Privacy Policy

We are pleased that you’re are visiting our website and thank you for your interest in it. The protection of our users’ personal data is a matter of great importance to us. We therefore ask you to please take note of the information provided below.

In the provisions below we advise you of the processing of your personal data in connection with the visit and with your use of the services offered on our website.

This privacy policy can be stored and printed.

 

  1. Controller/Data Protection Officer
    • Controller

The controller responsible for the data collection, processing and use is the operator of the website www.anytimefitness.de:

Eighty8 Health & Fitness GmbH

Carl-Miele-Straße 207

33335 Gütersloh

E-Mail: info@anytimefitness.de

 

  • Data Protection Officer

The contact data of the Data Protection Officer are as follows:

The Data Protection Officer

Eighty8 Health & Fitness GmbH

Carl-Miele-Straße 207

33335 Gütersloh

 

privacy@anytimefitness.de

 

  1. Basic Principles

We collect and process your personal data in compliance with the relevant legal provisions, in particular the General Data Protection Regulation (hereinafter: “GDPR”) and the German Federal Data Protection Act (hereinafter: “BDSG”) and in accordance with the provisions below.

 

  1. Definitions
  • Personal data

Personal data means any information relating to an identified or identifiable natural person. This includes, for example, name, address, telephone number, e-mail address, IP address, user name, password, and information on the websites which are being viewed by a visitor.

  • Data subject

The data subject is any identified or identifiable natural person whose personal data are processed by the controller responsible for the processing or by the controller’s processor.

  • Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. This includes collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  • Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting the processing thereof in the future.

  • Controller

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

  • Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

  • Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

  • Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

  • Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

  1. Collection, processing and use of your personal data during your visit to our website
  • Log files

Every time our website is accessed, specific usage data are transmitted by the respective Internet browser and stored in log files, so-called server log files. This applies to the following data

  • Time and date when you accessed our
  • URL of the referring website
  • Called up file
  • Volume of data transmitted
  • Version and type of browser
  • Your operating system
  • Your IP address

These data are collected and processed for the purpose of enabling you to use our website (setting up the connection), guaranteeing system security, technical administration of the network infrastructure, providing information to law enforcement authorities in the event of a cyber-attack or misuse and for optimizing our Internet presence.

These data remain stored for days. Afterwards, these data will be erased – subject to any statutory or official retention obligations.

The legal basis for the collection, storage and use of these data is our legitimate interest in providing you with the information on our website without any impairment and in guaranteeing the necessary security (Art. 6 para. 1 sentence 1 lit. f GDPR). More information on the balancing test is available upon request.

 

  • General contact

If you contact us by e-mail, by post, by telephone or by the online form provided by us, in order to obtain general information, we collect, store and process, depending on the chosen transmission way, your e-mail address, your first name, last name, your address, and the content of your communication. If you deliberately provide more data than necessary for the chosen transmission way, we store and process also these data.

Please note that in order to answer your communications we do not need to have these additional data you provide us with on a voluntary basis and please consider carefully whether you wish to disclose these data to us.

These data will be erased once the communications with you have been concluded – subject to any statutory or official retention obligations or if processing the data is lawful based on a different legal ground. Generally this is performed at the latest after we have had no further communications with you for a period of one year.

The legal basis for processing your personal data is our legitimate interest in being able to communicate with you to respond to your communications (Art. 6 para. 1 sentence 1 lit. f GDPR). More information on the balancing test is available upon request.

 

  • Membership Inquiry

If you send us a request regarding a future membership by using the form offered by us, we will collect, store and process your first and last name, your e-mail address, your telephone number and your address (country, state, place of residence, postal code, street and house number).

We process this data for the purpose of sending you the requested information about membership in our club and answering your questions.

You are also welcome to send us further messages or questions on a voluntary basis.

Please note that this additional data, which you provide voluntarily, is not required for us to reply to your messages and you should carefully check whether you want to provide us with this data.

Upon termination of our communication with you, these data will be routinely deleted, subject to legal or regulatory retention requirements or the lawfulness of processing the data on any other legal basis. Generally this will be done, at the latest, after we have not communicated with you for a year or after you have informed us that you will not pursue the offer. If you become a member of our fitness club, your data will then be further processed as a member. You will then receive separate privacy notices.

