Privacy

The subject of data protection is HeathVida GmbH & Co. KG close to the heart, and HeathVida GmbH & Co. KG would therefore like to make it as transparent as possible for the user as to how and for what purpose his data will be used. For example, some information is required in order to be able to offer the user personalised functions and content in FasticApp or on other associated platforms, or to be able to offer the user suitable offers relating to FasticApp services (such as information on additional content, special offers and discounts for FasticApp services). Of course, the user’s data is handled responsibly and only used within the framework of the applicable data protection laws, in particular the EU Data Protection Basic Regulation (EU-DSGVO).

In particular, FasticApp and all related offers and services are constantly improved and better tailored to the needs of users. However, this can only succeed if it is observed and evaluated how these offers and services are used. In the following the user is informed comprehensively about what happens with his data – above all about what happens how and why with it. All information that must be provided in accordance with the EU data protection basic regulation are also listed here. HealthVida GmbH & Co. KG is responsible for the protection of personal data and compliance with the basic EU data protection regulation. HeathVida GmbH & Co. KG, Jacobistr. 18 01309 Dresden (hereinafter referred to as “FasticApp” or the “Provider”). It operates the above-mentioned services. Further contact data, contact persons and mandatory data for HealtVida GmbH & Co. KG can be found in the imprint or on the website www.getfastic.com as well as within FasticApp.

For questions about data protection to HealthVida GmbH & Co.KG or if the user should exercise his rights regarding data protection (see below), he can contact the data protection officer of Health Vida GmbH & Co. KG at any time. He can be reached at the e-mail address datenschutz@getfastic.com or by letter post to HealthVida GmbH & Co.KG, Jacobistr. 18, 01309 Dresden.

This data protection guideline applies to all online offers and services that can be accessed under the brand “Fastic”.
the smartphone app Fastic for iOS and Android
the website concerning FasticApp under the domain www.getfastic.com as well as other domains that refer to it
The above offers and services are hereinafter simply referred to as “Services”.
Index:
► The most important facts at a glance
I. What data is collected when using the FasticAPP service?
II. Why is this data processed?
III. Does data also go to third parties or to other EU countries?
► The rights of the user as data subject
► The individual data processing operations in detail
A. Data processing for the provision of FasticApp services
– Register user account and manage profile (with e-mail address)
– Register user account and manage profile (via Facebook Sign-in)
– Contact form and support requests (via e-mail service provider)
– HealthKit and Google Fit connection
– WhatsApp Business Solution Integration
– (Further) Cookie-based functionalities
B. Improvement of the FasticApp Service
– Storage and processing of FasticApp usage data (via GF)
– Evaluation of the user behaviour on the Fastic website and Fastic App (via Google Analytics)
– Evaluation of the usage behaviour in the FasticApp (via Google Analytics for Firebase)
– Evaluation of the user behaviour of FasticApp services (via smartlook)
C. Optimization of our communication and marketing channels
– Marketing campaigns with Custom Audiences (via Facebook Pixel or Custom App Events via Facebook SDK)
– Marketing optimization and evaluation of the FasticApp usage behavior in the FasticApp (via Adjust)-
► Modification of the data protection declaration
► Contact person for data protection and data protection officer

► The most important facts at a glance
I. Which data is collected when using the FasticApp service?
Direct input of plain data. If the user logs on to FasticApp, registers, buys premium content or uses a contact form for support requests, the provider uses the appropriate forms to request personal data from him, which are identifiable and directly related to him or his identity (so-called plain data).
This data includes in particular the name of the user, title, e-mail address and password. In the case of chargeable services, the provider also requests further contact data (postal address, telephone number) as well as shopping basket details and payment data, if applicable. In addition, the user may voluntarily provide further personal information, which will then also be stored, for example in his user profile.
Data particularly sensitive under data protection law (so-called special categories of data according to Article 9 DSGVO – such as health status, ethnicity, ideology, genetics, intimacy) are not queried at any point. Likewise, there are no special services or offers for children.
Data enrichment. The provider enriches the data of the users occasionally by own observations, however only with regard to assumed interests and only as far as described in these data protection references. An example: Once a user has started a unit, an interest on his part is assumed to continue it and enriches the record with it to remind the user of it in the app.
Data provision by third parties. In some cases, personal data can also be provided to the provider by third parties when individual functions or services are used. This is the case, for example, if the user uses a sign-in service, such as Facebook, to log in to the FasticApp service.
Pseudonymised data. In addition, data are also processed which have no directly recognisable reference to the user as a person (so-called pseudonymised data). Pseudonymised means that the user or his computer or browser could be recognised by an ID (“pseudonym”), but it is not possible to find out exactly who the user is or how to contact him by the usual means. In other words: pseudonyms are not combined with plain data such as name or e-mail address, simply because in this case we do not need to know more than necessary.
This applies, for example, if the provider wants to find out which screens are clicked particularly frequently in the FasticApp and which are not, or if the provider does not always want to display the same content to the user in the app.
Further details. If the user should know individual things even more precisely, the details were compiled for this in the chapter “The individual data processing operations in detail”.
II. Why is this data processed?
The processing of personal data is carried out primarily for the following purposes or on the basis of the following legitimate interests:
– Personalization: to show the user his progress, to suggest the FasticApp content that best suits the user’s needs, or to inform the user via email or push notifications about content, tips and offers of interest to him;
– Optimization: to find out what particularly excites or disturbs users and how services can be improved;
– to secure the operation: to recognize and ward off attack patterns and to uncover errors in the system in order to prevent the user from receiving e-mails from the provider against his will;
– Financing: to process orders from users of premium content, or to provide the user with personalized discounts, vouchers and offers;
– to maintain the customer relationship and direct marketing on their own behalf: to inform the user about new offers and functions;
– to prevent fraud, to verify a specified delivery address and to check creditworthiness, the outcome of which the provider may make dependent on the payment options offered to the user;
– for the fulfilment of legal requirements, in particular commercial and tax obligations, if necessary, also information obligations towards authorities as well as for the defence or enforcement of claims;
The processing of personal data is carried out lawfully on the basis of the EU Basic Data Protection Regulation, namely – depending on the case – on the basis of the consent of the user, the conclusion of a contract with the user, the fulfilment of legal or official requirements and/or after weighing legitimate interests in the individual case (see DSGVO Article 6 paragraph 1 letters a), b), c) and f)).
If the provider processes data on the basis of a consent or on the basis of a weighing of legitimate interests, he does so only as long as the user does not contradict or revoke the consent. Further details will be given below.

