The subject of data protection is very close to the heart of the Fastic GmbH and therefore we would like to make it as transparent as possible to the user, how and for what purpose his data will be used. For example, some information is required to provide the user with personalized functions and content in FasticApp or on other related platforms or to provide the user with suitable offers around the FasticApp services (e.g. notes on additional content, special offers as well as discounts for the FasticApp services). The data of the user will of course be handled responsibly and will only be used within the framework of the applicable data protection laws, in particular the EU Data Protection Basic Regulation (EU-DSGVO).
In particular, FasticApp and all related offers and services are constantly being improved and better tailored to the needs of users. However, this can only be achieved by observing and evaluating how these offers and services are used. In the following, the user will be comprehensively informed about what happens to his data â especially about what happens to it, how and why. All information that must be provided in accordance with the EU Data Protection Basic Regulation is also listed here. Responsible for the protection of personal data and the compliance with the EU Data Protection Basic Regulation is Fastic GmbH, Pappelallee 78/79, 10437 Berlin (in the following briefly: âFasticAppâ or the âProviderâ). It operates the above mentioned services. Further contact details, contact persons and mandatory information about Fastic GmbH can be found in the imprint or on the website www.fastic.com as well as within FasticApp.
If the user has any questions regarding data protection to the Fastic GmbH or if he/she should exercise his/her rights regarding data protection (see below), he/she can contact the data protection officer of the Fastic GmbH. He can be reached under the e-mail address datenschutz@fastic.com or by letter post to Fastic GmbH, Pappelallee 78/79, 10437 Berlin.
This privacy policy applies to all online offers and services which are available under the brand name âFasticâ. The Fastic smartphone app for iOS and Android the website for the Fastic app under the domain www.fastic.com and other domains that link to it.
The above-mentioned offers and services are hereinafter simply referred to as âServicesâ.
Table of Contents:
The most important facts at a glance
III. does data also go to third parties or to other EU countries?
âș The rights of the user as a data subject
âș The individual data processing in detail
â Register user account and manage profile (with e-mail address)
â Register user account and manage profile (via Facebook sign-in)
â Contact form and support requests (via e-mail service provider)
â HealthKit and Google Fit connection
â Integration of the WhatsApp Business Solution
â (further) Cookie-based functionalities
â Storage and processing of FasticApp usage data (via GF)
â Evaluation of the usage behavior on FasticWebsite and Fastic App (via Google Analytics)
â Evaluate usage behavior in FasticApp (via Google Analytics for Firebase)
â Evaluation of the user behavior of FasticApp services (via smartlook)
â Marketing campaigns with custom audiences (via Facebook Pixel or custom app events via Facebook SDK)
â Marketing optimization and evaluation of FasticApp user behavior in FasticApp(via Adjust)
âș Change of the privacy policy
âș Contact person for data protection and data protection officer
âș The most important facts at a glance
Direct input of clear data. If the user logs on to FasticApp, registers, buys premium content or uses a contact form for support requests, the provider asks for personal data from the user via the corresponding forms, which are recognizable and directly belong to him or his identity (so-called clear data).
This clear data includes in particular name, title, e-mail address and password. In the case of paid services, the provider also asks for further contact data (postal address, telephone number) and, if applicable, shopping cart details and payment data. In addition, the user can voluntarily provide further personal information, which is then also stored, for example in his user profile.
Data that is particularly sensitive in terms of data protection law (so-called special categories of data in accordance with Article 9 DSGVO â for example on health status, ethnicity, world view, genetics, intimacy) is not queried at any point. Similarly, there are no services or offers specially tailored to children.
Data Enrichment. The provider sometimes enriches the data of the users by own observations, but only with regard to suspected interests and only as far as described in this privacy policy. An example: If a user has started a unit, an interest on his part is suspected to continue it and enriches the data set to remind the user in the app.
Provision of data by third parties. In some cases, personal data is also provided to the provider by third parties when using individual functions or services. This is the case, for example, if the user uses a sign-in service, such as Facebook, to log in to the FasticAppService.
Pseudonymous data. In addition, data is also processed that has no directly recognizable reference to the user as a person (so-called pseudonymized data). Pseudonymized data means that the user or his computer or browser could be recognized under an ID (âpseudonymâ), but it is not possible to find out exactly who the user is or how to contact him by normal means. In other words: Pseudonyms are not combined with clear data such as name or e-mail address, simply because in this case we do not need to know more than necessary.
This is the case, for example, if the provider wants to find out which screens in the FasticApp are clicked particularly frequently and which are not clicked at all, or if the provider does not always want to show the user the same content in the app.
More details. If the user needs to know more details about individual things, the chapter âThe individual data processing in detailâ provides more details.
Personal data is processed mainly for the following purposes or on the basis of the following legitimate interests:
for personalization: to show the user his progress, to suggest FasticApp content to the user that best suits his needs, or to inform the user by email or push notifications about content, hints and offers that are of interest to him;
for optimization: to find out what particularly excites or disturbs users and how the services can be improved;
to ensure operation: to recognize and ward off attack patterns and uncover errors in the system, to prevent users from receiving e-mails from the provider against their will;
for financing: to process user orders for premium content or to provide users with personalized discounts, vouchers and offers
to cultivate customer relations and direct marketing on their own behalf: to inform the user about new offers and functions
for fraud prevention, for verification of a delivery address given and for credit checks, the outcome of which the provider may make dependent on which payment options are offered to the user;
to fulfill legal requirements, in particular commercial and tax obligations, if necessary also obligations to provide information to authorities and to defend or enforce claims;
Personal data is processed lawfully on the basis of the EU Basic Data Protection Regulation, and this is â depending on the case â on the basis of the consent of the user, a contract concluded with the user, for the fulfilment of legal or official requirements and/or after weighing up legitimate interests in the individual case (see DSGVO Article 6 paragraph 1 letters a), b), c) and f)).
Insofar as the provider processes data on the basis of consent or on the basis of weighing up legitimate interests, he will only do so as long as the user does not object or revoke consent. Further details are explained in the details below.
III. does data also go to third parties or to other EU countries?
FasticApp does not commercially pass on user data (sale, rental) to third parties and does not engage in address trading.
However, the provider does not do everything himself, but has called in some service providers. Some service providers will have to have access to personal data or at least be able to do so. This applies in particular to the technology with which the provider operates, monitors and analyzes his service or individual functionalities and offers. In addition, this concerns, among other things, the billing of orders and the collection of outstanding invoices.
The provider commissions all of these service providers in writing strictly in accordance with the provisions of the EU Data Protection Basic Regulation and also has technical and organizational measures explained to it, for example, with which the service providers protect the personal data entrusted to them from misuse. For this purpose, contracts for order processing are concluded with the client, if necessary.
Some of the IT service providers commissioned by the provider do not have their headquarters within the EU or the European Economic Area (EEA) or store and process personal data there. Insofar as the EU Commission does not consider that the same level of data protection exists in these areas as in Germany anyway, the provider always insists on the guarantees required by data protection law for such a transfer abroad. As a rule, this is the conclusion of data protection contracts specified by the EU Commission (so-called EU standard contract clauses).
In some cases, the provider also provides data to third parties, who then process the data on their own responsibility, in compliance with data protection regulations. This includes, for example, the services of providers such as Facebook, for example when the user registers with the provider via Facebook Sign-In. Further details are explained in the next chapter.
âș The rights of the user as a data subject
In accordance with the EU Data Protection Basic Regulation, the user has the right to request information on his personal data (see Article 15 DSGVO), as well as to request correction (see Article 16 DSGVO), deletion (see Article 17 DSGVO) or at least restriction of the processing (see Article 18 DSGVO) of his personal data.
The user also has the right to data transferability (see article 20 DSGVO). In addition, the user naturally has the right to revoke at any time any consent granted for the processing of personal data (Article 7 DSGVO) as well as to object to processing that is based on a weighing of legitimate interests (see Article 21 paragraph 4 DSGVO). Furthermore, the user has a right of appeal to the competent data protection supervisory authority.
If the user has any questions about this or other data protection issues to the provider or would like to exercise his rights in matters of data protection, the user is welcome to contact our data protection officer. The user can reach him at the e-mail address datenschutz@fastic.com or by letter post to Fastic GmbH, Pappelallee 78/79, 10437 Berlin.
âș The individual data processing operations in detail In order to
provide the user with an easier overview, this privacy policy has been structured according to the extent to which it relates to
(A) the basic provision of FasticAppâs services and functionalities, (B) the optimization of our services or (C ) the optimization of our marketing activities.
The following provides details on individual areas, services and functionalities for the provision of FasticApp Services.
