1. 1. Scope
The privacy notice below informs you about the type, scope and purpose of the collection, use and processing of personal data by Urban Sports GmbH, regardless of whether you register with us, use our app or just visit our site.
The entity responsible for the collection, processing and use of your personal data as of art. 4 no. 7 GDPR is Urban Sports GmbH (hereinafter also referred to as “we” or „Urban Sports“). You can contact us as follows:
Urban Sports Club GmbH
10179 Berlin, Germany
+49 30 5444 5077 7
Data protection officer:
II. Collection, processing and use of personal data
1. Personal data
Personal data is individual information about personal or factual circumstances of a specific or identifiable natural person. These are, for example, your name, your e-mail address or your postal address.
Our website places cookies. Cookies are small encrypted files that are stored on computers or terminal devices by websites for the purpose of logging and improving the usability of the website. Cookies enable website operators to recognise user preferences by analysing the data collected, to diagnose technical problems, to analyse developments and thus to improve the overall use of their website for users. Most browsers allow you to choose whether or not to allow cookies to be stored. If you do not want cookies to be stored on your computer, please set your browser preferences to reject all cookies before visiting our website. Please note that you may then no longer be able to use some of the functions on our website.
Strictly necessary cookies
These cookies are required for the website to function and cannot be disabled in your systems. Generally, these cookies are only set in response to actions you take that correspond to a service request, such as setting your privacy preferences, logging in or filling out forms. You can set your browser to block these cookies or to notify you of these cookies. However, some areas of the website will not work if you do so. These cookies do not store any personal data.
Strictly necessary cookies
userId, wordpress_logged_in_XXXXXXXXXXXXXXXXXXXXXXXXXXX, wordpress_sec_, wordpress_test_cookie, wordpress_XXXXXXXXXXXXXXXXXXXXXXXXXXXX, wordpresspass_XXXXXXXXXXXXXXXXXXXXXXXXXXXX, wordpressuser_XXXXXXXXXXXXXXXXXXXXXXXXXXXXX, wp-postpass_XXXXXXXXXXXXXXXXXXXXXXXXXXXX, wp-settings-, wp-settings-time-X
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third parties whose services we use on our sites. If you do not allow these cookies, some or all of these services may not work properly.
These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us answer questions about which pages are most popular, which are least used and how visitors move around the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we will not be able to know when you visited our website.
_hjCachedUserAttributes, _hjIncludedInPageviewSample, _hjIncludedInSessionSample, _hjUserAttributesHash
_hjIncludedInPageviewSample, _hjIncludedInSessionSample, _hjUserAttributesHash, ss_cvt
instap-spid.2a73, instap-spid.c7f8, instap-spses.2a73, instap-spses.c7f8
_hjCachedUserAttributes, _hjIncludedInPageviewSample, _hjIncludedInSessionSample, _hjSessionRejected, _hjUserAttributesHash
These cookies may be set through our website by our advertising partners. They may be used by these companies to profile your interests and display relevant ads on other websites. They do not directly store personal data but are based on a unique identification of your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
CONSENT, VISITOR_INFO1_LIVE, YSC
AnalyticsSyncHistory, bcookie, lang, li_gc, lidc, UserMatchHistory
3. Signup/User account
When you sign up with us, your name, address and the contract option you have selected will be stored by us. We will set up a password-protected user account for you that includes the basic data stored with us (name, address, account data, contract option, profile picture), which can thus be accessed by you. Please note that a photo of yourself is required for identification purposes in order to use the service.
The processing and storage of this data is necessary for the conclusion and performance of a contract between us and you. The processing of your personal data is therefore based on art. 6 para. 1 b) GDPR.
During the registration process we use the email service provider Mandrill to send emails messages (see below III. 2.9).
4. Transfer of data
4a) Transfer of data to Partners
If you check in with a partner, we will send them your name and user number for identification purposes. Furthermore, the partner is disclosed information about the check-in time, your membership and the course attended. Partners are sports facility operators, fitness studios, other sports clubs or other service providers whose services you can take advantage of through us. The processing of this data is necessary for the performance of our contract with you. It is therefore justified under art. 6 para. 1 b) GDPR.
