Table of contents
1 General information
1.1 Objectives and responsibilities
1.2 Legal basis
1.3 Rights of data subjects
1.4 Data Deletion and Storage Period
1.5 Security of Processing
1.6 Data transfer to third parties, subcontractors and third-party providers
2 Processing within the scope of our online services
2.1 Webflow
2.2 Amazon CloudFront CDN
2.3 Information on Google services
2.4 Google Analytics
2.5 Google Tag Manager
2.6 Meta Pixel (Facebook Custom Audience)
2.7 Consent Management
2.8 Links to other websites
2.9 DoubleClick
2.10 Hotjar
2.11 Segment
3 Processing for the purpose of carrying out our business processes
3.1 Book a class
4 Cookie Policy
4.1 General Information
4.2 Cookie overview, objection
5 Changes to the Data Policy
1. This privacy policy informs you about the nature, scope and purpose of the processing of personal data in relation to our online offer https://www.wearethestorm.de/ and the associated websites, functions and content (hereinafter collectively referred to as "online offer" or "website"). Details of these processing activities can be found in section 2.
2. Details of data processing for the purpose of carrying out our business processes are described in section 3.
3. Holmes Place Health Clubs GmbH (Charlottenstraße 65, D -10117 Berlin) - hereinafter referred to as "we" or "us" - is responsible for data protection.
4. Our data protection officer can be contacted at the email address dataprotection_DE@holmesplace.de.
5. The term "user" includes all customers and visitors to the online offer.
In principle, we collect and process personal data based on the following legal bases:
a. Consent in accordance with Article 6(1)(a) of the General Data Protection Regulation(GDPR). Consent is any voluntary, informed and unambiguous expression of will in the form of a declaration or other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personaldata relating to him or her.
b. Necessity for the performance of a contract or the implementation of preparatory measures pursuant to Article 6(1)(b) of the GDPR, i.e. the data is necessary for us to be able to fulfil our contractual obligations towards you or we need the data to prepare for the conclusion of a contract with you.
c. Processing for compliance with a legal obligation pursuant to Article 6(1)(c) of the GDPR, i.e. processing of the data is required by law or other regulations.
d. Processing for the purposes of legitimate interests pursuant to Article 6(1)(f) GDPR, i.e. that the processing is necessary to protect legitimate interests on our part or on the part of third parties, unless such interests are overridden by the interests or fundamental rights and freedoms of you which require the protection of personal data.
The specific legal bases for the individual processing operations are specified in the following sections.
You have the following rights in relation to data processing by us:
a. Right to lodge a complaint with a supervisory authority pursuant to Article 13(2)(d) GDPR and Article 14(2)(e) GDPR.
b. Right to information pursuant to Article 15 GDPR
c. Right of rectification pursuant to Article 16 of the GDPR
d. Right to erasure ("right to be forgotten") pursuant to Article 17 GDPR
e. Right to restriction of processing pursuant to Article 18 GDPR
f. Right to data portability pursuant to Article 20 GDPR
g. Right to object pursuant to Article 21 of the GDPR
Users may object to the processing of their personal data in accordance with the legal requirements at any time with effect for the future. The objection may in particular be made against processing for direct marketing purposes.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The personal data of the data subject will be erased or blocked as soon as the purpose of the storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.
1. We have implemented appropriate and state-of-the-art technical and organisational security measures (TOMs). This means that the data we process is protected against accidental or intentional manipulation, loss, destruction and unauthorised access.
2. The security measures include in particular the encrypted transmission of data between your browser and our server.
1. Personal data is only transferred to third parties within the framework of legal requirements. We only pass on the user's data to third parties if this is necessary, for example, for billing purposes or for other purposes if the transfer is necessary to fulfil contractual obligations towards the user.
2. If we use subcontractors for our online services, we have taken appropriate contractual precautions and corresponding technical and organisational measures vis-à-vis these companies.
3. If we use content, tools or other means from other companies (hereinafter collectively referred to as "third party providers") and their registered office is located in a third country, it can be assumed that data is transferred to the countries in which the third party providers are based. The transfer of personal data to third countries by us will only take place if an appropriate level of data protection, the consent of the user or other legal permission exists.
1. We host our website with Webflow. The provider is Webflow, Inc, 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter referred to as Webflow). When you visit our website, Webflow collects various log files including your IP addresses.
2. Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies that are necessary for the presentation of the page, for the provision of certain website functions and for ensuring security (necessary cookies).
