Privacy
Last updated: 31 October 2024
Information on the Handling of Personal Data
We are very pleased about your interest in our website—and thus in our company. The protection of your personal rights and freedoms is very important to us; we only use your data for the intended purposes. Since we want you to always know how we collect, use, and possibly transfer your data to third parties, we provide you with comprehensive information below regarding the processing of your personal data collected or stored by us.
The visit to our website is generally possible without the provision of (personal) data; if there are any exceptions for selected services, we will explain them in the following sections. We strictly adhere to the provisions of the EU General Data Protection Regulation (GDPR) and any other data protection-related regulations when processing personal data.
Name and Address of the Data Controller
ATHLETIQO GmbH
Alexander Scheck
Aachener Straße 26
40221 Düsseldorf
Germany
Phone: +49 211-97532656
E-Mail: info@relounge.club
Website: https://relounge.club/de/
Name and Address of the Data Protection Officer
Mr. Markus Weber
dokuworks GmbH
Birlenbacher Str. 20
57078 Siegen
Germany
Phone: +49 211-97532656
Data Protection Team for General Data Protection Inquiries:
Team E-Mail: datenschutz@doku.works
Website: https://doku.works/
Currency of the Privacy Policy
To ensure that the privacy information related to the services of our website is always current, we use the CLOUD DSE service of Cookiebox GmbH from Münster.
Rights of the Data Subject
The EU General Data Protection Regulation (GDPR) provides extensive rights for data subjects in Chapter III, which we will explain to you below in relation to the processing of your personal data:
Right of Access
This provision particularly concerns information on the following details of data processing:
- Purposes of processing
- Categories of data
- Recipients or categories of recipients, if applicable
- The planned storage duration or the criteria for determining this duration
- Notice of the right to rectification, deletion, restriction, or objection
- Existence of a right to lodge a complaint with a supervisory authority
- Source of the data (if not collected from you)
- Existence of automated decision-making, including profiling, with meaningful information about the logic involved, the scope, and the intended effects
- (Planned) transfer to a third country or international organization
Right to Rectification
If you inform us of any incorrect data, we will promptly rectify the data.
Right to Deletion (Right to be Forgotten)
If processing is no longer necessary and one of the following conditions is met:
- Elimination of the processing purpose
- Withdrawal of your consent and absence of any other legal basis for processing
- Objection to the processing without any overriding legitimate grounds
- Unlawful processing
- Necessary to fulfill a legal obligation
- Data collection was conducted in accordance with Art. 8 Abs. 1 GDPR
Right to Restrict Processing
If one of the following conditions is met:
- You dispute the accuracy of your data (restriction may occur during the verification period on our side)
- In the case of unlawful processing, and if the data should not be deleted, processing will be restricted instead of deletion
- If the processing purpose has ceased, but you require your data for the establishment, exercise, or defense of legal claims
- After you have lodged an objection pursuant to Art. 21 Abs. 1 GDPR and for the duration of the examination of whether our legitimate interests override yours.
Right to Data Portability
If technically feasible and does not affect the rights and freedoms of others, we will, upon your request, transfer your data to another recipient (controller).
Right to Object
If we collect personal data from you (based on Art. 6 Abs. 1 e or f or Art. 9 Abs. 2 a GDPR) and process it, you have the right to object to the data processing (including profiling) at any time (with effect for the future). In exceptional cases, the objection may be ineffective, for example, if we can demonstrate compelling legitimate grounds for processing that outweigh your interests or if the processing serves the establishment, exercise, or defense of legal claims. If we process your personal data for direct advertising, you have the right to object to this processing at any time. This also applies to profiling to the extent that it is related to such direct advertising. Furthermore, you have the right to object to the processing of your data concerning scientific or historical research purposes or statistical purposes in accordance with Art. 89 Abs. 1 GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
Automated Decisions in Individual Cases, Including Profiling
If we collect personal data from you and process it, you have the right not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects concerning you or significantly affects you in a similar way. Exceptions to this provision apply if the decision is necessary for the conclusion or performance of a contract between you and us or if you have explicitly consented to the processing. In any case, we take appropriate measures to protect your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention, to express your point of view, and to contest the decision.
Right to Withdraw Consent to Data Processing
You have the right to withdraw your consent to the processing of personal data at any time.
Right to Lodge a Complaint with a Supervisory Authority
You can find a list of the competent supervisory authorities in Germany on the website of the Federal Commissioner for Data Protection or at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.
General Information on Data Processing on the Website
The following information applies to data processing on our website in general. If there are exceptions or additions to this information, they will be described in the respective sections in detail.