III. Does data also go to third parties or to other EU countries?
FasticApp waives the commercial transfer of user data (sale, rental) to third parties and does not engage in address trading.
However, the provider does not do everything himself, but has called in some service providers. Some service providers will have to have or at least have access to personal data. This applies in particular to the technology with which the provider operates, monitors and analyses his service or individual functionalities and offers. In addition, this concern, among other things, the billing of orders and the collection of due invoices.
The provider commissions all these service providers in writing strictly in accordance with the requirements of the EU Basic Data Protection Regulation and, for example, has technical and organizational measures explained with which the service providers protect the personal data entrusted to them from misuse. If necessary, contracts for order processing are concluded with the client for this purpose.
Some of the IT service providers commissioned by the provider are not based within the EU or the European Economic Area (EEA) or store and process personal data there. Insofar as the EU Commission is the opinion that these areas do not already have the same level of data protection as Germany, the provider always insists on the guarantees required under data protection law for such a transfer abroad. As a rule, this is the conclusion of data protection contracts stipulated by the EU Commission (so-called EU standard contract clauses), and especially in the case of transfers to the USA, participation in the so-called EU-U.S. Privacy Shield.
In some cases, the provider also gives data to third parties, who then process the data on their own responsibility, while complying with data protection regulations. This includes, for example, the services of providers such as Facebook, for example if the user registers with the provider via the Facebook sign-in. Further details will be provided in the next chapter.
► The rights of the user as data subject
According to the EU data protection basic regulation, the user has the right to request information on his personal data (see Article 15 DSGVO), as well as a rectification (see Article 16 DSGVO), deletion (see Article 17 DSGVO) or at least the restriction of the processing (see Article 18 DSGVO) of his personal data.
The user also has the right to data transferability (see Article 20 DSGVO). In addition, the user naturally has the right to revoke at any time a consent granted for the processing of personal data (Article 7 DSGVO) as well as to object to a processing carried out on the basis of a balancing of legitimate interests (see Article 21(4) DSGVO). In addition, the user has the right to appeal to the competent data protection supervisory authority. The authority responsible for the user is the supervisory authority “Der Sächsische Datenschutzbeauftragte” (The Saxon Data Protection Commissioner) for the state of Saxony (house address: Devrientstraße 5, 10167 Dresden; Postal address: post office box 11 01 32, 01330 Dresden; Tel: +49 (0) 351 493-5401; Fax: +49 (0) 351 493 – 5490; Email: saechsdsb@slt.sachsen.de; Internet: http://www.datenschutz.sachsen.de).
If the user has any questions about this or other data protection issues to the provider or wishes to exercise his rights with regard to data protection, the user is welcome to contact our data protection officer. The user can contact him at the e-mail address datenschutz@getfastic.com or by mail to HealthVida GmbH & Co. KG, Jacobistr. 18 01309 Dresden.
► The individual data processing operations in detail
In order to provide the user with an easier overview, this privacy policy has been structured according to the extent to which it affects (A) the basic provision of FasticApp services and functionality, (B) the optimization of our services, or (C ) the optimization of our marketing activities.
A. Data processing for the provision of FasticApp services
The following sections provide details on the individual areas, services, and functionalities involved in providing FasticApp services.

