Data protection notice
1. General and scope of application
The provider (hereinafter also: "we") collects, uses and stores your personal data in accordance with the provisions of the EU Data Protection Regulation (DSGVO), the Federal Data Protection Act and the Telemedia Act. Personal data is individual information about personal or factual circumstances of a specific or identifiable natural person. In the following, we inform you about the type, scope and purpose of the collection and use of personal data by us on our website under https://www.uvida.de/ as well as the social media accounts:
2. Who is responsible for the data processing and whom can you contact?
Responsible for data processing is:
Osterwalder Straße 12
We have appointed a data protection officer for our company:
IITR Datenschutz GmbH
Dr. Sebastian Kraska
You can contact the data protection officer under the above-mentioned data at any time for data protection-related inquiries.
You can find more information in our imprint.
3. What data is processed and from which sources does it originate?
We process personal data (Art. 4 No. 1 DSGVO) that we collect in connection with your visit to our website. The personal data we process may include the following categories of personal data: Email, phone number, first name, last name, date of birth, zip code, city, country, IP addresses.
4. Zu welchem Zweck werden die Daten verarbeitet und auf welchen Rechtsgrundlagen basiert die Verarbeitung?
As a matter of principle, we only process personal data to the extent that it is necessary for the fulfillment and processing of our services.
a) Verarbeitung nach Art. 6 Abs. 1 a) DSGVO mit Deiner Einwilligung
We process personal data pursuant to Art. 6 para. 1 a) on the basis of your consent in the following cases:
- When you visit our website, we analyze your usage behavior. You give your consent by clicking on the "Agree" button in the cookie banner after the text. You can revoke your consent at any time. For further details on the use of Google Analytics, see below under point 9.
- We show you maps from Google Maps with your consent. For further details on the use of Google Maps, see below under section 10.
- After your consent, we use an advertising measure of the Facebook network, the so-called "Facebook Pixel", operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter: "Facebook"). This is a script ("pixel") that we use on our website. If you are logged in to the Facebook website at the same time as visiting our website, Facebook can recognize that you have visited our website. This allows advertisements to be displayed on the Facebook network in a more targeted manner and thus more in line with your interests. It also allows us to track whether and which users were directed to our offer when they clicked on an ad on Facebook. You can find more information at: facebook.com/about/privacy/. At https://www.facebook.com/settings?tab=ads you can make your own settings for Facebook ads.
- If you sign up for our newsletter, for example, we will make you aware of our offer. You will receive information about the latest developments and other interesting topics by mail. You give your consent by entering your email address in a form field under the text "Newsletter subscription" and confirming it by clicking the button for submitting the form. If you do not want to receive these mails in the future, you can unsubscribe at any time using the link provided in the mail.
b) Verarbeitung nach Art. 6 Abs. 1 f) wegen berechtigter Interessen
Ultimately, processing operations could be based on Art. 6 (1) f) DSGVO. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. We process personal data pursuant to Art. 6 (1) f) on the basis of our legitimate interest in the following cases:
- On our website there is a contact form, which you can use for electronic contact. If you take advantage of this option, the data entered in the input mask will be transmitted to us and stored by us, provided that you agree to the transmission of the data by checking the box provided for this purpose and confirming this by clicking the button for sending the form. These data are: Name, email address, phone number, industry, desired callback time and your message text. We do not share this data with third parties. The data will be used exclusively for the processing of the conversation.
- If you contact us by other means, e.g. through the chat on our homepage, the customer service by email or telephone or indirectly through the owner of a uVida device, personal data will be collected by us if you provide it to us. We use these personal data exclusively as far as they are necessary for the fulfillment and processing of our services and do not pass them on to unauthorized third parties. Insofar as this involves information about communication channels (email address, telephone number), we may also contact you via this communication channel in order to answer your concerns.