Register user account and manage profile (with e-mail address)
With FasticApp the user can log in directly to FasticApp. His name, his sex, his height, his weight, his target weight and his age will be asked for. When registering, an e-mail address is also required. This will create a user account. In case of registration the user will receive a confirmation email to complete his registration. If the user alternatively registers with his Facebook account, the next section must also be observed. If the user registers directly with FasticApp, a confirmation link will be sent to the specified e-mail address once for verification purposes. In this way, the provider wants to make sure that he uses the correct e-mail address for the following e-mail communication and that the provider can correctly assign the user to his user account via the e-mail address. After successful login, an authorization token is stored in the app. The token is deleted from the smartphone when the user logs out of his user account via the logout function. By using this authorization technique, the provider prevents his access data from being stored locally on the smartphone. In addition, the app only collects inventory data that the user provides in the course of logging in, registering or otherwise contacting the app. This data is used on the basis of his consent (see DSGVO Art. 6 para. 1 letter a)).
The provider creates a user profile from this personal data in order to offer the basic functionalities of the App Services on different platforms (iOS, WebApp, Android). The processing of this data is thus carried out in order to fulfill his obligations in the sense of the user contract in accordance with DSGVO Art. 6 para. 1 letter b). In addition, the provider also uses individual data of the user accounts of the users for other purposes, for example in connection with newsletters or push messages, orders and support requests. Further details can be found below in each case in the more detailed information on the corresponding data processing.
However, the Provider has used an IT service provider, namely Google Ireland Limited, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland in the following âGFâ,terms.
Fastic has signed a contract with GF to process data on its behalf. GF stores and processes personal data strictly according to the instructions of the provider. However, this may also take place outside the territory of the EU or the EEA, especially in the USA. Insofar as the processing is carried out in the USA, the processing is carried out on the basis of the EU standard contract clauses.
Revocation / Opt-out possibility: The user has the possibility to delete his profile and all personal data stored therein at any time by sending his revocation to datenschutz@fastic.com. The provider will then forward this revocation to GF, who have undertaken to delete the corresponding data. The provider will also delete the userâs account if the user does not actively use any of the FasticApp services for a period of three years. If and to the extent that the data associated with his user account can and must still be used for purposes which have not yet ceased to exist at the time of the desired or planned deletion, the data records will at least be blocked or limited to certain processing purposes instead of being deleted. This is particularly the case in the case of legally mandatory storage obligations such as the corresponding commercial and tax law regulations. The latter can be up to 10 years (see § 147 (3) of the German Fiscal Code).
Register user account and manage profile (via Facebook sign-in)
As an alternative to registering by e-mail address, the user can also register with the provider using the Facebook Sign-In. In the course of such registration, Facebook, represented by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, processes data from the user and FasticApp is provided with data from the user of Facebook. The FasticApp first of all stores the information that the user has registered with the FasticApp via the so-called Facebook Sign-In. This information is recorded in the form of a token in his account with the provider until the user deletes his registration with the provider. If the user disconnects from his Facebook profile in the Facebook settings, the token also becomes invalid. His or her access data to Facebook, on the other hand, is never stored by the provider. Similarly, FasticApp is not given the opportunity to post on Facebook or share content on behalf of the user. The following data is received and processed by the provider of Facebook when the user uses Facebook Sign-In: his or her e-mail address, his or her so-called âpublic informationâ on Facebook and such information that the user makes publicly available or releases for the respective application. In the context of Facebook, âpublicâ means that anyone outside of Facebook can see this data. This includes the userâs Facebook name, profile and title picture, user name (Facebook URL) and user identification number (Facebook ID). An overview of which information is public in his profile and which data the user shares with which applications can be found in his Facebook app settings in his Facebook profile. If the user uses Facebook Sign-In, Facebook may process data on his or her use of FasticApp Services. This is beyond our control. The user can find more detailed information about the type, purpose and scope as well as the userâs further processing and use of his or her data by Facebook directly in the Facebook privacy policy. After the user has agreed to the transfer of his data within the scope of registration via Facebook Sign-In, this data is stored and processed on a server operated by Google Firebase (GF) of the provider. Processing by GF is then carried out as described in the section above. FasticApp creates a user profile from this personal data in order to be able to offer the basic functionalities of FasticApp services on various platforms (iOS, WebApp, Android). The processing of this data is therefore carried out in order to fulfill our obligations in the sense of the user contract in accordance with DSGVO Art. 6 paragraph 1 letter b). The provider does not perform an additional verification of the userâs e-mail address by means of a confirmation link via e-mail when the user registers via Facebook, as the userâs e-mail address is verified via Facebook.
In addition, the Provider also uses individual data from the userâs user account and for his use of the Fasten App Services for other purposes, such as in connection with newsletters or push messages, orders and support requests. The user will find further details on this in the further details on the respective data processing below.
The provider also refers the user to the Facebook data protection information regarding the reasons, storage locations and authorized access for data processing by Facebook.
Revocation / Opt-out possibility: In order to prevent Facebook from collecting information about the user during the userâs visit to our websites, the user should cancel the connection of his profile with Facebook at the provider and delete a possibly existing cookie from Facebook from his browser (instructions for deleting in Microsoft Internet Explorer. Instructions for deleting in Mozilla Firefox. How to delete in Safari).
If the user wishes to remove the connection of his profile with the provider on Facebook, he should log in to Facebook and make the necessary changes to his profile there. The provider is then no longer authorized to use information from his Facebook profile for himself. The user should then request his own password from FasticApp using the âForgot passwordâ function. If the user wants to delete his Facebook data from his FasticApp registration, the user should delete his entire FasticApp profile. The user can do this at any time by contacting the provider via the e-mail address info@fastic.com. If the user wants to change his Facebook data that was sent to FasticApp, he can also make these changes at FasticApp. The FasticApp does not send any of its FasticApp profile content to Facebook. The user also has the option to delete his or her profile and all personal data stored therein at any time by sending a revocation to datenschutz@fastic.com. The provider will then forward this revocation to GF, who have undertaken to delete the corresponding data.
The provider will also delete the user account if the user does not actively use FasticApp services for a period of three years.
If and to the extent that the data associated with his user account can and must still be used for purposes that have not yet ceased to exist at the time of the desired or planned deletion, the data records will at least be blocked or limited to certain processing purposes instead of being deleted. This is particularly the case in the case of legally mandatory storage obligations such as the corresponding commercial and tax law regulations. The latter can be up to 10 years (see § 147 (3) of the German Fiscal Code).
Contact form and support requests (via e-mail service provider)
As far as the user contacts FasticApp, the e-mail service provider of the provider google, represented by Google, Google Ireland Limited, Gordon House, Barrow Street Dublin 4 Ireland, processes the contact data as well as the content of his inquiry.
Inquiries via e-mail and contact form can concern communication and contract data as well as user history. In addition, inquiries about the providerâs apps are received by the provider via email using the App Store contact form. The data provided will be treated confidentially. The data provided and the message history with the providerâs customer service will be stored for follow-up questions and subsequent contact.
If the user contacts the provider by e-mail or via a form, the provider will use the personal data transmitted by the user on the basis of legitimate interests, exclusively to answer the userâs inquiry.
Fastic has a contract with Google Ireland for the processing of data on its behalf. Google Ireland stores and processes personal data strictly according to the instructions of the provider. However, this may also take place outside the territory of the EU or the EEA, especially in the USA. Insofar as the processing is carried out in the USA, the processing is carried out on the basis of the EU standard contract clauses. Requests to delete the user profile and to unsubscribe from the newsletter via our contact channels are stored in the providerâs own systems in order to be able to trace and prove that the userâs request has been successfully processed (obligation to provide proof). The user data (e-mail address, name and user name) will be deleted from the providerâs system after one year and one month at the latest. In the case of deletion requests for the newsletter, a connection to the userâs user account can be established using the providerâs own system, provided that the userâs registration address is involved. For requests to delete a user account, no connection can be established to the userâs account. The data is stored in the system protected against unauthorized access and will not be passed on to third parties.
Revocation / Opt-out possibility: A deletion of the userâs customer requests will be made after 5 years or in case of direct revocation to datenschutz@fastic.com.
If and to the extent that the data associated with the e-mail inquiries of the users can and must still be used for purposes that have not yet ceased to exist at the time of the desired or planned deletion, the data records will at least be blocked instead of being deleted or limited to certain processing purposes. This is particularly the case in the case of mandatory legal storage obligations such as the corresponding commercial and tax law regulations. The latter can be up to 10 years (see § 147 (3) of the German Fiscal Code).
HealthKit and Google Fit connection
Apple HealthKit.
The Provider uses Appleâs (Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA; âAppleâ) HealthKit framework (see here for more information), which provides a central location for health and fitness data on the iPhone and Apple Watch and â with the express consent of the user â allows apps to communicate with the HealthKit Store to access and share this data. This connection must be actively activated by the user via his system parameters. The HealthKit connection can be deactivated at any time by the user via his system parameters. From this point on no more data will be exported to the provider. The provider processes the following data obtained through the HealthKit framework and the Apple CoreMotion processor (for more information, please click here) for the purposes described below and with the userâs explicit consent: steps, calories, distance, duration and heart rate. New data attributes can be added to the HealthKit framework, which are mapped in the Fastic App and which the user must agree to.