Register user account and manage profile (with e-mail address)
With FasticApp, the user can log in directly to FasticApp. The user’s name, gender, height, weight, target weight and age are queried. An e-mail address is also required for registration. This creates a user account. In case of registration, the user will receive a confirmation email to complete his registration. If the user registers alternatively with his Facebook account, the next section must also be observed. In the case of direct registration in the FasticApp, a confirmation link is sent to the user once for verification at the specified e-mail address. This is to ensure that the provider uses the correct e-mail address for the subsequent e-mail communication and that the provider can correctly assign the user to his user account via the e-mail address. After successful login, an authorization token is stored in the app. The token is deleted from the smartphone when the user logs out of his user account using the logout function. With this authorization technique, the provider prevents his access data from being stored locally on the smartphone. In addition, the app only collects inventory data that the user provides in the context of a login, registration or other contact with the app itself. This data is used on the basis of the user’s consent (see DSGVO Art. 6 para. 1 letter a)).
The provider creates a user profile from this personal data in order to be able to offer the basic functions of the App Services on various platforms (iOS, WebApp, Android). The processing of this data is therefore carried out in order to fulfil its obligations in accordance with the usage agreement pursuant to DSGVO Art. 6 Para. 1 Letter b). In addition, the provider also uses individual user account data for other purposes, such as in connection with newsletters or push messages, orders and support enquiries. Further details can be found below in the details of the respective data processing.
The provider does not pass on user account data to third parties for commercial purposes, in particular not for address trading. However, the provider has used an IT service provider to store this data, namely Google Firebase (GF), a Google subsidiary based in San Francisco (CA), USA – see also – see also https://firebase.google.com. In accordance with the requirements of the DSGVO for the involvement of IT service providers, the provider has concluded a written agreement with GF on the processing of data on its behalf. GF stores and processes personal data strictly in accordance with the provider’s instructions. However, this may also take place outside the territory of the EU or the EEA, in particular in the USA. In order to achieve a level of data protection comparable to that of the DSGVO, the provider has concluded the data protection contracts (so-called EU standard contract clauses) officially stipulated by the EU Commission in this respect and has also attached importance to the fact that GF is registered with the so-called EU-U.S. Privacy Shield and has subjected itself to the corresponding regulations.
Revocation / Opt-Out possibility: The user has the possibility to delete his profile and all personal data stored in it at any time by sending his revocation to datenschutz@getfastic.com . The provider then forwards this revocation to GF, which has undertaken to delete the relevant data. The provider also deletes the user account if the user does not actively use any of the FasticApp services for a period of three years. If and to the extent that the data associated with the user account can and must still be used for purposes which have not yet ceased to exist at the time of the desired or planned deletion, the data records will at least be blocked or limited to certain processing purposes instead of being deleted. This is in particular the case with legally mandatory retention obligations such as corresponding commercial and tax regulations. The latter can amount to up to 10 years (see § 147 Abs. 3 Abgabenordnung).
Register user account and manage profile (via Facebook Sign-in)
As an alternative to registering by e-mail, the user can also register with the provider using the Facebook Sign-In. In the course of such registration, Facebook, represented by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, will process data from the user and the FasticApp will provide data from the user to Facebook. The FasticApp first stores the information that the user has registered in the FasticApp via the so-called Facebook Sign-In. This information is recorded in the form of a token in the user’s account with the provider until the user deletes his registration with the provider. If the user cancels the connection to his Facebook profile in the Facebook settings, the token also becomes invalid. His access data to Facebook, on the other hand, are never stored by the provider. Likewise, FasticApp is not given the opportunity to post or share content on Facebook on behalf of the user. The provider of Facebook receives and processes the following data if the user uses the Facebook sign-in: his e-mail address, his so-called “public information” on Facebook and any that the user makes publicly accessible or releases for the respective application. “Public” in connection with Facebook means that everyone can also see this data outside Facebook. This includes the user’s Facebook name, his profile and title picture, his user name (Facebook URL) and his user identification number (Facebook ID). The user receives an overview of what information is public in his profile and what data the user releases to which applications in his Facebook App settings in his Facebook profile. If the user uses the Facebook sign-in, Facebook may process data on his use of the FasticApp services. This is beyond our control. More detailed information on the type, purpose and scope as well as the user’s further processing and use of his data by Facebook can be found directly in the data protection information on Facebook. After the user has consented to the transfer of his data during registration via Facebook Sign-In, this data is stored and processed on a server operated by Google Firebase (GF). GF will then process the data as described in the section above. FasticApp uses this personal data to create a user profile that can be used to provide the basic functionality of FasticApp services on various platforms (iOS, WebApp, Android). The processing of this data is therefore carried out in order to fulfil our obligations in the sense of the usage contract according to DSGVO Art. 6 Para. 1 Letter b). The provider does not additionally verify his e-mail address by means of a confirmation link by e-mail when registering via Facebook, as the user’s e-mail address is verified via Facebook.
In addition, the provider uses individual data of the user account of the user and for his use of the Fasten-App Services also for other purposes, such as in connection with newsletters or push messages, orders and support enquiries. The user will find further details on this at the bottom of each page in the more detailed information on the corresponding data processing operations.
In addition, the provider refers the user to Facebook’s data protection notices regarding the reasons, storage locations and authorised users for data processing by Facebook.
Revocation / Opt-Out possibility: In order to prevent Facebook from collecting information about the user during the user’s visit to our websites, the user should disconnect his profile from the provider and delete a possibly existing Facebook cookie from his browser (instructions for deleting in Microsoft Internet Explorer. Delete instructions in Mozilla Firefox. How to delete in Safari).
If the user wishes to disconnect his profile from the provider with Facebook, he should log on to Facebook and make the necessary changes to his profile there. The provider then no longer has the right to use information from his Facebook profile for his own purposes. The user should then request his own password from FasticApp using the “Forgot password” function. If the user wants to delete his Facebook data from his FasticApp registration, the user should delete his entire FasticApp profile. The user can do this at any time by writing to the provider at the e-mail address info@getfastic.com . Should the user wish to change his details on Facebook that have been transmitted to FasticApp, he can also make these changes at FasticApp. FasticApp does not send any of its FasticApp profile contents to Facebook. The user also has the option of deleting his profile and all personal data stored in it at any time by sending his revocation to datenschutz@getfastic.com . The provider then forwards this revocation to GF, which has undertaken to delete the relevant data. The provider also deletes the user account if the user does not actively use FasticApp services for a period of three years.
If and to the extent that the data associated with his user account can and must still be used for purposes which have not yet ceased to exist at the time of the desired or planned deletion, the data records will at least be blocked or restricted to certain processing purposes instead of being deleted. This is in particular the case with legally mandatory retention obligations such as corresponding commercial and tax regulations. The latter can amount to up to 10 years (see § 147 Abs. 3 Abgabenordnung).