4b) Transfer of data to your Employer
In addition, whenever your employer bears a part of the price of your subscription, the following applies:
Upon registration, to verify whether you’re a member of the company staff, we disclose your name and last name to your employer and ask for his confirmation. Only once we receive such confirmation, will our services be activated for you and will you be able to take advantage of your subscription fully.
This means, we in turn receive the following data from your employer: name, last name and personnel number (for verification purposes), start, duration and end of the employment.
In case your employer pays part of your membership, we will disclose your first and last name, e-mail address, start, duration and end of your subscription to Urban Sports or of a particular contract and status of your subscription (M, L, XL, etc.), city and notice period.
In case your employer pays a contribution depending on whether you’ve been using our services in a certain month, we will disclose whether you’ve been active or have been checking in during the reference month. At your employer’s request, we will also disclose your membership reference number for easier billing.
When processing your personal data as described above, your employer and Urban Sports act as "joint controllers" according to art. 4 no. 7 and art. 26 GDPR. Accordingly, we enter into an agreement with your employer pursuant to art. 26 GDPR, which essentially provides for the following:
- Data collected by Urban Sports and your employer is only processed in order to, on the one hand, allow Urban Sports to provide the service requested by you within the framework of the contractual relationship with us at more favourable conditions; and, on the other hand, your employer can enable you to take advantage of our services as an employee benefit within the framework of the employment relationship. In both cases, the legal basis of the processing is therefore art. 6 para. 1 lit. b) GDPR.
- We inform you about the handling of personal data within the scope of joint responsibility pursuant to art. 13 GDPR by means of this privacy notice. Your employer will inform you about the processing of personal data falling within the scope of the joint controllership in accordance with art. 13 of the GDPR.
- Your rights according to art. 15 et seq. GDPR (see sec. V. below) can be exercised both against Urban Sports and against your employer.
If at any time you no longer wish your data to be transferred to your employer, you can achieve this by terminating your membership at the earliest possible date.
Within our company, access to your data is granted to those departments that need it in order to fulfil our contractual and legal obligations. Processors we work with (art. 28 GDPR) may also receive data for these purposes. These are companies in the categories of financial services, IT services, logistics, printing services, telecommunications, debt collection, advice and consulting as well as sales and marketing.
Data required for processing payments - for example your name, your account number or, if applicable, your credit card number ("payment data") - is transferred to payment service providers we work with. We do not store such data. Below you will find information about the payment providers we use.
6. Permissions for using our app
If you allow our app to access your phone's camera, you can use your camera to scan QR codes when checking in with our partners. If you wish, you can also use your camera to create a profile picture.
If you allow our app to access your position, we will receive information about your location. This is done exclusively to show you offers in your surroundings as required under the contract, in accordance with art. 6 (1) b) GDPR. Location data will not be stored.
6.3 Push notifications
Within the app, you have the option to activate or deactivate push notifications (i.e. notifications that are sent to your mobile device even while you are not currently using our app). This service is optional and offers you the opportunity to stay informed at no cost about available updates, disruptions, or other information relevant to the service. You can turn these push notifications on or off at any time using your mobile device's app settings.
When push notifications are enabled, a unique identification number assigned to your mobile device (device ID) will be shared with the service we use to send push notifications. For IOS, we receive a "Push Notification Token" through Apple which is sent to Firebase Cloud Messaging. For Android, a so-called identifier ("Advertising Identifier") is provided directly by "Firebase Cloud Messaging" for further use. In both cases, we can no longer draw conclusions about the device ID and thus about you as a user.
The following actions modify the identifier, for example:
- App is reinstalled on the same device
- App is installed on a new device
The legal basis for this service is art. 6 para. 1 b) GDPR. The storage period is equal to the duration of use of the push service.
