Skip to content
  • 20min Training
  • Immer mit Personal Trainer
  • Immer mit Termin
Studio finden Probetraining sichern

DATA PROTECTION

We are very delighted that you have shown interest in our company. Data protection is of a particularly high priority for the management of the fitbox GmbH.

If you use our website, your personal data will be processed, which is why we are obliged to inform you about certain circumstances of the processing in accordance with Art. 13 GDPR. We are happy to comply with this obligation with this privacy policy:

A. Explanations
To improve transparency, we will first explain general terms relating to personal data processing. The specific information obligations under Art. 13 GDPR are fulfilled under B.

I. Personal data
Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

II. order processing contract (AVV)
If personal data is processed by a provider on behalf of the controller, a DPA must be concluded in accordance with Art. 28 GDPR. This is a contract prescribed by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

III Revocation
If you have given your consent to data processing in accordance with Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG or Art. 9 para. 2 lit. a GDPR, you can revoke this consent at any time vis-à-vis the controller, Art. 7 para. 3 GDPR. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

IV. EU-US Data Privacy Framework
This is an agreement on data exchange between the European Union and the United States of America. It safeguards the rights of data subjects whose data is processed in the USA. There is an adequacy decision by the European Commission within the meaning of Art. 45 GDPR, according to which an adequate level of protection has been established. Providers can submit to self-certification. If certification is obtained, the data transfer to this US provider is covered by the adequacy decision.

B. Information pursuant to Art. 13 GDPR

I. Controller and data protection officer

1. controller
The controller pursuant to Art. 4 No. 7 GDPR is:
fitbox GmbH
Oranienburger Str. 5c
10178 Berlin
represented by the managing directors Ingo Huppenbauer, ibid. and Dr. Björn Schultheiss, ibid.
Phone: (030) 513 049 78
E-mail: info(at)fitbox.de
(see our imprint).

2. data protection officer
You can reach our data protection officer at
SecData GmbH
Rohrteichstraße 35a
33602 Bielefeld
represented by the managing director Dr. Christoph Franke, ibid.
E-mail: info@secdata.gmbh
Telephone: 0521/557519-333
or our postal address with the addition "the data protection officer".

II. Your rights
You have the following rights vis-à-vis the controller from I. 1. with regard to the personal data concerning you:
- Right of access,
- Right to rectification or erasure,
- Right to restriction of processing,
- Right to object to processing,
- right to data portability.
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
The competent supervisory authority is
Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61
10555 Berlin
Phone: +49 30 13889-0
E-mail: mailbox@datenschutz-berlin.de
You can assert the aforementioned rights with and against each individual controller.

III. Information pursuant to Art. 13 para. 1 lit. c-f and para. 2 GDPR
For reasons of better transparency, we comply with these information obligations when presenting the specific processing activity.

1. provision of the website (hosting) and log files
We host the content of our website with the following provider
STRATO GmbH, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany
When you visit our website, the provider collects various log files including your IP addresses. Details can be found in the provider's privacy policy:www.strato.de/datenschutz/.
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are
1. browser type and browser version
2. operating system used
3. referrer URL
4. host name of the accessing computer
5. time of the server request
6. the IP address
This data is not merged with other data sources.
This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - the server log files must be recorded for this purpose.

2. contact form and making contact
When you contact us by e-mail or via a contact form, the data you provide (surname, first name, e-mail address, telephone number and your message) will be stored by us in order to answer your questions. We delete the data arising in this context if the inquiry is assigned to a contract after the contract period, otherwise after the storage is no longer necessary, or restrict the processing if there are statutory retention obligations. Depending on the type of request, the legal basis is our legitimate interest in responding to your request quickly and effectively in accordance with Art. 6 para. 1 lit. f GDPR or the implementation of pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR. If the request can be assigned to an existing contract, the legal basis is the fulfillment of the contract pursuant to Art. 6 para. 1 lit. b GDPR.

