In this privacy policy, we inform you about the processing of personal data when using our website, our app, and in the context of further processing activities when using our services.
Personal data means any information relating to an identified or identifiable person. In particular, this includes information that enables us to draw conclusions about your identity, such as your name, your telephone number, or your postal or email address. However, personal data also includes certain identifiers such as your IP address or the device ID of the device you are using.
This privacy policy applies to the processing of personal data by Gymondo GmbH in connection with the following services:
It applies to all processing activities related to the use of our website, our app, and the features offered through them, including:
The controller for the processing of your personal data when you visit this website or use our apps within the meaning of the General Data Protection Regulation (GDPR) is
Gymondo GmbH (hereinafter referred to as "Gymondo")
Ritterstraße 12
10969 Berlin
E-Mail: service@gymondo.de
Our data protection team will be happy to respond to your information requests and feedback on the subject of data protection. Simply email us at privacy@gymondo.de.
If you have any questions about data protection in connection with our services or the use of our website, you can also contact our data protection officer at any time. The data protection officer can also be contacted at the above postal address or by sending an email to the address provided above (Subject: “To the Attention of Data Protection Officer”). We expressly point out that emails sent to this address will not be read solely by our data protection officer. If you wish to share confidential information, please first use this email address to request direct contact with our data protection officer.
In principle, we will only pass on the data we collect if:
When processing personal data, we transfer data to the categories of recipients listed below, where necessary. The specific transfer depends on the respective purpose and is explained in more detail in the relevant sections of this privacy policy.
a) Data transfer within our group of companies
In certain cases, we transfer personal data to affiliated companies within our group of companies, insofar as this is necessary for internal administrative purposes, data analysis, financial management, or the implementation of joint marketing measures. These include in particular:
We have concluded an intercompany agreement within our group of companies that covers any data transfer processes within our group.
b) External data processors (Art. 28 GDPR)
We use carefully selected external service providers who process personal data exclusively on our behalf and at least on the basis of a data processing agreement in accordance with Art. 28 GDPR. These include in particular:
If we pass on data to our service providers, they may only use the data to fulfill their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have appropriate technical and organizational measures in place to protect the rights of the data subjects, and are regularly monitored by us.
c) Third parties as independent controllers
In certain cases, data is transferred to third parties who process this data on their own responsibility. This applies in particular to:
In these cases, the responsibility for data protection lies with the respective third-party provider. Further information can be found in the specific privacy policies of the aforementioned providers or programs.
d) Public authorities
If necessary for legal prosecution or enforcement, or if we are obliged to do so by an enforceable official order, we will transfer personal data to the competent authorities, courts, or other public institutions.
As explained in this privacy statement, we use services whose providers are partly located in what are known as third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries where the level of data protection does not correspond to that of the European Union. Where this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, or if a provider is not certified under the EU-U.S. Data Privacy Framework, we have taken appropriate measures to ensure an adequate level of data protection for any data transfers. These include but are not limited to the standard contractual clauses of the European Union or binding corporate rules.
Where this is not possible, we base the transfer of data on derogations under Art. 49 GDPR, in particular your explicit consent or the necessity of the transfer for the performance of the contract or for taking steps prior to entering into a contract.
Where a data transfer to a third country is planned and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the third country in question (e.g. intelligence agencies) may gain access to the transferred data in order to record and analyse it, and that enforceability of your rights as a data subject cannot be guaranteed. You will also be informed of this when we obtain your consent via the cookie banner.
Every time you use our website, we collect connection data automatically transmitted by your browser in order to make visiting the website possible. This connection data comprises what is known as HTTP header information, including the user agent, and includes in particular:
It is absolutely necessary to process this connection data to make it possible to visit the website, to guarantee the long-term functionality and security of our systems, and for the general administrative maintenance of our website. The connection data is also stored in internal log files for the purposes described above, temporarily and limited to the absolute minimum, in order for example to find the cause of and take action against repeated or criminal requests that endanger the stability and security of our website.