Contact form and support requests (via e-mail service provider)
If the user contacts FasticApp, the email service provider of the provider Google, represented by Google, Google Ireland Limited Gordon House, Barrow Street Dublin 4 Ireland, processes the contact data as well as the content of his request.
Requests via e-mail and contact form can concern communication and contract data as well as user history. In addition, inquiries about the provider’s apps are received by the provider via the contact form of the App Store via email. The data provided will be treated confidentially. The given data and the message history with the customer service of the provider will be stored for follow-up questions and later contacts.
If the user contacts the provider by e-mail or via a form, the provider uses the personal data transmitted by him due to legitimate interests, exclusively to answer the request of the user.
In accordance with the requirements of the DSGVO for the involvement of an e-mail service provider, we have concluded a written contract with Google on the processing of data on our behalf. Google stores and processes personal data strictly in accordance with our instructions. However, this may also take place outside the territory of the EU or the EEA, in particular in the USA. In order to achieve a level of data protection comparable to that of the DSGVO, the provider has concluded the data protection contracts (so-called EU standard contract clauses) officially stipulated by the EU Commission in this respect with Google and also attached importance to the fact that Google is registered with the so-called EU-U.S. Privacy Shield and has subjected itself to the corresponding regulations.
Requests to delete the user profile and to unsubscribe from the newsletter via our contact channels are stored in the provider’s own systems in order to trace and prove that the user’s request has been processed successfully (obligation to provide evidence). The user data (e-mail address, name and user name) are deleted from the provider’s system at the latest after one year and one month. In the case of deletion requests for the newsletter, a connection to the user account of the user can be established using the in-house system, provided that this is the registration address of the user. In the case of requests to delete a user account, no reference can be made to the user account of the user. The data is stored in the system protected from unauthorised access and will not be passed on to third parties.
Revocation / Opt-Out possibility: A deletion of the customer inquiries of the user takes place after 5 years or with direct revocation to datenschutz@getfastic.com.
If and to the extent that the data associated with the user’s e-mail inquiries can and must still be used for purposes which have not yet ceased to exist at the time of the desired or planned deletion, the data records will at least be blocked or restricted to certain processing purposes instead of being deleted. This is in particular the case with legally mandatory storage obligations such as corresponding commercial and tax regulations. The latter can amount to up to 10 years (see § 147 Abs. 3 Abgabenordnung).

HealthKit and Google Fit connection
Apple HealthKit.
The provider uses Apple’s HealthKit framework (see here for more information) (Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA; “Apple”), which provides a central repository for health and fitness data on the iPhone and Apple Watch and, with the express consent of the user, allows Apps to communicate with the HealthKit Store to access and share that data. This connection must be actively activated by the user via his system parameters. The HealthKit connection can be deactivated at any time by the user via his system parameters. From this point on, no more data is exported to the provider. The provider processes the following data obtained through the HealthKit framework and the Apple CoreMotion processor (more information can be found here) for the purposes described below and with the explicit consent of the user: steps, calories, distance, duration and heart rate. New data attributes may be added to the HealthKit framework that are mapped to the FasticApp and that the user must agree to.

Google Fit SDK
The provider uses Google’s Fit SDK (see here for more information), an open platform that allows users to control their fitness data. The Provider processes the following data that the Provider receives through the Google Fit SDK for the purposes described below and with the express consent of the User: steps, calories, distance, duration, and heart rate. New data attributes may be added to the Google Fit framework that must be reflected in the product and agreed to by the user.