3. processing of data from your end devices
In addition to the above-mentioned data, we use technical aids for various functions when you use our website, in particular cookies, which can be stored on your end device. When you access our website and at any time thereafter, you have the choice of whether you generally allow cookies to be set or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Manager. In the following, we first describe cookies from a technical point of view before going into more detail about your individual choices by describing technically necessary cookies and cookies that you can voluntarily select or deselect.
Cookies are text files or information in a database that are stored on your hard disk and assigned to the browser you are using so that certain information can flow to the place that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer, but are primarily used to make the website faster and more user-friendly. This website uses the following types of cookies, whose function and legal basis are explained below: Transient cookies: Such cookies, especially session cookies, are automatically deleted when the browser is closed or by logging out. They contain a so-called session ID. This allows various requests from your browser to be assigned to the joint session and your computer can be recognized when you return to our website.
Persistent cookies: These are automatically deleted after a specified period, which varies depending on the cookie. You can view the cookies set and the duration at any time in the settings of your browser and delete the cookies manually.
Other technologies: These functions are not based on cookies, but on similar technical mechanisms, such as Flash cookies, HTML5 objects or an analysis of your browser settings. As a result, we can also use the technologies described below. Here, too, you can of course consent or object.
Mandatory functions that are technically necessary to display the website: The technical structure of the website requires us to use technologies, in particular cookies. Without these technologies, our website cannot be displayed (completely correctly) or the support functions could not be enabled. These are basically transient cookies that are deleted at the end of your website visit, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website. The individual cookies can be seen in the Consent Manager.
Optional cookies if you give your consent: We only set various cookies after you have given your consent, which you can select on your first visit to our website via the so-called cookie consent tool. The functions are only activated if you give your consent and can be used in particular to enable us to analyze and improve visits to our website, to make it easier for you to use different browsers or end devices, to recognize you during a visit or to place advertising (possibly also to tailor advertising to your interests, measure the effectiveness of advertisements or show interest-based advertising). The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. a GDPR, § 25 para. 1 TDDDG.
You can withdraw your consent at any time without this affecting the lawfulness of processing up to the point of withdrawal.
The functions we use, which you can select and revoke individually via the Consent Manager, are described below.

a. Cookie consent tool
We use the cookie consent tool "Cookieman" from the provider d-mind GmbH, Mörikestraße 69, 70199 Stuttgart, Germany, to obtain consent to the data processing of website users and their administration.
A connection to the provider's servers is not established, so no data transfer takes place.
The legal basis for this processing is our legal obligation to provide proof of consent given (from Art. 7 para. 1 GDPR) in accordance with Art. 6 para. 1 lit. c GDPR.

b. Google Tag Manager
We use the tag manager of the provider Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. With the help of the Tag Manager, we can integrate statistical and analysis tools on our website. The tag manager itself does not store any cookies and does not have any analysis functions. The tag manager therefore only records your IP address. Google acts as a processor and we have concluded a corresponding contract with Google.
The information generated by the cookie and the (usually shortened) IP addresses about your use of this website are usually transferred to a Google server in the USA and processed there. The provider is an active participant in the EU-US Data Privacy Framework, which sets out rules for secure data transfer to the USA. In addition, the provider uses standard contractual clauses within the meaning of Art. 46 para. 2, 3 GDPR, which are intended to ensure that data processing is aligned with European standards. The EU Commission has assessed these clauses as appropriate safeguards for the transfer of personal data to the USA in an implementing decision. Further information from the provider can be found at:policies.google.com/privacy/frameworks.
The legal basis is our legitimate interest in a fast and uncomplicated integration of various analysis and statistics tools in accordance with Art. 6 para. 1 lit. f GDPR. If we ask for your consent, the processing is based on Art. 6 para. 1 lit. a GDPR. Your consent is freely revocable.