- We report and publish references of our products on websites. For this purpose, we may include your name and other personal information in the testimonials. If you would like to update or delete a reference on our website, you can contact us at datenschutz@uVida.de
- When you visit our website, we collect the data listed below under "Server Log Files" as well as under "Technically Necessary Cookies". We use this information only to improve the website, services and products. For example, we record how you arrived at the website and which pages you navigated to within the website. We delete or anonymize this data at the latest one week after it has been collected. The processing of your data serves the technical administration and security of our website.
- When you start an information video from our YouTube channel or Vimeo channel, you are starting a service from YouTube or Vimeo, respectively. For further details on data processing by YouTube and Vimeo, see section 10.
If the processing of personal data is based on Article 6 (1) f) DSGVO, our legitimate interest is the performance of our business activities and the associated communication with you. For the secure operation of our website, we need to uniquely identify each website visitor in order to defend against spam and cyberattacks. As a website operator, we have a legitimate interest in analyzing user behavior in order to improve our services and products and to optimize our website and our advertising.
5. Categories of recipients of personal data
The data mentioned in section 3 will be stored in the uVida cloud at a hosting provider in a data center within the EU for the fulfillment of the contract with you and will not be transmitted to third parties beyond that.
6. SSL encryption
Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL encryption is activated, the data that you transmit to us cannot be read by third parties.
7. Server log files
On the basis of Art. 6 (1) f) DSGVO, we collect and store information about your visit to our website in so-called server log files, which your browser automatically transmits to us. These are:
- shortened IP address
- Browser type/version
- Operating system used
- Referrer URL (the previously visited page)
- Date and time of the server request
- Data volume transferred
- the requesting provider
This data is not merged with other data sources.
8. Use of technically necessary cookies
Our website uses so-called "cookies" on the basis of Art. 6 (1) f) DSGVO. A "cookie" is a file that stores on the user's access device (PC, tablet, smartphone, etc.) certain information related to the device. If our website is accessed by the user's corresponding device, the server of our website receives information back from cookies. The server can evaluate the information stored in the cookie in various ways. You can allow or disable cookies through the settings in your browser. However, not all features of our website may be available if you disable cookies. We use technically necessary cookies to manage your session. Furthermore, we store in a technically necessary cookie whether you have given your consent to the setting of the Google Analytics tracking cookie. Other technically necessary cookies are stored in order to transfer data in the registration or profiling form to the subsequent website after clicking Next, thus enabling a convenient registration process. All technically necessary cookies have a maximum storage period of one month.
9. Google Analytics
In detail, these are the following cookies:
- Name: _ga
Function: Differentiation of website visitors
Storage period: 2 years
- Name: _gid
Function: Differentiation of website visitors
Speicherdauer: 24 Stunden
- Name: _dc_gtm_
Function: Used to throttle the demand rate.
Storage period: 1 Minute
Currently, there is no decision by the EU Commission that the USA generally provides an adequate level of protection for personal data. However, Google is committed to complying with the Privacy Shield agreement between the EU and the US published by the US Department of Commerce for the collection, use and storage of personal data from EU member states. You can find more information about this at: https://support.google.com/analytics/answer/7105316?hl=de. You can find more information about data protection under: https://policies.google.com/privacy
10. Third-party tools
a) Zoho Corporation GmbH
LiveChat software from Zoho Corporation GmbH, Trinkausstr. 7, 40213 Düsseldorf, Germany, is used on our website. The storage and processing of your personal data in this context is based on Art. 6 para. 1 f) DSGVO. If you use this software, the data entered will also be sent to the provider. You can find more information about data protection here: https://www.zoho.com/privacy.html
So that you can also watch videos about our system, we have integrated videos from YouTube into our website. YouTube is operated by Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland. We use the "extended data protection mode" offered by YouTube. Video content is only accessed via the specially secured domain www.youtube-nocookie.com loaded. This does not set any cookies and YouTube cannot load any advertising. You can find more information about data protection on YouTube here: https://policies.google.com/privacy?hl=de.