Information on Data Security
We secure our website and other systems through technical and organizational measures against loss, destruction, access, alteration, or distribution of your data by unauthorized persons. In addition, we have implemented SSL encryption (SHA256) on our website to protect your data. Despite regular checks, complete protection against all dangers is not possible.
Legal Basis for Processing
We process personal data according to the provisions of the GDPR, depending on the type and purpose of processing as follows:
- Informed consent: Art. 6 Abs. 1 a
- Fulfillment of a contract: Art. 6 Abs. 1 b
- Carrying out pre-contractual measures: Art. 6 Abs. 1 b
- Fulfillment of legal obligations: Art. 6 Abs. 1 c
- Protection of vital interests: Art. 6 Abs. 1 d
- Safeguarding our legitimate interests: Art. 6 Abs. 1 f
Our Legitimate Interest
Our legitimate interest defined in Article 6 Abs. 1 f GDPR is based on conducting our business activities to maintain our operational capability and ensure the employment of our employees.
General Retention Periods for Data Deletion
After the purpose for storage has ceased, the retention periods are usually at least six or ten years. Data deletion generally occurs according to our deletion concept, usually immediately, unless there are retention obligations, necessity for contract fulfillment, or a legitimate interest to the contrary.
Deletion or Blocking of Personal Data
We store your personal data only for the period necessary to fulfill the specified purpose. After the purpose ceases and any existing retention periods expire, your data will be deleted immediately. If deletion is not possible, the data will be blocked instead.
Collection of General Data and Information
As soon as you visit our website, some general data and technical information is collected by our web server—as evident from the following list:
- Browser types and versions used: Correct display of page content
- Operating system used, visitor source (referrer, e.g., Google), clicked subpages: Optimization of our website content and our advertising
- Date and time of access to the website, as well as IP address and internet service provider of the visitor: Ensuring the permanent functionality of our IT systems (for the operation of the website) and preventing misuse
- Other data and information for threat prevention in the event of attacks: Providing relevant information to law enforcement authorities in the case of a cyberattack
Obligation to Provide Personal Data
Under certain conditions (e.g., due to legal or contractual regulations), you are obligated to provide us with your personal data. Examples of such processing include:
- Conclusion of a purchase contract (e.g., your address): Fulfillment of contractual obligations (e.g., delivery of goods to your address)
- In the employment context (e.g., transmitting data to the tax office): Fulfillment of legal requirements (e.g., tax regulations)
Information on Data Security
We secure our website and other systems through technical and organizational measures against loss, destruction, access, alteration, or distribution of your data by unauthorized persons. In addition, we have implemented SSL encryption (SHA256) on our website to protect your data. Despite regular checks, complete protection against all dangers is not possible.
Information on Specific Data Processing on the Website
If there are deviations from or additions to the above general information, you will find details on the individual data processing on our website below.
Newsletter
- Purpose of processing: Provision of information in the form of electronic newsletters
- Legal basis: Consent (Art. 6 Abs. 1 lit. a GDPR)
- Recipients (if forwarded): None
- Intention to transfer to a third country or international organization: No data transfer to a third country occurs
- or is planned.
- Duration of data storage: See General Retention Periods for Data Deletion
- Obligation to provide personal data / Necessity: There is no obligation to provide personal data. The sending of newsletters occurs exclusively after registration via a double opt-in procedure (voluntary and revocable informed consent in accordance with Article 6 Abs. 1 a GDPR) or after a purchase contract has been successfully concluded and the email address was collected in this process (according to § 7 Abs. 3 UWG).
- Consequences of violation (if the required data is not provided): A violation (i.e., the non-provision of the required data) would result in the newsletter not being delivered.
- Existence of automated decision-making: We do not use automated decision-making in this context.
- Source of the data (if not directly collected from the data subject): The data comes from the data subject themselves.
- Purpose change: None
Contact Form
- Purpose of processing: Processing and, if applicable, responding to the inquiry of the form sender
- Legal basis: Carrying out pre-contractual measures (Art. 6 Abs. 1 b GDPR)
- Recipients (if forwarded): No transfer to third parties and/or to a third country occurs.
- Intention to transfer to a third country or international organization: No data transfer to a third country occurs or is planned.
- Duration of data storage: See General Retention Periods for Data Deletion
- Obligation to provide personal data / Necessity: No obligation exists.
- Consequences of violation (if the required data is not provided): None
- Existence of automated decision-making: We do not use automated decision-making in this context.
- Source of the data (if not directly collected from the data subject): The data comes from the data subject themselves.
