1. Name and contact details of the data controller and the Company Data Protection Officer
This data protection information applies to data processing by:
ANTELOPE – part of the Beurer group – BEURER GmbH – represented by its management: Marco Buehler, Oliver Neuschl, Georg Walkenbach
Niddastr. 64 – 60329 Frankfurt/Main, Germany Company headquarters: Ulm – Soeflinger Strasse 218, 89077 Ulm – Germany
Ulm District Court, Registration No.: HRB 722213
Tel.: +49 69 25786744
Data Protection Officer:
ANTELOPE – part of the Beurer group – BEURER GmbH
60329 Frankfurt am Main, Germany
Tel.: +49 69 25786744
If a person wishes to make use of our Company’s services via our website / online shop, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we will always obtain the consent of the person concerned.
The processing of personal data (for example, name, address, e-mail address or telephone number) always takes place in accordance with the General Data Protection Regulation (GDPR) and in accordance with the specific data protection regulations applicable to us.
This data privacy statement aims to provide information about the type, scope and purpose of the personal data collected, used and processed by us. This data privacy statement also informs data subjects about their rights.
As the data controller, we have implemented numerous technical and organisational measures to ensure the fullest possible protection of the personal data processed via our website. However, data transmissions via the Internet can always involve security vulnerabilities and therefore 100% protection cannot be guaranteed. Every data subject can of course also provide personal data to us via an alternative route, for example, over the phone.
This privacy statement is based on the definitions used by the European Regulation and the regulation makers in the adoption of the GDPR (Article 4 GDPR). This privacy statement should be both easy to read and easy to understand for everyone. In order to ensure this, we would first like to explain the terms used.
The following definitions are used in this data privacy statement:
‘personal data’ means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘data subject’ means any identified or identifiable natural person whose personal data are processed by the controller.
‘processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘limitation of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘recipient’ means a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct responsibility of the controller or processor, are authorised to process the personal data;
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
3. Collection and storage of personal data and the nature and purpose of their use
a) When visiting the website
When you visit our website, www.antelope.de, the browser on your device automatically sends information to our website server. This information is temporarily stored in a log file.
The following information is collected without your intervention and stored until it is automatically deleted:
- IP address of the requesting computer
- date and time of access
- name and URL of the retrieved file
- website from which access is made (referrer URL)
- browser used and, if applicable, the operating system of your computer as well as the name of your access provider
We process the aforementioned data for the following purposes:
- ensuring smooth website connection
- ensuring easy and convenient use of our website
- evaluating system security and stability as well as
- for other administrative purposes
b) When registering for our newsletter
Information relating to the contents of our newsletter as well as registration, dispatch and statistical evaluation procedures, and your rights of objection is provided below. By subscribing to our newsletter, you indicate your consent to its receipt and agreement with the procedures described.
Newsletter content: We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as ‘newsletter’) only with the consent of the recipient or based on legal permission. If the contents of the newsletter are described specifically as part of the registration, these are relevant for the user’s consent.
Double opt-in and logging: Registration for our newsletter takes place through a so-called double opt-in procedure. This means that you will receive an e-mail after you have registered asking you to confirm your registration. Such confirmation is necessary to prevent registration using external e-mail addresses. Registrations for the newsletter are logged in order to be able to prove that the registration process has been conducted in accordance with legal requirements. This includes storage of the registration and confirmation date, as well as the IP address. Likewise, changes to your data stored with the mail service provider are logged.
The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance on a par with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
Furthermore, according to its own information, the mail service provider may use personal data in pseudonymised form, i.e. without assignment to a user, to optimise or improve its own services, for example, for technical optimisation of the mailing and display of the newsletter or for statistical purposes, in order to determine the countries from which the recipients originate. However, the mail service provider will not use the data of our newsletter recipients to write to them itself nor will it pass these data on to third parties.
Registration details: To subscribe to the newsletter, you simply need to enter your e-mail address.
Performance measurement – Our newsletters contain a so-called ‘web beacon’, i.e. a file the size of a pixel, which is retrieved by the server of the mail service provider when the newsletter is opened. Technical data, such as information about the browser and your system, as well as your IP address and date of retrieval, are collected as part of this retrieval procedure. This information is used for the technical improvement of services based on technical data or target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or access dates. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our, nor the mail service provider’s intention to monitor individual users. We use these surveys much more to identify the reading habits of our users and to adapt our contents to them or to send different content according to their interests.
Newsletter dispatch and performance measurement are based on the consent of the recipients in accordance with Art. 6 (1) a), Art. 7 GDPR in conjunction with Section 7 (2) 3) of the German Act against Unfair Competition (UWG) or legal permission in accordance with Section 7 (3) UWG.
The registration procedure is logged based on our legitimate interests pursuant to Art. 6 (1) f) GDPR and serves as proof of consent to receive the newsletter.