Wir können die Videos der Plattform “Vimeo” des Anbieters Vimeo, Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA einbinden. Datenschutzerklärung: https://vimeo.com/privacy. Wir weisen darauf hin, dass Vimeo Google Analytics einsetzen kann und verweisen hierzu auf die Datenschutzerklärung (https://policies.google.com/privacy) sowie Opt-Out-Möglichkeiten für Google-Analytics (http://tools.google.com/dlpage/gaoptout?hl=de) oder die Einstellungen von Google für die Datennutzung zu Marketingzwecken (https://adssettings.google.com/anonymous?hl=de).
d) Google Maps
On our website you have the possibility to make online appointments for a live demo with us. For the appointment booking we use the tool "Calendly". The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA.
The legal basis for the data processing is Art. 6 para. 1 f) DSGVO. The website operator has a legitimate interest in making it as easy as possible to arrange appointments with interested parties and customers.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://calendly.com/pages/dpa.
11. Social media
This privacy notice also applies to our social media accounts, which you can find linked on our website. When you interact with our brand on social media, we may communicate with you through the features provided. We may gain access to the interactions and profile information. We will still have access to this information even if you later remove it from the social network. We may collect such publicly available information to connect with you. If you are a user of the respective platforms, they can associate your call and interaction with the profiles of the users there.
The following social channels are meant here:
Twitter offered by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. You can find information on data protection at Twitter at: https://twitter.com/de/privacy
Instagram offered by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. You can find information on data protection at Instagram at: https://help.instagram.com/581066165581870
LinkedIn offered by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. You can find information on data protection at LinkedIn at: https://www.linkedin.com/legal/privacy-policy
Xing angeboten durch die New Work SE, Am Strandkai 1, 20457, Hamburg. Hinweise zum Datenschutz bei Xing findest Du unter: https://privacy.xing.com/de/datenschutzerklaerung
Facebook offered by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. You can find information on data protection at: https://www.facebook.com/about/privacy/update
In connection with the operation of our Facebook page, we also use the analysis function Facebook Insights from Facebook and Page.Insights from LinkedIn. According to the case law of the ECJ, we are to be qualified as "jointly responsible for data processing" with Facebook pursuant to Art. 26 DSGVO. The same applies to LinkedIn The terms and conditions for joint data processing have been provided by Facebook in the contract attachment here https://www.facebook.com/legal/terms/page_controller_addendum set. At LinkedIn you can find the terms and conditions here: https://legal.linkedin.com/pages-joint-controller-addendum. Through Facebook Insights and LinkedIn PageInsights, we only receive access to statistical evaluations, e.g. about the number of page views, the number of new "likes" and other interactions with our site. However, Facebook may collect the information in connection with your profile and also obtain access to your IP address. Therefore, based on the contractual agreement specified by Facebook, Facebook is also primarily responsible for this data processing. As far as our secondary responsibility is concerned, the data processing is based on our legitimate interest according to Art. 6 (1) f) DSGVO. Inquiries based on your rights as a data subject can generally be directed to us or to Facebook regarding the aforementioned data processing. Since Facebook is primarily responsible, a direct request to Facebook is preferable. You can do this here: https://www.facebook.com/privacy/explanation. When you submit your request to us, we are contractually obligated to forward it to Facebook.
12. Duration of the storage
We process and store personal data only for the period necessary to achieve the purpose of the processing or if this has been provided for in laws or regulations to which the controller is subject. If the storage purpose ceases to apply or if a legally prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
13. Information on the transfer of data to a third country
We would like to point out that the data collected by Google Analytics is partly processed in the USA. Services such as Calendly also partially process data in the USA. We expressly point out that, in particular with regard to the USA, no adequacy decision has yet been issued by the European Commission. The provider will only transfer personal data to a provider in the USA if this transfer is permitted in accordance with the so-called Privacy Shield agreement and/or the transfer is legitimized under data protection law by standard data protection clauses (standard contractual clauses). The guarantees according to privacy-Shield can be found here: https://www.privacyshield.gov/EU-US-Framework
You can find the standard contractual clauses here: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF
14. Is there an automated decision-making process?
We do not use automated decision-making processes pursuant to Art. 22 DSGVO to initiate decisions on the establishment or performance of the business relationship that would have legal consequences for the data subject or similar significant negative effects on that person.
