To improve our web service and make your experience as comfortable as possible, we use cookies, tracking pixels, or similar technologies. Cookies are small text files saved on your computer when you visit our website. They help us recognize your browser as yours. Cookies save information such as your language settings or the duration of your visit to our website. They save data entries you make on the website, like when you log in, so you don’t need to enter your data each time you use our services. Cookies help us to recognize your preferences and adjust our website to your areas of interest.

Every time our website loads, we record how often it is visited and clicked on by using tags on our website called tracking pixels. These tracking pixels do not interfere with your computer.

We use cookies and tracking pixels for different purposes, which also means they have different legal bases. Please review the cookie paragraph in our privacy policy below to understand how we use different types of cookies to fulfill different purposes and how long we store the collected information.

In the following section you can prevent the saving of performance cookies and advertising cookies, or change your settings for the future at any time.

Freeletics GmbH

2026-02-04

The protection of your personal data is of particular concern to us at Freeletics. Therefore, we comply with the legal requirements when we collect and process your personal data. Below you will find extensive information about the scope and purpose of collecting data.

Principle of data use

In principle, our website can be used without providing personal data. The use of individual services and offers (Freeletics Training, Freeletics Running, Freeletics Gym and Freeletics Nutrition [in short ‘Freeletics Apps’]) on our website and in our apps can entail divergent regulations which in this case are explained separately below. The legal basis for data protection can be found in the General Data Protection Regulation (GDPR).

When you access our website or Apps, some information, such as IP address, is transferred. You are also providing information about the end device used (computer, smartphone, tablet etc.), the browser used (Internet Explorer, Safari, Firefox etc.), time of visit to the website, the so-called referrer and volume of data transferred.

We cannot use this data to identify an individual user. We only use this information to determine how attractive our offers are and to improve their performance or content, if necessary, and make their design even more appealing to you.

Please bear in mind, however, that in the case of a static IP address, personal identification is possible by RIPE query in individual cases, although we do not perform this. Nevertheless, this website is accessible for both static and dynamic IP addresses assigned.

Collection and processing of personal data

We only collect personal data if you provide it to us, for example when you contact us, in particular by registering a Freeletics account, placing an order, requesting information or publishing personal data in our Freeletics Apps in your profile or in the feed. We use the personal data you provide only to the extent that your data is necessary for rendering or processing our services.

To protect your data from unauthorized or unlawful access, alteration or disclosure, we use encryption for transferring and storing any kind of data.

We store your data for as long as is necessary to achieve the intended purpose or until you delete your account or for as long as legal retention periods require data to be stored. Your data is subsequently deleted in accordance with legal requirements or processing is restricted.

In the case of use purely for information, i.e. if you do not register or send us information another way, we only collect personal data which your browser transfers to our servers. If you want to view our website, we collect the following data, which we require for technical purposes in order to show you our content and guarantee stability and security (legal basis is a legitimate interest pursuant to Article 6 (1) (f) GDPR).

In the context of the balance of interests in accordance with Article 6 (1) (f) GDPR, we have considered and weighed our interest in website and app provisioning and your interest in data protection compliant processing of your personal data. As the data below is technically required for the provision of our service in order to offer you our services and also guarantee stability and security, in particular protection against misuse, we have reached the conclusion that, with a state-of-the-art oriented data security guarantee, this data can be processed whereby appropriate consideration will be given to your interest in data protection compliant processing.

Data	Purpose of processing	Storage period
Operating system used	Ensure evaluation by device and optimized display of the website or app	Up to 30 days after deletion of the customer account
Information about the browser type and version used	Evaluation of the browser used to optimize our websites for it	Up to 30 days after deletion of the customer account
IP address	Presentation of the website on the respective device Investigation and prevention of fraud Proof of user’s consent to receiving the newsletter	Up to 30 days after deletion of the customer account
Date and time of visit	Presentation of the website on the respective device Investigation and prevention of fraud Proof of user’s consent to receiving the newsletter	Up to 30 days after deletion of customer account
If applicable, manufacturer, model and version of the smartphone, tablet or other device as well as the app type and version	Evaluation of device manufacturers and types of mobile end devices for statistical purposes	Up to 30 days after deletion of customer account
Session ID	Identification of installation	Up to 30 days after deletion of customer account

The collection of data for website provision and the storage of data in log files is imperative for website and operation. Consequently, users may not object to this.

Registering a Freeletics Account

Using our login system, you can create a Freeletics account for yourself that you can use to log in to all of our services (Freeletics Training, Freeletics Running, Freeletics Gym, Freeletics Nutrition, and Freeletics Essentials). In the process, we use cookies – small files – on your browser in order to identify you. All data that you enter into your account is stored within a database of Freeletics GmbH with the provider named below. Some of our services are only accessible if you have set up your Freeletics account. This includes Freeletics Training, Freeletics Running, Freeletics Gym, and Freeletics Nutrition. We will request the following data when registering (some of it is required). In addition, you must take note of our Data Protection Statement, as well as accept our General Terms and Conditions of Business and Withdrawal Policy.

After entering your data, you will receive a registration link sent to the email address you entered. The registration link is valid for 7 days. Only after you have confirmed your registration via this link, your Freeletics account will be created and you can access our services. If you do not confirm your registration, your personal data will be deleted immediately after the link has expired. If you still want to register with Freeletics after the 7 days, we kindly ask you to register again.

Data	Purpose of processing	Legal basis of processing	Storage period
First name	Direct address & presentation	Performing the contractual relationship	Up to 30 days after deletion of the customer account
Last name	Direct address & presentation	Performing the contractual relationship	Up to 30 days after deletion of the customer account
Email address	Customer account identification	Performing the contractual relationship	Up to 30 days after deletion of the customer account
Password	Customer account identification	Performing the contractual relationship	Up to 30 days after deletion of the customer account
IP address at login	Data transfer at registration to web server	Performing the contractual relationship	Indefinite
Gender	Suitable user experience	Performing the contractual relationship	Indefinite
Coach personalization (date of birth, height and weight, fitness goals, fitness level, and modalities)	Suitable user experience	Performing the contractual relationship	Up to 30 days after deletion of the customer account

Name of provider	Provider type	Data transfer to third party country	Third party country	Guarantees in acc. with Art. 44 ff GDPR
Amazon Web Services	Order processor	Yes	USA	EU standard contractual clauses

Registering Google

We also offer you the opportunity to create your Freeletics account using your Google account, or to link your Freeletics account to your Google account. You can register or log in to Freeletics using your Google account if you simply use Google instead of the other options while registering your Freeletics account. You will then be forwarded to Google (where you must be logged in or require an account) and receive an explanation of which of your data we need from Google, namely your public profile information such as first and last name, gender, and the email address you are using there. This information is required for identification purposes in order to create a secure Freeletics account for you. Your Google account and your Freeletics account will be permanently linked using your email address. We store your email information in-house and will send you information using this address as needed. We can also tell that you have logged in using Google. As soon as you log in to Google, you can log in to Freeletics. We will not submit any information on you to Google without your consent.

Important: We do not record your Google login data in any way, and cannot post anything to your Google profile without your having expressly consented to this.

You can learn how Google handles privacy settings using Google's privacy policy and terms of use; these also include the applicable conditions for the previously specified option of logging in and registering to Freeletics.

Data	Purpose of processing	Legal basis of processing	Storage period	Platform
First name	Direct address & presentation	Performing the contractual relationship	Up to 30 days after deletion of the customer account	Google
Last name	Direct address & presentation	Performing the contractual relationship	Up to 30 days after deletion of the customer account	Google
Email address	Customer account identification	Performing the contractual relationship	Up to 30 days after deletion of the customer account	Google
Password	Customer account identification	Performing the contractual relationship	Up to 30 days after deletion of the customer account	Google
IP address at login	Data transfer at registration to web server	Performing the contractual relationship	Indefinite	Google

Registration with Apple

You can also register and log in using the “Apple Login” function from your Apple account. When you log in with your Apple ID for the first time, the app will prompt you to enter your name and your email address so that an account can be set up for you. We store your email information in-house and will send you information using this address as needed. You will not be tracked by Apple and a profile of you will not be created while you are using the “Register with Apple ID” function. Apple only collects information required for you to log in and manage your account.

You will stay logged into our app automatically as long as you stay logged in on your device. Here you can find more information on the Apple login.

Use of Decathlon Single Sign-On (SSO)

As part of our partnership with Decathlon S.A., we also offer you the opportunity to create your Freeletics account using your existing Decathlon account credentials (Single Sign-On or “SSO”), or link your Freeletics account to your Decathlon account.

This functionality is intended to enhance the user experience by simplifying account access and management.

If you choose to register or log in via Decathlon SSO, we will receive certain personal data from Decathlon to facilitate your authentication. The specific data transferred may include Name, E-Mail Address, Decathlon User ID. This information is required for identification purposes in order to create a secure Freeletics account for you or to associate it with your existing Freeletics profile. Your Decathlon account and your Freeletics account will be permanently linked using your email address. We store email information in-house and will send you information using this address as needed. We can also determine that you have logged in using your Decathlon account.

You can disconnect your Decathlon account at any time in your Freeletics account settings. Freeletics does not transmit your personal data back to Decathlon beyond what is necessary for authentication during the login process.

For further information about how Decathlon handles your personal data, please refer to Decathlon’s privacy policy.

Data collection, processing and use in the context of Freeletics Service

Community Profile

You need a Freeletics account in order to use our Freeletics Apps. The data collected for this purpose has already been explained above. To provide you with the best Freeletics experience possible, our approach is partly based on publishing specific information relating to our users within the Freeletics community, i.e. even your information. We are going to introduce our program to you in more detail below so that you can decide for yourself whether and which data you want to publish. This introduction includes the following data in particular which is visible to other users:

• public profile (photo, first name, surname, training location, motivation, Freeletics level)
• fitness (progress, desired objective, skills)
• training information (duration and type of training unit, total number of training sessions, notes, photo)
• social media profile (Facebook, Twitter, Instagram)
• food intake (meal type, notes, photo)
• followed by/follows (persons who follow the user, persons followed by the user)

You become visible in Freeletics Apps with the data in your public profile. This information helps other users to find you in Freeletics Apps. At the same time, other users can see your name and surname (if provided), your training location, your motivation and your profile photo and they can recognize you using this information if necessary. You have already agreed under our General Terms and Conditions of Business that upon beginning your Freeletics journey and provided that you make no changes to your privacy settings, all Freeletics users will be able to view your profile, your training data, your posts, etc., without special consent. This is designed to make it easier to follow you and/or support you during your journey with comments and motivation. If you do not want this anymore, you can set your privacy settings to ‘private’ at any time, which only allows select athletes to access the information referred to above.