Google Fit SDK
The provider uses Googleâs Fit SDK (more information can be found here) an open platform that allows users to control their fitness data. The provider processes the following data, which the provider receives through the Google Fit SDK, for the purposes described below and with the explicit consent of the user: steps, calories, distance, duration and heart rate. New data attributes can be added to the Google Fit framework, which are mapped in the product and which the user must agree to.
FasticApp and analysis service providers of the FasticApp Service may analyze activity data for research purposes designed to provide personalized service and promote healthy habits. FasticApp may share user data obtained through the HealthKit framework or the Google Fit SDK with a third party for medical research with the express consent of the user. The FasticApp service will not use information obtained through HealthKit or Google Fit SDK applications for advertising or similar services. The user may prevent the FasticApp service from accessing his or her data at any time by changing the settings of his or her mobile device. Anyone using HealthKit or Google Fit SDK to store and analyze their sensitive data should take care to protect their smartphone with a secure code (e.g., on the iPhone under Touch ID & Code, disable the simple code and create a password using a combination of uppercase, lowercase, numbers and special characters).
Use of the Fastic group communication
Within the Fastic Service two communication channels are offered. On the one hand, the user has the possibility to communicate with other users of the group as well as coaches of the Fastic Service within groups, which the user must actively join (in the following âgroup chatâ). On the other hand, the user can exchange and communicate directly with another user or coach of the Fastic Services in so-called 1-to-1 chats within the Fastic App (hereinafter â1-to-1 Chatâ).
Coaches are voluntary third parties who have no employment relationship with Fastic.
In order to implement and improve the Fastic Service and to further develop and optimize the Fastic Service, the Provider may â with the Userâs consent to the Fastic Service â transmit onboarding data and the following contents from the group chats as well as 1-to-1 chats to participating coaches. The following contents of the group chats can be passed on: Content of the messages, metadata, time of the message, operating system, language of the user, answers from questionnaires, which are placed in the chats. The following contents of the 1-to-1 chats can be passed on: Content of the messages, metadata, time of the message, operating system, language of the user, answers from questionnaires, which are placed in the chats.
Furthermore,
the Provider may â with the Userâs consent to the Fastic Services â transmit the onboarding data and the aforementioned contents from the groups Chats and 1-to-1 Chats in anonymized form to the university institutes with which the Provider maintains a cooperation for research purposes.
These are the following institutes: University of Zurich, Psychological Institute â Applied Social and Health Psychology, https://www.psychologie.uzh.ch/de/bereiche/sob/angsoz
Revocation / Opt-Out: If the User does not wish to receive onboarding data and the aforementioned content from the group chat and 1-to-1 chat, the User has the option to delete his profile and all personal data stored therein at any time by sending his revocation to the Provider. After receiving the revocation from the user, the provider will then proceed to delete a user profile as described in the section âRegister user account and manage profileâ. https://www.psychologie.uzh.ch/de/bereiche/sob/angsoz (further) cookie-based functionalities.
In order to improve surfing on the Fastic website, the user uses so-called cookies (small files containing configuration information). Cookies are used on the Fastic Web Site to enhance user-friendliness and to make the Fastic Web Site as individual and tailored to your needs as possible each time you visit it. Furthermore, a cookie banner cookie is set on the FasticWebsite. With the help of this cookie, the provider remembers whether the user has already been a visitor to the site and has accepted the cookies (according to the âCookie Directiveâ of the EU, official name: E-Privacy Directive 2009/136/EC). In order to save the user from having to display the annoying notice again, the cookie is automatically deleted after three months, so that the user does not have to reconfirm the cookie banner again until it expires. Such cookies are not only set by the Fastic Web Site itself, but also by third parties on its behalf, such as Google.com (see below). When calling a page on fastic.com, cookies are also set, which remain stored beyond the current visit of the user on fastic.com (so-called session).
General browser data: The Fastic website also automatically collects and stores in cookies information that is transmitted to the userâs web browser, which the user uses to access the fastic.com website. This includes in particular details about the browser and operating system used, an indication of the origin of the previously visited pages (so-called referral URL), the IP address or host name of the accessing computer as well as the time of the page request. These data are used for statistical analysis of the pages of fastic.com. The Fastic website does not link the existing usage data with the name or address data of the users, which are e.g. requested when registering with FasticApp (so-called inventory data); the collected, pseudonymous usage data are used for long-term evaluation purposes and are only deleted at the end of the evaluation phase or according to legal requirements.
Revocation / Opt-out possibility: If the user does not wish the use of cookies or wants to delete existing cookies, he can switch them off and remove them via his Internet browser. Using the following links he will find help on how to delete cookies for the most common browsers: â Internet Explorer â Mozilla Firefox â Safari â Chrome
The FasticWebsites also use analytical cookies from third parties, such as Google and Facebook, for analysis purposes. The use of analysis programs by the FasticWebsite and the collection of data (pseudonymized data) by partner companies can be objected to at any time with effect for the future. These functions are offered and provided by the respective operators and the user will find a description of these functions in the corresponding notice.
Storage and processing of app usage data (via GF)
The provider uses the service provider Google Firebase to store usage data of FasticApp Services. This is represented by Google Google Ireland Limited Gordon House, Barrow Street Dublin 4 Ireland. In addition to the user profile (user name, login data), the provider stores on the GF servers the usage data of a user within the app, e.g. when a user logs in and what progress the user is making. The storage of the usage data enables the provider to provide a user-friendly operation of the app. This is the only way the provider can ensure that when users reopen the app functions can continue where they left off the last time they opened it, that they can be reminded of their Lent at the desired time, and that selected settings in the userâs personal profile do not have to be adjusted each time. In accordance with the requirements of the DSGVO for the involvement of IT service providers, we have concluded a written contract with GF for the processing of data on our behalf. GF stores and processes personal data strictly according to our instructions. However, this may also take place outside the territory of the EU or EEA, in particular in the USA. In order to achieve a level of data protection comparable to the DSGVO, the provider has concluded the data protection contracts (so-called EU standard contract clauses) with GF as officially specified by the EU Commission.
Revocation / Opt-out possibility: The user has the possibility to delete his profile and all personal data stored therein at any time by sending his revocation to datenschutz@fastic.com. The provider will then forward this revocation to GF, who have undertaken to delete the corresponding data. Furthermore, the provider will also delete the userâs account if the user does not actively use any of our FasticApp services for a period of three years. If and to the extent that the data associated with the userâs account can and must still be used for purposes which have not yet ceased to exist at the time of the desired or planned deletion, the data records will at least be blocked or limited to certain processing purposes instead of being deleted. This is particularly the case in the case of legally mandatory storage obligations such as the corresponding commercial and tax law regulations. The latter can be up to 10 years (see § 147 (3) of the German Fiscal Code).
Evaluation of the usage behavior of the Fastic website and the Web App (via Google Analytics)
For the evaluation of user behavior on the Fastic website, the provider uses the service Google Analytics, which is operated by Google. âGoogle Ireland Limitedâ, Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin, Ireland.
A cookie is set to evaluate user behaviour. The information generated by this cookie about the userâs use of the website (including the userâs IP address) will be transmitted to and stored by Google on servers in the United States.
Fastic and Google have entered into a joint processing agreement for this purpose, the agreement can be viewed here: https://support.google.com/analytics/answer/9012600
The Fastic website uses Google Analytics exclusively with the extension of IP anonymization, so that IP addresses are only processed in a shortened form in order to exclude the possibility of direct personal references. Through IP anonymization, the IP address of Google is shortened within member states of the EU or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating the use of the Web App and website by the user, compiling reports on Web App and website activity and providing other services relating to website activity and internet usage.
Revocation / Opt-out possibility: The collection and storage of data by Google Analytics can be revoked at any time with effect for the future. For this purpose, the user has the possibility to install a browser plugin published by Google. This is available for various browser versions and can be downloaded at http://tools.google.com/dlpage/gaoptout?hl=de.
If and to the extent that the data associated with the user account of the user can and must still be used for purposes that have not yet ceased to exist at the time of the desired or planned deletion, the data records will at least be blocked or limited to certain processing purposes instead of being deleted. This is particularly the case in the case of legally mandatory storage obligations such as the corresponding commercial and tax law regulations. The latter can be up to 10 years (see § 147 (3) of the German Fiscal Code).
Evaluate App usage behavior in FasticApp (via Google Analytics for Firebase)
For the evaluation of user behavior in FasticApp, the app uses the service Google Analytics for Firebase, which is operated by Google LLC. Since FasticApp is located in Germany, the partner is the European Google LLC subsidiary âGoogle Ireland Limitedâ, Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin, Ireland.
On the one hand, the provider uses Google Analytics for Firebase to optimize our app functionalities and designs in so-called A/B tests. In such tests the original version of the app is tested against a slightly modified version. The provider then analyzes how well the new function is accepted compared to the previous version. In this way, the provider can continuously improve the design and functionality of the app and increase its user-friendliness. In order to collect this comparative data, Google Analytics for Firebase processes the usage data of users in an app.