You can find further information about Firebase Cloud Messaging here: https://firebase.google.com/docs/cloud-messaging/
If you allow our app to access your position, we will receive information about your location. This is done exclusively to show you offers in your surroundings as required under the contract, in accordance with art. 6 (1) b) GDPR. Location data will not be stored.
8. Location-based browsing
1) What is location-based browsing?
Our website uses location-based browsing to provide you with more relevant information and save you time when searching. For example, if you are looking for a partner location near you, we can use your position to make sure that your city is directly selected and only show partner locations there. Of course, you can always change this manually if you want to search for activities in other cities. You can also turn the location-based query on or off in your browser when you are asked for consent, while still using the full service.
2) How does it work?
If you agree, your browser collects data about nearby wireless access nodes and your computer's IP address. Then your browser sends this data to the default geolocation service provider to determine your approximate location. This approximate location information is then used on our homepage for this purpose.
3) How do I revoke the consent I gave?
If you have given permission to share your position and later change your mind, you can easily revoke your consent. Here's how:
- Open our homepage.
- In the Tools menu in your browser, open the Page Information item.
- Select the Permissions tab.
- Change the value for Allow access to current location.
To contact us, you can send us an email at [email protected]
We use the Zendesk ticketing system to handle customer requests. Zendesk is a customer service platform of Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102.
Data necessary to answer your enquiry, such as your surname, first name, postal address, telephone number and email address, is collected via our website and stored by Zendesk on servers in the USA.
In order to reduce your waiting time, it may sometimes happen that your request be handled by our central customer service of the Urban Sports Group.
You may also contact Zendesk's Data Protection Officer at [email protected]
The information you provide when contacting us will only be stored in order to process the enquiry and any subsequent correspondence. The storage is therefore justified by your consent according to Art. 6 (1a) GDPR.
If you subscribe our newsletter, we use the so-called double opt-in procedure. This means that we will only send you our newsletter if you have previously expressly confirmed by e-mail that you would like to receive them. We will send you an automated e-mail asking you to confirm that you would like to receive our newsletter by clicking on a link. You may subscribe to our newsletter regardless of whether you’ve signed up with for our services.
If you no longer wish to receive our newsletter, you can unsubscribe at any time. To do so, you have to inform us in writing (e-mail, letter) to the contact details displayed in section I. 2.
The legal basis of processing is your consent to receiving newsletters according to art. 6 para. 1 lit. a) GDPR.
We work with the providers MailChimp and Airship to send our newsletter.
MailChimp is a service offered by The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318 ("Rocket"). The data stored during registration is transmitted to Rocket and stored there. The data entered during registration is not transmitted to other third parties. After registration, MailChimp will send you an email to confirm your registration. Furthermore, MailChimp offers extensive analysis options about how our newsletters are interacted with. Such insight is group-related and is not used by us for individual assessments. MailChimp uses Google Analytics (see also III. 2.1 below) and may embed it in the newsletter. You can revoke your consent to the storage of data and receiving newsletters at any time by using the dedicated link inside the newsletter itself or by sending a message to the contact details above. Further information on data protection at MailChimp can be found at http://mailchimp.com/legal/privacy/.
Airship is a so-called "Customer Engagement Platform" offered by Urban Airship Group, Inc. (1225 W Burnside St #401, Portland, OR 97209, hereinafter: "Airship"). Data collected during registration is transmitted to Airship and stored there. In addition, Airship provides extensive analytics about how our newsletters are opened and used. These analyses are group-related and are not used by us for individual evaluation.
An "unsubscribe" link is included in every email message sent via Airship so that you can unsubscribe from the newsletter at any time. You can also declare your consent to receiving our newsletter by sending a message to the contact details above (sec. I. 2).