Freeletics Apps save all your successfully completed training units or the meals you have consumed (Freeletics Nutrition only) as well as related information such as self-uploaded photos or notes. Other users can see this data and can consider them as incentive for themselves, leave comments or decide whether they want to follow you.

Moreover, our Freeletics Apps also provide users with the option to be followed (‘followed by’) to support or encourage them in their training experiences, or to compete with one another. For this purpose, users can be searched for by the name registered in the public profile. You will be notified about new followers in the mobile app and by push notification where applicable.

Consequently, some of your information is available to other users in Freeletics Apps. Our aim is that nobody is left alone with their training. Instead, users’ performance is appreciated and can become an incentive for new members.

If you do not want to make it possible to link your performance to yourself, you are free to refrain from providing any personal data on your profile or training sessions and linking your account to Facebook. Moreover, you should not save any training photos or enter any notes in this case. For this reason, we have ensured that each user can change their personal information, which can be viewed by other users, and each user is free to use their own name or a fictitious name in their Freeletics Apps.

Data	Purpose of processing	Storage period	Legal basis of processing
Profile	Presentation and interaction in the community	Up to 30 days after deletion of the customer account	performing contractual relationship
Fitness	Presentation and interaction in the community	Up to 30 days after deletion of the customer account	performing contractual relationship
Training information	Presentation and interaction in the community	Up to 30 days after deletion of the customer account	performing contractual relationship
Nutrition	Presentation and interaction in the community	Up to 30 days after deletion of the customer account	performing contractual relationship
Social media profile	Presentation and interaction in the community	Up to 30 days after deletion of the customer account	performing contractual relationship

Name of provider	Provider type	Data transfer to third party country	Third party country	Guarantees in acc. with Art. 44 ff GDPR
Amazon Web Services	Order processor	Yes	USA	EU standard contractual clauses

Community forum

We also give you the opportunity to ask questions to Freeletics on our community forum. These questions can either be answered by our community management team or by other Freeletics users. To be able to ask questions and post comments on the community forum, you have to log in with your Freeletics login data. Your name as well as your questions and comments will then be publicly visible to all users of the community forum. 

Your questions and comments will be displayed in the forum until you delete your Freeletics account or your forum account. Your personal data will then become pseudomized.

Name of provider	Provider type	Data transfer to third party country	Third party country	Guarantees in acc. with Art. 44 ff GDPR
Civilized Discourse Construction Kit, Inc. 8 The Green, Suite # 8383 Dover DE 19901, USA	Order processor	Yes	USA	EU standard contractual clauses

Data	Purpose of processing	Legal basis of processing	Storage period
Freeletics login	Login with the user account	Consent	Until the end of connection
Name and comments	Use of the community forum	Consent	Until 30 days after deletion of the Freeletics account and/or forum account

Freeletics Coach

Personalized training and nutrition plans

When using the Freeletics app, the Freeletics Coach will continuously send you customized training and nutrition plans based on your personal information, training or nutritional preferences, as well as the units you have completed successfully. Here we use a complex algorithm to analyze, among other things, your workout performance and compare this with the workout performance of other users similar to you, in order to offer you perfectly customized training units.

Data	Purpose of processing	Legal basis of processing	Storage period
Training services	Adjustment of the training plan	Performing the contractual relationship	Up to 30 days after account deletion or deletion of information by the customer
Weight	Adjustment of the training plan	Performing the contractual relationship	Up to 30 days after account deletion or deletion of information by the customer
Height	Adjustment of the training plan	Performing the contractual relationship	Up to 30 days after account deletion or deletion of information by the customer
Birthday	Adjustment of the training plan	Performing the contractual relationship	Up to 30 days after account deletion or deletion of information by the customer
Training preferences	Adjustment of the training plan	Performing the contractual relationship	Up to 30 days after account deletion or deletion of information by the customer
Nutrition preferences	Adjustment of the nutrition plan	Performing the contractual relationship	Up to 30 days after account deletion or deletion of information by the customer
Nutrition	Adjustment of the nutrition plan	Performing the contractual relationship	Up to 30 days after account deletion or deletion of information by the customer

Name of provider	Provider type	Data transfer to third party country	Third party country	Guarantees in acc. with Art. 44 ff GDPR
Amazon Web Services	Order processor	Yes	USA	EU standard contractual clauses

“Adapt session” and Limitations

Within the “Adapt session” section of the Freeletics Training App, you may change the proposed training by providing us with more information about how you want to train. This includes restrictions with regards to time, equipment, noise or intensity. Moreover, you can exclude certain body areas, such as “upper legs”, when defining the next Coach week. We process this entry to generate training for our users, taking the limitation into account. You are able to deselect your previous choices within the “Adapt session” section of the App.

If you have sustained a serious injury and therefore cannot do any training, you can suspend your Coach for the period of your injury. You can notify our support team about your injury on a voluntary basis. This information merely serves as the basis for the relevant deferment or suspension of your Coach and is subsequently anonymized.

Data	Purpose of processing	Legal basis of processing	Storage period
Information about adapting the training or excluding certain body parts	Adjustment of the Coach week to the settings for personalization	Performing the contractual relationship / Consent	Up to 30 days after account deletion or deletion of information by the customer

Analysis of location data

Within the framework of our Freeletics Apps, in particular Freeletics Running and Freeletics Training, it is possible to map runs. For this purpose, we need access to location data. This data allows us to calculate distances covered at the relevant time and thereby correctly determine the end for predefined distances or determine distances covered.

Data	Purpose of processing	Legal basis of processing	Storage period
Location data	Determination of position for the running track Location-based information	Consent	Up to 30 days after deletion of the customer account
Training city	Interaction in the community	Consent	Up to 30 days after deletion of the customer account

Name of provider	Provider type	Data transfer to third party country	Third party country	Guarantees in acc. with Art. 44 ff GDPR
Amazon Web Services	Order processor	Yes	USA	EU standard contractual clauses

Access rights

We require these access options and information to ensure the technical function of our app and to provide the services offered with the app, in particular to access your camera or your photos, to determine your running distances and your activity calories or to send you push notifications to inform you about new followers or comments. During the installation procedure or before you use the app for the first time, we request permission to access individual functions and information. We will only access these functions with your approval. You can revoke access rights manually in the settings for each operating system. You can find out how this works in the manufacturer instructions for your mobile OS. However, please note that you can only use the app to a limited extent or you cannot use it at all without the relevant approval.

Before you either use the app for the first time, or use a function for the first time, we ask the user for the permissions for the purpose described below:

Permission	Purpose	Legal basis of processing
Camera	Taking photos for profile/feed	Consent
Photo library	Selection of photos for profile/feed	Consent
Location tracking	Calculation of running distance, statistical analysis	Consent
Delivery of push notifications (granted by the operating system)	Receipt of push notifications	Consent
Mobile data/WLAN (granted by the operating system)	Use of Internet and downloading of new content

Contact form

You have the option of contacting us via our e-mail address or the contact form.

We will, of course, use the personal data transmitted to us only for the purpose for which you make it available by contacting us.

The legal basis is in this respect our legitimate interest in accordance with Art. 6 para. 1 sent. 1(f) of the GDPR. If the aim of your request is to conclude a contract (e.g., purchasing a subscription), the legal basis for the processing of the communicated data is also the necessity for providing (pre-) contractual services, in accordance with Art. 6 para. 1 sent. 1(b) of the GDPR.

If we request entries in our contact form that are required for establishing contact, we have marked them as compulsory (*). Any information without an asterisk is optional. We use this information to put your request into specific terms and handle your concern more effectively. Providing this information is entirely voluntary and with your consent. If the information in question refers to communication channels (for example, e-mail address or phone number), you also give consent for us to contact you via these communication channels to respond to your concern.

You can, of course, withdraw your declarations of consent at any time with future effect. If you wish to withdraw your consent, please contact the office indicated at the end of this declaration.

Name of provider	Provider type	Data transfer to third party country	Third party country	Guarantees in acc. with Art. 44 ff GDPR
Zendesk, Inc. 1019 Market St San Francisco, CA 94103 USA	Order processor	Yes	USA	EU standard contractual clauses

Initiation/Performance of the contractual relationship /Legitimate Interest

Data	Purpose of processing	Legal basis of processing	Storage period
IP address at login	Sending the form content to the web server	Initiation/Performance of the contractual relationship /Legitimate Interest	Until the end of connection
Title1	Direct approach	Consent	Until the expiration of the duty to provide proof / Until the end of the storage right to assert, exercise or defend any legal claims
First name1	Direct approach	Consent	Until the expiration of the duty to provide proof / Until the end of the storage right to assert, exercise or defend any legal claims
Last name1	Direct approach	Consent	Until the expiration of the duty to provide proof / Until the end of the storage right to assert, exercise or defend any legal claims
Topic of your request	Answering the request	Initiation/Performance of the contractual relationship /Legitimate Interest	Until the expiration of the duty to provide proof / Until the end of the storage right to assert, exercise or defend any legal claims
Subject/Description	Answering the request	Initiation/Performance of the contractual relationship /Legitimate Interest	Until the expiration of the duty to provide proof / Until the end of the storage right to assert, exercise or defend any legal claims
Email address	Answering the request	Initiation/Performance of the contractual relationship /Legitimate Interest	Until the expiration of the duty to provide proof / Until the end of the storage right to assert, exercise or defend any legal claims
Product1	Answering the request	Consent	Until the end of connection
Attachments1	Answering the request	Consent	Until the end of connection
Language	Answering the request	Consent	Until the expiration of the duty to provide proof / Until the end of the storage right to assert, exercise or defend any legal claims

¹ Optional information

Push notifications as part of the user experience

We require your consent if you wish to receive our push notifications on your mobile iOS or Android device even if the app is not open. Our app only uses push notifications if you have given your explicit consent to these. You can disable push notifications in settings at any time.