The provider uses the services of Google Analytics for Firebase within the framework of the EU data protection regulation due to the interest in making the app as user-friendly as possible for users and thus optimizing the user experience. On the other hand, the service of Google Analytics for Firebase enables the provider to evaluate the user behavior in the app and thus better understand how users use the app and what the provider could improve. Google Analytics for Firebase processes user data such as the IP address, demographic characteristics of the users, technical data on the mobile device used and the installed software version, and usage data such as the number of accesses to the App and actions in the App such as program purchases. Such usage data is also used by Google Analytics for Firebase for statistical extrapolations that compare the behavior of users with other users of the App, and thus with a certain statistical probability indicate, for example, whether a user may be interested in purchasing a program. Based on these statistics, the provider can send the user targeted offers and discounts on the FasticApp, which might interest the user.
The provider uses the services of Google Analytics for Firebase within the framework of the EU data protection basic regulation due to the interest in making its product user-friendly and to be able to address users in advertising communication as specifically as possible according to their interests and to be able to play out only really relevant offers for them. In order to be able to use the service of Google Analytics for Firebase, the provider has integrated FasticAppâs âSoftware Development Kitâ (SDK). This creates an interface through which Google can access the above mentioned data via the app. The information generated by the SDK about the use of the FasticApp by the user (including the IP address) is transferred to a Google server in the USA and stored there. Google will â at least according to its own information â under no circumstances associate the userâs IP address with other Google data. However, Google may store and process the relevant personal data in all facilities maintained by Google, its internal subprocessors or the providers of digital infrastructure used. In all cases in which this data leaves the EEA (European Economic Area) or Switzerland, the transfer is carried out using standard contractual clauses.
Revocation / Opt-out: For all requests relating to personal data, the user can contact datenschutz@fastic.com by email. The provider forwards these inquiries to Google, which has agreed to comply with all obligations arising from the EU data protection basic regulation. These include access, correction, restriction of access and deletion of personal customer data. These obligations will be implemented to the extent permitted by EU law on retention periods.
If and to the extent that the data associated with the user account of the user can and must still be used for purposes that have not yet ceased to exist at the time of the desired or planned deletion, the data records will at least be blocked or limited to certain processing purposes instead of being deleted. This is particularly the case in the case of legally mandatory storage obligations such as the corresponding commercial and tax law regulations. The latter can be up to 10 years (see § 147 (3) of the German Fiscal Code).
Evaluation of the usage behavior of the FasticApp services (via smartlook)
For session awards the provider uses the smartlook service, this service is operated by Smartsupp.com s.r.o., Milady Horakove 13, 602 00 Brno, Czech Republic. Through the service smartlook the user behavior is recorded on video and can be analyzed by the provider afterwards. For this purpose, the software sets a cookie on the userâs computer (for cookie information, see the relevant parts of this policy). A storage of personal data by the provider does not occur in the context of the use of the service.
The provider uses Smartlook only if the user has agreed to it. Legal basis for the processing of personal data of users after consent is Article 6 paragraph 1 lit.a DSGVO.
The processing of the personal data of users enables the provider to analyze the user behavior of the users. By evaluating the collected data, the provider is able to compile information on the use of the individual components of the Fastic Service. This helps the provider to continuously improve the Fastic Services and their user-friendliness.
Revocation /Opt-out possibility: No personal data of the users are stored by the provider. Only anonymous analysis data is processed for evaluation purposes. Anonymized usage logs are stored in accordance with legal requirements and are automatically deleted after 30 days. Further information can be found in the privacy policy of Smartlook: https://www.smartlook.com/de/privacy
Cookies are stored on the userâs computer and transmitted by the user to the provider. The user therefore has full control over the use of cookies. By changing the settings in his Internet browser, the user can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for the providerâs website, it may no longer be possible to use all the websiteâs functions to their full extent. By clicking the following link https://www.smartlook.com/opt-out the user can prevent future tracking by smartlook.
The Provider uses Facebook social network services in its services, represented by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. To measure and optimally control the marketing campaigns, the provider uses so-called âremarketing tagsâ in the FasticApp services. The FasticWebsite is the so-called âFacebook Pixelâ, which is activated when a page is visited and provides Facebook with the information that the page has been visited. Custom App Eventsâ are activated in the apps, which deliver the information to Facebook via an interface in the app (SDK) which pages a user calls up in the app. If the user uses the FasticApp services, a direct connection to the Facebook server is established via the remarketing tags. Facebook receives the information that the user has used the FasticApp services on the basis of his IP address and documents several individual actions within the Fasten App services for which the advertisements are optimized. When using the website, the following actions are distinguished and recorded:
Call of a specific landing page (e.g. homepage)
When using the app, in addition to the actions listed above, information is collected that is only possible when using the app, such as playing audio content in the FasticApp library. Facebook may associate the use of the app with the userâs account within the FasticApp services. FasticApp can use the information obtained in this way for the more targeted display of advertising on Facebook. The provider points out that FasticApp has no knowledge of the content of the data transmitted via the Facebook pixel or the Facebook SDK, nor of its use by Facebook. With the help of the usage data processed via the Facebook pixel or the Facebook SDK, the FasticApp can display advertisements on Facebook and the other marketing channels of Facebook (e.g. Instagram) in such a way that they are more relevant for the user, since they better take into account the userâs individual user behavior. In addition, the provider can measure whether marketing campaigns even lead to the desired result (e.g. App Install). FasticApp uses the services of Facebook within the framework of the EU data protection basic regulation due to the justified interest to distribute advertising budgets more effectively and to optimize the advertising effect. During the data processing described above, data is transmitted to the Facebook servers and stored. Facebook also transfers the data collected as part of the Facebook pixel offer to the parent company Facebook, Inc. 1601 South California Avenue, Palo Alto, CA 94304, USA. For more information, see
ind can be found in the Facebook privacy policy.
Revocation / Opt-out possibility: If the user does not want advertising on Facebook to be based on his or her interests and usage behavior, he or she can object to this here at any time in the Facebook settings.
Marketing optimization and evaluation of app usage behavior in the FasticApp(via adjust)
For the evaluation of the success of advertising campaigns as well as the evaluation of the user behavior within FasticApp, the provider uses the service Adjust, which is operated by adjust GmbH. The adjust GmbH has its seat in the SaarbrĂŒcker Str. 37A, 10405 Berlin. If a user interacts with the advertising campaigns played out by FasticApp, this usage data is forwarded to adjust. On the basis of this data, adjust evaluates the reaction of users to FasticApp advertising campaigns and thus enables analyses of the effectiveness of the campaigns. The data processing includes IP address, MAC address, device identification number and HTTP header with associated information. The data collection extends from the interaction with advertising campaigns (e.g. clicks on the advertisement), through the download of the app, to the interaction with the app after download. FasticApp uses the services of adjust within the framework of the EU data protection basic regulation due to the justified interest to distribute advertising budgets more effectively and to optimize the advertising effect.
Revocation / Opt-out possibility: If the user wishes to object to the processing of this data by adjust, he can send his revocation at any time by e-mail to datenschutz@fastic.com. We will then forward this request to adjust. adjust undertakes to follow the instructions forwarded by us. The deletion of the data is carried out in accordance with the legal requirements, i.e. legal storage and proof obligations are taken into account. In addition, if the user does not wish to receive any tracking by adjust, he can select the option https://www.adjust.com/forget-device/.
In addition, the user can activate the option âTurn off trackingâ in the FasticApp in his profile under âPrivacy Noticeâ. This deactivates the data analysis by adjust.
If and to the extent that the data associated with the user account of the user can and must still be used for purposes that have not yet ceased to exist at the time of the desired or planned deletion, the data records will at least be blocked or limited to certain processing purposes instead of being deleted. This is particularly the case in the case of legally mandatory storage obligations such as the corresponding commercial and tax law regulations. The latter can be up to 10 years (see § 147 (3) of the German Fiscal Code).
âș Change of the privacy policy
The provider will update the privacy policy if necessary. The use of user data is subject to the current version, which can be accessed at www.fastic.com/privacy-policy. In the event of a change to this declaration concerning an essential area (e.g. change of authorization, new functions, etc.), the User will be notified by e-mail with which he/she registered in the Service. If the User continues to access and use the Service after the change has come into effect, the User agrees to be legally bound by the revised Privacy Policy.
âș Contact person for data protection and data protection officer
In case of questions regarding the collection, processing and use of personal data, the disclosure, correction, blocking or deletion of data as well as the revocation of consents granted, the user can â if applicable â at any time send an e-mail to datenschutz@fastic.com or write a letter to Fastic GmbH, Pappelallee 78/79, 10437 Berlin.
The providerâs data protection officer can be contacted at the e-mail address datenschutz@fastic.com or by letter to Fastic GmbH, Pappelallee 78/79, 10437 Berlin.
