trends about the general use of the Service.
4. OUR WEBSITE
When you visit our website https://fitnessallyapp.com/ we process personal data in order to establish and maintain a connection to your browser in order to display the website. The legal basis for this processing is our legitimate interest to provide the website to you, inform about and promote our services.
4.1. Contact form
You can send us an enquiry at any time using the contact form on our website. To do so, you have to provide your email address. Any further data, which you transmit to us in the context of your inquiry, including the message field, is provided voluntarily.
We use this data exclusively for answering your inquiries and the respective communication. The legal basis of this processing of your data depends on the content of your request. In general, our legitimate interest in providing the contact functionality and responding to your enquiry transmitted applies. Where your request is aimed at concluding a contract with us, the processing is based on the necessity for taking steps prior to entering into a contract.
Your data will be deleted as soon as your request has been processed. In case of a contract conclusion we process the data if necessary for the fulfilment of the contract.
4.2. Email Newsletter
You can register for our newsletter on our website. In this case, we send you service update notices, promotional offers, and campaign updates based on your communication preferences. Sec. 2.3. above applies.
4.3. Google Fonts
We use so-called web fonts from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") to display fonts. When you visit our website, your browser loads the required web fonts into your browser in order to display texts and fonts correctly. To do this, your browser connects to Google’s servers, which tells Google that our website has been accessed via your IP address. The use of Google Fonts is based on the legal basis of our legitimate interest in a uniform and attractive presentation of our web pages. If your browser does not support Google Fonts or Web Fonts, a standard font is used by your device.
Technically necessary cookies are usually deleted automatically when you close your browser (session cookies), or, in other cases, only after some time (persistent cookies). The duration of storage of persistent cookies is determined by the provider and can be viewed by you in your browser.
We use the following tracking and marketing cookies:
This website uses Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google collects information about your use of this website (including your IP address) in the USA via a cookie and stores this information. However, we use Google Analytics exclusively with an anonymisation function in which the IP address is reduced before Google transmits it within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to Google in the USA and only shortened there. Google analyses the information collected and sends us reports on the usage activities on our website and provides us with additional services for this purpose. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
In addition to blocking all cookies by your browser, you can prevent Google from processing your data by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en
Our website contains a social plugin of the microblogging service Instagram of Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA ("Instagram"). The corresponding button can be recognized by the Instagram logo. If you like content from our website, you can use the share buttons to share it directly on Instagram. When you do so, your browser establishes a direct connection to the servers of Instagram. When the connection is established, various information including your IP address is sent to Instagram in the USA and stored there. Through this Instagram learns that your browser has called up the relevant subpage of our website. This is also true if you do not have a user account with Instagram or are not logged in at the time of visiting our website.
If you are logged in to your Instagram account at the same time, Instagram assigns your visit to our website as well as any further interaction with the plugin (pressing the respective consent buttons, comments) directly to your account and stores this information. These actions may also be visible to other users of the network. You can prevent this data processing by not using the share button. You can also log out of Instagram before visiting our site. In addition, you can also use add-ons such as the script blocker "NoScript" (http://noscript.net/) for your browser to generally prevent the execution of social media plug-ins.
4.5. Recipients of data
Some of the processing of your personal data on our website is also carried out by data processors, in particular the hosting of the website, the dispatch of newsletters and the use of analytic tools. These are included exclusively on the basis of an agreement about the commissioned data processing in accordance with Art. 28 Ssec. 3 GDPR.
HOW DO WE PROTECT PERSONAL INFORMATION
The security of your Personal Information is important to us. We protect your Personal Information by maintaining physical, organization, and technological safeguards appropriate to the sensitivity of such Personal Information. Personal Information may only be accessed by persons within our organization who require such access to provide you with the services indicated above.
Although we take precautions against possible breaches of our security systems, no company can fully eliminate the risks of unauthorized access to your Personal Information and no website is completely secure. We cannot guarantee that unauthorized access, hacking, data loss or breaches of our security systems will never occur. Accordingly, you should not transmit Personal Information to us using our Service if you consider that information to be sensitive.
6. RETENTION OF PERSONAL INFORMATION
We delete personal data as soon as the legal basis for its processing expires. If there are several legal bases for a situation, the deletion occurs with the expiration of the last legal basis, for instance, after fulfillment of all legal storage obligations. We process Personal Information based on:
- your consent until it is revoked or becomes invalid,
- the necessity for the performance of a contract or to take steps prior to entering into a contract until the contract or the preliminary negotiations are terminated
- our legitimate interest until it is fulfilled or expires
- a legal obligation until it is fulfilled or expires.
7. THIRD-PARTY WEBSITES
8. RIGHTS AS DATA SUBJECT
If your personal data is processed, you are a data subject within the meaning of Art. 4 para. 1 GDPR. As a data subject, you have the following rights regarding your personal data. To exercise these rights, please contact us using the contact details above.
8.1. Right of access by the data subject according to Art. 15 GDPR
You have a right of access concerning your personal data processed by us. This includes the mandatory information set out in Art. 15 GDPR.
8.2. Right to rectification according to Art. 16 GDPR
You have the right to request the immediate correction of inaccurate personal data and the completion of incomplete personal data.
8.3. Right to erasure according to Art. 17 GDPR
You have the right to request the erasure of your personal data if one of the grounds mentioned in Art. 17 GDPR applies, if there is no longer a legal basis for the processing.
8.4. Right to restriction of processing according to Art. 18 GDPR
You have the right to request the restriction of the processing of your personal data if one of the grounds mentioned in Art. 18 GDPR applies, at your request instead of deleting the data.
8.5. Right to data portability according to Art. 20 GDPR
You have the right to request all personal data stored by us about you in a structured, commonly used and machine-readable format or to transmit this data to another controller without obstruction by the controller to whom the personal data was made available.
8.6. Right to lodge a complaint with a supervisory authority according to Art. 77 GDPR
According to Art. 77 GDPR, you have the right to file a complaint with the supervisory authority responsible for you.
8.7. Right to object and right to withdraw consent
Where the data processing is based on your consent or our legitimate interest, you have the right to object to the processing or to withdraw your consent at any time. Your objection or withdrawal only has an effect for the future. Where the cookies used offer their own technical options for deactivation, this is explained above. You may contact us at any time to exercise your right of objection or revocation. If you object to processing based on our legitimate interest, we may, in cases other than direct marketing, nevertheless continue processing if we can prove compelling reasons worthy of protection which outweigh your interests, rights and freedoms.
9. HOW TO CONTACT US
c/o HK2 Comtection GmbH
Hausvogteiplatz 11 A
Telephone: +49 (0)30 27 89 00 - 180