c. Google Ads
We use Google Ads to draw attention to our offers with the help of advertisements. If you access our website via a Google ad, Google Ads will store a cookie on your device. The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. a GDPR, § 25 para. 1 TDDDG, i.e. the integration only takes place with your consent.
The advertising material is delivered by Google via so-called "ad servers". For this purpose, we and other websites use so-called ad server cookies, through which certain parameters for measuring success, such as the display of ads or clicks by users, can be measured. We can obtain information about the success of our advertising campaigns via the Google Ads cookies stored on our website. These cookies are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that a user no longer wishes to be contacted) are usually stored as analysis values for this cookie.
The cookies set by Google enable Google to recognize your internet browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Ads customer so that the cookies cannot be tracked via the websites of other Ads customers. By integrating Google Ads, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out your IP address and store it.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We ourselves do not independently collect personal data in the aforementioned advertising measures, but only provide Google with the opportunity to collect the data. We only receive statistical evaluations from Google, which provide information on which advertisements were clicked on how often and at what prices. We do not receive any further data from the use of the advertising material; in particular, we cannot identify users on the basis of this information.
You can withdraw your consent at any time without this affecting the permissibility of processing up to the time of withdrawal. The easiest way to withdraw your consent is via our Consent Manager or via the following functions:
1. by setting your browser software accordingly; in particular, the suppression of third-party cookies means that you will not receive any ads from third-party providers;
2. by setting your browser to block cookies from the domain "www.googleadservices.com", www.google.de/settings/ads, whereby this setting is deleted when you delete your cookies;
3. by deactivating the interest-based ads of the providers that are part of the "About Ads" self-regulation campaign via the link www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies;
4. by permanently deactivating them in your Firefox, Internet Explorer or Google Chrome browsers via the link www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all the functions of this website to their full extent.
The provider also processes data in the USA. The USA is generally an unsafe third country. However, the provider is an active participant in the EU-US Data Privacy Framework, which sets out rules for secure data transfer to the USA. In addition, the provider uses standard contractual clauses within the meaning of Art. 46 para. 2, 3 GDPR, which are intended to ensure that data processing is aligned with European standards. The EU Commission has assessed these clauses as appropriate safeguards for the transfer of personal data to the USA in an implementing decision.
Further information on data protection at Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, can be found here: www.google.com/intl/de/policies/privacy and ser-vices.google.com/sitestats/en.html.

d. Google Analytics
This website uses Google Analytics, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The purpose of our use of the tool is to enable us to analyze your user interactions on websites and in apps and to use the statistics and reports obtained to improve our offer and make it more interesting for you as a user.
We primarily record the interactions between you as a user of the website and our website using cookies, device/browser data, IP addresses and website or app activities. In Google Analytics, your IP addresses are also recorded to ensure the security of the service and to provide us as the website operator with information about the country, region or location from which the respective user originates (so-called "IP location determination"). For your protection, however, we naturally use the anonymization function ("IP masking"), i.e. Google truncates the IP addresses by the last octet within the EU/EEA.
The legal basis for the collection and further processing of the information (which takes place for a maximum of 14 months) is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR, § 25 para. 1 TDDDG). You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. In apps, you can reset the advertising ID under the Android or iOS settings. The easiest way to revoke your consent is via our Consent Manager or by installing the Google browser add-on, which can be accessed via the following link: tools.google.com/dlpage/gaoptout?hl=en/.
Google acts as a processor and we have concluded a corresponding contract with Google. The information generated by the cookie and the (usually shortened) IP addresses about your use of this website are usually transferred to a Google server in the USA and processed there.
In principle, the USA is an unsafe third country within the meaning of Art. 44 GDPR. However, with the EU-US Privacy Framework, there is an adequacy decision of the European Commission within the meaning of Art. 45 GDPR, according to which an adequate level of protection has been established. The provider has submitted to self-certification as an active member.
You can find more information on the scope of services provided by Google Analytics at marke-tingplatform.google.com/about/analytics/terms/en/. Google provides information on data processing when using Google Analytics at the following link: sup-port.google.com/analytics/answer/6004245?hl=en/. General information on data processing, which according to Google should also apply to Google Analytics, can be found in Google's privacy policy at www.google.de/intl/de/policies/privacy/.