- Categories of personal data: Data and categories requested in the respective form.
- Purpose change: None
Borlabs
- Purpose of processing: Storing the cookie settings of users, compliance with legal obligations
- Legal basis: Fulfillment of legal obligations (Art. 6 Abs. 1 c GDPR)
- Recipients (if forwarded): Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany
- Intention to transfer to a third country or international organization: No data transfer to a third country occurs or is planned.
- Duration of data storage: See General Retention Periods for Data Deletion
- Obligation to provide personal data / Necessity: None
- Consequences of violation (if the required data is not provided): None
- Existence of automated decision-making: We do not use automated decision-making in this context.
- Source of the data (if not directly collected from the data subject): The data usually comes from the data subject, but may also come from third parties.
- Categories of personal data: Opt-in and opt-out data, IP address, time and type of consent
- Purpose change: None
Google Ads
- Purpose of processing: Placement of advertisements in relevant searches in the results of the Google search engine and in the network of Google Ads participants. Evaluation of success rates of displayed web ads (conversion tracking)
- Legal basis: Informed consent (Art. 6 Abs. 1 a GDPR)
- Recipients (if forwarded): Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
- Intention to transfer to a third country or international organization: Possible transfer, storage, and processing in the USA; Google LLC
- Duration of data storage: See General Retention Periods for Data Deletion
- Obligation to provide personal data / Necessity: None
- Consequences of violation (if the required data is not provided): None
- Existence of automated decision-making: We do not use automated decision-making in this context.
- Source of the data (if not directly collected from the data subject): The data usually comes from the data subject, but may also come from third parties.
- Categories of personal data: Which pages and functions are accessed or clicked during the website visit (click behavior), IP address assigned by the Internet Service Provider (ISP) in anonymized form, previously visited website (referrer), visited subpages, duration of stay on the website, frequency of visits, date, access location, time of visit, user agent
- Purpose change: None
Google Analytics
- Purpose of processing: Creation of usage profiles to optimize the cost-benefit factor on the website
- Legal basis: Informed consent (Art. 6 Abs. 1 a GDPR)
- Recipients (if forwarded): Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (https://policies.google.com/technologies/cookies?hl=en)
- Intention to transfer to a third country or international organization: United States of America
- Duration of data storage: See General Retention Periods for Data Deletion
- Obligation to provide personal data / Necessity: None
- Consequences of violation (if the required data is not provided): None
- Existence of automated decision-making: We do not use automated decision-making in this context.
- Source of the data (if not directly collected from the data subject): The data usually comes from the data subject.
- Categories of personal data: Which pages and functions are accessed or clicked during the website visit (click behavior), IP address assigned by the Internet Service Provider (ISP) in anonymized form, previously visited website (referrer), visited subpages, duration of stay on the website, frequency of visits, date, access location, time of visit, user agent
- Purpose change: None
Google Tag Manager
- Purpose of processing: Simplified management of analysis tools through central control and management of the collected analysis mechanisms
- Legal basis: Informed consent (Art. 6 Abs. 1 a GDPR)
- Recipients (if forwarded): Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
- Intention to transfer to a third country or international organization: Possible transfer, storage, and processing of personal data in the USA. Data transfer is based on the standard contractual clauses of the EU Commission. Google LLC has a certification under the EU-US Data Privacy Framework (DPF).
- Duration of data storage: See General Retention Periods for Data Deletion
- Obligation to provide personal data / Necessity: None
- Consequences of violation (if the required data is not provided): None
- Existence of automated decision-making: We do not use automated decision-making in this context.
- Source of the data (if not directly collected from the data subject): The data usually comes from the data subject.
- Categories of personal data: Which pages and functions are accessed or clicked during the website visit (click behavior), IP address assigned by the Internet Service Provider (ISP) in anonymized form, previously visited website (referrer), visited subpages, duration of stay on the website, frequency of visits, date, access location, time of visit
- Purpose change: None
Website Hosting
For the operation of this website, a hosting service provider is used, on whose European servers the contents of the website are stored. The hosting partner collects certain meta data (including IP addresses of website visitors) in log files to ensure system security and for verification purposes; see also under "Collection of General Data and Information."
The hosting service provider has been carefully selected; all necessary measures have also been taken to ensure data processing in accordance with data protection regulations (e.g., concluding a data processing agreement).
