Privacy and data protection declaration
Privacy and data protection declaration
Name and Address of the Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection provisions is:
Fitnesshotline GmbH
Beethovenstr. 9
08209 Auerbach
Phone: +49 (0) 37 44 / 3 65 65 0
Email: info@fitnesshotline.de
Name and Address of the Data Protection Officer
The Data Protection Officer of the controller is:
ad hoc datenschutz GmbH
Im Bresselsholze 12
07819 Triptis
Phone: 0365 52786230
Email: kontakt@adhoc-datenschutz.de
General Information on Data Processing
Legal Basis for the Processing of Personal Data
In accordance with Art. 13 GDPR, we inform you about the legal bases of our data processing. If the legal basis is not explicitly stated in this privacy notice, the following applies:
The legal basis for obtaining consent is Art. 6 para. 1 lit. a in conjunction with Art. 7 GDPR. The legal basis for processing for the fulfillment of our services and implementation of contractual measures as well as responding to inquiries is Art. 6 para. 1 lit. b GDPR. The legal basis for processing for the fulfillment of our legal obligations is Art. 6 para. 1 lit. c GDPR. If processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the aforementioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis. If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
Data Deletion and Storage Period
We comply with the principles of data minimization pursuant to Art. 5 para. 1 lit. c GDPR and storage limitation pursuant to Art. 5 para. 1 lit. e GDPR. We store your personal data only as long as necessary to achieve the purposes stated here or as required by statutory retention periods. After the respective purpose ceases to apply or after these retention periods expire, the corresponding data will be deleted as quickly as possible.
External Links
This website may contain links to third-party websites or other websites under our responsibility. If you follow a link to a website outside our responsibility, please note that these websites have their own privacy policies. We assume no responsibility or liability for these external websites and their privacy notices. Therefore, please check whether you agree to their privacy policies before using these websites.
You can recognize external links either by their different color compared to the rest of the text or by being underlined. Your cursor will indicate external links when you hover over them. Personal data is only transferred to the link destination when you click on an external link. The operator of the other website receives in particular your IP address, the time at which you clicked the link, the page on which you clicked the link, as well as further information that you can find in the privacy notices of the respective provider.
Please also note that individual links may lead to data being transferred outside the European Economic Area. As a result, foreign authorities may gain access to your data. You may not have any legal remedies against such data access. If you do not want your personal data to be transferred to the link destination or exposed to access by foreign authorities, please do not click any links.
Rights of the Data Subject
As a data subject within the meaning of the GDPR, you have the possibility to assert various rights. The rights arising from the GDPR include the right of access (Article 15), the right to rectification (Article 16), the right to erasure (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to lodge a complaint with a supervisory authority, and the right to data portability (Article 20).
Right to Withdraw Consent:
Some data processing operations are only possible with your explicit consent. You have the right to withdraw your consent at any time. The legality of the data processing carried out until the withdrawal remains unaffected.
Right to Object:
If processing is based on Art. 6 para. 1 lit. e or f GDPR, you may object at any time to the processing of personal data concerning you for reasons arising from your particular situation. This right also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR. If we cannot demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms or processing serves the establishment, exercise or defense of legal claims, we will cease processing your data after an objection.
If personal data is processed for direct marketing purposes, you also have the right to object at any time. The same applies to profiling related to direct marketing. We will then no longer process personal data once you object.
Right to Lodge a Complaint with a Supervisory Authority:
If you believe that the processing of personal data concerning you violates the GDPR, you have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, place of work or place of the alleged infringement.
Right to Data Portability:
If your data is processed automatically based on consent or performance of a contract, you have the right to receive this data in a structured, commonly used and machine-readable format. You also have the right to request the transmission of the data to another controller, insofar as this is technically feasible.
Right to Access, Rectification and Erasure:
You have the right to obtain information about your processed personal data regarding the purpose of data processing, categories, recipients and storage duration. If you have questions regarding this or other matters concerning personal data, you can contact us using the contact options provided in the legal notice.
Right to Restriction of Processing:
You may request the restriction of processing of your personal data at any time. To do so, one of the following conditions must be met:
- You contest the accuracy of the personal data. For the duration of verification, you have the right to request restriction of processing.
- If processing is unlawful, you may request restriction instead of deletion.
- If we no longer need your data, but you need it to establish, exercise or defend legal claims, you may request restriction instead of deletion.
- If you object pursuant to Art. 21 para. 1 GDPR, a balancing of interests must be carried out. Until this balancing has been completed, you have the right to request restriction of processing.
Restriction of processing means that personal data – apart from storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
Provision of the Website (Web Hosting)
Our website is hosted by:
Host Europe GmbH
Hansestrasse 111, 51149 Cologne
Germany
When you visit our website, we automatically collect and store information in so-called server log files. This information is automatically transmitted by your browser to our server or to the server of our hosting company.