3. For details, please refer to Webflow's privacy policy:
https://webflow.com/legal/eu-privacy-policy.
4. The use of Webflow is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is presented as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TDDDG. The consent can be revoked at any time.
5. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://webflow.com/legal/eu-privacy-policy.
6. We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
1. We use the Cloudfront content delivery network (CDN). The provider is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg (hereinafter "Amazon"). Amazon will act as a subcontractor of Webflow.
2. Amazon CloudFront CDN is a globally distributed content delivery network. Technically, the information transfer between your browser and our website is routed via the Content Delivery Network. This allows us to increase the global accessibility and performance of our website.
3. The use of Amazon CloudFront CDN is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 (1) f GDPR).
4. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.
5. Further information on Amazon CloudFront CDN can be found here:
https://docs.aws.amazon.com/pdfs/AmazonCloudFront/latest/DeveloperGuide/AmazonCloudFront_DevGuide.pdf#data-protection-summary
1. We use various services of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland on our website.
You can find more detailed information on the individual concrete services of Google that we use on this website in the further data protection declaration.
2. By integrating Google services, Google may collect and process information (including personal data). It cannot be ruled out that Google also transmits the information to a server in a third country. The transmission to the USA depends on the function in which personal data is transmitted. As the responsible party, we ourselves may transfer data to Google in the USA for further use.
Google is registered with the data privacy framework. Furthermore, Google has committed to comply with the Standard Contractual Clauses for the transfer of personal data to third countries under Directive 95/46/EC (Standard Contractual Clauses - SCC).
More information on the Standard Contractual Clauses can be found at
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractuals-clauses-scc_en
and at
https://policies.google.com/privacy/frameworks?hl=en
3. We ourselves cannot influence which data Google actually collects and processes. However, Google states that the following information (including personal data) may be processed:
- Log data (in particular the IP address)
- Location-related information
- Unique application numbers
- Cookies and similar technologies
Information on the types of cookies used by Google can be found at https://policies.google.com/technologies/types.
4. If you are logged into your Google account, Google may add the processed information to your account and treat it as personal data, depending on your account settings.
5. Google states the following about this, among other things:
"If you are not signed in to a Google Account, we store the data we collect with unique identifiers associated with the browser, app or device you are using. This allows us to ensure, for example, that your language settings are retained across all browsing sessions.
If you are signed into a Google Account, we also collect data that we store in your Google Account and consider to be personal data." (https://privacy.google.com/take-control.html)
6. You can prevent this data from being added directly by logging out of your Google account or also by making the appropriate account settings in your Google account. Furthermore, you can change your cookie settings (e.g. delete cookies, block cookies, etc.).
7. You can find more detailed information in Google's privacy policy, which you can access here: https://www.google.com/policies/privacy/.
8. You can find information on Google's privacy settings at https://privacy.google.com/take-control.html.
1. We use Google Analytics, a web analytics service, on the basis of your consent for the analysis, optimisation and economic operation of our online offer pursuant to Art. 6 para. 1 lit. a. GDPR. Google Analytics, a web analysis service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) - hereinafter "Google"). Google uses cookies and other technologies. The information generated by the service about the use of the online offer by the users is transmitted to a Google server in the USA and processed there.
2. Google acts on our behalf as part of an order processing pursuant to Article 28 GDPR. We have concluded a data protection agreement with Google that contains the EU standard data protection clauses.
3. In addition, we have concluded a shared responsibility agreement with Google for the use of Google's measurement services in accordance with Article 26 of the GDPR (see https://support.google.com/analytics/answer/9012600). Within this framework, we have agreed with Google to be responsible for the fulfilment of information obligations and for ensuring data subject rights in accordance with Chapter 3 of the GDPR, as well as for the security of processing and reporting/notification obligations. (Articles 32 to 34 GDPR). Google will use the information to evaluate the use of our online offer by the users, to compile reports on the activities within this online offer and to provide us with further services related to the use of this online offer and the use of the Internet. In doing so, pseudonymous user profiles of the users can be created from the processed data.
4. We use Google Analytics to display the ads placed within advertising services of Google and its partners only to those users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Google (so-called "remarketing audiences", or "Google Analytics audiences"). With the help of remarketing audiences, we also want to ensure that our advertisements correspond to the potential interest of the users and do not have a harassing effect.