Name of provider	Provider type	Data transfer to third party country	Third party country	Guarantees in acc. with Art. 44 ff GDPR
Google Firebase	Order processor	Yes	USA	EU standard contractual clauses
Braze Inc. / WizRocket. Inc	Order processor	Yes	USA	EU standard contractual clauses

Data	Purpose of processing	Legal basis of processing	Storage period
Device token	Sending to your device	Consent	Until revocation of consent
User data that are also accessible in your public profile	Direct approach	Consent	Until revocation of consent

Push notifications for marketing purposes

We require your consent if you wish to receive our push notifications for marketing purposes on your mobile iOS or Android device even if the app is not open. Our app only uses push notifications for marketing purposes if you have given your explicit consent to these. You can disable push notifications in settings at any time.

Name of provider	Provider type	Data transfer to third party country	Third party country	Guarantees in acc. with Art. 44 ff GDPR
Google Firebase	Order processor	Yes	USA	EU standard contractual clauses
Braze Inc. / WizRocket Inc.	Order processor	Yes	USA	EU standard contractual clauses

Data	Purpose of processing	Legal basis of processing	Storage period
Device token and other device information	Transfer to your device	Consent	Until revocation of consent
User data	Direct approach	Consent	Until revocation of consent
Campaign information	Direct approach	Consent	Until revocation of consent

Newsletter

You can subscribe to our newsletter if you want to receive regular updates or information about topics and products that are referred to in the declaration of consent. We need a valid email address for you for subscription purposes. The provision of other separately highlighted data is voluntary and will be used in order to address you personally. This will only happen if you give separate consent.

To make doubly sure that you actually want to receive information from us, we use the double opt-in procedure. Once you have subscribed, you will receive a link by email which you can use to activate the newsletter service. In other words, we will send an email to the address given when you subscribed in which we ask for confirmation that you want to receive the newsletter. If you do not confirm your subscription, your data will not be saved in our email dispatch tool. In addition, we save your IP address and dates of newsletter subscription and confirmation. The purpose of this procedure is to verify your subscription and, where appropriate, shed light on any misuse of your personal data.

Naturally, you can unsubscribe from the newsletter at any time. The unsubscribe link can be found in the masthead of every email or in your profile settings.

Direct Marketing

Email addresses collected when registering for a Freeletics account (via our app or our website) are used for direct marketing of our own and similar products and services (the Freeletics Coach in particular) pursuant to section 7 (3) UWG. If you no longer wish to receive direct marketing, you can refuse to allow the use of your email address at any time. This will not incur any costs other than the transmission costs according to the basic rate. The unsubscribe link can be found in the masthead of every email or in your profile settings. The associated processing of personal data is justified in accordance with Art. 6 para. 1 lit. f GDPR. Alternatively, you can send us an email to privacy@freeletics.com.

Storage Period

Data	Purpose of Processing	Legal basis for processing
Email Address	Contact for direct marketing	Possibility of direct advertising according to the Act Against Unfair Competition (UWG) and Art. 6 paragraph 1 f) GDPR.	Until objection/cessation of the legal requirements

Newsletter and email personalization, and analysis of user behavior

Please bear in mind that when we send the newsletter and emails for the purpose of direct advertising, we analyze your user behavior, i.e. what you open and click on. Your user behavior is technically analyzed by the providers listed below. This allows us to draw conclusions regarding your user behavior, in order to improve our email approach and ensure that you only receive emails and newsletters that are of interest to you. 

Your user behavior with regard to the newsletter is tracked only with your separate consent. 

The legal basis for tracking your user behavior in emails for the purpose of direct marketing is Art. 6 paragraph 1 a) GDPR.

If you want to prevent personalization and tracking, or you do not agree to processing for the purposes indicated, you can refuse this by sending an email to privacy@freeletics.com or changing your profile settings accordingly.

Name of provider	Provider type	Data transfer to third party country	Third party country	Guarantees in acc. with Art. 44 ff GDPR
Braze Inc. 330 West 34th St,  New York, NY 10001, USA	Order processor	Yes	USA	EU standard contractual clauses
WizRocket Inc. 535 Mission Street 14th Floor, San Francisco, CA 94105 USA		Order processor	Yes	USA	EU standard contractual clauses

Registration data for (personalized) newsletters (*)	Purpose of processing	Legal basis of processing	Storage period
IP address at login	Proof of double opt-in (DOI)	Consent	Up to 30 days after deletion of the customer account
Time of registration	Proof of double opt-in (DOI)	Consent	Up to 30 days after deletion of the customer account
IP address during DOI	Proof of double opt-in (DOI)	Consent	Up to 30 days after deletion of the customer account
Time of DOI verification	Proof of double opt-in (DOI)	Consent	Up to 30 days after deletion of the customer account
Email address	Newsletter dispatch	Consent	Until revocation/objection
Gender	Direct approach	Consent	Until revocation/objection
First name	Direct approach	Consent	Until revocation/objection
Last name	Direct approach	Consent	Until revocation/objection

Date in the context of tracking	Purpose of processing	Legal basis of processing	Storage period
IP address	Establishing a connection using the e-mail evaluation tool	Consent (for the newsletter)	Until revocation/objection
Personalized link	Measurement of click behavior	Consent (for the newsletter)	Until revocation/objection
Device Information	Sending to your device	Consent (newsletter) Legitimate interest (direct marketing)	Until revocation / objection
Usage data	Direct address as well as analysis and assessment of registration behavior	Consent (newsletter) Legitimate interest (direct marketing)	Until revocation / objection
Campaign Information	Direct address as well as analysis and assessment of registration behavior	Consent (newsletter) Legitimate interest (direct marketing)	Until revocation / objection

Apple Health Kit

We use the HealthKit framework from Apple (Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA; “Apple”), which provides a central storage location for health and fitness data on the iPhone or Apple Watch and – with the express consent of the user – allows apps to communicate with the HealthKit store in order to access and share these data.

If you activate the HealthKit framework in your iPhone’s or Apple Watch settings, Freeletics is able to send, with your approval, certain information, such as the calories burned by the activity, route (walking and running), as well as your workouts (start and end of training [date], training duration, type of training, indoor or outdoor) to Apple, so that you can track and display your health and fitness activity.

Only with your explicit consent, Freeletics will also process additional training information and fitness activities from third-party providers. If you have given us your consent, we will process your heart rate and workout information (workout start and end [date], workout duration, type of workout, indoor or outdoor, cadence) obtained through the HealthKit framework.

We use your health and fitness data to provide you with personalized insights, to track and display your progress, and to help you achieve your fitness goals. Freeletics will not use the information obtained through the use of the HealthKit framework for advertising or similar services. To develop long-term fitness habits, we want to track and display your daily progress. We only store information on our servers that Apple HealthKit provides us so we can display the relevant data about your workouts to you. This data will not be shared with third parties. The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

New data attributes can be added to the HealthKit framework, which are then displayed in the product and must be approved. You can prevent Apple from accessing your data at any time, and thus prevent it from being shared, by changing your mobile device settings. You can find more information about HealthKit here: [https://developer.apple.com/documentation/healthkit] https://developer.apple.com/documentation/healthkit

Google Health Connect

We use Google Health Connect from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; “Google”), which provides a central storage location for health and fitness data on your Android phone and – with the express consent of the user – allows apps to communicate with Google Health Connect in order to access and share these data.

If you activate the Google Health Connect in your device settings, Freeletics is able to send, with your approval, certain information, such as the calories burned by the activity, route (walking and running), as well as your workouts (start and end of training [date], training duration, type of training, indoor or outdoor) to Google Health Connect, so that you can track and display your health and fitness activity.

Only with your explicit consent, Freeletics will also process additional training information and fitness activities from third-party providers. If you have given us your consent, we will process your heart rate and workout information (workout start and end [date], workout duration, type of workout, indoor or outdoor, cadence) obtained through Google Health Connect.

We use your health and fitness data to provide you with personalized insights, to track and display your progress, and to help you achieve your fitness goals. Freeletics will not use the information obtained from Google Health Connect for advertising or similar services. To develop long-term fitness habits, we want to track and display your daily progress. We only store information on our servers that Google Health Connect provides us so we can display the relevant data about your workouts to you. This data will not be shared with third parties. The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

New data attributes can be added to Google Health Connect, which are then displayed in the product and must be approved. The use of information received from Google Health Connect will adhere to the Google Health Connect Permissions policy, including the Limited Use requirements.

You can prevent Google from accessing your data at any time, and thus prevent it from being shared, by changing your mobile device settings. You can find more information about Google Health Connect here.

Strava Integration

Freeletics integrates with Strava (Strava, Inc.208 Utah Street, San Francisco, CA 94103, USA) to enhance your training experience by allowing seamless synchronization of your fitness activities between the two platforms. When you connect your Strava account with Freeletics, we will collect and utilize the following data from Strava: training information such as activity type, date, duration, distance, pace, location, and other relevant metrics that you track using Strava.

Connecting your Strava account to Freeletics is entirely optional. Freeletics will only access your Strava data or will send your Freeletics data to Strava with your explicit consent. You can revoke this permission at any time by disconnecting your Strava account from the Freeletics app in your mobile device settings.

Currently, Freeletics only reads data from Strava. However, in the future, we plan to extend our integration to include sending your Freeletics data to Strava as well. This means your activities recorded on Freeletics will be automatically uploaded to your Strava account, allowing you to maintain a unified activity log across both platforms. When this feature is implemented, you will have full control over which activities are shared with Strava. You can manage these settings through your Freeletics account settings at any time.