e. Google reCAPTCHA
We use the reCAPTCHA service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, to protect your requests via the Internet form. The confirmation is used to distinguish whether the input is made by a human or abusively by automated, machine processing (e.g. bots). The following data is transmitted to the provider to execute this request
1. IP address of the website visitor,
2. date,
3. a complete screenshot of the browser window,
4. referrer URL (the address of the page from which the visitor came),
5. browser plugins,
6. information about the operating system (Windows, Linux, iOS),
7. cookies, such as other Google cookies from the last 6 months, as well as NID cookies, which are suitable for creating user profiles
8. and settings of the user device (e.g. language settings, location, browser, etc.).
Your IP address will be shortened by the provider within the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a server of the provider in the USA and shortened there.
The provider is an active participant in the EU-US Data Privacy Framework, which defines rules for secure data transfer to the USA. In addition, the provider uses standard contractual clauses within the meaning of Art. 46 II, III GDPR, which are intended to ensure that data processing is aligned with European standards. The EU Commission has assessed these clauses as appropriate safeguards for the transfer of personal data to the USA in an implementing decision.
The IP address transmitted by your browser as part of reCaptcha is not merged with other data from the provider. The provider's deviating data protection provisions apply to this data. Further information on the provider's privacy policy can be found at:policies.google.com/privacy.
The legal basis for this processing is our legitimate interest in protecting our website from bot attacks and spam through automated, automated requests within the meaning of Art. 6 para. 1 lit. f. GDPR.

f. Google Marketing Platform
On this website, we use the Google Marketing Platform service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. The purpose of the processing is to improve advertising campaigns by placing user-relevant ads and avoiding duplicate ads. Here, the provider can use a cookie ID to record which ads are displayed in which browser in order to prevent them from being displayed more than once. In addition, the provider uses a cookie ID to record when a user sees an ad and later visits the advertiser's website with the same browser and, for example, completes a purchase. No personal data is processed beyond the individual cookie ID and browser data such as access times.
The legal basis for the processing is your freely revocable consent pursuant to Art. 6 para. 1 lit. a GDPR, § 25 TDDDG.
Due to the tools used, your browser automatically establishes a direct connection with the Google server. We ourselves do not independently collect personal data in the aforementioned advertising measures, but only provide Google with the opportunity to collect the data. We only receive statistical evaluations from Google, which provide information on which advertisements were clicked on how often and at what prices. We do not receive any further data from the use of the advertising material; in particular, we cannot identify users on the basis of this information. The provider also processes data in the USA. The USA is generally an unsafe third country. However, the provider is an active participant in the EU-US Data Privacy Framework, which sets out rules for secure data transfer to the USA. In addition, the provider uses standard contractual clauses within the meaning of Art. 46 para. 2, 3 GDPR, which are intended to ensure that data processing is aligned with European standards. The EU Commission has assessed these clauses as appropriate safeguards for the transfer of personal data to the USA in an implementing decision.

g. Microsoft Advertising
We use the online advertising service Microsoft Ads from the provider Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA, which enables us to deliver, monitor and optimize advertisements on Microsoft websites such as Bing, MSN or Outlook.com. The service collects device and usage data (device type, IP address, browser type and version, pages visited and search queries), location data, demographic data (age, gender), interest-based data (ads clicked on and search queries). The provider sets a cookie (conversion tracking tag) for this purpose. Microsoft uses the data to deliver and optimize personalized ads and may also combine the data with data from other services.
The legal basis is your freely revocable consent pursuant to Art. 6 para. 1 lit. a GDPR. The provider acts as a processor and we have concluded a DPA with the provider.
The provider also processes data in the USA. The USA is generally an unsafe third country. However, the provider is an active participant in the EU-US Data Privacy Framework, which sets out rules for secure data transfer to the USA. The data transfer is therefore permitted.
Further information on the provider's privacy policy can be found at:www.microsoft.com/de-de/privacy/privacystatement.