Status October 2020 â We reserve the right to adapt this privacy policy.The subject of data protection is very close to the heart of the Fastic GmbH and therefore we would like to make it as transparent as possible to the user, how and for what purpose his data will be used. For example, some information is required to provide the user with personalized functions and content in FasticApp or on other related platforms or to provide the user with suitable offers around the FasticApp services (e.g. notes on additional content, special offers as well as discounts for the FasticApp services). The data of the user will of course be handled responsibly and will only be used within the framework of the applicable data protection laws, in particular the EU Data Protection Basic Regulation (EU-DSGVO).
In particular, FasticApp and all related offers and services are constantly being improved and better tailored to the needs of users. However, this can only be achieved by observing and evaluating how these offers and services are used. In the following, the user will be comprehensively informed about what happens to his data â especially about what happens to it, how and why. All information that must be provided in accordance with the EU Data Protection Basic Regulation is also listed here. Responsible for the protection of personal data and the compliance with the EU Data Protection Basic Regulation is Fastic GmbH, Pappelallee 78/79, 10437 Berlin (in the following briefly: âFasticAppâ or the âProviderâ). It operates the above mentioned services. Further contact details, contact persons and mandatory information about Fastic GmbH can be found in the imprint or on the website www.fastic.com as well as within FasticApp.
If the user has any questions regarding data protection to the Fastic GmbH or if he/she should exercise his/her rights regarding data protection (see below), he/she can contact the data protection officer of the Fastic GmbH. He can be reached under the e-mail address datenschutz@fastic.com or by letter post to Fastic GmbH, Pappelallee 78/79, 10437 Berlin.
This privacy policy applies to all online offers and services which are available under the brand name âFasticâ. The Fastic smartphone app for iOS and Android the website for the Fastic app under the domain www.fastic.com and other domains that link to it.
The above-mentioned offers and services are hereinafter simply referred to as âServicesâ.
Table of Contents:
The most important facts at a glance
III. does data also go to third parties or to other EU countries?
âș The rights of the user as a data subject
âș The individual data processing in detail
â Register user account and manage profile (with e-mail address)
â Register user account and manage profile (via Facebook sign-in)
â Contact form and support requests (via e-mail service provider)
â HealthKit and Google Fit connection
â Integration of the WhatsApp Business Solution
â (further) Cookie-based functionalities
â Storage and processing of FasticApp usage data (via GF)
â Evaluation of the usage behavior on FasticWebsite and Fastic App (via Google Analytics)
â Evaluate usage behavior in FasticApp (via Google Analytics for Firebase)
â Evaluation of the user behavior of FasticApp services (via smartlook)
â Marketing campaigns with custom audiences (via Facebook Pixel or custom app events via Facebook SDK)
â Marketing optimization and evaluation of FasticApp user behavior in FasticApp(via Adjust)
âș Change of the privacy policy
âș Contact person for data protection and data protection officer
âș The most important facts at a glance
Direct input of clear data. If the user logs on to FasticApp, registers, buys premium content or uses a contact form for support requests, the provider asks for personal data from the user via the corresponding forms, which are recognizable and directly belong to him or his identity (so-called clear data).
This clear data includes in particular name, title, e-mail address and password. In the case of paid services, the provider also asks for further contact data (postal address, telephone number) and, if applicable, shopping cart details and payment data. In addition, the user can voluntarily provide further personal information, which is then also stored, for example in his user profile.
Data that is particularly sensitive in terms of data protection law (so-called special categories of data in accordance with Article 9 DSGVO â for example on health status, ethnicity, world view, genetics, intimacy) is not queried at any point. Similarly, there are no services or offers specially tailored to children.
Data Enrichment. The provider sometimes enriches the data of the users by own observations, but only with regard to suspected interests and only as far as described in this privacy policy. An example: If a user has started a unit, an interest on his part is suspected to continue it and enriches the data set to remind the user in the app.
Provision of data by third parties. In some cases, personal data is also provided to the provider by third parties when using individual functions or services. This is the case, for example, if the user uses a sign-in service, such as Facebook, to log in to the FasticAppService.
Pseudonymous data. In addition, data is also processed that has no directly recognizable reference to the user as a person (so-called pseudonymized data). Pseudonymized data means that the user or his computer or browser could be recognized under an ID (âpseudonymâ), but it is not possible to find out exactly who the user is or how to contact him by normal means. In other words: Pseudonyms are not combined with clear data such as name or e-mail address, simply because in this case we do not need to know more than necessary.
This is the case, for example, if the provider wants to find out which screens in the FasticApp are clicked particularly frequently and which are not clicked at all, or if the provider does not always want to show the user the same content in the app.
More details. If the user needs to know more details about individual things, the chapter âThe individual data processing in detailâ provides more details.
Personal data is processed mainly for the following purposes or on the basis of the following legitimate interests:
for personalization: to show the user his progress, to suggest FasticApp content to the user that best suits his needs, or to inform the user by email or push notifications about content, hints and offers that are of interest to him;
for optimization: to find out what particularly excites or disturbs users and how the services can be improved;
to ensure operation: to recognize and ward off attack patterns and uncover errors in the system, to prevent users from receiving e-mails from the provider against their will;
for financing: to process user orders for premium content or to provide users with personalized discounts, vouchers and offers
to cultivate customer relations and direct marketing on their own behalf: to inform the user about new offers and functions
for fraud prevention, for verification of a delivery address given and for credit checks, the outcome of which the provider may make dependent on which payment options are offered to the user;
to fulfill legal requirements, in particular commercial and tax obligations, if necessary also obligations to provide information to authorities and to defend or enforce claims;
Personal data is processed lawfully on the basis of the EU Basic Data Protection Regulation, and this is â depending on the case â on the basis of the consent of the user, a contract concluded with the user, for the fulfilment of legal or official requirements and/or after weighing up legitimate interests in the individual case (see DSGVO Article 6 paragraph 1 letters a), b), c) and f)).
Insofar as the provider processes data on the basis of consent or on the basis of weighing up legitimate interests, he will only do so as long as the user does not object or revoke consent. Further details are explained in the details below.
III. does data also go to third parties or to other EU countries?
FasticApp does not commercially pass on user data (sale, rental) to third parties and does not engage in address trading.
However, the provider does not do everything himself, but has called in some service providers. Some service providers will have to have access to personal data or at least be able to do so. This applies in particular to the technology with which the provider operates, monitors and analyzes his service or individual functionalities and offers. In addition, this concerns, among other things, the billing of orders and the collection of outstanding invoices.
The provider commissions all of these service providers in writing strictly in accordance with the provisions of the EU Data Protection Basic Regulation and also has technical and organizational measures explained to it, for example, with which the service providers protect the personal data entrusted to them from misuse. For this purpose, contracts for order processing are concluded with the client, if necessary.
Some of the IT service providers commissioned by the provider do not have their headquarters within the EU or the European Economic Area (EEA) or store and process personal data there. Insofar as the EU Commission does not consider that the same level of data protection exists in these areas as in Germany anyway, the provider always insists on the guarantees required by data protection law for such a transfer abroad. As a rule, this is the conclusion of data protection contracts specified by the EU Commission (so-called EU standard contract clauses).
In some cases, the provider also provides data to third parties, who then process the data on their own responsibility, in compliance with data protection regulations. This includes, for example, the services of providers such as Facebook, for example when the user registers with the provider via Facebook Sign-In. Further details are explained in the next chapter.
âș The rights of the user as a data subject
In accordance with the EU Data Protection Basic Regulation, the user has the right to request information on his personal data (see Article 15 DSGVO), as well as to request correction (see Article 16 DSGVO), deletion (see Article 17 DSGVO) or at least restriction of the processing (see Article 18 DSGVO) of his personal data.
The user also has the right to data transferability (see article 20 DSGVO). In addition, the user naturally has the right to revoke at any time any consent granted for the processing of personal data (Article 7 DSGVO) as well as to object to processing that is based on a weighing of legitimate interests (see Article 21 paragraph 4 DSGVO). Furthermore, the user has a right of appeal to the competent data protection supervisory authority.
If the user has any questions about this or other data protection issues to the provider or would like to exercise his rights in matters of data protection, the user is welcome to contact our data protection officer. The user can reach him at the e-mail address datenschutz@fastic.com or by letter post to Fastic GmbH, Pappelallee 78/79, 10437 Berlin.
âș The individual data processing operations in detail In order to
provide the user with an easier overview, this privacy policy has been structured according to the extent to which it relates to
(A) the basic provision of FasticAppâs services and functionalities, (B) the optimization of our services or (C ) the optimization of our marketing activities.
The following provides details on individual areas, services and functionalities for the provision of FasticApp Services.