FasticApp and the analytics service provider of the FasticApp service may analyze activity data for research purposes that serve to provide a personalized service and promote healthy habits. FasticApp may share the user’s data obtained through the HealthKit framework or Google Fit SDK with a third party for medical research with the user’s express consent. The FasticApp service does not use information obtained from HealthKit or Google Fit SDK applications for advertising or similar services. The user can prevent the FasticApp service from accessing his data at any time by changing the settings of his mobile device. Anyone using HealthKit or Google Fit SDK to store and analyse their sensitive data should make sure to protect their smartphone with a secure code (e.g. deactivate the simple code in the iPhone under Touch ID & Code and create a password with a combination of upper case letters, lower case letters, numbers and special characters).

WhatsApp Business Solution Integration
The provider uses – with the express consent of the User – the MessagePipe service of 360Dialog GmbH, Schönhauser Allee 167c, 10435 Berlin, Germany and the services provided by 360Dialog GmbH, Berlin to connect to the WhatsApp network via the WhatsApp Business Solution and to integrate the WhatsApp Business Solution into this App in order to enable the user to exchange, motivate and obtain information about these services within the framework of the WhatsApp services (for further information see here) in group chats controlled by the Provider. 360Dialog GmbH, Berlin, was selected by Facebook Ireland Ltd as the provider of access to the WhatsApp Business Solution (“WABS”), developed and operated by WhatsApp, Inc. The company 360Dialog GmbH, Berlin, as a qualified provider of access to the WhatsApp Business Solution, offers its customers access and/or integration of the WhatsApp Business Solution and related services. This makes it possible to integrate the WhatsApp Business Solution into the FasticApp services.

The WhatsApp network is operated by WhatsApp Inc. or an affiliate of WhatsApp Inc. within the Facebook Inc. group. The company 360Dialog GmbH, Berlin only provides access to the WhatsApp network.
A agreement for contract data processing was concluded with 360Dialog GmbH, Berlin to comply with the legal requirements of the DSGVO. The provider only processes data that the user himself publishes in the corresponding Whatsapp group chat, which can be images (including profile images), status messages, audio files or written texts. The provider can only provide the user’s Whatsapp number if the user has expressly consented to group membership in the Whatsapp Service.

Revocation / Opt-Out possibility: If the user does not wish to use the WhatsApp Business Solution or wants to delete existing group chats in the WhatsApp services, he can terminate and remove them according to the terms of the WhatsApp service. The following links will help him to terminate the WhatsApp service (here).
As the data processed through the integration of WhatsApp Business Solution is stored in the user’s profile, the user has the option at any time to delete his profile and all personal data stored in it by sending his revocation to datenschutz@getfastic.com . The provider then proceeds to delete a user profile as described under the item “Register User Account and Manage Profile”.

(other) Cookie-based functionalities
In order to improve surfing on the Fastic website, the user uses so-called cookies (small files with configuration information). Cookies are used on the Fastic website to increase user friendliness and to make the Fastic website as individual and needs-based as possible each time it is called up. In addition, a cookie banner cookie is set on the Fastic website. With the help of this cookie, the provider remembers whether the user has already been a visitor to the site and has accepted the cookies (in accordance with the EU “Cookie Directive”, official name: E-Privacy Directive 2009/136/EC). In order to save the user from having to display the annoying message again, the cookie is automatically deleted after three months, so that the user does not have to confirm the cookie banner again until its validity has expired. Such cookies are not only set by the Fastic website itself, but also on its behalf by third parties such as Google.de (see below). When calling up a page on getfastic.com, cookies are also set which remain stored beyond the user’s current visit to getfastic.com (so-called session).
General browser data: The Fastic website also automatically collects and stores in cookies information that is transmitted to the user’s web browser which the user uses to access the getfastic.com website. These are in particular details of the browser and operating system used, an indication of the origin of the previously visited pages (so-called referral URL), the IP address or host name of the accessing computer as well as the time of the page request. This data is used for statistical evaluation of the pages of getfastic.com. The Fastic website does not associate the existing usage data with the user’s name or address data, which are, for example, requested during registration with FasticApp (so-called inventory data); the collected, pseudonymous usage data are used for long-term evaluation purposes and only deleted at the end of the evaluation phase or in accordance with legal requirements.
Revocation / Opt-Out possibility: Should the user not wish to use cookies or wish to delete existing cookies, he can switch them off and remove them via his Internet browser. The following links will help the user to delete cookies for the most common browsers: – Internet Explorer – Mozilla Firefox – Safari – Chrome
FasticWebites also use analytical cookies from third parties, such as Google and Facebook, for analysis purposes. The use of analysis programs by the Fastic website and data collection (pseudonymised data) by partner companies may be revoked at any time with effect for the future. These functions are offered and provided by the respective operators and the user will find a description of this in the corresponding note.