The legal basis is Art. 6(1) Sentence 1(b) GDPR, insofar as the page view occurs in the course of the initiation or performance of a contract, and otherwise Art. 6(1) Sentence 1(f) GDPR due to our legitimate interest in making it possible to view our website and in the long-term functionality and security of our systems. However, the automatic transmission of the connection data and the resulting log files do not constitute access to the information in the terminal equipment in the sense of the EU Member States’ laws implementing the ePrivacy Directive, which in Germany means Sect. 25 of the Telecommunications Digital Services Data Protection Act (TDDDG). Apart from this, however, such access would be absolutely necessary anyway.
We use cookies and similar technologies on our website to ensure the operation of the site, analyze usage, and provide marketing measures and personalized content. This also includes third-party services such as Google (e.g., Google Ads), which help us measure the success of our advertising campaigns.
The storage or reading of information on your device is carried out – where necessary – on the basis of your consent in accordance with Section 23 TDDDG in conjunction with Article 6(1)(a) GDPR. For technically necessary cookies, the legal basis is Article 6(1)(f) GDPR.
We also use Google Consent Mode v2 to take your consent decision into account when displaying Google services in a manner that complies with data protection regulations.
For detailed information on the use of cookies on our services, please refer to our Cookie Policy.
Should you use services that require registration, we will collect, process and use the data required for those services from you, in particular in order to make the services available to you.
When you register, we collect the following data from you (provided you enter it yourself): first name, last name, date of birth, email address, gender, and SEPA data. We determine your country of origin and thus the display language and preferred units of measurement based on the IP address you use to visit our online offering. You can adjust this information at any time in your user profile according to your preferences. We have marked the data that you are required to provide with an asterisk (“*”) as mandatory fields.
The personal data you provide during registration is collected, processed, and used by us for the purpose of establishing the corresponding contract, for contract execution and processing, and for billing purposes. The legal basis for the aforementioned data processing is Art. 6 (1) lit. b GDPR in the case of mandatory fields. For all other data, the legal basis is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in order to enable you to customize, adapt, and change your account, or your consent pursuant to Art. 6 (1) lit. a GDPR, if you have given us such consent.
Our website and app also offer you the option of logging in with an existing account on the social networks listed below:
Once you have logged in with one of your existing accounts, additional registration is no longer required. If you wish to use this feature, you will first be redirected to the relevant social network. There you will be asked to log in with your username and password. It goes without saying that we do not gain any knowledge of these login details. The server to which a connection is established may be located in the US or in other third countries.
By confirming the corresponding login button on our website, the corresponding social network learns that you have logged in to our site with your account and links your social network account to your account on our website. The following data is also transmitted to us:
The personal data you provide when registering is collected, processed and used by Gymondo for the purpose of creating the relevant contract, for performing and processing the contract, as well as for billing purposes. The legal basis for data processing in this case is Art. 6(1) Sentence 1(a), (b) GDPR.
After registration, we process personal data within the scope of regular use of our platform in order to provide the basic functions of our app. The type of data depends on the functions you use and your respective interactions within the app:
a) Use of workouts and mindfulness videos, programs, and challenges
b) Goal setting and progress documentation
c) Use of recipe and nutrition functions
This data processing is carried out exclusively within the scope of your chosen use of the standard functions and is necessary to provide the contractually agreed services (Art. 6 (1) (b) GDPR). Any further evaluation or processing – in particular in connection with health data or individualized recommendations – is carried out exclusively on the basis of separately granted consent (see section 3).
There are a number of ways for you to contact us. This includes the contact form on our Help and Support page or the email and postal address listed under section 1.2. In this context we process data exclusively for the purpose of communicating with you.
The legal basis for this is Art. 6 (1) (b) GDPR, insofar as your information is required to respond to your inquiry or to initiate or execute a contract, and otherwise Art. 6 (1) (f) GDPR based on our legitimate interest in responding to your inquiries and measuring the satisfaction of our (potential) customers with customer service.
The data collected by us when you contact us will be automatically deleted after your request has been fully processed, unless we still need your request to fulfill contractual or legal obligations (see section 6 “Storage period”).