HubSpot
- Purpose of processing: Marketing, statistics, analysis, optimization
- Legal basis: Informed consent (Art. 6 Abs. 1 a GDPR)
- Recipients (if forwarded): HubSpot, Inc.; 25 First Street, 2nd Floor, Cambridge, MA 02141, United States of America
- Intention to transfer to a third country or international organization: Anticipated transfer, storage, and processing in the United States of America, HubSpot, Inc. The data transfer is based on the EU-U.S. Data Privacy Framework, of which HubSpot, Inc. is certified.
- Duration of data storage: See General Retention Periods for Data Deletion
- Obligation to provide personal data / Necessity: None
- Consequences of violation (if the required data is not provided): None
- Existence of automated decision-making: We do not use automated decision-making in this context.
- Source of the data (if not directly collected from the data subject): The data usually comes from the data subject, but may also come from third parties.
- Categories of personal data: Aggregated usage, browser type, device identification, device model, device operating system, domain name, viewed files, frequency of mobile application usage, geographical location, internet service provider, IP address, duration of page visit, information about the mobile application, operating system version, performance data, referrer URL, time of access or retrieval, where the application was downloaded from, clickstream data, events occurring within the application, navigation information, viewed pages
- Purpose change: None
HubSpot Forms
- Purpose of processing: Provision of online forms
- Legal basis: Informed consent (Art. 6 Abs. 1 a GDPR)
- Recipients (if forwarded): HubSpot, Inc.; 25 First Street, 2nd Floor, Cambridge, MA 02141, United States of America
- Intention to transfer to a third country or international organization: Anticipated transfer, storage, and processing in the United States of America, HubSpot, Inc. The data transfer is based on the EU-U.S. Data Privacy Framework, of which HubSpot, Inc. is certified.
- Duration of data storage: See General Retention Periods for Data Deletion
- Obligation to provide personal data
- / Necessity: None
- Consequences of violation (if the required data is not provided): None
- Existence of automated decision-making: We do not use automated decision-making in this context.
- Source of the data (if not directly collected from the data subject): The data usually comes from the data subject, but may also come from third parties.
- Categories of personal data: IP address, user agent, date and time of visit, data requested via the form
- Purpose change: None
Meta Pixel (formerly Facebook Pixel)
- Purpose of processing: Our website uses the visitor action pixel from Meta (formerly Facebook) for conversion measurement. The behavior of website visitors can be tracked after they are redirected to the provider's website by clicking on a Facebook ad. This allows us to evaluate the effectiveness of Facebook ads for statistical and market research purposes and to optimize future advertising measures.
- Legal basis: Consent (Art. 6 Abs. 1 lit. a GDPR and § 25 Abs. 1 TDDGG). If this tool collects personal data on our website and transmits it to Facebook, we are jointly responsible for this data processing with Meta Platforms Ireland Ltd. (Art. 26 GDPR). We expressly point out that this joint responsibility is limited to the collection of data and its transfer to Facebook. The further processing of personal data by Facebook is the responsibility of Facebook. The wording of the joint processing agreement can be found here: https://www.facebook.com/legal/controller_addendum.
- Recipients (if forwarded): Meta Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
- Intention to transfer to a third country or international organization: Possible transfer, storage, and processing of personal data in the USA. The data transfer is based on the standard contractual clauses of the EU Commission. Meta Platforms has a certification under the EU-US Data Privacy Framework (DPF).
- Duration of data storage: See General Retention Periods for Data Deletion
- Obligation to provide personal data / Necessity: None
- Consequences of violation (if the required data is not provided): None
- Existence of automated decision-making: We do not use automated decision-making in this context.
- Source of the data (if not directly collected from the data subject): The data usually comes from the data subject, but may also come from third parties.
- Categories of personal data: Viewed advertisements, browser information, accessed content, device information, geographical location, interactions with advertisements, services and products, IP address, marketing information, pixel ID, referrer URL, usage data, user behavior, Facebook user ID, device operating system, device ID, HTTP header, clicked items, accessed pages, Facebook cookie information, page/click behavior, user agent
- Purpose change: None
Microsoft Azure
- Purpose of processing: Functionality, optimization
- Legal basis: Informed consent (Art. 6 Abs. 1 a GDPR)
- Recipients (if forwarded): Microsoft Corporation, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Ireland (https://privacy.microsoft.com/de-de/privacystatement)
- Intention to transfer to a third country or international organization: United States of America, Microsoft Corporation. The data transfer is based on the EU-U.S. Data Privacy Framework, of which Microsoft Corporation is certified.
- Duration of data storage: See General Retention Periods for Data Deletion
- Obligation to provide personal data / Necessity: None
- Consequences of violation (if the required data is not provided): None
- Existence of automated decision-making: We do not use automated decision-making in this context.