h. Facebook Pixel
We use the visitor action pixel of the provider Meta Platforms Ireland Limited, Merri-on Road, Dublin 4, D04 X2K5, Ireland to measure the conversion of visitors to our website. Through conversion measurement, the behavior of the site visitor can be tracked after they have been redirected to our website by clicking on a Facebook ad. In this way, the efficiency of advertising measures using Facebook can be determined for statistical purposes and for market research, which is beneficial for optimizing future advertising measures.
We do not have access to the data collected in this way, so we cannot draw any conclusions about the identity of the individual visitor. The provider processes this data and can also establish a connection to any user profile you may have with the provider. The provider therefore also uses this data for its own advertising purposes. We have no influence on this.
The legal basis for the use of the Facebook pixel is our legitimate interest in effective advertising measures using social media within the meaning of Art. 6 para. 1 lit. f GDPR. Insofar as we request your consent, the legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with. § 25 I TDDDG. Your consent is freely revocable. The provider also processes your data in the USA. The provider is an active participant in the EU-US Data Privacy Framework, which sets out rules for secure data transfer to the USA. In addition, the provider uses standard contractual clauses within the meaning of Art. 46 para. 2, 3 GDPR, which are intended to ensure that data processing is aligned with European standards. The EU Commission has assessed these clauses as appropriate safeguards for the transfer of personal data to the USA in an implementing decision. Further information from the provider can be found at:de-de.facebook.com/privacy/policy/.

i. TikTok Pixel
We use the visitor action pixel TikTok Ads from the provider TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.
The pixel collects data about the use of the website and the logging of clicks on individual elements when our website is accessed. The purpose of the processing is the investigation of user behavior, analysis of the effect of online marketing measures and the selection of online advertising on other platforms, which are automatically selected by means of real-time bidding based on user behavior.
The legal basis for the processing is your freely revocable consent in accordance with Art. 6 para. 1 lit. a GDPR. Data is transferred to the independent controller TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. The legal basis for the transfer of data to TikTok Technology Limited is your freely revocable consent pursuant to Art. 6 para. 1 lit. a GDPR. This may also involve the transfer of personal data to a country outside the European Union. The data is transferred on the basis of your consent in accordance with Art. 6 para. 1 lit. a in conjunction with Art. 49 para. 1 lit. a GDPR. Further information on the provider's data protection can be found at:www.tiktok.com/legal/privacy-policy-eea.

j. Hotjar
We use the analysis service Hotjar of the provider Hotjar Ltd, Dragonara Business Cent-re, 5th Floor, Dragonara Road, Paceville St Julian's STJ 314, Malta, to better understand the needs of our users and to optimize our service. Hotjar is a technology service that helps us to statistically evaluate user behavior and thus enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on the behavior of our users and their devices. The service then provides us with a visual representation of where users move around our website. The service collects personal data: anonymized IP address of a device, device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information in a pseudonymized user profile on our behalf for a maximum of 365 days. The provider acts as a commissioned data processor and we have concluded a DPA with the provider. The legal basis is your freely revocable consent pursuant to Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG. Further information on the provider's data protection can be found atwww.hotjar.com/legal/policies/privacy/.

k. FAST Tracking
We use the FAST Tracking service of the provider Smarketer GmbH, Salz-ufer 8, 10587 Berlin, Germany, to allocate the success of our digital web ads and for customer loyalty and new customer acquisition. For this purpose, an individual ID is created for each website visitor, which is transmitted to the provider. No other personal data is processed. This data is automatically deleted after 90 days. The legal basis is our legitimate interest in the correct allocation of the success of a web medium and the corresponding billing in accordance with Art. 6 para. 1 lit. f GDPR.

l. Reviews with ProvenExpert
We use the rating platform ProvenExpert of the provider Expert Systems AG, Qued-linburger Straße 1, 10589 Berlin. We have integrated the provider's rating seals on our website.
Customers can use the provider's rating system to rate our services online. The rating seal enables us to display customer ratings that have been submitted to us on the provider's platform as a seal on our website. When you visit our website, a connection is established with the provider so that they can determine that you have visited our website. The provider collects your IP address and your language settings as personal data so that the seal can be displayed in the selected language.
The legal basis for the processing of the above-mentioned personal data is your consent in accordance with Art. 6 para. 1 lit. a GDPR, which you can give and revoke via the cookie consent tool. Your consent is freely revocable.
Further information on the provider's data protection can be found at:www.provenexpert.com/de-de/datenschutzbestimmungen/.
The provider acts as a commissioned data processor and we have concluded a corresponding DPA with the provider.