To enable you to contact us via our contact form and chat, we use the customer relationship management (CRM) service provided by Zendesk, Inc., 1019 Market Street, San Francisco, CA 94103, USA (“Zendesk”). We use Zendesk to integrate contact forms and forward your direct inquiries to us if you have general or specific questions and problems regarding our products, website, or company. You also have the option of contacting us via Zendesk Chat. In this context, we process your data exclusively for the purpose of communicating with you.
When processing your inquiries, Zendesk uses AI-based support to help us handle your request more quickly and efficiently. This artificial intelligence analyzes the information you enter and supports our customer service team by suggesting appropriate responses or automatically answering frequently asked questions. The AI does not permanently store any personal data, but only processes your information temporarily to improve customer service. Your data will not be used for any other purpose or passed on to third parties.
If you have contacted us via our contact form, you will receive a follow-up email to the email address you provided, asking if you were satisfied with our customer service.
Zendesk also uses cookies and similar technologies. For further information about this, please refer to our cookie policy.
The data recorded in this context may be transferred to a Zendesk server in the US and stored there. In the event that personal data is transferred to the USA or other third countries, Zendesk Inc. has joined the EU-US Data Privacy Framework, which is why the transfer in this case is made based on the adequacy decision for the USA pursuant to Art. 45 GDPR.
To further measure customer satisfaction after contact, we use the services of Dovetail Research Pty. Ltd., Level 1, 276 Devonshire Street, Surry Hills, New South Wales, 2010, Australia. Dovetail helps us to systematically evaluate user feedback and continuously improve our customer service. To this end, Dovetail transmits anonymized and aggregated evaluations of feedback data to our central data warehouse in order to perform statistical analyses and identify trends. Your personal data collected by us for this purpose will not be passed on to Dovetail. The legal basis for the use of Dovetail is Art. 6 (1) lit. f GDPR, our legitimate interest in improving the quality of our customer service.
Dovetail usually stores the data in Australia. For this purpose, we have concluded a data processing agreement with Dovetail in accordance with Art. 28 GDPR, which includes the standard contractual clauses of the European Commission.
For further details on data processing by Zendesk and Dovetail, please refer to the privacy policies of Zendesk and Dovetail.
If you do not wish to communicate via email, you also have the option of contacting us by post, ideally as a registered letter. In this case, we will respond to your inquiry via the same communication channel if possible. However, if you request your personal data from us, we have respond to you by email for technical and security reasons. For more information, please read our Customer Support FAQ.
If you create an account with us, we will also use your contact information to send you emails containing relevant information about our products and services and those of our partners, as well as related news, promotions, offers, feedback and other surveys. These emails are sent regardless of whether you have subscribed to our newsletter or not. You can object to the use of your data for advertising purposes at any time by sending an email to service@gymondo.de or by clicking on the unsubscribe link in the advertising email – without incurring any costs other than the transmission costs according to the basic rates. The legal basis for this data processing is our legitimate interest in using your email address to send you advertising in the form of advertising to existing customers pursuant to Art. 6(1) Sentence 1(f) GDPR in conjunction with Sect. 7(3) of the German Act against Unfair Competition (UWG).
We offer you the opportunity to subscribe to a newsletter, in which we regularly inform you about our new products, services and news from the world of fitness and lifestyle.
For newsletter subscriptions we use what’s known as a double opt-in procedure, which means that we will only send you newsletters by email if you click on a link in our confirmation email to confirm that you are the owner of the email address provided. If you confirm your email address, we will store your email address, the time of registration and the IP address you used when registering until you unsubscribe from the newsletters. The sole purpose of storing this data is to be able to send you the newsletters and to document the fact that you registered. In addition, we measure whether our newsletter can be delivered at all. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. It is of course also sufficient if you notify us (e.g. by email or letter) using the contact details provided above or in the newsletter. The legal basis of this processing is your consent pursuant to Art. 6(1) Sentence 1(a) GDPR. You can withdraw your consent at any time. To do this, please use the unsubscribe link at the end of a newsletter or contact us using the information in the “Data controller and contact” section.