5. We use Google Analytics with IP anonymisation activated.
6. Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognised on future website visits. Users may refuse the use of cookies by selecting the appropriate settings on their browser, and prevent the collection of data generated by the cookie and related to their use of the website by Google and the processing of such data by Google by downloading and installing the browser plugin available at: https://tools.google.com/¬dlpage/gaoptout?hl=en.
7. The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 26 months. Other data remains stored in aggregated form indefinitely.
8. For more information on Google's use of data, settings and revocation options, please visit Google's website:
https://policies.google.com/technologies/partner-sites?hl=de ("Data use by Google when you use our partners' websites or apps").
https://policies.google.com/¬technologies/ads ("Data use for advertising purposes")
https://adssettings.google.com/¬authenticated ("Manage information Google uses to serve ads to you").
1. We use the Google Tag Manager on our website. The Google Tag Manager is a service of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
2. The Google Tag Manager enables us to integrate various codes and services on our website in an orderly and simplified manner. The Google Tag Manager implements the tags or "triggers" the embedded tags. When a tag is triggered, Google may process information (including personal data) and process it. It cannot be ruled out that Google also transmits the information to a server in a third country.
3. Information on the standard contractual clauses and the transmission to the USA by us to Google and other relevant data on data processing by Google in the context of the use of Google services can be found in this privacy policy under section 2.4 "information on Google services".
4. In particular, the following personal data are processed by the Google Tag Manager:
- Online identifiers (including cookie identifiers).
- IP address
5. In addition, you can find more detailed information on the Google Tag Manager on the websites https://www.google.de/tagmanager/use-policy.html
as well as at
https://www.google.com/intl/de/policies/privacy/index.html (section "Data we receive based on your use of our services").
6. Furthermore, we have concluded an order processing contract with Google for the use of the Google Tag Manager (Art. 28 DSGVO). Google processes the data on our behalf in order to trigger the stored tags and display the services on our website. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.
7. If you have deactivated individual tracking services (e.g. by setting an opt-out cookie), the deactivation will remain in effect for all affected tracking tags that are integrated by the Google Tag Manager.
8. By integrating the Google Tag Manager, we pursue the purpose of being able to carry out a simplified and clear integration of various services. Furthermore, the integration of the Google Tag Manager optimises the loading times of the various services.
9. The legal basis for the processing of personal data described here in the context of the measurement process is your express consent pursuant to Art. 6 (1) lit. a GDPR
10. The legal basis for processing those data that are processed in the context of obtaining consent is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. We have a legitimate interest in being able to prove that you have given your consent to the measurement procedure (Art. 7 (1) GDPR).
1. We use a so-called tracking pixel of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of Facebook Inc. 1601, Willow Road Menlo Park, CA 94025, USA, on our website. We use Facebook Pixel to track the success of our own Facebook advertising campaigns and to optimise the playout of Facebook advertising campaigns to interested target groups.
2. After clicking on a Facebook ad or when visiting our website, a cookie is stored on your end device with the help of the pixel on our website. The cookie processes data about whether you have arrived on our website via a Facebook ad and allows us to analyse the user's behaviour until the purchase is completed. This allows us to track the success rate of our Facebook advertising campaigns. In addition, the pixel processes data about the fact that you have visited our website and allows us to tailor the advertisements played on Facebook to your interests.
3. When you visit our website, the Facebook pixel integrated on our website establishes a direct connection to Facebook's servers. The information generated by the cookie about your use of this website (including your IP address) is transmitted to Facebook in the US.
4. Facebook ensures an adequate level of data protection via the EU standard contractual clauses. You can access a copy of the contractual clauses here: https://www.facebook.com/legal/EU_data_transfer_addendum.
5. The data collected is anonymous for us and does not allow us to draw any conclusions about the user. If you are registered with Facebook, Facebook can assign the collected information to your account. Even if you do not have a Facebook account or are not logged in when you visit our website, your IP address and other identification data may be processed and stored by Facebook.
6. The legal basis for data processing is your consent in accordance with Art. 6 Para. 1 a GDPR.
7. You can revoke your consent for data processing by Facebook Pixel for our web domain at any time with future effect by adjusting your preferences in our cookie settings. Furthermore, you can prevent the setting of cookies by adjusting the corresponding settings in your Facebook account at https://www.facebook.com/settings?tab=ads.