Airship may also use Google Analytics and Google Analytics Demographics and Interest Reporting or other similar products to collect information about user behaviour so that we can develop the content of the website accordingly. You can find more information about Google Analytics at www.google.com/policies/privacy/partners/. You may opt-out of the collection and processing by Google of data generated by your use of our services by clicking on the following link: http://tools.google.com/dlpage/gaoptout. You can also opt out of Airship's analytics partners by setting or changing your preferences using the "Cookie Settings" link at the bottom of the subpage you visit. For more information about Airship's privacy practices, please visit https://www.airship.com/legal/privacy/.
11. Further processing based on legitimate interests
Where necessary, we may process your data regardless of the performance of a contract or your consent given in order to protect our legitimate interests of those of third parties unless, on a case-by-case basis, we come to the conclusion that your fundamental rights and freedoms requiring the protection of personal data would prevail (see art. 6 (1f) GDPR). This may include:
- Assertion of legal claims and defence in legal disputes.
- Ensuring our IT security and IT operations
- Prevention and investigation of criminal offences
- Measures for business controlling and further development of services and products.
12. Retention time
As far as necessary, we process and store your personal data for the duration of our relationship with you, which also includes, for example, the conclusion and performance of a contract. Please note that our relationship is a continued obligation concluded for an extended time period.
In addition, we are subject to various storage and documentation duties stemming from, inter alia, the German Commercial Code (HGB) and the German Tax Code (AO). The retention and documentation periods specified therein last for up to ten years.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), can generally be three years, but in certain cases also up to thirty years.
III. Navigation on our website
1. Access data/server log-files
Your access to our website is stored in a log file (so-called server log files). For this purpose, we (or our host provider) collect the following data about each access to our website:
- IP address of the accessing device
- name of the file accessed
- date and time of access
- volume of data transferred
- reply request
- browser type and version as well as the operating system you are using
- referrer URL
- requesting provider
- screen resolution
We only use log data for statistical evaluations in the context of the operation of our offer. In the event of illegal use of our website, the log data is also used to clarify possible legal violations.
2. Tracking tools
On our websites, we technologies that help us evaluating information on the type and scope of the use of our websites (so-called tracking tools). We use the following services for analytics. If you do not agree to the collection of data by the relevant service provider, you can deactivate analytics. How to deactivate analytics tools is described for each individual service. Most analytics services employ cookies to collect non-personal data.
2.1 GOOGLE ANALYTICS
You can prevent the collection of data generated through cookies, related to your use of our website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link (http://tools.google.com/dlpage/gaoptout?hl=en).
Further information on data protection at Google Analytics can be found at https://www.google.com/intl/de/policies/privacy/.
2.2 GOOGLE TAG MANAGER
We also use Google Tag Manager. Through this service, website tags can be managed via an interface. The Google Tag Manager only implements tags. This means that no cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which may in turn collect personal data. However, Google Tag Manager does not access such data. If a deactivation has been set at domain or cookie level, it applies to all tracking tags implemented with Google Tag Manager.
Further information on data protection with Google Tag Manager can be found at https://www.google.com/intl/de/policies/privacy/.
You can object to the collection and storage of data at any time with effect for the future. To do so, please contact Adjust. Further information on data protection at Adjust can be found at https://www.adjust.com/privacy-policy/.
2.4 DYNAMIC YIELD
We use the services of Dynamic Yield Ltd, 32 Ben Yehuda St., Tel Aviv, Israel ("Dynamic Yield") to personalise and optimise our websites. For this purpose, Dynamic Yield collects pseudonymised information about usage activities, which is stored under a randomly generated user ID (pseudonym). Your IP address is stored anonymously. A direct reference to a person is not possible and cannot be (re-)established subsequently. By visiting and using our website, you agree to Dynamic Yield.
You revoke your consent to Dynamic Yield at any time by visiting https://st.dynamicyield.com/optout. In this case, an opt-out form will be sent to you and an opt-out cookie will be set, which prevents the future collection of data when you visit our website. Further information on data protection at Dynamic Yield can be found at https://www.dynamicyield.com/platform-privacy-policy/.