We use your health and fitness data to provide you with personalized insights, to track and display your daily progress, to develop long-term fitness habits, and to help you achieve your fitness goals. Freeletics will not use the information obtained through the integration of Strava for advertising or similar services. We only store information on our servers that Strava provides us so we can display the relevant data about your workouts to you. This data will not be shared with third parties. The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can find more information on Strava integration here.

Coach+

Coach+ is our virtual fitness coach that you can interact with, ready to support you on your Freeletics journey. If you choose to utilize Coach+, it's important to understand that Coach+ utilizes third-party AI technology provided by OpenAI Ireland Ltd. (OpenAI), our LLM (Large Language Model) partner. Coach+ is only trained with proprietary data and implemented by Freeletics. When we train Coach+, we only use aggregated or de-identified fitness data. Coach+ is integrated and connected to a publicly accessible interface of OpenAI. When you ask Coach+ a question, this question is forwarded to the OpenAI interface. Coach+ responses are tailored to your inquiries and relevant information gathered from your conversation and your Freeletics metrics. Coach+ utilizes your anonymized Freeletics metrics (age, gender, bodyweight, training goal) in combination with Freeletics' scientific knowledge to help you optimize your health, fitness, and performance.

We mandate our LLM partner to solely use your anonymized Freeletics metrics for the purpose of enabling Coach+ to generate responses to your queries. We have ensured that our LLM partner adheres to a "Zero-Retention/Zero Training Policy" regarding your queries and Freeletics metrics. This means that our LLM partner will not retain any of Freeletics metrics or chat conversations received through your use of Coach+, nor will they utilize any of this data for training algorithms or LLM technology.

Your chat history and your anonymized Freeletics metrics will only be shared with OpenAI. We request that you refrain from providing any personally identifying information, such as your name, during conversations with Coach+. Before you interact with Coach+, we ask you for permission to process and transfer your questions and replies. If you decide to share health related data with Coach+ during your conversation, you consent to the processing and sharing of such data. Your chat history is not saved in your conversation thread. Freeletics will retain the history of your conversations to assess and enhance the performance of Coach+.

The legal basis for the use of this service is Art. 6 para 1 letter a GDPR and for the processing of sensitive data (Health Data) Art. 9 para 2 lit. a GDPR. OpenAI Ireland Ltd. will process Customer Data provided by Customer that originates in the EEA or Switzerland. To the extent that OpenAI Ireland Ltd transfers Customer Data to other OpenAI affiliates in jurisdictions that do not provide the same level of data protection, it will do so on the basis of intra-group agreements that incorporate appropriate transfer mechanism provisions to protect Customer Data. Such mechanisms may include the Standard Contractual Clauses adopted by the EU Commission on June 4, 2021 (as may be amended, updated or replaced from time to time) (“EU SCCs”) or an adequacy decision issued by the European Commission under Article 45 GDPR.

If you would like to learn more about the embedded OpenAI model, please take a look at the OpenAI guidelines, which are publicly available at https://openai.com/policies.

You can revoke your consent and delete your Coach+ data any time in your app profile settings under “Privacy”.

Motion Tracking Feature

If you choose to purchase and use the motion-tracking feature available in our app, we will process certain data necessary to provide this functionality. This feature uses your device’s camera to evaluate your physical movements during selected exercises (e.g., squats, push-ups, planks) and provide real-time feedback on your form. To do this, the app requires access to your device’s camera. All image data is processed locally on your device and is used solely for the purpose of delivering the purchased functionality. No images or videos are stored or transmitted to Freeletics or any third party, and no biometric data as defined under Article 9 GDPR is collected or processed.

The legal basis for processing this data is Article 6(1)(b) GDPR, as the processing is necessary for the performance of a contract — specifically, providing you with the functionality of the purchased motion-tracking feature. You may disable camera access at any time via your device settings, but please be aware that doing so will prevent the motion-tracking feature from functioning.

For more details on how we protect your personal data and your rights under GDPR, please refer to the rest of this Privacy Policy.

Cookies, tracking pixels and similar technologies on our website

To improve our web service and make your experience as comfortable as possible, we use cookies, tracking pixels, or similar technologies. Cookies are small text files saved on your computer when you visit our website. They help us recognize your browser as yours. Cookies save information such as your language settings or the duration of your visit to our website. They save data entries you make on the website, like when you log in, so you don’t need to enter your data each time you use our services. Cookies help us to recognize your preferences and adjust our website to your areas of interest.

Every time our website loads, we record how often it is visited and clicked on by using tags on our website called tracking pixels. These tracking pixels do not interfere with your computer. 

We only use performance cookies and advertising cookies with your consent in accordance with Section 25 (1) TTDSG. If you want to prevent the storage of performance cookies and advertising cookies, you can select "Do not accept cookies" in the browser and app settings. You can change this at any time by changing your cookie settings above. You can find out how this works in detail in your browser from your browser manufacturer's instructions. You can delete cookies that are already stored on your computer at any time. However, we would like to point out that our website and app can only be used to a limited extent without cookies.

We use cookies and tracking pixels for different purposes, which also means they have different legal bases and storage periods. You will find more information about that in the following sections:

Required and functional cookies

These cookies are required to ensure the use of essential services of this website and the operation of the App. Without these cookies, you will not be able to view our site properly. We also utilize functional cookies which assist us in the continuous improvement of our website and App.

• Analytics services are used to analyze data based on your browsing behavior (e.g. which pages you have visited on the website or how you use our App) and to improve the functionality and design of our website / App. For this purpose, we use only your Freeletics User ID (if you are logged in) or a unique identifier, but no information that can be used to identify you (such as your name or email address).

• Quality assurance tools are used to measure errors presented on a website, to make sure we fix bugs or any issues promptly.

• Test services: The use of A/B tests or multivariate tests ensures consistent website / App design and user experience in the current and subsequent sessions

The legal basis is in this respect for access to your terminal device is Section 25 (2) No. 2 TTDSG and for the subsequent processing of personal data our legitimate interest pursuant to Art. 6 (1) (f) GDPR.

Performance Cookies and Advertising Cookies

These cookies allow us to analyze site usage so we can measure and improve performance. They are also used by advertising companies to serve ads that are relevant to your interests. These cookies contain a unique key to distinguish individual users’ browsing habits. We also use these cookies to limit the number of times a user sees a particular ad on a website and to measure the effectiveness of a particular campaign. The identifier stored by these cookies is provided by our partners. We cannot use the same identifier in our own systems.

We also use such cookies to offer personalized pricing for certain products or services. Personalized pricing means that the price you pay may vary based on factors such as your usage patterns, location, preferences, and other criteria. When we offer personalized pricing, we will clearly inform you if a price has been personalized.

If you want to prevent performance cookies and advertising cookies from being saved, you can change your cookie preferences at any time by changing your cookie settings above.

We also use cookies for Affiliate Tracking. We need to let our affiliate marketing partners or service providers have certain information if you came to our site, and purchased products, through a visit to theirs. This is required as we may need to provide them a fee for such services. For this purpose, we will share information about your visit, including the products you have purchased.

The legal basis for performance cookies and advertising cookies is consent in accordance with Art. 6 para. 1 (a) GDPR. Obviously, you can withdraw your declarations of consent for the future at any time. If you no longer agree to us providing your data to the service providers mentioned in our privacy policy, you can opt-out in the cookie settings on our website or within your profile settings.

Please note: it is possible that you can still see advertisements from Freeletics on third-party platforms even if you do not choose this functionality, but these advertisements are at random and won’t be personalized.

Technologies in our app "Freeletics: Fitness Workouts"

We use various technologies to improve the performance of our application, personalize user experiences and provide relevant content. These technologies may collect information about your use of our app, including device information, IP addresses, location data and interactions with the app. The data collected is used exclusively to improve our services, personalize content and conduct marketing activities.

Necessary technologies

These services are used to ensure the technical performance of the application and to provide you with the most basic content. Functional cookies enable smooth use of our application by allowing you to create an account, log in and view content. These technologies must always be activated in order to use our mobile app and therefore cannot be deactivated. The legal basis in this context is our legitimate interest in the provision of technical functionality, optimization and development of services in accordance with § 25 para. 2 no. 2 TTDSG in conjunction with Art. 6 para. 1 letter f GDPR.

This includes:

- Crashlytics: To collect crash reports and error diagnostics in order to improve the stability of the application.

- Firebase RemoteConfig: For dynamic customization of app settings and functions based on user segments.

- Firebase Cloud Messaging for Android devices: To provide push notifications and in-app messages to our users. This service is only activated if you have consented to receive push notifications.

Analytical and performance technologies

These technologies are used to improve the performance of our app and perform business-related analysis. We use analytical technologies to understand user behavior so that we can improve our app and communication. We use information about previous actions and interactions to display personalized content and relevant advertising on third-party websites and apps. This data also helps us measure the effectiveness of ads. The legal basis for processing the data is your consent in accordance with Section 25 (1) TTDSG in conjunction with Art. 6 (1) (a) GDPR. Your consent can be revoked at any time in the app settings.

This includes:

- Braze SDK: This is a mobile engagement and messaging system that allows us to deliver push notifications and in-app messages to our mobile app users. We use Braze to manage and personalize notifications and to analyze user behavior.

- Google Firebase Analytics: For analyzing user behavior and interactions within the application. Firebase is a sub-service of Google Analytics. When Firebase is used in the app, the data is forwarded to Google Analytics via Google Tag Manager. You can find more information on how this works in the "Google Analytics" section

- Facebook SDK: To integrate Facebook services such as login and sharing functionalities.

- Appsflyer: To analyze marketing campaigns and measure attribution of app installs.

- Google Advertising ID: A unique identifier on Android devices that is used for ad personalization and measurement.

- IDFV: A unique identifier on iOS devices used for internal purposes such as analyzing usage data and app install attribution.