B. Improvement of the Fastic Service
Storage and processing of app usage data (via GF)
The provider uses the service provider Google Firebase to store usage data of FasticApp services. This service provider is represented by Google Ireland Limited Gordon House, Barrow Street Dublin 4 Ireland. In addition to the user profile (user name, login data), the provider stores the user’s usage data on GF’s servers within the app, e.g. when a user logs in and what progress he or she is making. The storage of the usage data enables the provider to use the app in a user-friendly way. This is the only way for the provider to ensure that when the app is reopened, users can continue functions where they left off the last time, can be reminded of their fasting time at the desired time, and that selected settings in the user’s personal profile do not have to be adjusted each time. In accordance with the DSGVO guidelines for the involvement of IT service providers, we have concluded a written contract with GF for the processing of data on our behalf. GF stores and processes personal data strictly in accordance with our instructions. However, this may also take place outside the territory of the EU or the EEA, in particular in the USA. In order to achieve a level of data protection comparable to that of the DSGVO, the provider has concluded the data protection contracts (so-called EU standard contract clauses) officially stipulated by the EU Commission in this respect and has also attached importance to the fact that GF is registered with the so-called EU-U.S. Privacy Shield and has subjected itself to the corresponding regulations.

Revocation / Opt-Out possibility: The user has the possibility to delete his profile and all personal data stored in it at any time by sending his revocation to datenschutz@getfastic.com . The provider then forwards this revocation to GF, which has undertaken to delete the relevant data. The provider also deletes the user account if he does not actively use any of our FasticApp services for a period of three years. If and to the extent that the data associated with the user account can and must still be used for purposes which have not yet ceased to exist at the time of the desired or planned deletion, the data records will at least be blocked or limited to certain processing purposes instead of being deleted. This is in particular the case with legally mandatory retention obligations such as corresponding commercial and tax regulations. The latter can amount to up to 10 years (see § 147 Abs. 3 Abgabenordnung).
Evaluation of the usage behaviour of the Fastic website and the web app (via Google Analytics)
For the evaluation of user behaviour on the Fastic website, the provider uses the Google Analytics service, which is operated by Google. As FasticApp is located in Germany, the partner is the European Google subsidiary “Google Ireland Limited”, Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin, Ireland. A cookie is set to evaluate user behaviour. The information generated by this cookie about your use of the website (including the user’s IP address) will be transmitted to and stored by Google on servers in the United States.
The Fastic website uses Google Analytics exclusively with the extension of IP anonymisation, so that IP addresses are only processed in a shortened form in order to exclude direct personal references. IP anonymization shortens Google’s IP address within member states of the EU or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating the use made of the web app and website by users, compiling reports on web app and website activity and providing other services relating to website activity and internet usage.
Google will – at least according to its own information – in no case associate the IP address of the user with other Google data. However, Google may store and process the relevant personal data in any facilities maintained by Google, its internal subprocessors or the digital infrastructure providers using them. In all cases where this data leaves the EEA (European Economic Area) or Switzerland, Google undertakes to maintain its self-certification under the EU-US or Swiss-US Privacy Shield (https://www.privacyshield.gov/) and to ensure that the respective privacy shield also includes personal data of customers.
Google reserves the right to engage Google affiliates and third party companies to provide its services. If Google uses the services of any of these companies, it will always set forth the following rules in a written contract.
The respective third party only has access to such data as are necessary for the performance of its service.
This takes place within the framework of certification according to EU/US Privacy Shield (https://www.privacyshield.gov/) or the EU-DSGVO regulations. The data processing by the services of Google Analytics is also tested and certified according to the security standards ISO 27001. By using the Fastic website, the user consents to the processing of data about him or her by Google in the manner and for the purposes set out above. The user can find out more about the security and data protection principles of Google Analytics here
Revocation / Opt-Out possibility: The data collection and storage by Google Analytics can be contradicted at any time with effect for the future. The user has the possibility to install a browser plugin published by Google. This is available for different browser versions and can be downloaded at http://tools.google.com/dlpage/gaoptout?hl=de.
If and to the extent that the data associated with the user account of the user can and must still be used for purposes which have not yet ceased to exist at the time of the desired or planned deletion, the data records shall at least be blocked or restricted to certain processing purposes instead of deletion. This is in particular the case with legally mandatory storage obligations such as corresponding commercial and tax regulations. The latter can amount to up to 10 years (see § 147 Abs. 3 Abgabenordnung).