- Source of the data (if not directly collected from the data subject): The data usually comes from the data subject, but may also come from third parties.
- Categories of personal data: IP address, date and time of visit, user agent, referrer URL
- Purpose change: None
Proven Expert
- Purpose of processing: Advertising, managing customer reviews, optimization
- Legal basis: Informed consent (Art. 6 Abs. 1 a GDPR)
- Recipients (if forwarded): Expert Systems AG, Quedlinburger Straße 1, 10589 Berlin, Germany (https://www.provenexpert.com/de-de/datenschutzbestimmungen/)
- Intention to transfer to a third country or international organization: No data transfer to a third country occurs or is planned.
- Duration of data storage: See General Retention Periods for Data Deletion
- Obligation to provide personal data / Necessity: None
- Consequences of violation (if the required data is not provided): Without the data, the described processing cannot take place.
- Existence of automated decision-making: We do not use automated decision-making in this context.
- Source of the data (if not directly collected from the data subject): The data usually comes from the data subject, but may also come from third parties.
- Categories of personal data: Email address, IP address, visited pages, referrer URL, customer review
- Purpose change: None
reCAPTCHA v3
- Purpose of processing: Analysis, bot protection
- Legal basis: Informed consent (Art. 6 Abs. 1 a GDPR)
- Recipients (if forwarded): Google LLC, Alphabet Inc., Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
- Intention to transfer to a third country or international organization: United States of America, Google LLC. The data transfer is based on the EU-U.S. Data Privacy Framework, of which Google LLC is certified.
- Duration of data storage: See General Retention Periods for Data Deletion
- Obligation to provide personal data / Necessity: None
- Consequences of violation (if the required data is not provided): None
- Existence of automated decision-making: We do not use automated decision-making in this context.
- Source of the data (if not directly collected from the data subject): The data usually comes from the data subject, but may also come from third parties.
- Categories of personal data: Screen resolution, date and time of visit, IP address, browser language, mouse movements, visitor behavior, responses and forms
- Purpose change: None
Stripe
- Purpose of processing: Payment
- Legal basis: Fulfillment of a contract (Art. 6 Abs. 1 b GDPR)
- Recipients (if forwarded): Stripe, Inc., 3180 18th Street, San Francisco, CA 94110, United States of America (https://stripe.com/de/privacy)
- Intention to transfer to a third country or international organization: United States of America, Stripe, Inc. The data transfer is based on the EU-U.S. Data Privacy Framework, of which Stripe, Inc. is certified.
- Duration of data storage: See General Retention Periods for Data Deletion
- Obligation to provide personal data / Necessity: Without the data, the product order or payment cannot be processed.
- Consequences of violation (if the required data is not provided): Without the data, the product order or payment cannot be processed.
- Existence of automated decision-making: We do not use automated decision-making in this context.
- Source of the data (if not directly collected from the data subject): The data usually comes from the data subject, but may also come from third parties.
- Categories of personal data: Purchase date, payment information, purchase activity, payment card information
- Purpose change: None
WordPress
- Purpose of processing: Hosting the website
- Legal basis: Safeguarding legitimate interests (Art. 6 Abs. 1 f GDPR)
- Recipients (if forwarded): Automattic Inc., 60 29th Street 343, San Francisco, CA 94110, United States of America (https://automattic.com/de/privacy/)
- Intention to transfer to a third country or international organization: United States of America
- Duration of data storage: See General Retention Periods for Data Deletion
- Obligation to provide personal data / Necessity: None
- Consequences of violation (if the required data is not provided): None
- Existence of automated decision-making: We do not use automated decision-making in this context.
- Source of the data (if not directly collected from the data subject): The data usually comes from the data subject, but may also come from third parties.
- Categories of personal data: IP address, log files, page visits, interaction data
- Purpose change: None
YouTube
- Purpose of processing: Displaying and providing videos
- Legal basis: Informed consent (Art. 6 Abs. 1 a GDPR)
- Recipients (if forwarded): Alphabet Inc., Google LLC, Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (https://business.safety.google/privacy/?hl=de)
- Intention to transfer to a third country or international organization: United States of America
- Duration of data storage: See General Retention Periods for Data Deletion
- Obligation to provide personal data / Necessity: None
- Consequences of violation (if the required data is not provided): None
- Existence of automated decision-making: We do not use automated decision-making in this context.
- Source of the data (if not directly collected from the data subject): The data usually comes from the data subject, but may also come from third parties.
- Categories of personal data: Device information, IP address, referrer URL, viewed videos
- Purpose change: None