Affiliate Marketing

We use Rakuten Marketing Europe Limited dba Rakuten Advertising (“Rakuten Advertising”) as our affiliate network to support our marketing efforts. Rakuten Advertising is a third-party service provider that assists us in managing partner programs and promoting our products and services through various online channels. When you access our website or interact with our marketing materials, cookies and other tracking technologies may be used by Rakuten Advertising to collect information about your online activities. This information may be used to provide you with personalized offers and advertisements.

The legal basis for the use of these cookies is § 25 para. 1 sentence 1 TTDSG and for the subsequent processing of personal data Art. 6 para. 1 letter a GDPR. As a guarantee pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), Rakuten Advertising has signed the EU standard contractual clauses. If you do not wish to be tracked by Rakuten Advertising in the future, you can opt out at any time by writing an email to privacy@freeletics.com.

For more information on data processing by Rakuten Advertising, please visit their Privacy Policy here.

Awin

Freeletics participates in a marketing advertiser program provided by Awin AG (Awin). Awin is a third-party service provider that offers technical support, payment organization and facilitates collaboration between publishers and advertisers within the Awin network.

Cookies and other tracking technologies may be used by Awin to track your online activities when you access our website and services. Awin may collect information about your visit to our site and your interaction with publisher websites. This may include, but is not limited to, the products or services you viewed, links clicked, and any subsequent transactions you make on the Freeletics' website. The purpose of tracking is to attribute sales and marketing efforts by a publisher to a particular transaction, allowing advertisers to reward publishers based on each transaction. Tracking also allows Awin to provide publishers and advertisers with relevant reports.

The legal basis for use is Art. 6 paragraph 1 letter a GDPR and Art. 25 Abs. 1 Satz 1 TTDSG. As an appropriate safeguard pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), Awin has signed the EU standard contractual clauses. If you do not wish to be tracked by Awin in the future, you can opt out at any time by writing an email to privacy@freeletics.com.

For more information on data processing by Awin, please visit their Privacy Policy here.

Personalized advertisement on our app, website and our partners’ websites

We use services of third-party advertising platforms such as Facebook (for example Instagram and Facebook), Snap (for example Snapchat), TikTok and Google (for example Gmail, YouTube, Google Discover) that allow us to show targeted campaigns and messages to users within their platforms based on the users’ behavior. For this, we use services such as Facebook Custom Audience, Snap Custom Audience, TikTok Custom Audience, Google Audience, and similar services by providing them with customer lists that include your personal data you provide to us when you register such as an email address or the device ID.

This allows the service provider to create a profile about your usage patterns in our app and on our website in order to display advertisements in a more targeted manner in order to present Freeletics advertisements of interest to users on other apps and websites within the network of the respective service providers. Please find more information about the services here:

Google Personalised Advertising Service: https://support.google.com/ads...

Facebook Custom Audience: https://www.facebook.com/legal...

Snap Custom Audience: https://businesshelp.snapchat.com/s/article...

TikTok Custom Audience: https://ads.tiktok.com/help/article...

The legal basis for the use of these services is your consent pursuant to Section 25 (1) TTDSG and for the subsequent processing of personal data your consent pursuant to Art. 6 (1) (a) GDPR. We only actively provide the service provider mentioned above with customer lists that include your email address or other personal data with your consent. Obviously, you can withdraw your declarations of consent for the future at any time. If you no longer agree to us providing your data to the service providers mentioned above, you can opt-out in our app-settings. We will store the data as long as you do not withdraw your consent. It is possible that you can then still see advertisements from Freeletics even if you withdraw your consent or did not consent in the first place, but these advertisements on third-party platforms are at random.

Below you will find more information about the cookies, tracking pixel, and similar technologies we use.

Google Analytics

We use the Google Analytics service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to analyze our website and app visitors. Google uses cookies to track the use of the online product or app service by users and the information is generally transferred to a Google server in the USA and stored there.

Google will use this information on our behalf to evaluate the use of our online products and app services by users, to compile reports on the activities within these online products and app services and to provide us with further services associated with the use of these online products and app services and the use of the internet. Pseudonymous user profiles can be created from the processed data.

We use Google Analytics only with IP anonymization enabled. This means that Google will truncate the IP address of users within Member States of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent cookies from being stored by adjusting the settings to their browser software accordingly. We have made data protection friendly default settings.

The legal basis for the use of Google Analytics is § 25 para. 1 TTDSG and for the subsequent processing of personal data Art. 6 para. 1 letter a GDPR. Users can prevent the collection of data generated by cookies by downloading and installing the browser plug-in that is available here. As a guarantee pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), Google has signed the EU standard contractual clauses. For more information on data processing by Google Analytics, please refer to the privacy policy of the provider.

If you do not wish to be tracked by Google Analytics in the future, you can opt out at any time by writing an email to privacy@freeletics.com.

Braze

We use Braze (Braze, Inc, 330 West 34th St, New York, NY 10001 USA) on our website and within our app in order to analyze your web and app usage behavior. When you visit our website or app the information listed below is collected and analyzed by Braze, which uses an identifier (ID) that allows analysis of your use of our services.

On behalf of us, Braze will use this information to evaluate your use of the app and to compile reports on the use of the website. This information may be used by us, if activated by you, to send you specific information (so-called push notifications or in-app messages) about Freeletics services or specific advertising. If you do not want to receive any in-app messages, please contact support@freeletics.com. For further information about push-notifications, see here.

For more information about Braze's compliance with data protection laws, please visit https://www.braze.com/privacy/. If Braze transfers personal data to the USA, it does so on the basis of an agreement with the EU standard contractual clauses. The legal basis for the use is § 25 para. 1 TTDSG and for the subsequent processing of personal data Art. 6 para. 1 letter a GDPR. If you do not wish to be tracked by Braze in the future, you can opt out at any time by writing an email to privacy@freeletics.com.

Data in the context of tracking	Purpose of processing	Legal basis of processing	Storage period
Device Information	Sending to your device	Consent	Until revocation of consent
Usage Information (including training data)	Direct approach as well as analysis and assessment of usage behavior	Consent	Until revocation of consent
Campaign Information	Direct approach as well as analysis and campaign optimization	Consent	Until revocation of consent
User data that is also accessible in your profile	Direct approach as well as analysis and assessment of usage behavior	Consent	Until revocation of consent

 

NOTE: 

We are currently migrating our customer engagement and CRM services from Braze to CleverTap. During this transition phase, personal data may be processed via both providers to ensure continuity of our communication and messaging services.

Clevertap

We use Clevertap (WizRocket Inc., 535 Mission Street, 14th Floor. San Francisco, CA 94105 USA) on our website and within our app in order to analyze your web and app usage behavior. When you visit our website or app the information listed below is collected and analyzed by Clevertap, which uses an identifier (ID) that allows analysis of your use of our services.

On behalf of us, Clevertap will use this information to evaluate your use of the app and to compile reports on the use of the website. This information may be used by us, if activated by you, to send you specific information (so-called push notifications, in-app messages or email newsletters) about Freeletics services or specific advertising. If you do not want to receive any in-app messages, please contact support@freeletics.com. For further information about push-notifications, see here.

For more information about Clevertap's compliance with data protection laws, please visit https://clevertap.com/privacy-policy/. If Clevertap transfers personal data to the USA, it does so on the basis of an agreement with the EU standard contractual clauses. The legal basis for the use is § 25 para. 1 TTDSG and for the subsequent processing of personal data Art. 6 para. 1 letter a GDPR. If you do not wish to be tracked by Clevertap in the future, you can opt out at any time by writing an email to privacy@freeletics.com.

Data in the context of tracking	Purpose of processing	Legal basis of processing	Storage period
Device Information	Sending to your device	Consent	Until revocation of consent
Usage Information (including training data)	Direct approach as well as analysis and assessment of usage behavior	Consent	Until revocation of consent
Campaign Information	Direct approach as well as analysis and campaign optimization	Consent	Until revocation of consent
User data that is also accessible in your profile	Direct approach as well as analysis and assessment of usage behavior	Consent	Until revocation of consent

 

Amplitude

We use the Amplitude service on our website in order to derive application behavioral analytics. We use that information to see how users interact with our website. When you visit our website or app the information listed below is evaluated by Amplitude. Your IP address is not stored at Freeletics. The legal basis for the use of this service is § 25 para. 2 no. 2 TTDSG and for the subsequent processing of personal data Art. 6 para. 1 letter f GDPR.

You can view Amplitude's privacy policy here. If you do not wish to be tracked by Amplitude in the future, you can opt out at any time by writing an email to privacy@freeletics.com.

Name of provider	Provider type	Data transfer to third party country	Third party country	Guarantees in acc. with Art. 44 ff GDPR
Amplitude Inc. 501 2nd Street, Suite 100 San Francisco, CA 94107 USA	Order processor	Yes	USA	EU standard contractual

Data in the context of tracking	Purpose of processing	Legal basis of processing	Storage period
Device-related data such as device type model, operating system, browser type and version	Improvement of website for device groups	Legitimate interest	until revocation
Usage-related information such as geographic location, language and pages visited	Improvement and performance tracking of website	Legitimate interest	until revocation

AppsFlyer

Our apps are analyzed with technologies from AppsFlyer Inc. (111 New Montgomery St, San Francisco, CA 94105, United States). Various session and interaction data are collected from you and stored for this purpose. We need this information to improve the content and usability of our apps and to optimize the user experience for you. The session and interaction data are at no time processed in personalized form, but under a pseudonym. For more information on data processing by AppsFlyer, please refer to the privacy policy of the provider.

The legal basis for the use of this service is § 25 para. 1 TTDSG and for the subsequent processing of personal data Art. 6 para. 1 letter a GDPR. . As a guarantee pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), Appsflyer has signed the EU standard contractual clauses. If you do not wish to be tracked by AppsFlyer in the future, you can opt out at any time by writing an email to privacy@freeletics.com. Your data are stored at Freeletics until revocation. By using the opt-out button, you may opt out of future transmission of data from your device to AppsFlyer's servers.