In our newsletters we use market-standard technologies to allow us to measure interactions with the newsletters (e.g. opening of the email, which links are clicked on). We use this data in pseudonymous form for general statistical evaluations as well as to optimise and further develop our content and customer communication. On the one hand, this is done with the help of small graphics (pixels) that are embedded in the newsletters and establish a connection to the server of the images when the email is opened. On the other hand, we use links that, when clicked, first register the click and then redirect the user to the desired target page.
The legal basis of this is your consent pursuant to Art. 6(1) Sentence 1(a) GDPR. Information is accessed on your device on the basis of the EU Member States’ laws implementing the ePrivacy Directive, which in Germany means according to Section 25(1) of the Telecommunications and Telemedia Data Protection Act (TTDSG). With our newsletter, our aim is to share content that is as relevant as possible for our customers and to better understand what they are actually interested in. If you do not want your usage behaviour to be analysed in this way, you can unsubscribe from the newsletter. To prevent the measurement of whether an email has been opened, you can adjust the settings in your email client so that graphics are disabled, or HTML content is not displayed.
If you have given us your consent to process personal data (in accordance with Art. 6 (1) (a) GDPR), this consent primarily forms the basis for our data processing. Your consent is voluntary and can be withdrawn at any time without giving reasons. The type of data processed depends on the specific purpose for which you have given your consent. Examples of such purposes could be:
The processing of particularly sensitive data for personalization purposes, such as:
As part of your customer account, you have the option to upload photos of your meals and have them analyzed for their nutritional content and calorie count. When you upload photos for this purpose in your user profile, we analyze them using Google Gemini AI technology, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The photos you upload and the analysis results are subsequently stored in your profile.
To analyze your meal, the photo you upload is encrypted and integrated into our Gemini-based model through an interface. Google Gemini then processes your photo to determine the nutritional values and calorie count of the photographed meal. These values are then encrypted and returned to us, after which they are linked to the corresponding photo and uploaded to your customer account.
The use of this service is offered on a voluntary basis. The legal basis for data processing in this context is your consent under Article 6(1)(a) of the GDPR. A general prerequisite for using this service is the prior activation of the photo option in your account settings. You can also withdraw your consent for future use at any time via this toggle. We have entered into a data processing agreement with Google under Article 28 of the GDPR. Your personal data may also be transferred by Google Ireland Limited to Google LLC in the USA. Google LLC has joined the EU-US Data Privacy Framework, and such transfers are therefore based on the adequacy decision for the USA in accordance with Article 45 of the GDPR.
For more information on data protection in the context of Gemini and at Google, please visit Google’s Privacy Policy.
Within your customer account, you have the option of creating personalized training plans. To do this, you can specify your training preferences (e.g., training goal, fitness level, preferred types of training, available time).
The processing is carried out using Google Gemini AI technology from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The information you enter is encrypted and anonymized and processed exclusively for the purpose of creating your individual plan in real time. It is not stored by Google. The generated plan, consisting of suitable workouts from our course offerings, is then displayed to you and can be saved in your training programs if you like it.
Use of this service is voluntary. The legal basis is your express consent in accordance with Art. 6 (1) lit. a in conjunction with Art. 9 (2) lit. a GDPR. You can revoke your consent to the transfer of data to Google Gemini at any time for the future via the settings in your user profile.
We have concluded a data processing agreement with Google Ireland Limited in accordance with Art. 28 GDPR. Any transfer of personal data to the parent company Google LLC in the USA that cannot be excluded is based on the adequacy decision in accordance with Art. 45 GDPR, as Google LLC has joined the EU-US Data Privacy Framework.
For more information on data protection in the context of Gemini and at Google, please visit Google’s Privacy Policy.