If you wish us and our US based franchisor Anytime Fitness, LLC, 111 Weir Dr., Woodbury, MN 55125, USA to provide you with further information about the group of companies of our franchisor and of our company as master franchisee, our offers and services, and any topics of interest to you – including of a promotional nature – after this period has expired, you can give us your consent.

Anytime Fitness, LLC has been certified by the US Department of Commerce to meet both the requirements of the so-called Privacy Shield EU-US and Switzerland-USA. These are agreements between the United States and the European Union or Switzerland, which ensure that the level of data protection required by the European Union is also respected by relevant United States-based certified companies. You can find further explanations here: https://www.privacyshield.gov/. A list of certified companies can be found here: www.privacyshield.gov/list. However, please note that even if US companies have complied with the EU-US Privacy Shield and have undertaken to comply with the data protection rules set out in the Agreement, the transmission of data beyond Europe, especially to the USA, can nevertheless be associated with data protection risks because of state access.

By giving us your consent, you agree that we and our US-based franchisor Anytime Fitness, LLC will contact you by phone, e-mail, text message, or any other means, including for promotional purposes. This consent is obtained separately, i.e. outside of this privacy notice.

Your declaration of consent can be recalled at any time with effect for the future. Please send us an e-mail for this purpose to privacy@anytimefitness.de There are no costs other than the transmission costs according to the basic rates.

Legal basis for the processing of your personal data by us as well as our franchisor is our legitimate interest in being able to communicate with you in order to answer your inquiry and to be able to answer your questions (Art. 6 para. 1 sentence 1 lit. f GDPR). More information on the balancing test is available upon request. In addition, the data is required to carry out pre-contractual measures with a view to a potential conclusion of the contract. The legal basis in this respect is Art. 6 para. 1 sentence 1 lit. b GDPR. Insofar as you have given us your consent, the legal basis for our data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

 

  • Feedback

If you would like to provide us with feedback and, from your point of view, important information about a fitness club you have visited, we will collect and process the following data that you enter in the form we provide online: the region of the fitness club you want to rate, as well as the specific fitness club, your first name, last name, e-mail address, phone number, category of feedback, and specific message. If you wish, you can also send us a photo to illustrate your feedback.

These data are reviewed and processed by us and our franchisor, Anytime Fit-ness, LLC, 111 Weir Dr., Woodbury, MN 55125, USA. Anytime Fitness, LLC has been certified by the US Department of Commerce to meet both the requirements of the so-called Privacy Shield EU-US and Switzerland-USA. These are agreements between the United States and the European Union or Switzerland, which ensure that the level of data protection required in the European Union is also met by the relevant certified companies based in the United States of America. You can find further explanations here: https://www.privacyshield.gov/. A list of certified companies can be found here: www.privacyshield.gov/list. However, please note that even if US companies have complied with the EU-US Privacy Shield and have undertaken to comply with the data protection rules set out in the agreement, the transfer of data beyond Europe, especially to the US, may nevertheless be associated with data protection risks due to state access.

The affected club, which has been rated by you, also obtains access to the information you have sent. Clubs located in a third country outside the European Union will not receive any information on your feedback.

However, you will have the option to click that the affected club receives your feedback only anonymously. In this case, only we and our franchisor, Anytime Fitness, LLC will be aware of and process your personal information.

We collect and process your data for the purpose of improving the services of our fitness club and any fitness club belonging to the Anytime Fitness® Group and to remedy any deficiencies.

The legal basis for the processing of your data is the exercise of our legitimate interest in improving our services and the performance of the group of companies belonging to the franchisor and the group of companies belonging to us as master franchisee (Art. 6 para. 1 sentence 1 lit. f GDPR). More information on the balancing test is available upon request.

 

  • Newsletter

On our website, under the section „Blog“, we present interesting information to you about our company and our group, our activities, products and campaigns as well as information about membership and other information about health and fitness. You have the opportunity to register for our free newsletter, in order to receive this information directly by e-mail.