Evaluation of the app usage behavior in the FasticApp (via Google Analytics for Firebase)
For the evaluation of user behaviour in FasticApp, the app uses the service Google Analytics for Firebase, which is operated by Google LLC. As FasticApp is located in Germany, the partner is the European Google LLC subsidiary “Google Ireland Limited”, Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin, Ireland.
On the one hand, the provider uses Google Analytics for Firebase to optimize its app functionalities and designs in so-called A/B tests. In such tests, the original version of the FasticApp is tested against a slightly modified version. The provider then analyses how well the new function is accepted in comparison to the previous version. In this way, the provider can constantly improve the design and functionality of the app and increase its user-friendliness. In order to collect this comparative data, Google Analytics for Firebase processes the usage data of users in an app.
The provider uses the services of Google Analytics for Firebase within the framework of the EU Data Protection Basic Regulation due to the interest in making the FasticApp as user-friendly as possible for users and thus optimizing the user experience. On the other hand, the service from Google Analytics for Firebase enables the provider to make evaluations of user behaviour in the FasticApp and thus better understand how users use the FasticApp and what the provider could improve. Google Analytics for Firebase processes user data such as the IP address, user demographics, technical data about the mobile device used and the software version installed, and usage data such as the number of hits on the app and actions in the app such as program purchase. Such usage data is also used by Google Analytics for Firebase for statistical projections, which compare the behaviour of users to other users of the FasticApp, and thus, with a certain statistical probability, indicate, for example, whether a user may be interested in purchasing a program. On the basis of these statistics, the provider can send the user targeted offers and discounts to FasticApp that might be of interest to the user.
The provider uses the services of Google Analytics for Firebase within the framework of the EU data protection basic regulation because of the interest to design his product user-friendly, and to address users in advertising communication as targeted as possible according to their interests and only really relevant offers for them to be able to play out. In order to be able to use the Google Analytics for Firebase service, the provider has integrated its “Software Development Kit” (SDK) into the FasticApp. This creates an interface through which Google can access the above-mentioned data via the app. The information generated by the SDK about the user’s use of FasticApp (including the IP address) is transmitted to and stored by Google on servers in the United States. Google will under no circumstances – at least according to its own specifications – associate the IP address of the user with other Google data. However, Google may store and process the relevant personal data in any facilities maintained by Google, its internal subprocessors or the digital infrastructure providers used. In all cases where this data leaves the EEA (European Economic Area) or Switzerland, Google undertakes to maintain its self-certification under the EU-US or Swiss-US Privacy Shield (https://www.privacyshield.gov/) and to ensure that the respective privacy shield also includes personal data of customers.
Google reserves the right to engage Google affiliates and third party companies to provide its services. If Google uses the services of any of these companies, it will always set forth the following rules in a written contract:
The respective third party only has access to such data as are necessary for the performance of its service.
The handling of this data is always subject to the Privacy Shield or, if applicable, the EU-DSGVO regulations. The data processing by the services of Google Analytics for Firebase is also tested and certified according to the security standards ISO 27001. By using FasticApp, the user agrees to the processing of data collected about him by Google in the manner and for the purposes set out above. The user can find out more about the security and data protection principles of Google Analytics for Firebase here.
Revocation / Opt-Out possibility: For all queries relating to personal data, the user can contact datenschutz@getfastic.com by e-mail. The provider forwards these requests to Google, which has agreed to comply with all obligations arising from the EU data protection basic regulation. This includes access, rectification, restriction of access and deletion of personal customer data. These obligations will be implemented to the extent permitted by EU law on retention periods.
If and to the extent that the data associated with the user account of the user can and must still be used for purposes which have not yet ceased to exist at the time of the desired or planned deletion, the data records shall at least be blocked or restricted to certain processing purposes instead of deletion. This is in particular the case with legally mandatory storage obligations such as corresponding commercial and tax regulations. The latter can amount to up to 10 years (see § 147 Abs. 3 Abgabenordnung).

Evaluation of the usage behaviour of the FasticApp services (via smartlook)
The provider uses the smartlook service for session awards. This service is operated by Smartsupp.com s.r.o., Milady Horakove 13, 602 00 Brno, Czech Republic. The smartlook service records user behaviour on video and can be subsequently analysed by the provider. For this purpose, the software places a cookie on the user’s computer (for the cookie, see the relevant parts of this policy). A storage of personal data by the provider does not take place in the context of the use of the service.

The provider uses Smartlook only if the user has agreed to it. Legal basis for the processing of the personal data of the users after consent is art. 6 exp. 1 lit.a DSGVO.

The processing of the personal data of the users enables the provider to analyse the user behaviour of the users. By evaluating the data obtained, the provider is able to compile information on the use of the individual components of the Fastic service. This helps the provider to constantly improve the Fastic Services and their user-friendliness.

Revocation / Opt-Out possibility: The provider does not store any personal data of the users. Only anonymous analysis data is processed for evaluation purposes. Anonymised usage protocols are stored in accordance with the statutory provisions and automatically deleted after 30 days. You can take further information from the data security explanation of Smartlook: https://www.smartlook.com/de/privacy
Cookies are stored on the user’s computer and transmitted by the user to the provider. Therefore, the user has full control over the use of cookies. By changing the settings in his Internet browser, the user can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for the website of the provider, it is possible that not all functions of the website can be used to the full extent. By clicking on the following link https://www.smartlook.com/opt-out the user can prevent future traking by smartlook.