2.5 CRAZY EGG
You can object to the collection, processing and retention of data generated by Crazy Egg at any time by visiting http://www.crazyegg.com/opt-out and following the instructions available there. Further information on data protection at Crazy Egg can be found at http://www.crazyegg.com/privacy.
You can object to Hotjar at any time by visiting https://www.hotjar.com/opt-out and selecting "opt out of Hotjar" when you visit our website. You can find more information about data protection at Hotjar.com at https://www.hotjar.com/privacy.
2.7 VISUAL WEB OPTIMIZER
You can object to the collection, storage and use of the data generated by Visual Web Optimizer at any time by visiting https://vwo.com/opt-out/ and following the instructions available there. Further information on data protection at Visual Web Optimizer can be found at https://vwo.com/privacy-policy/.
Our websites use plugins of the social network facebook.com, which is operated by Meta Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). When navigating our of websites that such a plugin is embedded in, a connection is established to the Facebook servers and the plugin is displayed on the website by informing your browser. This way, Facebook gains insight into which of our websites you have visited. If you are logged in as a Facebook member, Facebook matches this information to your personal Facebook user account. When using the plugin functions (e.g. clicking the "Like" button, posting a comment), this information is also matched to your Facebook account. This can can only be prevented by logging out of Facebook prior to activating the plugin.
Facebook Pixel, Custom Audiences and Facebook Remarketing
1.1 We use Facebook’s "Facebook Pixel", operated by Meta Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), on our website.
1.2 With the Facebook pixel, Facebook can identify visitors of our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display Facebook ads placed by us only to those Facebook users having shown an interest in our offer or having certain characteristics (e.g. interests in certain topics or products determined on the basis of pages visited) that we share with Facebook (so-called "Custom Audiences"). With the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the Facebook pixel we can also track the effectiveness of Facebook ads for statistical and market research purposes by gaining insight into whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion"). The processing of data by Facebook takes place within the framework of Facebook's data policy. Please find general information on the display of Facebook ads in Facebook's data policy: https://www.facebook.com/policy.php?ref=pf. Specific information and details about Facebook Pixel and how it works can be found in the Facebook help section: https://www.facebook.com/business/help/651294705016616.
1.3 You can opt-out of the Facebook Pixel's processing of your data. To adjust your preferences regarding the types of ads that your want displayed on Facebook, you can visit Facebook’s dedicated page and follow the instructions available there on the settings for interaction-based advertising: https://www.facebook.com/settings?tab=ads. The settings apply regardless of the device you are using. The settings apply regardless of the device you are using, i.e. applied to all devices, such as desktop computers or mobile devices.
We use Mandrill, which is an add-on for the email service provider MailChimp. MailChimp’s privacy notice can be found here: https://mailchimp.com/legal/privacy/
Mandrill sets so-called web beacons in most emails sent by Mandrill. Web beacons (also called ClearGIFs or tracking pixels) are small graphics (GIF files approximately 1x1 in size) that are used on websites or in HTML emails, among other things, to give website operators a better understanding of how visitors interact with the website. Web beacons fulfil similar functions to cookies, but are not noticeable to the user. In particular, web beacons can be used to obtain information about whether an email has been opened and whether the user's system is capable of receiving HTML emails. No personal data is collected via the web beacon.
If you do not wish to receive e-mail messages with web beacons, you can also choose to receive your e-mails as simple text (not in HTML). Web beacons are used in conjunction with cookies. You can therefore prevent the use of web beacons by preventing the installation of cookies via the relevant setting in your browser.
On our website, we use the marketing features of Airship, a customer engagement platform provided by Urban Airship UK Ltd. (5 New Street Square, London, UK, EC4A 3TW, hereinafter: "Airship"). Through Airship, we can centrally manage communication and interaction with our users, in particular via app, websites, SMS, emails and mobile wallets. In addition, we can conduct multi-channel campaigns based on user behaviour and profiles, thus ensuring target group-specific and consistent marketing. "Airship" uses technologies such as cookies, tracking pixels and fingerprinting to analyse user behaviour and registration processes.