Google Marketing Services

On our apps, we use the marketing and re-marketing services of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) that allow us to display advertisements in a more targeted manner in order to present advertisements of interest to users. Through (re-)marketing ads and products are displayed to users relating to an interest established by activity on other apps within the Google Network. For these purposes, a code is used by Google when our app is accessed and what are referred to as (re-)marketing tags are incorporated into the app. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies may also be used instead of cookies). Cookies can be set by various domains. This file records which apps users have visited, which content they are interested in and which offers have been used. In addition, technical information about the browser and operating system, referring apps, the length of the visit as well as any additional data about the use of the online products and services are stored. The IP address of users is also recorded, although we would like to inform you that within the framework of Google Analytics, IP addresses within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area are truncated.

All user data will only be processed as pseudonymous data. Google does not store any names or email addresses. All displayed ads are therefore not displayed specifically for a person, but for the owner of the cookie. This information is collected by Google and transmitted to and stored by servers in the USA.

One of the Google marketing services we use is the online advertising program Google AdWords. In the case of Google AdWords, each AdWords customer receives a different conversion cookie. Cookies can therefore not be tracked through the apps of AdWords customers. The information collected by the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they will not receive any information that personally identifies users.

We may include third-party advertisements based on the Google Marketing Service called DoubleClick. DoubleClick uses cookies to enable Google and its partner apps to place ads based on users’ visits to this app or other apps on the Internet.

Google services make use of Google’s Tag Manager. For more information about Google’s use of data for marketing purposes, please see the summary page, Google’s privacy policy is available here.

The legal basis for the use of Google Tag Manager is § 25 para. 2 no. 2 TTDSG and for the subsequent processing of personal data Art. 6 para. 1 letter f GDPR. The legal basis for the use of Google Ad Words is § 25 para. 1 TTDSG and for the subsequent processing of personal data Art. 6 para. 1 letter a GDPR.

If you wish to object to interest-based advertising by Google marketing services, you can do so using the settings and opt-out options provided by Google. As a guarantee pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), Google has signed the EU standard contractual clauses.

There is another Google service we use called Google Audience, that allows us to show targeted messages to users within the Google Network (such as Gmail, YouTube, Google Discover, etc.). For this, we may provide Google with a customer list that includes the email address or other data such as the device ID you provide to us when you register. This allows Google to create a profile about your usage patterns in our app and on our website in order to display advertisements in a more targeted manner in order to present Freeletics advertisements of interest to users on other apps and websites within the Google Network. Please find more information about the Google Personalized Advertising Service here: https://support.google.com/adspolicy/answer/143465?hl=en

The legal basis for the use of this service is § 25 para. 1 TTDSG and for the following processing of personal data Art. 6 para. 1 letter a GDPR. We only actively provide Google with customer lists that include your email address or other personal data with your consent. Obviously, you can withdraw your declarations of consent for the future at any time. If you no longer agree to us providing your data to Google, you can opt-out in our app-settings. It is possible, that you can then still see advertisements from Freeletics even if you withdrew your consent or did not consent in the first place, but these advertisements on third party platforms are at random.

Facebook Marketing Services

We use the “visitor action pixels” from Facebook (Meta Platforms Inc., Menlo Park, California) on our website so that user behavior can be tracked after users have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads.

The legal basis for the use of this service is § 25 para. 1 TTDSG and for the following processing of personal data Art. 6 para. 1 letter a GDPR

We also use Facebook’s Software Development Kit (SDK) within our apps, in order to link various Facebook services with our apps. For example, this enables users to be able to use the Facebook SDK to share content from our apps within their Facebook timeline or to send messages to other Facebook users. Further information about the Facebook SDK within iOS can be found here: https://developers.facebook.com/docs/ios. For Android, please refer to: https://developers.facebook.com/docs/android.

We use the Facebook App Events service though the Facebook SDK to track how many people our advertising campaigns reach, and the use of the Facebook SDK. Facebook merely provides us with an aggregated analysis of user behavior with our app. We have no influence beyond that on the information that will be processed through App Events by Facebook. In our app settings, you can opt out of using App Events for these purposes.

The legal basis for the use of this service is § 25 para. 1 TTDSG and for the following processing of personal data Art. 6 para. 1 letter a GDPR.

As a guarantee pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), Facebook has signed the EU standard contractual clauses. If you do not wish to be tracked by Facebook in the future, you can opt out at any time by writing an email to privacy@freeletics.com.

Facebook Custom Audience

The product Custom Audiences from Facebook (Meta Platforms Inc, 1601 S. California Avenue, Palo Alto, CA, 94304) is also used on the website as part of the usage-based online advertising. Basically, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which can be transmitted to Facebook for analysis and marketing purposes. This is done either by placing a pixel-code from Facebook on our website or by capturing your usage behavior in our app using the Facebook SDK (see section above for a detailed description of these two Facebook services). Alternatively, we may provide Facebook with a customer list that includes the email address you provided to us when you registered. It collects information about your activities on the website (e.g. surfing habits, sub-pages visited, etc.). This allows Facebook to create a profile about your usage patterns in our app and on our website. Your IP address is stored and used for the geographical control of advertising.

As a guarantee pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), Facebook has signed the EU standard contractual clauses. The legal basis for our processing is Art. 6 Para. Letter f GDPR.

The legal basis for the use of this service after setting a Facebook tracking pixel is Section 25 (1) TTDSG and for the subsequent processing of personal data Art. 6 (1) (a) GDPR. In the case of the provision of customer lists, the legal basis is Art. 6(1)(a) GDPR. Obviously, you can withdraw your declarations of consent for the future at any time.

If you no longer agree to us providing your data to Facebook, you can opt-out in our app-settings.

In this context, please note that Facebook may also use the data we provide about your usage behavior and your e-mail address for its own purposes. Here you have the opportunity to object to targeting on Facebook. Alternatively, you can contact us directly by email at privacy@freeletics.com.

Further information about the purpose and scope of the data collection and the further processing and use of the data, as well as the privacy settings can be found in the Facebook data protection guidelines.

SNAPCHAT Custom Audiences

We use the “Snap pixels” from Snap Inc. (Market Street, Venice, CA 90291, USA) on our website so that user behavior can be tracked after users have been redirected to our website by clicking on a Snap ad. This enables us to measure the effectiveness of Snap ads for statistical and market research purposes.

As a guarantee pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), Snap has signed the EU standard contractual clauses. The legal basis for the use of this service is § 25 para. 1 TTDSG and for the following data processing of personal data Art. 6 para. 1 letter a GDPR. In the case of the provision of customer lists, the legal basis is Art. 6(1)(a) GDPRWe only actively provide Snap with customer lists that include your email address or other personal data with your consent. Obviously, you can withdraw your declarations of consent for the future at any time.

If you no longer agree to us providing your data to Snap, you can opt-out in our app-settings.

In this context, please note that Snap may also use the data we provide about your usage behavior and your e-mail address for its own purposes. Here you have the opportunity to object to targeting on Snap.

Further information about the purpose and scope of the data collection and the further processing and use of the data, as well as the privacy settings can be found in the Snap data protection guidelines.

TikTok Marketing Services and Custom Audiences

We use the “TikTok pixels” from TikTok Information Technologies UK Limited (WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom) and TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland) (both hereinafter “TikTok”), on our website so that user behavior can be tracked after users have been redirected to our website by clicking on a TikTok ad. The data collected via the TikTok Pixel is used for targeting our ads and for improving ad delivery and personalized advertising. This enables us to measure the effectiveness of TikTok ads for statistical and market research purposes. For this purpose, the data collected on our website by the TikTok Pixel is transmitted to TikTok.

As a guarantee pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), TikTok has signed the EU standard contractual clauses.

A Controller to Controller Agreement exists with TikTok. The Data Policy of TikTok can be found here. The legal basis for the use of this service is § 25 para. 1 TTDSG and for the following data processing of personal data Art. 6 para. 1 letter a GDPR. In the case of the provision of customer lists, the legal basis is Art. 6(1)(a) GDPRWe only actively provide TikTok with customer lists that include your email address or other personal data with your consent. Obviously, you can withdraw your declarations of consent for the future at any time.

If you no longer agree to us providing your data to TikTok, you can opt-out in our app-settings.

In this context, please note that TikTok may also use the data we provide about your usage behavior and your e-mail address for its own purposes. Here you have the opportunity to object to targeting on TikTok.

Further information about the purpose and scope of the data collection and the further processing and use of the data, as well as the privacy settings can be found in the TikTok data protection guidelines.

Reddit Marketing Services

We use the “Reddit pixels” from Reddit, Inc. (548 Market St., 16093 San Francisco, California 94104) and Reddit Ireland Limited (Fitzwilliam Hall, Fitzwilliam Place, Dublin 2, D02 T292, Ireland) (both hereinafter “Reddit”), on our website so that user behavior can be tracked after users have been redirected to our website by clicking on a Reddit ad. The data collected via the Reddit Pixel is used for targeting our ads and for improving ad delivery and personalized advertising. This enables us to measure the effectiveness of Reddit ads for statistical and market research purposes. For this purpose, the data collected on our website by the Reddit Pixel is transmitted to Reddit.

As a guarantee pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), Reddit has signed the EU standard contractual clauses. The legal basis for the use of this service is § 25 para. 1 TTDSG and for the following data processing of personal data Art. 6 para. 1 letter a GDPR. A Controller to Controller Agreement exists with Reddit.

In this context, please note that Reddit may also use the data we provide about your usage behavior for its own purposes. Obviously, you can withdraw your declarations of consent for the future at any time. If you no longer agree to us providing your data to Reddit, you can opt-out in our app-settings. Here you have the opportunity to object to targeting on Reddit.

Further information about the purpose and scope of the data collection and the further processing and use of the data, as well as the privacy settings can be found in the Reddit Privacy Policy.

Remerge

On our apps, we use the retargeting services of Remerge GmbH (Heidestraße 9, 10557 Berlin) that allow us to display interest-based advertising customized to the interests or preferences of our users as well as to analyze the performance of advertising campaigns. Remerge specializes in delivering display app retargeting campaigns for mobile app developers inside other apps that are relevant to the user. To do so, Remerge does not collect any data from the data subjects directly but receives user data from Freeletics, as we want to promote our products. Remerge then bids on real-time-bidding platforms where inventory inside other apps is auctioned resulting in the advertisement of Freeletics being delivered to the inventory. The advertisement revenues generated enable us, Freeletics, to provide content-rich services that are more relevant to our users.