C. Optimization of our communication and marketing activities
Marketing campaigns with Custom Audiences (via Facebook Pixel or Custom App Events via Facebook SDK)
The provider uses Facebook social network services in its services, represented by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. In order to measure and optimally control the marketing campaigns, the provider uses so-called “remarketing tags” in the FasticApp services. The Fastic website is the so-called “Facebook pixel”, which is activated when a page is visited and provides Facebook with the information that the page has been accessed. So-called “Custom App Events” are activated in the apps, which deliver the information to Facebook via an interface in the app (SDK) which pages a user calls up in the app. If the user uses the FasticApp services, a direct connection to the Facebook server is established via the remarketing tags. Facebook receives information based on its IP address that the user has used the FasticApp services and documents several individual actions within the FasticApp services for which the advertisements are optimized. When using the website, the following actions are distinguished and recorded:
– Call of a specific landing page (e.g. homepage)
When using the app, in addition to the actions listed above, information is collected that is only possible when using the app, such as playing audio content in the FasticApp library. Facebook can assign the use within the described actions, within the FasticApp services, to the user account of the user. The information thus obtained can be used by FasticApp for the more targeted display of advertisements on Facebook. The provider points out that FasticApp is not aware of the content of the data transmitted via Facebook Pixel or the Facebook SDK or of their use by Facebook. With the help of the usage data processed via the Facbeook Pixel or the Facebook SDK, FasticApp can play advertising on Facebook and the other marketing channels of Facebook (e.g. Instagram) in such a way that they are more relevant for the user, since they take better account of his individual user behaviour. The provider can also measure whether marketing campaigns lead to the desired result at all (e.g. App Install). The FasticApp uses the services of Facebook within the framework of the EU data protection basic regulation due to the justified interest to distribute advertising budgets more effectively and to optimize the advertising effect. In the data processing described above, data is transmitted to the Facebook servers and stored. These data transfers are made in accordance with the principles of the EU/US Privacy Shields or Swiss/US Privacy Shields and have the corresponding certification: https://www.privacyshield.gov/list. Facebook also transfers the data collected as part of the Facebook pixel offer to its parent company Facebook, Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA. For more information, see Facebook’s Privacy Statement.
Revocation / Opt-Out possibility: If the user does not want advertising on Facebook to be based on his interests and his usage behaviour, he can object to this at any time here in the Facebook settings.
Marketing optimization and evaluation of the app usage behavior in the FasticApp (via adjust)
For the evaluation of the success of advertising campaigns as well as the evaluation of the use behaviour within the FasticApp the provider uses the service Adjust, which is operated by adjust GmbH. adjust GmbH is based at Saarbrücker Str. 37A, 10405 Berlin, Germany. When a user interacts with the advertising campaigns played out by FasticApp, this usage data is forwarded to adjust. On the basis of this data adjust evaluates the reaction of users to FasticApp advertising campaigns and thus enables analyses of the effectiveness of the campaigns played out. Data processing includes IP address, MAC address, device identification number and HTTP header with associated information. The collection of data ranges from the interaction with advertising campaigns (e.g. clicks on the advertisement), via the download of the app to the interaction with the app after the download. The FasticApp uses the services of adjust within the framework of the EU data protection basic regulation due to the justified interest to distribute advertising budgets more effectively and to optimize the advertising effect.

Revocation / Opt-Out possibility: If the user wishes to object to the processing of this data by adjust, he can send his or her revocation at any time by e-mail to datenschutz@getfastic.de . We will then forward this request to adjust. adjust undertakes to follow the instructions forwarded by us. The deletion of the data takes place within the framework of the legal requirements, i.e. legal storage and verification obligations are taken into account. In addition, if the user does not wish to be tracked by adjust, he or she can choose to do so at https://www.adjust.com/forget-device/
In addition, the user can activate the option “Switch off tracking” in his profile under “Data protection information” in the FasticApp. This deactivates the data evaluation by adjust.
If and to the extent that the data associated with the user account of the user can and must still be used for purposes which have not yet ceased to exist at the time of the desired or planned deletion, the data records shall at least be blocked or restricted to certain processing purposes instead of deletion. This is in particular the case with legally mandatory storage obligations such as corresponding commercial and tax regulations. The latter can amount to up to 10 years (see § 147 Abs. 3 Abgabeordnung).
► Modification of the data protection declaration
The provider will update the data protection declaration if necessary. The use of the user data is subject to the current version, which can be accessed at www.getfastic.com/datenschutz . In the event of a change to this declaration concerning an essential area (e.g. change of authorisation, new functions, etc.), the user will be notified by e-mail with which he has registered in the service. If the User continues to access and use the Service after the change has come into effect, the User agrees to be legally bound by the revised Privacy Policy.
► Contact person for data protection and data protection officer
In the event of questions regarding the collection, processing and use of personal data, the disclosure, correction, blocking or deletion of data and the revocation of consents given, the user may at any time – insofar as applicable – send an e-mail to datenschutz@getfastic.de or a letter to HealthVida GmbH & Co.KG, Jacobistr. 18, 01309 Dresden.
The provider’s data protection officer can be reached at the e-mail address datenschutz@getfastic.com or by post to HealthVida GmbH & Co.KG Jacobistr. 18 01309 Dresden.
Status Sep 2020 – We reserve the right to adapt this privacy policy