Information stored on users' terminal devices is also processed, e.g. when one of our websites was accessed and which elements users interact with. Airship processes information such as time zone, browser type and other technical parameters for the purpose of statistical evaluation and reach measurement of our advertising campaigns. When using the Airship platform for email or SMS communication, email addresses and mobile phone numbers are also processed for the purpose of communication. The legal basis for the processing of your data is Art. 6 para. 1 lit. a) DSGVO. Further information on data protection at Airship can be found at: https://www.airship.com/legal/privacy/.
2.11 Analytics through Spoteffects/ Matomo
We also measure interactions on our website resulting from TV spots broadcasted thanks to the service provider spoteffects, webeffects GmbH, Knorrstr. 69, 80807 Munich ("Spoteffects"). The respective data processing agreement has been entered into with Spoteffects. To do so, Spoteffects accesses results that we generate using the analytics tools. Matomo is an open-source web analysis tool (https://en.matomo.org/). When Matomo is used, data on user behaviour is collected and turned into anonymous user profiles. Among other things, cookies (as described in section 2) are used for this purpose. We do not use the data from Matomo to identify you personally and do not link the profiles to your person or account.
If you do not want this profiling via Matomo, you can deactivate this by clicking on the checkbox.
2.12 Google Maps
IV. Liability for external links
Our website contains links to external websites. Such websites have been checked at the time the links were created. We do, however, not control their content. Should we recognise that such content has changed or become illegal, we will remove the links immediately after becoming aware of this.
V. Your rights
1. Changes, Corrections and Updates, Erasure, Revocation, Access
You have the following rights in connection to the processing of your personal data:
A. WITHDRAWAL OF CONSENT:
You may withdraw any consent given to us, whether express or implied, at any time with future effect.
You may request information from us regarding the personal data we process about you. In addition, you are entitled to receive the information set forth in art. 15 GDPR.
C. RECTIFICATION AND ERASURE:
You also have the right to request the rectification of inaccurate personal data pursuant to art. 16 GDPR and to have your personal data erased in accordance with art. 17 GDPR.
D. RESTRICTION OF PROCESSING:
You may request the restriction of the processing of your personal data under the conditions of art. 18 GDPR.
Pursuant to art. 21 GDPR, you have the right to object at any time to the processing of your personal data on grounds relating to your particular situation, insofar as such processing is carried out on the basis of art. 6(1)(e) or (f) GDPR. In case of such an objection, we will no longer process this data unless we can demonstrate that there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is required for the assertion, exercise or defence of legal claims.
F. DATA PORTABILITY:
You also have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format. You also have the right, where technically feasible, to have us transfer such data to another data controller on your instructions. The right to data transfer only applies to personal data processed on the basis of consent (explicit or implied) pursuant to art. 6(1)(a) GDPR or of a contract pursuant to art. 6(1)(b) GDPR and the processing is carried out using automated procedures. The right to transfer data to another controller is excluded if this would impair the rights and freedoms of other persons (e.g. personal data of third parties, our business and trade secrets or copyrights).
You may claim the rights mentioned in sec. V. free of charge.
However, in the case of manifestly illegitimate or - especially in the case of reoccurring requests - abusive requests, we may, in accordance with art. 12(5) GDPR, either charge an appropriate fee, taking into account the administrative costs of informing or notifying you or implementing the requested measure, or refuse to act on the request.
G. RIGHT TO COMPLAIN:
You have the right to complain to the following data protection authority responsible for us connection to the processing of your personal data:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Phone: 030/138 89-0
Fax: 030/215 50 50
E-mail: [email protected]
2. Changes to this privacy notice
Urban Sports GmbH will update this privacy notice as necessary and adapt it to new requirements and laws. It is therefore recommended that you review this document regularly in order to keep informed about the protection of your data.
This privacy notice was last updated to include the provisions of the GDPR on: 15/03/2022
If you have any questions about data protection, please contact [email protected]