Register user account and manage profile (with e-mail address)
With FasticApp the user can log in directly to FasticApp. His name, his sex, his height, his weight, his target weight and his age will be asked for. When registering, an e-mail address is also required. This will create a user account. In case of registration the user will receive a confirmation email to complete his registration. If the user alternatively registers with his Facebook account, the next section must also be observed. If the user registers directly with FasticApp, a confirmation link will be sent to the specified e-mail address once for verification purposes. In this way, the provider wants to make sure that he uses the correct e-mail address for the following e-mail communication and that the provider can correctly assign the user to his user account via the e-mail address. After successful login, an authorization token is stored in the app. The token is deleted from the smartphone when the user logs out of his user account via the logout function. By using this authorization technique, the provider prevents his access data from being stored locally on the smartphone. In addition, the app only collects inventory data that the user provides in the course of logging in, registering or otherwise contacting the app. This data is used on the basis of his consent (see DSGVO Art. 6 para. 1 letter a)).
The provider creates a user profile from this personal data in order to offer the basic functionalities of the App Services on different platforms (iOS, WebApp, Android). The processing of this data is thus carried out in order to fulfill his obligations in the sense of the user contract in accordance with DSGVO Art. 6 para. 1 letter b). In addition, the provider also uses individual data of the user accounts of the users for other purposes, for example in connection with newsletters or push messages, orders and support requests. Further details can be found below in each case in the more detailed information on the corresponding data processing.
However, the Provider has used an IT service provider, namely Google Ireland Limited, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland in the following âGFâ,terms.
Fastic has signed a contract with GF to process data on its behalf. GF stores and processes personal data strictly according to the instructions of the provider. However, this may also take place outside the territory of the EU or the EEA, especially in the USA. Insofar as the processing is carried out in the USA, the processing is carried out on the basis of the EU standard contract clauses.
Revocation / Opt-out possibility: The user has the possibility to delete his profile and all personal data stored therein at any time by sending his revocation to datenschutz@fastic.com. The provider will then forward this revocation to GF, who have undertaken to delete the corresponding data. The provider will also delete the userâs account if the user does not actively use any of the FasticApp services for a period of three years. If and to the extent that the data associated with his user account can and must still be used for purposes which have not yet ceased to exist at the time of the desired or planned deletion, the data records will at least be blocked or limited to certain processing purposes instead of being deleted. This is particularly the case in the case of legally mandatory storage obligations such as the corresponding commercial and tax law regulations. The latter can be up to 10 years (see § 147 (3) of the German Fiscal Code).
Register user account and manage profile (via Facebook sign-in)
As an alternative to registering by e-mail address, the user can also register with the provider using the Facebook Sign-In. In the course of such registration, Facebook, represented by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, processes data from the user and FasticApp is provided with data from the user of Facebook. The FasticApp first of all stores the information that the user has registered with the FasticApp via the so-called Facebook Sign-In. This information is recorded in the form of a token in his account with the provider until the user deletes his registration with the provider. If the user disconnects from his Facebook profile in the Facebook settings, the token also becomes invalid. His or her access data to Facebook, on the other hand, is never stored by the provider. Similarly, FasticApp is not given the opportunity to post on Facebook or share content on behalf of the user. The following data is received and processed by the provider of Facebook when the user uses Facebook Sign-In: his or her e-mail address, his or her so-called âpublic informationâ on Facebook and such information that the user makes publicly available or releases for the respective application. In the context of Facebook, âpublicâ means that anyone outside of Facebook can see this data. This includes the userâs Facebook name, profile and title picture, user name (Facebook URL) and user identification number (Facebook ID). An overview of which information is public in his profile and which data the user shares with which applications can be found in his Facebook app settings in his Facebook profile. If the user uses Facebook Sign-In, Facebook may process data on his or her use of FasticApp Services. This is beyond our control. The user can find more detailed information about the type, purpose and scope as well as the userâs further processing and use of his or her data by Facebook directly in the Facebook privacy policy. After the user has agreed to the transfer of his data within the scope of registration via Facebook Sign-In, this data is stored and processed on a server operated by Google Firebase (GF) of the provider. Processing by GF is then carried out as described in the section above. FasticApp creates a user profile from this personal data in order to be able to offer the basic functionalities of FasticApp services on various platforms (iOS, WebApp, Android). The processing of this data is therefore carried out in order to fulfill our obligations in the sense of the user contract in accordance with DSGVO Art. 6 paragraph 1 letter b). The provider does not perform an additional verification of the userâs e-mail address by means of a confirmation link via e-mail when the user registers via Facebook, as the userâs e-mail address is verified via Facebook.
In addition, the Provider also uses individual data from the userâs user account and for his use of the Fasten App Services for other purposes, such as in connection with newsletters or push messages, orders and support requests. The user will find further details on this in the further details on the respective data processing below.
The provider also refers the user to the Facebook data protection information regarding the reasons, storage locations and authorized access for data processing by Facebook.
Revocation / Opt-out possibility: In order to prevent Facebook from collecting information about the user during the userâs visit to our websites, the user should cancel the connection of his profile with Facebook at the provider and delete a possibly existing cookie from Facebook from his browser (instructions for deleting in Microsoft Internet Explorer. Instructions for deleting in Mozilla Firefox. How to delete in Safari).
If the user wishes to remove the connection of his profile with the provider on Facebook, he should log in to Facebook and make the necessary changes to his profile there. The provider is then no longer authorized to use information from his Facebook profile for himself. The user should then request his own password from FasticApp using the âForgot passwordâ function. If the user wants to delete his Facebook data from his FasticApp registration, the user should delete his entire FasticApp profile. The user can do this at any time by contacting the provider via the e-mail address info@fastic.com. If the user wants to change his Facebook data that was sent to FasticApp, he can also make these changes at FasticApp. The FasticApp does not send any of its FasticApp profile content to Facebook. The user also has the option to delete his or her profile and all personal data stored therein at any time by sending a revocation to datenschutz@fastic.com. The provider will then forward this revocation to GF, who have undertaken to delete the corresponding data.
The provider will also delete the user account if the user does not actively use FasticApp services for a period of three years.
If and to the extent that the data associated with his user account can and must still be used for purposes that have not yet ceased to exist at the time of the desired or planned deletion, the data records will at least be blocked or limited to certain processing purposes instead of being deleted. This is particularly the case in the case of legally mandatory storage obligations such as the corresponding commercial and tax law regulations. The latter can be up to 10 years (see § 147 (3) of the German Fiscal Code).
Contact form and support requests (via e-mail service provider)
As far as the user contacts FasticApp, the e-mail service provider of the provider google, represented by Google, Google Ireland Limited, Gordon House, Barrow Street Dublin 4 Ireland, processes the contact data as well as the content of his inquiry.
Inquiries via e-mail and contact form can concern communication and contract data as well as user history. In addition, inquiries about the providerâs apps are received by the provider via email using the App Store contact form. The data provided will be treated confidentially. The data provided and the message history with the providerâs customer service will be stored for follow-up questions and subsequent contact.
If the user contacts the provider by e-mail or via a form, the provider will use the personal data transmitted by the user on the basis of legitimate interests, exclusively to answer the userâs inquiry.
Fastic has a contract with Google Ireland for the processing of data on its behalf. Google Ireland stores and processes personal data strictly according to the instructions of the provider. However, this may also take place outside the territory of the EU or the EEA, especially in the USA. Insofar as the processing is carried out in the USA, the processing is carried out on the basis of the EU standard contract clauses. Requests to delete the user profile and to unsubscribe from the newsletter via our contact channels are stored in the providerâs own systems in order to be able to trace and prove that the userâs request has been successfully processed (obligation to provide proof). The user data (e-mail address, name and user name) will be deleted from the providerâs system after one year and one month at the latest. In the case of deletion requests for the newsletter, a connection to the userâs user account can be established using the providerâs own system, provided that the userâs registration address is involved. For requests to delete a user account, no connection can be established to the userâs account. The data is stored in the system protected against unauthorized access and will not be passed on to third parties.
Revocation / Opt-out possibility: A deletion of the userâs customer requests will be made after 5 years or in case of direct revocation to datenschutz@fastic.com.
If and to the extent that the data associated with the e-mail inquiries of the users can and must still be used for purposes that have not yet ceased to exist at the time of the desired or planned deletion, the data records will at least be blocked instead of being deleted or limited to certain processing purposes. This is particularly the case in the case of mandatory legal storage obligations such as the corresponding commercial and tax law regulations. The latter can be up to 10 years (see § 147 (3) of the German Fiscal Code).
HealthKit and Google Fit connection
Apple HealthKit.
The Provider uses Appleâs (Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA; âAppleâ) HealthKit framework (see here for more information), which provides a central location for health and fitness data on the iPhone and Apple Watch and â with the express consent of the user â allows apps to communicate with the HealthKit Store to access and share this data. This connection must be actively activated by the user via his system parameters. The HealthKit connection can be deactivated at any time by the user via his system parameters. From this point on no more data will be exported to the provider. The provider processes the following data obtained through the HealthKit framework and the Apple CoreMotion processor (for more information, please click here) for the purposes described below and with the userâs explicit consent: steps, calories, distance, duration and heart rate. New data attributes can be added to the HealthKit framework, which are mapped in the Fastic App and which the user must agree to.