m. Adobe Typekit
We use "AdobeTypekit", which is provided by the provider Adobe Systems Software Ireland Ltd, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland, for the uniform display of fonts. When you visit our website, fonts are stored in your browser cache for display. For this purpose, your browser connects to the provider's servers. The provider obtains your IP address and can track that our website has been visited via it. We use AdobeTypekit due to our legitimate interest in a uniform and appealing presentation of our websites, see Art. 6 I lit. f GDPR.
In principle, the USA is an unsafe third country within the meaning of Art. 44 GDPR. However, with the EU-US Privacy Framework, there is an adequacy decision of the European Commission within the meaning of Art. 45 GDPR, according to which an adequate level of protection has been established. The provider has submitted to self-certification as an active member.
Further information on the purpose and scope of data collection and its processing by the provider can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy:www.adobe.com/privacy.html.
If your browser does not support AdobeTypekit, standard fonts will be displayed.

n. Google Fonts
We use the fonts "Google Fonts" from the provider Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. The provider's fonts are loaded from the provider's server into your browser cache when you access our website. The provider stores your IP address in the process. The purpose is to visually improve the presentation of our text elements. The legal basis is our legitimate interest in a visually appealing presentation of our website in accordance with Art. 6 para. 1 lit. f GDPR. The provider stores your IP address for a period of one year from the time it is accessed.
In principle, the USA is an unsafe third country within the meaning of Art. 44 GDPR. However, with the EU-US Privacy Framework, there is an adequacy decision of the European Commission within the meaning of Art. 45 GDPR, according to which an adequate level of protection has been established. The provider has submitted to self-certification as an active member.
Further information from the provider can be found at:policies.google.com/privacy/frameworks.

o. Google Maps
We use the Google Maps service on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. You can also have yourlocation determined atfitbox.de/en/studios/studio-finden. The legal basis for the use of the maps is Art. 6 para. 1 sentence 1 lit. a GDPR, § 25 para. 1 TDDDG, i.e. the integration only takes place with your consent.
By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the above-mentioned basic data such as IP address and time stamp are transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
When determining the location atfitbox.de/en/studios/studio-finden, geolocation data from your device isalso transmitted to the provider.
The information collected is stored on Google servers, including in the USA. The provider is an active participant in the EU-US Data Privacy Framework, which sets rules for secure data transfer to the USA. In addition, the provider uses standard contractual clauses within the meaning of Art. 46 para. 2, 3 GDPR, which are intended to ensure that data processing is aligned with European standards. The EU Commission has assessed these clauses as appropriate safeguards for the transfer of personal data to the USA in an implementing decision. Further information from the provider can be found at:policies.google.com/privacy/frameworks.
Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: www.google.de/intl/de/policies/privacy.

p. YouTube videos
We have integrated YouTube videos into our online offering, which are stored on YouTube.com and can be played directly from our website. These are all integrated in "extended data protection mode", i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transmitted. We have no influence on this data transfer. The legal basis for the display of the videos is Art. 6 para. 1 sentence 1 lit. a GDPR, § 25 para. 1 TDDDG, i.e. the integration only takes place with your consent.
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the above-mentioned basic data such as IP address and timestamp are transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
Google also processes your personal data in the USA. The provider is an active participant in the EU-US Data Privacy Framework, which sets out rules for secure data transfer to the USA. In addition, the provider uses standard contractual clauses within the meaning of Art. 46 para. 2, 3 GDPR, which are intended to ensure that data processing is aligned with European standards. The EU Commission has assessed these clauses as appropriate safeguards for the transfer of personal data to the USA in an implementing decision.
Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy.