Cancellation – You can unsubscribe from our newsletter at any time, i.e. withdraw your consent. You will find an unsubscribe link at the end of each newsletter. If users have only subscribed to the newsletter and subsequently cancel their subscription, their personal data will be deleted. Alternatively, you can send your unsubscribe request at any time to email@example.com:
- salutation, first name, last name
- a valid e-mail address
- telephone number (landline and/or mobile)
These data are collected,
- to identify you as our customer;
- to process and fulfil your order;
- to correspond with you;
- for invoicing;
- to process any existing liability claims, as well as to assert claims against you;
- to ensure the technical administration of our website;
- to administer our customer data.
Your consent to the processing of this data will be obtained as part of the ordering process.
Data processing takes place in relation to your order and/or registration and is necessary, in accordance with Art. 6 (1) 1) b) GDPR for the aforementioned purposes, for the appropriate processing of your order and for the mutual fulfilment of obligations arising from the purchase agreement.
The personal data collected by us for the processing of your order will be stored until expiry of the statutory storage period and deleted thereafter unless we are obliged to store them for a longer period of time in accordance with Article 6 (1) 1) c) GDPR, or on account of storage and documentation obligations under commercial and tax law (German Commercial Code (HGB), German Criminal Code (StGB) or German Tax Code (AO)), or you have consented to storage beyond this in accordance with Article 6 (1) 1) a) GDPR.
c) When using our app
The following additional data will be collected and stored when using our iOS app:
- fitness level
- information about your mobile device
- duration of training
- time stamp at the beginning and end of course
- workout ID
- user ID
- battery level of your mobile device
- type of workout
- name of workout
- user e-mail address
- intensities and channels used during training
Data processing takes place upon registration in the app and is required, in accordance with Art. 6 (1) 1) b) GDPR for the purposes indicated, for the appropriate use of your ANTELOPE product and thus for the mutual fulfilment of obligations arising from the purchase agreement.
The personal data collected by us for use of the app will be stored until expiry of the statutory storage period and deleted thereafter, unless we are obliged to store them for a longer period of time pursuant to Article 6 (1) 1) c) GDPR, or on account of storage and documentation obligations under commercial and tax law (German Commercial Code (HGB), German Criminal Code (StGB) or German Tax Code (AO)), or you have consented to storage beyond this pursuant to Article 6 (1) 1) a) GDPR.
4. Transfer of stored data
Your personal data will be passed on by us to third parties, exclusively to the service partners involved within the scope of contract execution, such as, for example, the logistics company responsible for delivery and the financial institution responsible for dealing with payment. However, in cases where your personal data are passed on to third parties, the scope of the data transmitted shall be limited to the absolute minimum.
Transfer of data
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only pass on your personal data to third parties if:
- you have given your express consent in accordance with Art. 6 (1) 1) a) GDPR,
- disclosure pursuant to Art. 6 (1) 1) f) GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
- in the event that there is a legal obligation to pass on data pursuant to Art. 6 (1) 1) c) GDPR, and
- this is legally permissible and required for the execution of contractual relationships with you pursuant to Art. 6 (1) 1) b) GDPR.
5. Cookies & retargeting
6. Links to third party websites
The links published on our website are researched and compiled by us with the greatest possible care. However, we have no influence on the current and future design and content of linked pages. We are not responsible for the content of linked pages and expressly do not adopt the content of these pages as our own. The provider of the website to which you are referred shall be solely responsible for illegal, incorrect or incomplete content as well as for any damage resulting from the use or misuse of the information. Liability of the party merely referring to a publication via a link shall be excluded. We shall only be responsible for third-party references if we have positive knowledge of them, i.e. any illegal or criminal content, and if it is technically possible and reasonable for us to prevent their use.
7. Analysis and tracking tools
The tracking measures listed below and used by us are carried out on the basis of Art. 6 (1) 1) f) GDPR. The tracking measures we use are intended to ensure that our website meets requirements and is continually optimised. We also use these tracking measures to record website use and to evaluate it for you in order to optimise our offering. These interests are considered legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
i) Google Analytics
We use Google Analytics, a web analysis service provided by Google Inc., for the purpose of tailoring our pages to meet your needs and continuously optimising them. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as ’Google’). Pseudonymised user profiles are created and cookies (see section 4) are used in this context. The information generated by cookies about your use of our website includes
- browser type/version
- operating system
- referrer URL (previously visited page)
- hostname of accessing computer (IP address)
- time of server request
- client ID (user, device, browser)
- Google Analytics tracking ID
- Google Tag Manager container
- location URL
- language of the user
- page view / sessions
- session duration
- interests of the user
- user flow
- origin URL
We only use Google Analytics with IP anonymisation enabled. This means that the IP address of the user is shortened by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
This information is used to evaluate website use, to compile reports on website activity and to provide other services relating to website and Internet use for market research purposes and to tailor our website to requirements. This information may also be transferred to third parties if this is required by law or if third parties process such information on behalf of third parties. Under no circumstances will your IP address be merged with other Google data. Further information on data privacy in connection with Google Analytics can be found in the Google Analytics help section (https://support.google.com/analytics/answer/6004245?hl=de).
ii) Google Adwords conversion tracking
We also use Google conversion tracking to record the use of our website statistically and to evaluate it for the purpose of optimising our website for you. Google Adwords places a cookie (see number 4) on your computer if you have reached our website via a Google advertisement. These cookies lose their validity after 30 days and are not used for personal identification purposes. If the user visits certain pages on the AdWords customer’s website and the cookie has not expired, Google and the customer will be able to tell that the user clicked on the ad and was directed to that page.