Google Fit SDK
The provider uses Googleâs Fit SDK (more information can be found here) an open platform that allows users to control their fitness data. The provider processes the following data, which the provider receives through the Google Fit SDK, for the purposes described below and with the explicit consent of the user: steps, calories, distance, duration and heart rate. New data attributes can be added to the Google Fit framework, which are mapped in the product and which the user must agree to.
FasticApp and analysis service providers of the FasticApp Service may analyze activity data for research purposes designed to provide personalized service and promote healthy habits. FasticApp may share user data obtained through the HealthKit framework or the Google Fit SDK with a third party for medical research with the express consent of the user. The FasticApp service will not use information obtained through HealthKit or Google Fit SDK applications for advertising or similar services. The user may prevent the FasticApp service from accessing his or her data at any time by changing the settings of his or her mobile device. Anyone using HealthKit or Google Fit SDK to store and analyze their sensitive data should take care to protect their smartphone with a secure code (e.g., on the iPhone under Touch ID & Code, disable the simple code and create a password using a combination of uppercase, lowercase, numbers and special characters).
Use of the Fastic group communication
Within the Fastic Service two communication channels are offered. On the one hand, the user has the possibility to communicate with other users of the group as well as coaches of the Fastic Service within groups, which the user must actively join (in the following âgroup chatâ). On the other hand, the user can exchange and communicate directly with another user or coach of the Fastic Services in so-called 1-to-1 chats within the Fastic App (hereinafter â1-to-1 Chatâ).
Coaches are voluntary third parties who have no employment relationship with Fastic.
In order to implement and improve the Fastic Service and to further develop and optimize the Fastic Service, the Provider may â with the Userâs consent to the Fastic Service â transmit onboarding data and the following contents from the group chats as well as 1-to-1 chats to participating coaches. The following contents of the group chats can be passed on: Content of the messages, metadata, time of the message, operating system, language of the user, answers from questionnaires, which are placed in the chats. The following contents of the 1-to-1 chats can be passed on: Content of the messages, metadata, time of the message, operating system, language of the user, answers from questionnaires, which are placed in the chats.
Furthermore,
the Provider may â with the Userâs consent to the Fastic Services â transmit the onboarding data and the aforementioned contents from the groups Chats and 1-to-1 Chats in anonymized form to the university institutes with which the Provider maintains a cooperation for research purposes.
These are the following institutes: University of Zurich, Psychological Institute â Applied Social and Health Psychology, https://www.psychologie.uzh.ch/de/bereiche/sob/angsoz
Revocation / Opt-Out: If the User does not wish to receive onboarding data and the aforementioned content from the group chat and 1-to-1 chat, the User has the option to delete his profile and all personal data stored therein at any time by sending his revocation to the Provider. After receiving the revocation from the user, the provider will then proceed to delete a user profile as described in the section âRegister user account and manage profileâ. https://www.psychologie.uzh.ch/de/bereiche/sob/angsoz (further) cookie-based functionalities.
In order to improve surfing on the Fastic website, the user uses so-called cookies (small files containing configuration information). Cookies are used on the Fastic Web Site to enhance user-friendliness and to make the Fastic Web Site as individual and tailored to your needs as possible each time you visit it. Furthermore, a cookie banner cookie is set on the FasticWebsite. With the help of this cookie, the provider remembers whether the user has already been a visitor to the site and has accepted the cookies (according to the âCookie Directiveâ of the EU, official name: E-Privacy Directive 2009/136/EC). In order to save the user from having to display the annoying notice again, the cookie is automatically deleted after three months, so that the user does not have to reconfirm the cookie banner again until it expires. Such cookies are not only set by the Fastic Web Site itself, but also by third parties on its behalf, such as Google.com (see below). When calling a page on fastic.com, cookies are also set, which remain stored beyond the current visit of the user on fastic.com (so-called session).
General browser data: The Fastic website also automatically collects and stores in cookies information that is transmitted to the userâs web browser, which the user uses to access the fastic.com website. This includes in particular details about the browser and operating system used, an indication of the origin of the previously visited pages (so-called referral URL), the IP address or host name of the accessing computer as well as the time of the page request. These data are used for statistical analysis of the pages of fastic.com. The Fastic website does not link the existing usage data with the name or address data of the users, which are e.g. requested when registering with FasticApp (so-called inventory data); the collected, pseudonymous usage data are used for long-term evaluation purposes and are only deleted at the end of the evaluation phase or according to legal requirements.
Revocation / Opt-out possibility: If the user does not wish the use of cookies or wants to delete existing cookies, he can switch them off and remove them via his Internet browser. Using the following links he will find help on how to delete cookies for the most common browsers: â Internet Explorer â Mozilla Firefox â Safari â Chrome
The FasticWebsites also use analytical cookies from third parties, such as Google and Facebook, for analysis purposes. The use of analysis programs by the FasticWebsite and the collection of data (pseudonymized data) by partner companies can be objected to at any time with effect for the future. These functions are offered and provided by the respective operators and the user will find a description of these functions in the corresponding notice.
Storage and processing of app usage data (via GF)
The provider uses the service provider Google Firebase to store usage data of FasticApp Services. This is represented by Google Google Ireland Limited Gordon House, Barrow Street Dublin 4 Ireland. In addition to the user profile (user name, login data), the provider stores on the GF servers the usage data of a user within the app, e.g. when a user logs in and what progress the user is making. The storage of the usage data enables the provider to provide a user-friendly operation of the app. This is the only way the provider can ensure that when users reopen the app functions can continue where they left off the last time they opened it, that they can be reminded of their Lent at the desired time, and that selected settings in the userâs personal profile do not have to be adjusted each time. In accordance with the requirements of the DSGVO for the involvement of IT service providers, we have concluded a written contract with GF for the processing of data on our behalf. GF stores and processes personal data strictly according to our instructions. However, this may also take place outside the territory of the EU or EEA, in particular in the USA. In order to achieve a level of data protection comparable to the DSGVO, the provider has concluded the data protection contracts (so-called EU standard contract clauses) with GF as officially specified by the EU Commission.
Revocation / Opt-out possibility: The user has the possibility to delete his profile and all personal data stored therein at any time by sending his revocation to datenschutz@fastic.com. The provider will then forward this revocation to GF, who have undertaken to delete the corresponding data. Furthermore, the provider will also delete the userâs account if the user does not actively use any of our FasticApp services for a period of three years. If and to the extent that the data associated with the userâs account can and must still be used for purposes which have not yet ceased to exist at the time of the desired or planned deletion, the data records will at least be blocked or limited to certain processing purposes instead of being deleted. This is particularly the case in the case of legally mandatory storage obligations such as the corresponding commercial and tax law regulations. The latter can be up to 10 years (see § 147 (3) of the German Fiscal Code).
Evaluation of the usage behavior of the Fastic website and the Web App (via Google Analytics)
For the evaluation of user behavior on the Fastic website, the provider uses the service Google Analytics, which is operated by Google. âGoogle Ireland Limitedâ, Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin, Ireland.
A cookie is set to evaluate user behaviour. The information generated by this cookie about the userâs use of the website (including the userâs IP address) will be transmitted to and stored by Google on servers in the United States.
Fastic and Google have entered into a joint processing agreement for this purpose, the agreement can be viewed here: https://support.google.com/analytics/answer/9012600
The Fastic website uses Google Analytics exclusively with the extension of IP anonymization, so that IP addresses are only processed in a shortened form in order to exclude the possibility of direct personal references. Through IP anonymization, the IP address of Google is shortened within member states of the EU or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating the use of the Web App and website by the user, compiling reports on Web App and website activity and providing other services relating to website activity and internet usage.
Revocation / Opt-out possibility: The collection and storage of data by Google Analytics can be revoked at any time with effect for the future. For this purpose, the user has the possibility to install a browser plugin published by Google. This is available for various browser versions and can be downloaded at http://tools.google.com/dlpage/gaoptout?hl=de.
If and to the extent that the data associated with the user account of the user can and must still be used for purposes that have not yet ceased to exist at the time of the desired or planned deletion, the data records will at least be blocked or limited to certain processing purposes instead of being deleted. This is particularly the case in the case of legally mandatory storage obligations such as the corresponding commercial and tax law regulations. The latter can be up to 10 years (see § 147 (3) of the German Fiscal Code).
Evaluate App usage behavior in FasticApp (via Google Analytics for Firebase)
For the evaluation of user behavior in FasticApp, the app uses the service Google Analytics for Firebase, which is operated by Google LLC. Since FasticApp is located in Germany, the partner is the European Google LLC subsidiary âGoogle Ireland Limitedâ, Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin, Ireland.
On the one hand, the provider uses Google Analytics for Firebase to optimize our app functionalities and designs in so-called A/B tests. In such tests the original version of the app is tested against a slightly modified version. The provider then analyzes how well the new function is accepted compared to the previous version. In this way, the provider can continuously improve the design and functionality of the app and increase its user-friendliness. In order to collect this comparative data, Google Analytics for Firebase processes the usage data of users in an app.