15. Rights of the persons concerned
Pursuant to Art. 15 of the GDPR, the data subject has the right to obtain, upon request and free of charge, information about the personal data stored about him or her and the purpose of the data processing. In accordance with Art. 16, 17 and 18 of the GDPR, the data subject also has the right to have incorrect data corrected and to have his/her personal data blocked and deleted. He is also entitled, under the conditions specified in Art. 20 DSGVO, to receive the personal data concerning him that has been stored in a structured, common and machine-readable format and to transmit this data to another responsible party without hindrance from the provider. In addition, pursuant to Article 21 (1) DSGVO, the data subject shall have the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6 (1) (e) or (f) DSGVO. The Provider shall fulfill the aforementioned rights of the data subject insofar as the legal requirements for the assertion of the rights are met.
Any requests for your personal data should be addressed to firstname.lastname@example.org or to the above address of uVida.
Every data subject has the right to lodge a complaint with a data protection supervisory authority about the processing of data when using the website.
16. Payment services
We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) is processed by the payment service provider for the purpose of payment processing. For these transactions, the respective contract and data protection provisions of the respective providers apply. The use of the payment service providers is based on Art. 6 para. 1 lit. b DSGVO (contract processing).
We use the following payment services / payment service providers within the scope of this website:
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.
Instant bank transfer
The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (hereinafter "Sofort GmbH"). With the help of the "Sofortüberweisung" procedure, we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfill our obligations. If you have chosen the payment method "Sofortüberweisung", you transmit the PIN and a valid TAN to Sofort GmbH, with which it can log into your online banking account. After logging in, Sofort GmbH automatically checks your account balance and carries out the transfer to us using the TAN you have transmitted. It then immediately sends us a transaction confirmation. After logging in, it also automatically checks your turnover, the credit line of the overdraft facility and the existence of other accounts and their balances. In addition to the PIN and the TAN, the payment data you have entered as well as data about yourself are also transmitted to Sofort GmbH. The personal data is your first and last name, address, telephone number(s), e-mail address, IP address and, if necessary, other data required for payment processing. The transmission of this data is necessary to establish your identity beyond doubt and to prevent fraud attempts. Details on payment with Sofortüberweisung can be found in the following links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.
17. Audio and video conferencing
Among other tools, we use online conferencing tools to communicate with our customers. The tools we use in detail are listed below. If you communicate with us via video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.
The conference tools thereby collect all data that you provide/enter to use the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other "context information" related to the communication process (metadata).
Furthermore, the provider of the tool processes all technical data required to handle online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.
If content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/ instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared during the use of the service.
Please note that we do not have full influence on the data processing operations of the tools used. Our options are largely determined by the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection statements of the respective tools used, which we have listed below this text.
Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b DSGVO). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO). Insofar as consent has been requested, the tools in question are used on the basis of this consent; consent can be revoked at any time with effect for the future.
The data collected directly by us via the video and conference tools is deleted from our systems as soon as you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal retention periods remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
Conference tools used
We use the following conferencing tools:
Security and privacy notices for the uVida system
- The uVida system is a system for smart performance and metabolism analysis based on breath. Data processing refers to the following types of data: e-mail, first name, last name, date of birth, height, weight, gender, zip code, city, country, and health data. Health data also includes oxygen volume, carbon dioxide volume, respiratory minute volume, respiratory quotient, respiratory equivalent oxygen, respiratory equivalent carbon dioxide, pulse, respiratory rate. With these health data, various individual evaluations are made: Oxygen uptake, individual anaerobic threshold, power level, maximum power, regeneration, pulse ranges, BMI, calorie requirements and nutrient distribution.
If you continue to use the Services, you will regularly submit additional personal data to uVida. It is in the nature of our offering that we need to process the data you upload as part of our Services in order to provide those Services. For example, we will process your exercise and nutrition data, such as caloric intake, to enable the monitoring and display of your personal goals (e.g., weight loss or gain). This type of processing is a prerequisite to provide these services to you.