This includes:
- IP address of the visitor’s device
- Device used
- Hostname of the accessing computer
- Operating system of the visitor
- Browser type and version
- Name of the retrieved file
- Time of the server request
- Amount of data
- Information whether data retrieval was successful
This data is not merged with other data sources.
The legal basis for processing this data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the technically error-free presentation and optimization of this website. If the website is accessed to enter into contractual negotiations or conclude a contract, Art. 6 para. 1 lit. b GDPR serves as an additional legal basis. If we have commissioned a hosting company, a data processing agreement exists with this service provider.
Use of Local Storage Items, Session Storage Items and Cookies
Our website uses Local Storage items, Session Storage items and/or cookies. Local Storage is a mechanism that allows data to be stored in the browser on your device. This data usually contains user preferences such as the “day” or “night mode” of a website and remains stored until you manually delete it. Session Storage is similar, but the storage duration only lasts during the current session, i.e. until the tab is closed. Afterwards, the Session Storage items are deleted from your device. Cookies are information that a web server stores on your device in order to identify this device. They are either temporarily stored for the duration of a session (session cookies) and deleted after your visit ends or permanently stored (permanent cookies) until you delete them or they are automatically deleted by your browser.
These objects can also be stored by third-party companies when you visit our website (third-party requests). This enables us as the operator and you as the visitor to use certain third-party services installed on this website, such as payment services or video displays.
These mechanisms have various purposes. They can improve website functionality, control shopping cart functions, increase security and convenience, and perform analyses regarding visitor flows and behavior. Depending on their function, they are classified under data protection law. If they are necessary for the operation of the website or intended to provide certain functions, they are used based on Art. 6 para. 1 lit. f GDPR. In all other cases, storage occurs only with your explicit consent (Art. 6 para. 1 lit. a GDPR).
Use of External Services
External services from third-party providers are used on our website, e.g. video embedding or website security. When using these services, personal data may be transmitted to the respective providers. If no legitimate interest exists, we obtain your consent before use (Art. 6 para. 1 lit. a GDPR).
Analytics
To analyze user behavior, we process personal data of website visitors. By evaluating the data obtained, we can compile information about the use of individual components of our website. This allows us to improve user-friendliness. Analysis tools may create user profiles, recognize returning visitors, measure click/scroll behavior, downloads, heatmaps, page views, visit duration, bounce rates and visitor origin.
Processing only occurs if you consent via our consent banner (Art. 6 para. 1 lit. a GDPR). Without consent, processing does not occur. Consent can be withdrawn at any time.
Google Analytics
We use Google Analytics on our website. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Data may be transferred to the USA. The provider is certified under the EU-U.S. Data Privacy Framework.
More information is available at:
https://policies.google.com/privacy
The service uses the following cookies:
| Name | Storage Duration | Type | Purpose |
| _ga | 400 days | 1st-Party Cookie | Contains a randomly generated user ID. Google Analytics uses this ID to recognize returning users and merge data from previous visits. |
| _ga_2F9GF51H9W | 400 days | 1st-Party Cookie | Collects data on how often a user has visited a website, as well as data for the first and last visit. |
| _gat_gtag_UA_1405367_8 | 1 minute | 1st-Party Cookie | Ensures that data is transmitted to Google Analytics only once per minute. While it is set, certain data transmissions are prevented. |
| _gid | 24 hours | 1st-Party Cookie | This cookie assigns an ID to a user so that the web tracker can group user actions under this ID. |
Interface Software
Business processes can be automated via software interfaces to improve efficiency and securely transfer personal data between applications. Processing only occurs with consent (Art. 6 para. 1 lit. a GDPR).
Google Tag Manager
We use Google Tag Manager. Provider: Google Ireland Limited.
Data may be transferred to the USA. The provider is certified under the EU-U.S. Data Privacy Framework.
More information:
https://business.safety.google/privacy
Contact Form
Our website provides a contact form. Legal basis: Art. 6 para. 1 lit. b GDPR or legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Data is deleted after final processing of the inquiry.
Contact by Phone or Email
Data transmitted via phone or email is stored to process inquiries. Legal basis: Art. 6 para. 1 lit. b GDPR or Art. 6 para. 1 lit. f GDPR.
Applicant Pool
If no employment relationship results, applicants may be included in an applicant pool with consent (Art. 6 para. 1 lit. a GDPR). Data is deleted after withdrawal of consent or after two years at the latest.
Handling Applicant Data
Applicants may submit applications via post, online form or email. Processing is based on Art. 6 para. 1 lit. b GDPR, Art. 6 para. 1 lit. a GDPR and § 26 BDSG.
If employment results, data is stored for employment processing. If not, data may be stored to defend against legal claims. Applicant pool storage requires consent and is deleted after two years.
Last updated: 02/04/2026