Privacy Policy - BodyControl Training

Preamble

This service (hereinafter refered to as „App“) is provided by the Body Control GmbH, Hans-Henny-Jahnn-Weg 53, 22085, Hamburg (hereinafter „we“ or „us“) as the liable party in regards to the applicable Privacy Law.

Within the scope of the App we enable the retrieval and representation of the following information:

-Accounts are created by Administrators of the App, login details are sent to the user via E-Mail.

-Upon first registering, a unique key is assigned to the user and is used as means of identification.

-All the data collected and sent to our servers is used exclusively for the purpose of keeping track of time.

While using the App, we will process your personal data. Personal data pertains to all data that is related to an identified or identifiable natural person.

Because the protection of your privacy whilst using the App is important to us, we would like to use the following statements to further detail which personal data we will be proccessing when you are using the app and in what ways we handle your data.

Furthermore, we will detail the legal bases for the proccessing of your data and, in the case that the proccessing of your data is required for the protection of our legitimate interests, we will detail the related legitimate interests.

You can access this Privacy Policy at any time under the „Privacy Policy“ menu option within the App.

1. Information in regards to the processing of data

Certain information will be proccessed automatically when using the App. Which Personal Data is processed is detailed below:

1.1 Information collected during download

When downloading the App, certain, required, information is transmitted to the App Store you are using (e.g. Google Play or Apple App Store), in particular, this could include your username, E-Mail address, the customer ID of your account, time of download, payment methods as well as device identification being proccessed. The proccessing of this data is being done exclusively by the Google Playstore/AppStore and therefore falls outside of our purview.

1.2 Information that is collected automatically

As part of your use of the App, data that is required to use the App will be collected automatically. These include: internal id of the device, version of your operating system, time of access.

This data will be transmitted to us automatically, but it will not be stored, (1) to provide you with the service and its functions ; (2) to improve the features and performance characteristics of the App and (3) to prevent and eliminate misuse and

malfunctions.

This proccessing of data is justified by (1) the fact that the proccessing of data for fulfilling the contract between you, the user, and us in accordance with sec. 6 para. 1 sentence 1 lit. b EU-GDPR is required for using the App or (2) we have a legitimate interest in ensuring the functionality and error-free operation of the App and in providing a service in line with the customers interest and the market that outweighs your Rights and interests in the protection of Personal Data in accordance with sec. 6 para. 1 sentence 1 lit. f EU-GDPR.

1.3 creating a user account(registration) and logging in

When requesting login data for a user account or log in, we use your access data to provide access to your user account (sent via E-Mail) and to manage the account (Mandatory information).

In the scope of registration, mandatory information is marked with a asterisk and are required for the conclusion of the liscence agreement. If this information is not provided, creation of a user

account is not possible.

The mandatory information is used for authentification on log in and to follow up on requests to reset the password. The data entered during registration or log in will be proccess and use by us to (1) to verify your authorization to manage the user account: (2) enforce the app’s terms of use

and all associated rights and obligations and (3) contact you, to send you any technical or legal information, updates, security messages or other messages that pertain to the management of your user account.

1.4 Using the app

Within the scope of the app, you can enter, manage and edit various kinds of activities, tasks and information. This information includes in praticular data pertaining to progress in training and physical data collected by the app, as well as the times and time symbols recorded by the user. The unique key given upon first registering will be used as the means of identification. The data collected will be transmitted to our servers exclusively as a time recording system.

The app furthermore requires the following permissions:

– Internet access: this is required to tranmit the recorded data to our servers via an encrypted connection. A unique key that can only be assigned to the respective user on the server side will be used for indentification purposes. An automatic service that, when the app is in use, periodically checks whether data needs to be transmitted and transmits it where appropriate is used for this purpose.

– camera access: this is required to upload pictures for the user profile or as attachments in the messenger.

The proccessing and use of usage data is used to provide the service.

This proccessing of data is justified by the fact that the proccessing of data for fulfilling the contract between you, the user, and us in accordance with sec. 6 para. 1 sentence 1 lit. b EU-GDPR is required for using the App.

2. Disclosure and transmission of data

In addition to the cases explicitly mentioned in this privacy policy, disclosure of personal data without your express prior consent only occurs when it is legally admissible or required. This may be the case, inter alia, if the proccessing is neccessary to protect the vital interests of the user or another natural person.

2.1 The data provided upon registration is shared within our company, Body Control GmbH, for the purpose of administration, including shared

customer support, to the extent necessary.

Any transfer of personal data is justified by our legitimate interest in sharing the data for administrative purposes within our company and

with contractual partners and that your Rights and interests in the protection of Personal Data in accordance with sec. 6 para. 1 sentence 1 lit. f EU-GDPR do not outweight our legitimate interests.

2.2 should it be neccessary for the investigation of unlawful use or misuse of the app, or to help in prosecutions, personal data will be passed on to the law enforcement authorities or other authorities as well as potential third parties that were caused harm along with their legal advisors. This will only occur in the case that there is indication of unlawful behaviour or misuse of the app. Passing along of data can also occur in the case that this is required to carry out terms of use or other legal claims. Furthermore, we are legally required to pass along data to certain public bodies upon request. These include law enforcement authorities, authorities responsible for persecuting fines and tax authorities.