If you access our Service through a third party application (e.g. Apple HealthKit, google fit, Facebook, etc.), uVida will collect and use personal information from such third party applications, such as your username, name, profile picture, country, city of residence, email address, date of birth, gender, and such health information that you sync with the uVida Services.
We may delete some of the above data collected from you and processed by uVida for certain Service functions if you wish, and refrain from processing it in the future without requiring you to stop using all of the Services; not all of the data (that you provide to us over time, directly or through third-party applications) is needed for you to continue using the Services. If you wish us to stop processing certain personal data in this category, we will inform you about the consequences of this cessation, i.e. how it will affect your use of certain features of the Services.
"Training plans and nutrition plans are created taking into account the performance and metabolic analysis, but must be applied by the customer on his own responsibility, taking into account permanently changing health aspects. Nutrition plans can only provide assistance in achieving the best possible supply of nutrients, but cannot guarantee this in individual cases. In particular, analysis, training plans and nutrition plans do not replace a professional diagnosis or professional advice from a doctor. Lactose-modified and gluten-modified nutrition plans assist in reducing the intake of lactose and gluten, respectively, but do not guarantee that all foods listed in the nutrition plan are lactose-free or gluten-free."
- The uVida system is operated by uNostics GmbH, Osterwalder Straße 12, 87496 Untrasried (uVida) and the uVida partner under joint responsibility. If you use the uVida system via one of our partners, it is operated by us in joint responsibility with this partner. In this case, the data mentioned in point 1 are collected via the hardware by the uVida partner and uploaded via the Internet to the uVida cloud and evaluated there. The uVida partner is responsible for the execution of tests and the storage on the uVida hardware located at a possible uVida partner as well as for the advice on further training and nutrition based on the evaluation. The legal basis is your consent according to Art. 9 para. 2 a) DSGVO. If you commission the uVida partner with the creation of a uVida account, the uVida partner is also the responsible party in this respect. The legal basis in this respect is Art. 6 para. 1 b) DSGVO. The responsible party for the technical data transfer to the uVida Cloud, the storage of the data in the uVida Cloud, the evaluation of the data and the display of the data for you and the uVida partner is uVida. The legal basis for this is your consent as stated above in accordance with Art. 9 (2) a) DSGVO. uVida is also responsible for anonymizing the data. The legal basis for this is your consent pursuant to Art. 9 (2) a) DSGVO.
- The data is stored in the uVida cloud at a hosting provider in a data center within the EU and is not transmitted to third parties. In the event that training and/or nutrition plans are ordered, personal data required for the creation of these personalized plans will be transmitted to the respective printing company commissioned within the EU. Processing outside the EU does not take place.
- The personal data will be stored as long as it is necessary for the contractually owed data processing and then deleted, unless there are legal retention obligations to the contrary.
- The data will not be used for the purposes of an automated decision within the meaning of Art. 22 DSGVO.
- Pursuant to Art. 15 DSGVO, you have the right, upon request, to receive information free of charge from uVida as well as from any uVida partner about the personal data that has been stored about you as well as about the purpose of the data processing. In accordance with Art. 16, 17 and 18 DSGVO, you also have the right to correct incorrect data as well as to block and delete your personal data. You are also entitled, under the conditions specified in Art. 20 DSGVO, to receive the personal data concerning you in a structured, common and machine-readable format and to transfer this data to another controller without hindrance. In addition, pursuant to Art. 21 (1) DSGVO, you have the right to object to the processing of personal data concerning you that is carried out on the basis of Art. 6 (1) (e) or (f) DSGVO, for reasons arising from his particular situation. We will fulfill the aforementioned rights to the extent that the legal requirements for the assertion of the rights are met. Please address any requests regarding your personal data to email@example.com or to the above address of uVida or the uVida partner. You also have the right to lodge a complaint with a data protection supervisory authority about the processing of data when using uVida.
- Further information on the processing of personal data when using uVida can be found under http://www.uvida.de/en/datenschutz