We offer you the option of connecting the Gymondo app to third-party applications such as Apple Health, Google Fit, and other platforms via the API of the provider Spike Technologies, Inc., 242 West 53rd Street, New York, 10019, USA. This allows us to use your health and fitness data to show you personalized recommendations and challenges. By giving your consent, you expressly authorize the Gymondo app to process the following data:
We do not store any of your health data. All processed data is retrieved in real time and used only for the specific purposes in question. For example, the exact number of steps you have taken is not stored; instead, the system simply checks whether you have reached a goal. Your data will not be passed on to third parties or used for other purposes.
Your data is processed on the basis of your explicit consent in accordance with Art. 6 (1) (a) GDPR in conjunction with Art. 9 (2) (a) GDPR. You can revoke your consent at any time in the device settings.
For more information on how third-party applications use your data, please refer to the privacy policy of the respective provider of your wearable device.
Within your customer account, you have the opportunity to participate in various competitions aimed at improving fitness and health, such as our annual “Transformation Challenge” or ticket-based competitions. You can participate in the Transformation Challenge by submitting progress measurements and before-and-after photos. In ticket-based competitions, you receive tickets for completed activities, which are then entered into a prize draw.
In order to run the competitions and select and notify the winners, we process your personal data, in particular contact details, activity data and, in the case of the Transformation Challenge, also images and vital data such as your weight at the start and end of the competition. This data will only be processed for the duration of the competition and will be deleted after its completion if it is no longer needed. If you are selected as a winner, we may publish your name, photos, and personal summary on our websites and, if applicable, on relevant social media profiles with your express consent.
In the context of the Transformation Challenge, we use Google Gemini AI technology from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The photos you submit are encrypted and anonymized before being transmitted and are processed exclusively for the purpose of evaluating your progress in real time. Google does not store your data. The winner is then determined on the basis of the AI analysis.
The legal basis for the processing of your personal data in the context of competitions is your voluntary consent in accordance with Art. 6 (1) (a) GDPR. For the processing of particularly sensitive data, such as health data, processing is based on your express consent in accordance with Art. 9 (2) (a) GDPR.
Participation in the competitions is completely voluntary and not a prerequisite for using the app. You can decide at any time whether you want to participate without this affecting your use of the other functions of the app. If you decide to participate, you can withdraw your participation at any time without any disadvantages.
We have concluded a data processing agreement with Google Ireland Limited in accordance with Art. 28 GDPR. Any transfer of personal data to the parent company Google LLC in the USA that cannot be excluded is based on the adequacy decision in accordance with Art. 45 GDPR, as Google LLC has joined the EU-US Data Privacy Framework.
For more information on data protection in the context of Gemini and at Google, please visit Google’s Privacy Policy.
We offer various payment options, such as payment by credit card or SEPA direct debit or via external payment service providers, such as PayPal. For this purpose, payment data may be transmitted to payment service providers with whom we cooperate. The legal basis for this data processing is Art. 6(1) Sentence 1(b) GDPR. Some payment service providers also collect this data themselves, and if they do so they are responsible for this. For more information about how payment service providers process personal data, please refer to their privacy policies:
Where a contract is concluded within the framework of a cooperation, we may also disclose your personal data to the respective partner (e.g. your telecommunications provider or your health insurance provider), for example to verify your membership or contract status with the partner or for billing purposes in connection with the cooperation. Depending on the cooperation, the legal basis for this is Art. 6(1) Sentence 1(a) or (b) GDPR.
If you use our service as part of an employee offer from your employer, we process certain data to enable and manage this cooperation. In doing so, we process a voucher code provided to you to verify your eligibility to use the offer and, if necessary, your business email address. We do not share any personal data with your employer, and your employer does not share any personal data with us.
For further processing of data when using our offer, please read the preceding sections of this privacy policy, in particular section 2.
The legal basis for this processing is Art. 6 (1) lit. b GDPR, as data processing is necessary to enable you to access our service as part of the employee offer. The creation of any anonymized usage statistics for your employer is based on our legitimate interest in fulfilling the contract in accordance with Art. 6 (1) lit. f GDPR.
Your employer is responsible for data processing on their side, such as selecting authorized employees or distributing access data. For more information, please refer to your employer's employee privacy policy.