The provider uses the services of Google Analytics for Firebase within the framework of the EU data protection regulation due to the interest in making the app as user-friendly as possible for users and thus optimizing the user experience. On the other hand, the service of Google Analytics for Firebase enables the provider to evaluate the user behavior in the app and thus better understand how users use the app and what the provider could improve. Google Analytics for Firebase processes user data such as the IP address, demographic characteristics of the users, technical data on the mobile device used and the installed software version, and usage data such as the number of accesses to the App and actions in the App such as program purchases. Such usage data is also used by Google Analytics for Firebase for statistical extrapolations that compare the behavior of users with other users of the App, and thus with a certain statistical probability indicate, for example, whether a user may be interested in purchasing a program. Based on these statistics, the provider can send the user targeted offers and discounts on the FasticApp, which might interest the user.
The provider uses the services of Google Analytics for Firebase within the framework of the EU data protection basic regulation due to the interest in making its product user-friendly and to be able to address users in advertising communication as specifically as possible according to their interests and to be able to play out only really relevant offers for them. In order to be able to use the service of Google Analytics for Firebase, the provider has integrated FasticAppâs âSoftware Development Kitâ (SDK). This creates an interface through which Google can access the above mentioned data via the app. The information generated by the SDK about the use of the FasticApp by the user (including the IP address) is transferred to a Google server in the USA and stored there. Google will â at least according to its own information â under no circumstances associate the userâs IP address with other Google data. However, Google may store and process the relevant personal data in all facilities maintained by Google, its internal subprocessors or the providers of digital infrastructure used. In all cases in which this data leaves the EEA (European Economic Area) or Switzerland, the transfer is carried out using standard contractual clauses.
Revocation / Opt-out: For all requests relating to personal data, the user can contact datenschutz@fastic.com by email. The provider forwards these inquiries to Google, which has agreed to comply with all obligations arising from the EU data protection basic regulation. These include access, correction, restriction of access and deletion of personal customer data. These obligations will be implemented to the extent permitted by EU law on retention periods.
If and to the extent that the data associated with the user account of the user can and must still be used for purposes that have not yet ceased to exist at the time of the desired or planned deletion, the data records will at least be blocked or limited to certain processing purposes instead of being deleted. This is particularly the case in the case of legally mandatory storage obligations such as the corresponding commercial and tax law regulations. The latter can be up to 10 years (see § 147 (3) of the German Fiscal Code).
Evaluation of the usage behavior of the FasticApp services (via smartlook)
For session awards the provider uses the smartlook service, this service is operated by Smartsupp.com s.r.o., Milady Horakove 13, 602 00 Brno, Czech Republic. Through the service smartlook the user behavior is recorded on video and can be analyzed by the provider afterwards. For this purpose, the software sets a cookie on the userâs computer (for cookie information, see the relevant parts of this policy). A storage of personal data by the provider does not occur in the context of the use of the service.
The provider uses Smartlook only if the user has agreed to it. Legal basis for the processing of personal data of users after consent is Article 6 paragraph 1 lit.a DSGVO.
The processing of the personal data of users enables the provider to analyze the user behavior of the users. By evaluating the collected data, the provider is able to compile information on the use of the individual components of the Fastic Service. This helps the provider to continuously improve the Fastic Services and their user-friendliness.
Revocation /Opt-out possibility: No personal data of the users are stored by the provider. Only anonymous analysis data is processed for evaluation purposes. Anonymized usage logs are stored in accordance with legal requirements and are automatically deleted after 30 days. Further information can be found in the privacy policy of Smartlook: https://www.smartlook.com/de/privacy
Cookies are stored on the userâs computer and transmitted by the user to the provider. The user therefore has full control over the use of cookies. By changing the settings in his Internet browser, the user can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for the providerâs website, it may no longer be possible to use all the websiteâs functions to their full extent. By clicking the following link https://www.smartlook.com/opt-out the user can prevent future tracking by smartlook.
The Provider uses Facebook social network services in its services, represented by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. To measure and optimally control the marketing campaigns, the provider uses so-called âremarketing tagsâ in the FasticApp services. The FasticWebsite is the so-called âFacebook Pixelâ, which is activated when a page is visited and provides Facebook with the information that the page has been visited. Custom App Eventsâ are activated in the apps, which deliver the information to Facebook via an interface in the app (SDK) which pages a user calls up in the app. If the user uses the FasticApp services, a direct connection to the Facebook server is established via the remarketing tags. Facebook receives the information that the user has used the FasticApp services on the basis of his IP address and documents several individual actions within the Fasten App services for which the advertisements are optimized. When using the website, the following actions are distinguished and recorded:
Call of a specific landing page (e.g. homepage)
When using the app, in addition to the actions listed above, information is collected that is only possible when using the app, such as playing audio content in the FasticApp library. Facebook may associate the use of the app with the userâs account within the FasticApp services. FasticApp can use the information obtained in this way for the more targeted display of advertising on Facebook. The provider points out that FasticApp has no knowledge of the content of the data transmitted via the Facebook pixel or the Facebook SDK, nor of its use by Facebook. With the help of the usage data processed via the Facebook pixel or the Facebook SDK, the FasticApp can display advertisements on Facebook and the other marketing channels of Facebook (e.g. Instagram) in such a way that they are more relevant for the user, since they better take into account the userâs individual user behavior. In addition, the provider can measure whether marketing campaigns even lead to the desired result (e.g. App Install). FasticApp uses the services of Facebook within the framework of the EU data protection basic regulation due to the justified interest to distribute advertising budgets more effectively and to optimize the advertising effect. During the data processing described above, data is transmitted to the Facebook servers and stored. Facebook also transfers the data collected as part of the Facebook pixel offer to the parent company Facebook, Inc. 1601 South California Avenue, Palo Alto, CA 94304, USA. For more information, see
ind can be found in the Facebook privacy policy.
Revocation / Opt-out possibility: If the user does not want advertising on Facebook to be based on his or her interests and usage behavior, he or she can object to this here at any time in the Facebook settings.
Marketing optimization and evaluation of app usage behavior in the FasticApp(via adjust)
For the evaluation of the success of advertising campaigns as well as the evaluation of the user behavior within FasticApp, the provider uses the service Adjust, which is operated by adjust GmbH. The adjust GmbH has its seat in the SaarbrĂŒcker Str. 37A, 10405 Berlin. If a user interacts with the advertising campaigns played out by FasticApp, this usage data is forwarded to adjust. On the basis of this data, adjust evaluates the reaction of users to FasticApp advertising campaigns and thus enables analyses of the effectiveness of the campaigns. The data processing includes IP address, MAC address, device identification number and HTTP header with associated information. The data collection extends from the interaction with advertising campaigns (e.g. clicks on the advertisement), through the download of the app, to the interaction with the app after download. FasticApp uses the services of adjust within the framework of the EU data protection basic regulation due to the justified interest to distribute advertising budgets more effectively and to optimize the advertising effect.
Revocation / Opt-out possibility: If the user wishes to object to the processing of this data by adjust, he can send his revocation at any time by e-mail to datenschutz@fastic.com. We will then forward this request to adjust. adjust undertakes to follow the instructions forwarded by us. The deletion of the data is carried out in accordance with the legal requirements, i.e. legal storage and proof obligations are taken into account. In addition, if the user does not wish to receive any tracking by adjust, he can select the option https://www.adjust.com/forget-device/.
In addition, the user can activate the option âTurn off trackingâ in the FasticApp in his profile under âPrivacy Noticeâ. This deactivates the data analysis by adjust.
If and to the extent that the data associated with the user account of the user can and must still be used for purposes that have not yet ceased to exist at the time of the desired or planned deletion, the data records will at least be blocked or limited to certain processing purposes instead of being deleted. This is particularly the case in the case of legally mandatory storage obligations such as the corresponding commercial and tax law regulations. The latter can be up to 10 years (see § 147 (3) of the German Fiscal Code).
âș Change of the privacy policy
The provider will update the privacy policy if necessary. The use of user data is subject to the current version, which can be accessed at www.fastic.com/privacy-policy. In the event of a change to this declaration concerning an essential area (e.g. change of authorization, new functions, etc.), the User will be notified by e-mail with which he/she registered in the Service. If the User continues to access and use the Service after the change has come into effect, the User agrees to be legally bound by the revised Privacy Policy.
âș Contact person for data protection and data protection officer
In case of questions regarding the collection, processing and use of personal data, the disclosure, correction, blocking or deletion of data as well as the revocation of consents granted, the user can â if applicable â at any time send an e-mail to datenschutz@fastic.com or write a letter to Fastic GmbH, Pappelallee 78/79, 10437 Berlin.
The providerâs data protection officer can be contacted at the e-mail address datenschutz@fastic.com or by letter to Fastic GmbH, Pappelallee 78/79, 10437 Berlin.
Status October 2020 â We reserve the right to adapt this privacy policy.