Remerge is unable to combine the data they receive in a way that would enable them to personally identify users nor do they combine the data with any third party data. Remerge receives mobile identifiers such as the ID for Advertising for iOS (IDFA), Google Advertising ID. From time to time we might relay attribution data, which typically relates to the behavior of users inside our Apps which may include installation and first opening of an app on user’s mobile device, user interactions within an app (e.g. in-app purchases, registration), information regarding which advertisements users have seen or clicked on certain metadata, such as timestamp, device type and model, app and app version, country.

Remerge will retain your information for as long as we work with them or as needed to provide Freeletics with services, whichever is shorter. Remerge will delete personal data immediately when we inform them that the user has withdrawn consent. Remerge will however retain and use information as long as necessary to comply with their legal obligations, resolve disputes, and enforce their agreements.

The purpose of data processing at Remerge is to deliver targeted advertising to mobile users. This is done by analyzing user data in order to present relevant advertising that corresponds to the interests and behavior of users. The scope of data processing at Remerge may include various types of user data, such as device information (device type, operating system, device model) and usage data (interactions within apps and general usage statistics).You can learn more about the purpose and scope of data collection and further processing and utilization of data by reading Remerge’s privacy policy.

The legal basis for the use of this service is § 25 para. 1 TTDSG and for the following data processing of personal data Art. 6 para. 1 letter a GDPR. If you wish to object to interest-based advertising by Remerge, you can do so using the settings and opt-out options provided by Remerge.

Firebase by Google

We use the Firebase service from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in order to derive application behavioral analytics. We use that information to see how users interact with our website and app.

Firebase is part of the Google Cloud Platform and offers numerous services for developers. Some Firebase services process personal data. In most cases, the personal data is limited to so-called "instance IDs", which are provided with a time stamp. These "Instance IDs" assigned by Firebase are unique and thus allow the linking of different events or processes. This data does not represent personally identifiable information for us, nor do we make any efforts to personalize it subsequently. We process these aggregated data to analyze and optimize usage behavior, for example by evaluating crash reports.

Currently, we use the following Firebase services for our App:

Google Analytics for Firebase: Google Analytics uses the data to provide analytics and attribution information. The precise information collected can vary by the device and environment. Google Analytics retains ID-associated data for 60 days, and retains aggregate reporting and campaign data without automatic expiration, unless the Firebase customer changes their retention preference in their Analytics settings or deletes their project.For Analytics for Firebase, Google uses not only the "Instance ID" described above, but also the advertising ID of the end device. You can restrict the use of the advertising ID in the device settings of your mobile device. For Android: Settings > Google > Ads > Reset Ad ID For iOS: Settings > Privacy > Advertising > No ad tracking. The legal basis for the use of Google Analytics is § 25 para. 1 TTDSG and for the subsequent processing of personal data Art. 6 para. 1 letter a GDPR.

Firebase Remote Config: Remote Config uses Instance IDs to select configuration values to return to end-user devices. Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days. The legal basis for the use of this service is Section 25(2)(2) TTDSG in conjunction with Art. 6 para. 1 letter f GDPR.

Firebase Crashlytics: We use Firebase Crashlytics to collect and analyze information about crashes and errors in our app. Firebase Crashlytics helps us to monitor the stability and performance of our app and to quickly identify and fix problems.

The information collected by Firebase Crashlytics is used exclusively to analyze and fix crashes and errors in our app. This information may include the following: Device information such as model, operating system version and device ID, information about the timing and duration of crashes, information about the state of the application at the time of the crash, such as stack tracing. The legal basis for the use of this service is § 25 para. 2 no. 2 TTDSG i.V.m. Art. 6(1)(f) GDPR.

Firebase Cloud Messaging: Firebase Cloud Messaging is used to transmit push messages or so-called in-app messages (messages that are only displayed within the respective app). A pseudonymized push reference is assigned to the mobile device, which serves as a target for the push messages or in-app messages. This service is only initialized if you have agreed to receive push notifications. The push messages can be deactivated and reactivated at any time in the settings of the mobile device. Firebase Cloud Messaging uses Instance IDs to determine which devices to deliver messages to. Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days.

Firebase will use this information on our behalf for the above mentioned reasons.

The legal basis for the use of Firebase Cloud Messaging is § 25 para. 2 no. 2 TTDSG i.V.m. Art. 6(1)(f) GDPR. As a guarantee pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), Google has signed the EU standard contractual clauses.

YouTube (extended data protection mode)

We also use services from YouTube, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), on our website. YouTube is a platform for the integration and playback of video content. We use the “extended data protection mode” option provided by YouTube. When you access a page containing an embedded YouTube video, a connection to the YouTube servers is established and the contents are displayed on the Internet page through a notification to your browser. According to YouTube, in the “extended data protection mode,” data is transmitted to the YouTube server only when you actively play the video. If you are logged in to your YouTube account at that time, this information may be associated with your personal user account. You can prevent this by logging out of your YouTube account before visiting our website.

In addition, we participate in the YouTube Partner Program and may monetize our video content through the Google AdSense service. In this context, Google decides independently on the placement and display of advertising in or alongside our videos and processes personal data of viewers (e.g., cookies, device identifiers, or usage data) for the purposes of ad personalization, measurement, and billing. We do not receive any personal data of viewers from Google; our access is limited to aggregated statistical information and revenue reports.

If you access our videos via the YouTube platform, the processing of your data is carried out under Google’s sole responsibility. Further information about the purpose and scope of data processing by Google and your rights in this regard can be found in Google’s Privacy Policy: https://policies.google.com/privacy.

The legal basis for the use of the services is Art. 25 para. 1 sentence 1 TTDSG i.V.m. Art. 6(1)(a) GDPR

For more information on data protection in connection with YouTube, please refer to this link.

Databricks

We use Databricks (Databricks Inc, 160 Spear Street, 13th Floor, San Francisco, CA 94105, USA) for processing and analyzing data in our apps and on our website. This data provides us with information on how you interact with our apps and our website. For this purpose, we use your gender, the Freeletics ID, your BMI, your IP address as well as mobile usage data.

The legal basis for the use of this service is § 25 para. 2 no. 2 TTDSG and for the subsequent processing of personal data Art. 6 para. 1 lit. f GDPR. Databricks saves information in the USA. As a guarantee pursuant of Art. 44ff of the General Data Protection Regulation (GDPR), Databricks has signed the EU standard contractual clauses. You can find the privacy policy of Databricks here.

Quality assurance

When using our website and apps, data is collected and stored which is used to generate information using pseudonymous usage profiles for purposes of web analysis. These usage profiles serve to analyze visitor behavior and are evaluated to improve and design our services based on demand. In addition, we measure and analyze technical performance data (e.g. response and load times) and application data (hardware and software used) in order to improve the performance of our products. Cookies are used to do so. These are text files saved on your computer that allow us to analyze how you use our website. The pseudonymous usage profiles are not associated with personal data on the bearer of the pseudonym without the concerned party's express consent. You can object to future data collection and storage for the purpose of web analysis at any time by deactivating cookies in your browser settings. You can find the individual privacy notices for the providers here:

• New Relic
• Crashlytics
• Rollbar
• TrackJS

Name of provider	Provider type	Data transfer to third party country	Third party country	Guarantees in acc. with Art. 44 ff GDPR	Storage period
New Relic Inc. 188 Spear Street Suite 1200 San Francisco, CA 94105 USA	Order processor	Yes	USA	EU-Standard Contractual Clauses	6 weeks
Crashlytics by Google Ireland Limited Gordon House Barrow Street\ Dublin 4, Ireland	Order processor	Yes	USA	EU-Standard Contractual Clauses	90 days
Rollbar Inc. 51 Federal Street Suite 401 San Francisco, CA 94107 USA	Order processor	Yes	USA	EU-Standard Contractual Clauses	6 weeks
TrackJS LLC 215 Pine St. W, Stillwater Minnesota, 55082, USA	Order processor	Yes	Canada	Transfer on the basis of an adequacy decision	15 days

Affected data category	Purpose of processing	Legal basis of processing
IP address (only for troubleshooting)(not applicable for Logentries)	Improvement of website design and quality	Legitimate interest
Freeletics user ID	Improvement of website design and quality	Legitimate interest
Device-related data such as device type, model, operating system, browser type and version	Improvement of website design and quality	Legitimate interest
Usage-related information such as geographic location, language, pages visited	Improvement of website design and quality	Legitimate interest
Installation UUID	Improvement of website design and quality	Legitimate interest
Crash trace (not applicable for Logentries)	Improvement of website design and quality	Legitimate interest

Social Plugins

This website uses social plugins from providers:

• Facebook (Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA)
• Twitter (Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)

These plugins normally collect your data and transmit it to the server of the respective provider.

After being activated, these plugins also record personal data, such as your IP address, and send this to the server of the respective provider where it is stored. Active social plugins also create a cookie with a unique identifier when accessing the respective website. This allows the provider to create profiles on your usage behavior. This also happens when you are not a member of the social network of the respective provider. If you are a member of the provider's social network, and if you are logged in to the social network while visiting this website, your data and visit information can be associated with your profile on the social network. We cannot influence the exact scope of the data collected on you by the respective provider. Please refer to the privacy policies of the respective social network providers for more detailed information on the scope, manner, and purpose of data processing, and on your rights and setting options to protect your privacy. These can be found in the table above. They are also available at the following addresses:

• Facebook
• X (Twitter) (Betreiber: X Corp., 1355 Market Street, Suite 900, San Francisco, Kalifornien, 94103, USA)

Social media fan pages

Freeletics maintains so-called fan pages with social media providers like Instagram, Facebook (both: Meta Platforms Inc. Menlo Park, California) and Twitter (Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA) in order to communicate with customers, interested parties, and users who are active there, and to inform them about our products, services, and events. In doing so, the users’ data can be processed outside of the EU. The above-mentioned US providers have signed the EU standard contractual clauses and thus guarantee the observance of European data protection laws.