If you register for our service as part of an offer from one of our direct cooperation partners (such as 1&1 or Freenet), we will create a technical token and send it to the respective partner – in the case of 1&1, after the partner has sent us your email address. You will then receive a voucher code by email, either from the partner or, in the case of 1&1, from us, which you can use to activate the offer on a specially set up registration page. We do not exchange any other personal data with the partner. The partner is solely responsible for the processing of further personal data on their side. Further information on this can be found in the privacy policy of the respective partner.
For further processing of data when using our offer, please read the preceding sections of this privacy policy, in particular section 2.
The legal basis for the processing of the token on our site is Art. 6 (1) lit. b GDPR, as data processing is necessary to enable you to access our service within the framework of the contractual relationship or to carry out pre-contractual measures at your request.
Within the framework of certain advertising partnerships with mobile phone providers, we work together with Mondia Media Germany GmbH, Große Elbstraße 145 c, 22767 Hamburg, Germany (“Mondia”). In this context, we process certain personal data together with Mondia as joint controllers within the meaning of Article 26 GDPR. The cooperation relates in particular to the joint analysis and use of certain usage data when you become aware of us through partner channels. For this purpose, an agreement on joint responsibility has been concluded between both parties, which regulates the respective obligations to comply with data protection requirements.
We collect certain information about your interactions with our platform, such as whether you have visited our registration page, whether a registration has been successfully completed, whether you are considered active or inactive on a particular day, when you log in, how much time you spend on our product, or what content you use. This data is linked to technical metadata such as timestamps and a pseudonymized user ID and transmitted to Mondia via a technical interface (API).
The processing of this data on our site is based on our legitimate interest in accordance with Article 6(1)(f) GDPR. It serves to analyze the effectiveness of campaigns and user interactions, improve our services, and provide aggregated performance metrics. Mondia further processes the data for its own purposes, such as measuring success, optimizing marketing measures, or conducting reactivation campaigns. In doing so, Mondia can rely on consent within the meaning of Article 6(1)(a) GDPR, which is obtained from users in the context of their use of Mondia's services. The responsibility for obtaining and lawfully handling this consent lies exclusively with Mondia. We have no control over this and cannot guarantee that consent is always obtained in accordance with the GDPR.
You have various rights under the GDPR, as described in section 7 of this privacy policy. You can assert these rights both against us and against Mondia. Joint responsibility also includes the obligation to provide mutual support in processing such requests. Both parties may exchange certain information about you for this purpose, insofar as this is necessary for lawful processing.
If you have any questions or wish to exercise your rights, you can contact either us or Mondia. Further information on data protection at Mondia and the contact details of the data protection officer there can be found in Mondia's privacy policy.
We offer you the opportunity to take part in preventive courses subsidised by the statutory health insurance funds in accordance with Sect. 20 of Book V of the German Social Code (SGB). In this context, we will regularly send you important information and participant documents for the specific course to the email address you provided. As we are also obliged to conduct evaluations for continuous quality assurance and improvement, you will occasionally receive emails on this sent to the email address you provided. The legal basis for data processing in connection with preventive courses is Art. 6(1) Sentence 1(a) in conjunction with Art. 9(2)(a) GDPR.
From time to time, we offer voucher campaigns, possibly in collaboration with our partners, such as health insurance companies, as part of a prevention program. In this context, we collect additional data (e.g., the voucher code) in addition to the registration data typically requested by us during registration. The legal basis for this processing is Article 6(1)(b) of the GDPR. Additionally, you will receive our partner’s newsletter if you have consented to receiving it. This newsletter provides further information about our partner’s benefits and services. For this purpose, we pass on your email address to the partner. The legal basis for the aforementioned processing is your consent in accordance with Article 6(1)(a) of the GDPR. You can withdraw this consent at any time with future effect. A corresponding unsubscribe link is included in every newsletter. Notification to the contact information provided in the newsletter (e.g., via email or letter) is also sufficient for this purpose. For the collection and transmission of the above-mentioned personal data in connection with the voucher campaign, both we and our partner are jointly responsible. The mutual obligations have been set forth in a joint contract.