8. Social media plugins
We use social plug-ins of the social networks Facebook, Twitter and Instagram on our website based on Art. 6 (1) 1) f) GDPR, in order to raise the profile of our company and the online shop. The advertising purpose behind this is regarded as a legitimate interest within the meaning of GDPR. Responsibility for operation that is compliance with data protection regulations must be guaranteed by the respective providers. These plug-ins are integrated by us using the two-click method in order to protect visitors to our website in the best possible way.
Social media plugins from Facebook are used on our website to make its use more personal. For this we use the ‘LIKE’ or ‘SHARE’ button. This is an offer from Facebook. If you call up a page on our website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser, which integrates it into the website. By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there. If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook account. If you interact with the plugins, for example by pressing the ’LIKE’ or ‘SHARE’ button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.
Based on our legitimate interests in the analysis, optimisation and economic operation of our online services and for these purposes, the so-called ‘Facebook pixel’ of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Facebook’), is used within our online services.
Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
With the help of the Facebook pixel, Facebook is able to determine the visitors to our online offering as a target group for the presentation of ads (so-called ‘Facebook ads’). Accordingly, we use Facebook pixels to display Facebook ads placed by us only to Facebook users who have shown an interest in our online offering or who have certain characteristics (for example, interests in certain topics or products that are determined on the basis of the websites visited) which we transmit to Facebook (so-called ‘custom audiences’). We also want to ensure using Facebook pixels that our Facebook ads match the potential interests of users and are not annoying. We can also use Facebook pixels to track the effectiveness of Facebook ads for statistical and market research purposes by seeing if users were referred to our website after clicking on a Facebook ad (known as ‘conversion’).
Twitter Inc. (Twitter) plugins are integrated into our web pages. You can recognise Twitter plugins (Tweet button) from the Twitter logo on our website. You can find an overview of Tweet buttons here (https://about.twitter.com/resources/buttons). If you access a page on our website that contains such a plugin, a direct connection will be established between your browser and the Twitter server. Twitter receives the information that you have visited our site using your IP address. If you click the Twitter ’Tweet’ button while logged in to your Twitter account, you can link the content of our pages to your Twitter profile. This allows Twitter to assign the visit to our pages to your user account. We would like to point out that, as the provider of the pages, we do not have any knowledge of the content of the data transmitted or its use by Twitter.
Our website/online shop also uses social plugins (‘plugins’) from Instagram, operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (‘Instagram’). The plugins are marked with an Instagram logo, for example in the form of an ‘Instagram camera’.
When you visit a page of our website/online shop that contains such a plugin, your browser establishes a direct connection to Instagram’s servers. Instagram sends the content of the plugin directly to your browser and integrates it into the page. This integration tells Instagram that your browser has accessed the appropriate page on our site, even if you do not have an Instagram profile or are not logged in to Instagram.
9. Rights of data subjects
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your personal data have been or will be disclosed, the envisaged storage period, the existence of a right to request rectification, erasure, restriction of processing or to object to processing, the existence of a right to lodge a complaint, the source of your personal data, unless it has been collected from us, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information about its details;
- in accordance with Art. 16 GDPR, to immediately request the rectification of inaccurate or incomplete personal data stored by us;
- to obtain the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right to freedom of expression and information, for the compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- to obtain the restriction of the processing of your personal data in accordance with Art. 18 GDPR, if the accuracy of the data is contested by you, the processing is unlawful but you oppose its erasure and we no longer need the data but you require it for the establishment, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format or to request the transfer of those data to another controller;
- in accordance with Art. 7 (3) GDPR, to withdraw your consent already given to us at any time. The consequence of this is that we may no longer continue processing the data based on this consent in the future, and
- to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority from your usual place of residence or place of work or at our company headquarters.
10. Right to object
If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 (1) 1) f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of personal data concerning you on grounds relating to your particular situation or if personal data are processed for direct marketing purposes. In the latter case, you have a general right to object without stating particular reasons and this will be implemented by us. If you would like to make use of your right to withdraw or object, simply send an e-mail to firstname.lastname@example.org
11. Data security
We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss or destruction, and against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
12. Up-to-dateness and changes to this data privacy statement
This data privacy statement is valid as of May 2018.
Due to the further development of our website and offers on it or due to new legal or statutory requirements, it may be necessary to amend this data privacy statement. You can access and print out the current data privacy statement at any time on the website at https://www.antelope.de/datenschutz/
Effective date: 24.05.2018