1. This website uses the cookie consent technology of Cookiebot to obtain your consent to the storage of certain cookies on your end device and to document this in a data protection compliant manner. The provider of this technology is Cybot A/S (Havnegade 39, 1058 Copenhagen, Denmark, website: https://www.cookiebot.com/) - hereinafter "Cookiebot".
2. When you enter our website, the following personal data is transferred to Cookiebot:
- Your consent(s) or withdrawal of your consent(s).
- Your IP address
- Information about your browser
- Information about your terminal device
- Time of your visit to the website
3. Furthermore, Cookiebot stores a cookie in your browser in order to be able to allocate the consent(s) granted to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the Cookiebot cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
4. Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c GDPR.
1. While using some of our services, you will be automatically redirected to other websites.
2. Please note that this data protection declaration is not valid there. The privacy policy of the linked website may differ significantly from this one.
1. Doubleclick by Google is a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
2. Doubleclick by Google uses cookies to present you with advertisements that are relevant to you. In the process, a pseudonymous identification number (ID) is assigned to your browser in order to check which advertisements were displayed in your browser and which advertisements were called up. The cookies do not contain any personal information. The use of DoubleClick cookies only enables Google and its partner websites to serve ads based on previous visits to our website or other websites on the Internet. The information generated by the cookies is transferred by Google to a server in the USA for analysis and stored there. Under no circumstances will Google combine your data with other data collected by Google.
3. The legal basis is your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You consent to the processing of data about you by Google in the manner and for the purposes set out above.
4. You can prevent the storage of cookies by selecting the appropriate settings in your browser software. Furthermore, you can prevent the collection of the data generated by the cookies and related to your use of the websites to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link under the item "Extension for DoubleClick deactivation".
5. You can find more information on DoubleClick by Google and data protection here: https://policies.google.com/technologies/ads?hl=en.
1. We use Hotjar to better understand the needs of our users and to optimize our service and experience. Hotjar is a technology service that helps us better analyze user experiences (e.g. how much time they spend on which pages, which links they click on, what users like and dislike, etc.) and allows us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data about the behavior of our users and their devices. This includes a device's IP address (which is processed during your session and stored in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only) and the preferred language in which our website is displayed. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.
2. Further information can be found on the Hotjar website: www.hotjar.com/legal/policies/privacy/.
3. Fhe legal basis for the processing is your consent in accordance with Article 6 (1) (a) GDPR.
1. We use Segment from the company of the same name Segment.io, Inc, 100 California Street Suite 700 San Francisco, CA 94111, USA. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
2. We use Segment to store and validate user interactions in our own data environment. Segment does not perform any analysis or profiling.
4. Further information can be found in the provider's privacy policy at https://segment.com/legal/privacy/
1. Our online offer uses functions of the online booking software FITOGRAM. The provider is Fitogram GmbH (Probsteigasse 15-17, 50670 Cologne, Germany).
2. Each time one of our pages containing FITOGRAM functions is accessed, a connection to FITOGRAM servers is established. FITOGRAM is informed that you have visited our website with your IP address. In this context, further data may be transmitted to FITOGRAM.
4. When contacting us via the booking software, your details will be processed to process the request and its handling in accordance with Art. 6 para. 1 lit. b GDPR.
5. We have concluded a data protection agreement with FITOGRAM. FITOGRAM is therefore obliged to process your data only in accordance with our instructions and to comply with the requirements of the GDPR. Details on FITOGRAM's data protection can be found in the privacy policy at https://content.fitogram.pro/privacy/.
6. You can obtain information about the cookies used by FITOGRAM via our Consent Management Platform.
1. Cookies are pieces of information that are transferred from our web server or third party web servers to users' web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.
2. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
1. You can find an up-to-date overview of the cookies used on this website in the consent management platform "cookiebot" (see paragraph 2.7 "Consent management").
2. There you can also manage your individual consents or preferences.
5 Changes to the data protection declaration
1. We reserve the right to change this data protection declaration in order to adapt it to changes in the law or to changes in data processing.
2. If the consent of the users is required or parts of the data protection declaration contain regulations of the contractual relationship with the users, the changes will only be made with the consent of the users. 3.
3. Users are requested to inform themselves regularly about the content of this data protection declaration.
1. We reserve the right to change this data protection declaration in order to adapt it to changes in the law or to changes in data processing.
2. If the consent of the users is required or parts of the data protection declaration contain regulations of the contractual relationship with the users, the changes will only be made with the consent of the users. 3.
3. Users are requested to inform themselves regularly about the content of this data protection declaration.
Status: September 2024