Any transfer of personal data is justified by the fact that (1) the proccessing of the data is required to fullfil legal obligations which we are obligated to follow in accordance with sec. 6 para. 1 sentence 1 lit. f EU-GDPR in conjunction with national legal obligations in regards to the transfer of data to law enforcement authorities which we are subject to or (2) in the case that we have a legitimate interest in

passing on the data to the above mentioned third parties in the case of indications of misuse or for the purpose of carrying out our terms of use, other terms and conditions, or to fulfill legal claims, provided that your Rights and interests in the protection of Personal Data in accordance with sec. 6 para. 1 sentence 1 lit. f EU-GDPR do not outweight our legitimate interests.

2.3 To provide our service, we require the aid of partners bound by contract and external service providers

– Body Control contractual partners (Personal trainer and service provider in the areas of fitness and excercise)

Any transfer of personal data is justified by (1) our legitimate interest in sharing the data for administrative purposes within our group of companies and that your Rights and interests in the protection of Personal Data in accordance with sec. 28 para. 1 sentence 1 EU-GDPR do not outweight our legitimate interests and that we have carefully selected our partners, regularly verify that they process personal data only in accordance with our instructions and that they are contractually obligated to do so.

2.4 in the proccess of growing our business, it is possible for changes within the steucture of our company to occur by changing the legal form, establishing, buying or selling subsidiaries, parts or components of the company.

In the case of such transaction, customer data may be transfered along with the transfered part of the company. In any cases of passing along of personal data to third parties in the above mentioned processes, we take care that this occurs in accordance with this privacy policy and the applicable data protection law.

Any transfer of personal data is justified by our legitimate interest in adapting our company to the economic and legal circumstances should it be required, and that your Rights and interests in the protection of Personal Data in accordance with sec. 6 para. 1 sentence 1 lit. f EU-GDPR do not outweight our legitimate interests.

3. Transfer of data to third countries

We currently process data exclusively within the European Economic Area

4. Change of object

Processing of your personal data for purposes other than those mentioned above only occur if legislation permits or you have agreed to the change of object in the processing of data. In the case of processing of data for purposes other than those the data was originally collected, we will inform you of of the purpose prior to the processing of data and will provide you with any further information essential to this purpose.

5. Period of data storage

We will delete or anonymize personal data as soon as they are no longer necessary for the purposes for which we have collected and processed them in accordance with the sub-paragraphs above. As a general rule, we store your personal data for the duration of the usage of the app or the duration of the contractual relationship via the app plus an additional period of [7] days, during which we store backup copies after the deletion of data, provided that these are not required for a longer period of time for the purposes of legal prosecution or for exercising, defending or asserting legal claims.

Specific declarations within this privacy policy or legal requirements regarding the storage and deletion of personal data, especially those that we are required to store due to fiscal reason, remain unaffected.

6. Your rights as data subject 6.1 right to information

You have the right to request information from us regarding the processing of data in relation to your

person within the scope of Article 15 GDPR at all times. This can be done via email or by post to the address listed below.

6.2 Right to the rectification of incorrect personal data

You have the right to request the immediate rectification of your personal data insofar as this data is incorrect. Please refer to the contact information listed below to do so.

6.3 Right to Erasure

You have the right to, under the conditions laid out in article 17 GDPR, request of us the deletion of personal data pertaining to you. Primarily, these conditions apply when the personal data is no longer required for the purposes for which they were collected or otherwise processed, as well as in case of unlawful processing, of an objection or for compliance with a legal obligation to erase in accordance with Union Law or the law of the member state which we are subject to. To exercise your right to erasure, please refer to the contact

information below.

6.4 Right to restriction of processing

You have the right to demand restriction of processing in accordance with article 18 GDPR.

This right exists in particular if the accuracy of personal data is contested, and for the duration of time needed to check the accuracy fo the data, as well as in the case that, in the event of an existing Right to Erasure, the user request restriction of processing in place of the Right to Erasure; also in the event that the data is no longer necessary for the purposes pursued by us, but the user requires them for exercising, defending or asserting legal claims, as well as in the event that the successful exercising an objection is still being disputed by us or the user. To exercise your right to restriction of processing of data, please refer to the contact information below.

6.5 Right to data transferability

You have the right to receive from us the personal data relating to you that you have provided to us in a

machine-readable format under the conditions laid out in article 20 GDPR. To exercise your right to data transferability, please contact us under the adresses listed in the contact information below.

7. Right to objection

Ypu have the right to object to the processing of your personal data in accordance with article 21. GDPR at any time for reasons arising from your particular situation that occur, inter alia, due to article 6 para. 1 sentence 1 lit. e) or f) GDPR.

We will stop processing your personal data unless we can prove that we have compelling legitimate reasons for the further processing that override your interests, rights and freedoms, or i the case that the processing of data serves the purpose of exercising, defending or asserting legal claims.

8. Right to complaint

Furthermore, you have the right to contact the competent supervisory authority in the case of a complaint.

The competent supervisory authority is:

Der Hamburgische Beauftragte für Datenschutz und

Informationsfreiheit (Hamburg Commissioner for Data Protection and Freedom of Information)

Ludwig-Erhard-Str 22, 7. OG

20459 Hamburg

9. Contact

Should you have any questions or comments regarding our handling of your personal data, or wish to execrise your rights under articles 6 and 7 as data subject, please contact our IT-Hotline under the following contact details:

Body Control GmbH

Datenschutzbeauftragt:

Hans-Henny-Jahnn-Weg 53

22085 Hamburg

E-Mail: info@bodycontrol.io

10. Changes to the privacy policy

We always keep this privacy policy up to date.

Therefore, we reserve the right to make changes from time to time, and to update any changes to the collection, processing or usage of your data.

The current version of our privacy policy is always available under the „Privacy Policy“ tab within our app.

Dated: 29.09.2021

Body Control Intranet