4 Our presence on social networks
We have various presences on social media platforms. We operate these presences with the following providers
- Facebook & Instagram (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, represented by Richard Kelly;www.facebook.com/privacy/policy/); Our presences: www.facebook.com/fitbox/(Facebook); www.instagram.com/fitbox_ems/(Instagram)
- YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, represented by Elizabeth M. Cunningham, David M. Sneddon, Vanessa Hartley, Colin Goul-ding, Amanda Storey;policies.google.com/privacy; Our presence:www.youtube.com/@fitboxDe
- LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, represented by Keith Ranger Dolliver, Benjamin Orndorff, James O'Connor, Henry Chi-Ning Fong, Mark Legasp;www.linkedin.com/legal/privacy-policy); Our presence:www.linkedin.com/company/fitbox-gmbh/
- Xing (New Work SE, Am Strandkai 1, 20457 Hamburg, Germany/ New Work Networ-king Spain SL, Consell de Cent, 334-336, 1º 1ª, 08009 Barcelona, Spain/ New Work XING AG, Pfingstweidstrasse 106e, 8005 Zurich, Switzerland, Executive Board: Petra von Strombeck (Chairwoman), Ingo Chu, Frank Hassler Chairman of the Supervisory Board: Martin Weiss;privacy.xing.com/de/datenschutzerklaerung); Our website:www.xing.com/pages/fitboxgmbh
We use the technical platform and services of the providers for these information services. We would like to point out that you use our presence on social media platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). When you visit our websites, the providers of the social media platforms collect, among other things, your IP address and other information that is stored on your device in the form of cookies. This information is used to provide us, as the operator of the accounts, with statistical information about the interaction with us.
The data collected about you in this context is processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. The providers Meta, Google and LinkedIn are active participants in the EU-US Data Privacy Framework, for which the European Commission has determined an adequate level of protection within the meaning of Art. 45 GDPR.
We do not know how the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored and whether data is passed on to third parties. Data processing may differ depending on whether you are registered and logged in to the social network or whether you visit the site as a non-registered and/or non-logged-in user. When you access a post or the account, the IP address assigned to your end device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your device can be used to track how you have moved around the network. Buttons integrated into websites enable the platforms to record your visits to these websites and assign them to your profile. This data can be used to tailor content or advertising to you. If you wish to avoid this, you should log out or deactivate the "stay logged in" function, delete the cookies on your device and restart your browser.
As the provider of the information service, we also only process the data from your use of our service that you provide to us and that requires interaction. For example, if you ask a question that we can only answer by email, we will store your information in accordance with the general principles of our data processing, which we describe in this privacy policy. The legal basis is our legitimate interest in the advertising and presentation of our company in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
To exercise your rights as a data subject, you can contact us or the provider of the social media platform. If one party is not responsible for responding or must receive the information from the other party, we or the provider will then forward your request to the respective partner. Please contact the operator of the social media platform directly if you have any questions about profiling and the processing of your data when using the website. If you have any questions about the processing of your interaction with us on our website, please write to the contact details provided by us above.
What information the social media platform receives and how it is used is described by the providers in their privacy policies (see link in the table above). There you will also find information about contact options and the settings options for advertisements. Further information on social networks and how you can protect your data can also be found at www.youngdata.de.

5. online application
You have the option of applying tous by e-mail to one of the e-mail addresses listed above or by using the contact form atfitbox.de/en/jobs. In doing so, we collect your e-mail address and all other personal data provided by you, such as first name, surname, e-mail address, telephone number, date of birth, address, weekly working hours, photo, CV, cover letter or references. The purpose of the processing is to process your application and subsequently contact you.
The legal basis for processing is pre-contractual measures relating to your application in accordance with Section 26 (1) BDSG in conjunction with Art. 6 (1) lit. Art. 6 para. 1 lit. b, Art. 88 GDPR.
If an employment relationship is not concluded, we process the applicant data to protect our legitimate interest in a defense against legal claims and to secure evidence within the meaning of Art. 6 para. 1 lit. f. GDPR.
We delete your applicant data at the latest at the end of the third year after completion of the application process, subject to statutory retention obligations or processing rights that go beyond this.