In the opinion of the European Court of Justice (ECJ), we are responsible, together with Facebook, for the processing of your personal data. You can find the decision of the ECJ dated June 5, 2018 here.

A Joint Controller Agreement exists with Facebook Ireland (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin) pursuant to Art. 26 GDPR. Facebook Ireland pledges to assume the main responsibility in the context of the General Data Protection Regulation (GDPR) for the processing of Insights data and to fulfill all applicable obligations in the context of the GDPR with reference to the processing of Insights data (including, but not limited to Articles 12 and 13 GDPR, Articles 15 to 22 GDPR, and Articles 32 to 34 GDPR). Facebook Ireland will also make available the essential information of this Page Insights Addendum to the affected parties. Please contact Facebook to assume your rights as affected parties. The Data Policy of Facebook can be found here.

When using the Facebook fan page, the following data will be collected from you for the purpose of user communication and target group advertising:

• user interactions (posts, likes, etc.)
• Facebook cookies
• demographic data (e.g., based on information regarding age, place of residence, language, or gender)
• statistical data on user interactions in aggregated form, that is, without the possibility to relate the information to any particular persons (e.g., page activities, page impressions, page previews, likes, recommendations, articles, videos, page subscriptions, incl. source, times of day)

The usage of personal data for advertising purposes is of particular importance for Facebook. We use the statistics function to find out more about visitors to our fan page. The use of the function enables us to adapt our content to the respective target group. In this way, we also use, for example, the demographic information about the users’ age and location, whereby it is not at all possible for us to relate this information to persons.

In order to provide the social media service in the form of our Facebook fan page and to use the Insight function, Facebook generally saves cookies on the end device of the user. These include session cookies, which are deleted when the browser is closed, and persistent cookies that remain on the end device until they expire or are deleted by the user.

We use the Facebook Insights function for statistical evaluation purposes. In this connection, we receive anonymized data concerning the users of our Facebook fan page. As a result, it is not possible for us to trace them back to your person. For more information, you can refer to the cookie guideline of Facebook.

The legal basis for the use of this service is § 25 para. 2 no. 2 TTDSG and for the subsequent processing of personal data your consent in accordance with Art. 6 I lit. a GDPR.

 

Shopify

Shopify is a cloud store system for online retailers and is used as a service provider for the sale of our Freeletics Essentials products. When you buy Freeletics Essentials products from Freeletics GmbH and are logged in with your Freeletics user ID, your Freeletics user profile is used to fill out the order form and make your purchase easier. This refers to your Freeletics user ID, name, email address, Coach status, and date of birth.

Name of provider	Provider type	Data transfer to third party country	Third party country	Guarantees in acc. with Art. 44 ff GDPR
Shopify Inc. 150 Elgin Street Suite 800 Ottawa, ON K2P 1L4 Canada	Order processor	Yes	Canada	Transfer on the basis of an adequacy decision

Affected data category	Purpose of processing	Legal basis of processing	Storage period
Freeletics user profile data	Simplification of the ordering process	Initiation/Execution of the contractual relationship Consent	Up to 30 days after deletion of the customer account

Payment service provider

Freeletics offers various payment options, such as payment by credit card or payment by PayPal. Depending on which payment option you choose, payment data may be transmitted to the respective payment service provider for this purpose. If your data is processed outside the EU, the payment service provider has undertaken to comply with the EU standard contractual clauses. In some cases, the payment service providers also collect this data themselves on their own responsibility. For more information on the processing of personal data by payment service providers, please refer to their privacy policies:

• PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. You can find more information in the privacy policy of PayPal.
• Apple Pay (Apple Inc.), One Apple Park Way, MS 169-3 IPL Cupertino, CA 95014 USA. You can find more information in the privacy policy of Apple Pay.
• Google Pay (Google Ireland Limited), Gordon House, Barrow Street, Dublin 4, Ireland. You can find more information in the privacy policy of Google Pay.
• Stripe, Inc, 354 Oyster Point Boulevard, South San Francisco, California, 94080, USA. You can find more information in the privacy policy of Stripe.
• Ebanx, 10 Collyer Quay, 10-01 Ocean Financial Centre, Singapore, 049315. You can find more information in the privacy policy of Ebanx.
• Revolut, 30 South Colonnade, London E14 5HX, UK. You can find more information in the privacy policy of Revolut. 

The legal basis for this processing is Art. 6 paragraph 1 sentence 1 letter b GDPR (performance of a contract) and Art. 6 paragraph 1 sentence 1 letter a GDPR (consent).

Applications and applicant portal

You can apply to our company using electronic means.

Obviously, we will use your information only to process your application and not pass it on to third parties.

Please note that e-mails sent without encryption are not access-protected. Unfortunately, we do not currently offer encryption for e-mail applications. However, encrypted transfer of your application is possible via our applicant portal.

You can apply to our company online via our applicant portal. Your online application will be sent directly to the HR department via an encrypted connection and obviously treated confidentially.

Your personal data will be deleted at the end of the application process, either immediately or after no more than six months, unless you have given us your explicit consent for longer storage of your data.

Further information on data processing in the context of application processes can be found in the data privacy statement of our applicant portal.

Transfer of data to third parties

We only pass your personal data on to third parties if:

• you have given your explicit consent to this,
• forwarding data is necessary for the assertion, exercise, or defense of legal claims and there is no reason to assume you have an overriding legitimate interest in your data not being passed on,
• in the event that we have a legal obligation to forward data, and
• this is legally permissible and required for the performance of the contractual relationship with you.

In the case of data transfer outside the European Union, the high European level of data protection essentially does not exist. It may be the case with a transfer that an EU Commission adequacy decision in accordance with Article 45 (1) (3) GDPR is not currently in place. This means that the EU Commission has not yet positively determined that the country-specific level of data protection corresponds to the level of data protection in the European Union due to the GDPR. If the recipient is located outside the European Union / European Economic Area, we have taken the necessary measures such as signing the EU standard contractual clauses approved by the EU Commission, and have additionally taken appropriate security precautions.

Potential risks, which cannot be ruled out completely in connection with data transfer, are in particular:

• your personal data could be processed over and above the intended purpose.
• Moreover, there is a possibility that you may not be able to exercise your rights in relation to data protection, for example, your right of access, to rectification, erasure, or data portability, on a consistent basis and enforce these.
• It may also be highly likely that data is processed incorrectly and in quantitative and qualitative terms, the protection of personal data fails to meet the requirements of the GDPR in full.

Your rights

Information on the rights of data subjects

Each data subject has the right of access in accordance with Article 15 GDPR, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to restriction of processing in accordance with Article 18 GDPR, the right to object in Article 21 GDPR and the right to data portability in Article 20 GDPR. The limitations according to Articles 34 and 35 BDSG apply to the right of access and to the right to erasure.

Delete your Freeletics account

Deleting your account will affect all Freeletics products, i.e. Training and Nutrition, and all your results and progress for these products will be deleted permanently. It is not possible to delete your account partially.

Via the website

• Log in to your account on our website.
• Select “Delete Account” at the bottom of the page.

Via the app

• Go to your Settings under the profile tab.
• Scroll down to “Privacy”.
• Click on “Delete Account”.
• A verification email will be sent to your email address. Please confirm this to complete the deletion.

Subscribers should note that deleting your account doesn’t automatically cancel the next renewal of your Coach subscription. For this reason, it is very important to remember to cancel your subscription additionally to deleting your account. To cancel your next renewal please visit this article for more information on how to do this.

Information on the option to lodge a complaint

You also have the right to lodge a complaint with the competent data protection authority about our processing of your personal data.

Information on withdrawal of consent

You can withdraw your consent with us to process personal data at any time. This also applies to withdrawals of a declaration of consent that were given to us before the General Data Protection Regulation came into effect, i.e. before May 25, 2018. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to a withdrawal.

CCPA Consumer Rights (Additional California Privacy Rights)

This section provides additional details for California consumers about the rights afforded to them under the California Consumer Privacy Act or “CCPA“.

In addition to the rights mentioned above under “information on the rights of data subjects”, California consumers have the right not to be discriminated against for having exercised their rights under the CCPA. In particular, Freeletics may not deny you goods or services, charge you different prices for goods or services, either by denying benefits or imposing penalties, provide you with a different level or quality of goods or services or threaten you with any of the above. In addition, Freeletics does not sell the personal information we collect (as defined in the CCPA) and will not sell it without providing you the right to opt out.

Right in the event that data is processed for direct marketing purposes

You have the right pursuant to Article 21 (2) GDPR to object to the processing of personal data concerning you. In the event that you object to processing for direct marketing purposes, we will no longer process your personal data for this purpose. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to a withdrawal.

Information on the right to object in the case of balance of interests

If we process your personal data based on a balance of interests, you can object to such processing. If you exercise this right to object, please state the reasons why we should not process your data as we have described. If your objection is justified, we will review the situation and either stop or adjust data processing or explain our compelling legitimate reasons for processing to you.

Links to other websites

Our website may contain links to the websites of other providers. Please note that this Data Privacy Statement applies only to the website of Freeletics. We have no influence on or control over the compliance of other providers with applicable data protection regulations.

Amendments to the Data Privacy Statement

We reserve the right to amend or adjust this Data Privacy Statement at any time subject to compliance with applicable data protection regulations.

Controller and data protection officer

Alternatively, you may contact our external data protection officers at any time if you have any questions regarding the collection, processing or use of your personal data or in the case of access, rectification, blocking or erasure:

Personal/Confidential

Data controller	Controller's data protection officer
Freeletics GmbH Berg-am-Laim-Straße 111 81673 Munich Germany E-Mail: privacy@freeletics.com represented by Managing Director Daniel Sobhani	Freeletics GmbH Data Protection Officer Berg-am-Laim-Straße 111 81673 Munich Germany E-Mail: privacy@freeletics.com