Affected individuals can exercise their rights both with our partner and with Gymondo. Regardless of which party is contacted, individuals will not be disadvantaged in the exercise of their rights. For more information, please refer to our partner’s privacy policy.
We use the review system provided by Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark (“Trustpilot”). We ask users of our services for their consent to send them a review invitation. Provided users have given their consent, they will receive a review invitation containing a link to a review page. We transmit the following required data to Trustpilot for verification purposes to ensure that users have used our services: name, email address, reference number. The legal basis for the processing of the user’s data in the context of the review system is consent pursuant to Art. 6(1) Sentence 1(a) GDPR.
In order to submit a review, it is necessary to open a customer account with Trustpilot. In order to maintain the neutrality and objectivity of reviews, we have no direct influence on the reviews and cannot delete them ourselves. To this end, we ask users to contact Trustpilot. Users can find more information about how Trustpilot processes their data, as well as their rights to object and other rights as data subjects, in Trustpilot’s privacy policy.
We maintain online presences on social networks in order, among other things, to communicate with customers and other interested parties and to inform them about our products and services. The respective social networks usually process user data for market research and advertising purposes. In this way, usage profiles can be created based on the users’ interests. For this purpose, cookies and other identifiers are stored on data subjects’ computers. Based on these usage profiles, ads are then shown on the social networks, for example, but also on third-party websites.
In connection with operating our online presences, it is possible that we may access information provided by the social networks, such as statistics about how our online presences are used. These statistics are aggregated and may include, in particular, demographic information (e.g. age, gender, region, country) as well as data about how you interact with our online presences (e.g. likes, subscriptions, shares, viewing of images and videos) and the posts and content distributed via them. This can also provide us with information about users’ interests and which content and topics are particularly relevant to them. This information may also be used by us to adapt the design and our activities and content on the online presence, and to optimise them for our audience. Please refer to the list below for details and links to the social network data that we, as operators of the online presences, can access. The collection and use of these statistics is usually subject to what is known as joint controllership.
The legal basis for this data processing is Art. 6(1) Sentence 1(f) GDPR, based on our legitimate interest in effectively informing and communicating with users, or Art. 6(1) Sentence 1(b) GDPR, in order to stay in contact with and inform our customers and to take steps prior to entering into contracts with interested parties.
If you have an account with the social network, it is possible that we may see your publicly available information and media when we retrieve your profile. In addition, the social network may allow us to contact you. This can be done by means of direct messages or posts. In this respect, communication via the social network is subject to the responsibility of the social network as a messaging and platform service.
The legal basis of the data processing carried out by the social networks, for which they are responsible, can be found in the privacy policy of the relevant social network. The following links also provide you with further information about the respective data processing operations and the possibilities for objecting.
We would like to point out that the most efficient way to assert data protection requests is with the relevant social network provider, as only these providers have access to the data and can take appropriate measures directly. If you contact us with your request, we will forward your request to the provider of the social network. Below is a list of information about the social networks where we maintain online presences:
Facebook (US and Canada: Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, US; all other countries: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Google/YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
Xing/Kununu (XING SE, Dammtorstraße 30, 20354 Hamburg)
We conduct online interviews on Gymondo products at irregular intervals. If you register as a product tester, we will save your data (name, email, activity level, and self-assessment of your fitness habits) for a period of 12 months. Based on this information, we will decide whether you are eligible for a product test in the form of an online interview and contact you via email. Your participation will be remunerated with an expense allowance. There is no obligation to participate.
After this 12-month period, your data will be automatically deleted. You can also request that we delete your stored data at any time by sending an email to research@gymondo.de.
During the online interview, we collect various personal data from you, which may vary depending on the aim of the conversation. This data is stored with us either in written form or as video or audio recordings. The data is used solely for internal purposes. We will inform you in advance about the specific data being collected. You can end the conversation at any time without providing a reason or withdraw consent for the processing of data already collected. The legal basis for inclusion in the product tester pool and your participation in surveys is Art. 6 para. 1 lit. a GDPR, meaning your given consent.