6 Newsletter
You can subscribe to our newsletter, with which we inform you about our current interesting offers, by giving your consent. The advertised goods and services are named in the declaration of consent. Registration is available to persons over the age of 16.
We use the so-called double opt-in procedure to register for our newsletter.
This means that after you have registered, we will send you an email to the email address provided, in which we ask you to confirm that you are the owner of the email address provided and that you wish to receive the notifications. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to be able to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail, by e-mail to info(at)fitbox.de or by sending a message to the contact details given in the imprint.

a. Services
We use various services to send our newsletter:

1. Hubspot Dienstanbieter: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA Internetseite: https://www.hubspot.de Datenschutzerklärung: https://legal.hubspot.com/de/privacy-policy
2. Klaviyo of the provider Klaviyo, Inc, 125 Summer Street Ste 600, Boston, MA 02110, USA;
3. ActiveCampaign of the provider ActiveCampaign, LLC, 150 N. Michigan Ave Suite 1230, Chicago, IL, US, USA;
4. CleverReach of the provider CleverReach GmbH & Co KG, Mühlenstr. 43, 26180 Raste-de.
Through these services, we can contact newsletter subscribers and optimize your user behavior to improve our offer.
The providers receive the following personal data from us for this purpose: E-mail address and, if provided, also name and telephone number. The providers act as processors for sending the newsletter. We have concluded a corresponding contract data agreement with the providers.
The provider also collects information about your end device, the browser used, date and time as well as browser activities. This processing is carried out on the basis of the provider's legitimate interest in the security and reliability of the systems and compliance with the terms of use in accordance with Art. 6 para. 1 lit. f GDPR.
Subject to statutory documentation or retention obligations, the data will be deleted if consent for the newsletter mailing is withdrawn. The data will also be deleted when the contract between us and the provider is terminated.
The providers ActivCampaign and Klaviyo also process your data on servers in the USA. In principle, the USA is an unsafe third country within the meaning of Art. 44 GDPR. However, with the EU-US Privacy Framework, there is an adequacy decision of the European Commission within the meaning of Art. 45 GDPR, according to which an adequate level of protection has been established. The providers have submitted to self-certification as an active member.

7. arrange a trial training session
You have the option ofbooking an appointment for a trial training session using the contact form atfitbox.de/en/membership/trial-training. The personal data requested there (studio, surname, first name, e-mail address, telephone number, your training goal and your appointment request) will not be stored by us. The operator of the selected location is responsible within the meaning of Art. 4 No. 7 GDPR. The operator will then contact you to arrange an appointment with a confirmation email.
The operator deletes the data collected in this context, if the request is assigned to a contract, after the contract period, otherwise after the storage is no longer required, or restricts the processing if there are statutory retention obligations. The legal basis is the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR.

8. price inquiry
You have the option of using the contact form atfitbox.de/en/membership/cost-prices to make aninquiry about the costs of a training contract depending on the selected studio location. The personal data requested there (studio, surname, first name, e-mail address, telephone number, your training goal and your appointment request) will not be stored by us. The operator of the selected location is responsible within the meaning of Art. 4 No. 7 GDPR. The respective operator will then contact you by email to send you the price information.
The operator deletes the data collected in this context, if the request is assigned to a contract, after the contract period, otherwise after the storage is no longer required, or restricts the processing if there are legal obligations to retain data. The legal basis is the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR.

9. franchise suitability test
You have the option of carrying out afranchise suitability test using the contact form atfitbox-franchise.com/en/machen/passt-fitbox-zu-mir. We collect the following personal data for this purpose: Details of motivation and attitudes in relation to entrepreneurial self-employment, first name, surname, e-mail address, telephone number. We will then contact you by e-mail to send you further information about our offer and to arrange an appointment.
We delete the data collected in this context, if the request is assigned to a contract, after the contract period, otherwise after the storage is no longer necessary, or restrict the processing if there are legal storage obligations. The legal basis is the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR.

10. calculate

We use Calculate to create digital health & nutrition concepts within our fitbox member app. The provider is Calculate UG (haftungsbeschränkt), Spreestr. 18a, 22547 Hamburg. When you create a nutrition or health plan via the app, Calculate collects data such as your name and e-mail address and stores personal data (date of birth, height and weight) or health data (dietary preferences, health restrictions, sporting activity, illnesses, other complaints), which are necessary for the provision of the service. Further information can be found in Calculate's privacy policy:www.cal-culate.com/datenschutz/

This privacy policy was last updated on March 18, 2025. Due to changes in legal or official requirements, it may become necessary to adapt this privacy policy.