The data collected during the interviews is stored and processed in our Dovetail tool from Dovetail Research Pty. Ltd., Level 1, 276 Devonshire Street, Surry Hills, New South Wales, 2010, Australia, so we can use the insights we get for our product development. Dovetail stores and processes this data exclusively for this purpose and uses aggregated and anonymized data to identify patterns and trends in the feedback from test users.
Dovetail generally stores the data in Australia. For this purpose, we have concluded a data processing agreement with Dovetail in accordance with Art. 28 GDPR, which includes the standard contractual clauses of the European Commission. For further details on this data processing, please refer to Dovetail's privacy policy.
In principle, we only store personal data for as long as necessary to fulfil the purposes for which we have collected the data. We then erase the data without undue delay, unless we still require the data until the end of the statutory limitation period for documentation purposes for claims under civil law or due to statutory retention obligations.
For documentation purposes, we are required to keep contract data for another three years after the end of the year in which the business relationship with you ends. After the standard statutory period of limitation, any claims become statute-barred at this point in time at the earliest.
Even after that, we are still required to store some of your data for accounting reasons. We are obliged to do so due to statutory documentation obligations, which may arise on the basis of the German Commercial Code, the Fiscal Code, the Banking Act, the Money Laundering Act and the Securities Trading Act. The periods specified therein for retaining documents range from two to ten years.
As a data subject, you always have the following rights as set out in Art. 7(3), Art. 15–21, and Art. 77 GDPR:
In order to establish your rights described here, you can contact us at any time using the contact details provided. This also applies if you wish to receive copies of safeguards in order to prove an adequate level of data protection. Subject to the respective legal requirements, we will comply with your data protection request.
We will keep your enquiries regarding the establishment of rights under data protection law, and our responses to these, for a period of up to three years for documentation purposes and, where necessary in individual cases, beyond this period if we need to establish, exercise or defend legal claims. The legal basis is Art. 6(1) Sentence 1(f) GDPR, based on our interest in defending ourselves against any civil-law claims under Art. 82 GDPR, avoiding administrative fines under Art. 83 GDPR and fulfilling our accountability under Art. 5 Sentence 2 GDPR.
You have the right to withdraw the consent you have given to us at any time. As a result of this, we will cease the data processing based on this consent with future effect. This withdrawal of your consent will not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.
Insofar as we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time for reasons arising from your particular situation. If your objection is to data processing for direct marketing purposes, you have a general right of objection, which we will implement without requiring you to give reasons.
If you would like to make use of your right of withdrawal or objection, it is sufficient to simply notify us using the contact details provided in section 1.2 above.
Finally, you have the right to lodge a complaint with a data protection supervisory authority. You can assert this right, for example, by contacting a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement. The competent supervisory authority in Berlin, where we are headquartered, is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin.
Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin.
You are not obliged to provide your data.
However, if the provision of your data is necessary for the conclusion of a contract (e.g., for account registration or subscription), for the fulfillment of legal obligations (e.g., for registration forms), for establishing contact, or for the use of other services and functions (e.g., for newsletter registration), the corresponding input fields are marked as mandatory with an asterisk (“*”). In this case, without this data, it will not be possible to conclude a contract, provide the specific service, or use the function.
Other information not marked as mandatory fields is voluntary. The entry of such data is not necessary for the conclusion of a contract, the provision of the service, or the use of the function and has no influence on the execution of the contract.
Automated decision-making, including profiling pursuant to Art. 22 GDPR, with legal or similarly significant adverse effects does not take place.
However, in the context of using technologies to personalize our services, automated decisions may be made regarding personalized content and advertising that is displayed or sent. These decisions are then based on the usage data previously collected automatically or the information you have provided yourself, for example in form fields. We use this data to create a profile that helps us select the appropriate content and advertising. Personalized advertising is only displayed with your prior consent.
We will update this Privacy Notice from time to time, for example if we adapt our website or if there are changes to the legal or regulatory requirements. We therefore recommend that you read this Privacy Policy again from time to time.
Last amended: June 2025