In order to register, we require your e-mail address. For your registration, we use the so-called double opt-in process. After sending the registration form, you receive a confirmation e-mail to verify your e-mail address. The registration only comes into effect when you have clicked on the link in the confirmation e-mail. If you have registered for the newsletter, you have made the following declaration of consent:

 

I agree that Eighty8 Health & Fitness GmbH processes my e-mail address to send me  information and advertisements from

 

We use your e-mail address provided for the registration of the newsletter exclusively for sending the newsletter.

You can withdraw your consent with effect for the future and unsubscribe from receiving the newsletter at any time. For this purpose, you can use the unsubscribe link at the end of each e-mail or the unsubscribe function via our website. We also accept a deregistration from the newsletter by e-mail or telephone to the above mentioned contact date. Your e-mail address is then immediately deleted from our distribution system, unless there is another legal basis for processing your personal data. The deregistration does not carry other costs than the transmission costs with the basic rates.

The legal basis for the processing of your data for sending the newsletter is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

 

  • 7-Day Trial

If you sign up for our free 7-day trial, we will collect and process via our registration form available online your first name, last name, mobile phone number and e-mail address to communicate with you and provide you with a limited membership pass which gives you access to our fitness club.

We use this data for the purpose of enabling you to visit our fitness club for free for 7 days, to use all the services and to test whether you would like to become a member.

Please note that our franchisor, Anytime Fitness, LLC, 111 Weir Dr, Woodbury, MN 55125, USA, also has access to and processes your data to provide you with personalized service. Anytime Fitness, LLC has been certified by the US Department of Commerce to meet the requirements of both the EU-US Privacy Shield and Switzerland-USA. These are agreements between the United States and the European Union or Switzerland, which ensure that the level of data protection required by the European Union is also met by relevant United States-based certified companies. You can find further explanations here: https://www.privacyshield.gov/. A list of certified companies can be found here: www.privacyshield.gov/list. However, we point out that even if US corporations should have submitted to the EU-US Privacy Shield and they have undertaken to comply with the data protection rules set out in the agreement, the transfer of data outside of Europe, in particular in the USA can nevertheless be associated with data protection right risks due to state access possibilities.

You also agree that we and our franchisor, Anytime Fitness, LLC may contact you by phone, e-mail or text message or otherwise at the end of the 7-day trial to provide you with information about the group of companies of our franchisor and  This consent is obtained separately, i.e. outside of this privacy notice.

These declarations of consent may be withdrawn at any time with effect for the future by sending us an e-mail to privcay@anytimefitness.de.This involves no costs other than the transmission costs according to the basic rates.

The legal basis for the processing of your data is the contract concluded with you to make our services available to you free of charge (Art. 6 para. 1 sentence 1 lit. b GDPR) and the exercise of our legitimate interest, to present the fitness club free of charge in order to gain you as a member and also to enable our franchisor to offer you all the services of the group of companies (Art. 6 para. 1 sentence 1 lit. f GDPR). More information on the balancing test is available upon request. If you have given us your consent, the legal basis for the processing of your data is your consent (Art. 6 para. 1 sentence 1 lit.a of the GDPR).

 

  • Cookies and tracking-tools/
    • Cookies und Tracking Tools

We use so-called cookies. Cookies are alphanumeric identifiers (small text files), that are either briefly stored in your cache and are deleted when you close your browser (“Session Cookies”) or are stored in your storage medium for an extended period of time or indefinitely (“permanent cookies”). They can be subdivided into the following categories:

 

  • Essential Cookies

We use technically mandatory cookies to maintain the connection while visiting our website, to ensure the security of communication, to protect our systems against attacks and to enable our users to block cookies, social media or other services. Without these cookies, a website deployment is not possible orthe website cannot work safely without these cookies.

The various essential cookies are specified in our Cookies Information.

 

The legal basis for More information on the balancing test is available upon request.

 

4.7.1.2. Analytics Cookies (Tracking Cookies)

Analytics Cookies enable us to understand how visitors use our site by collecting and evaluating information. This helps us to continually improve our website and thus also increase the comfort of use for you.

We use analytics cookies only in connection with the analysis software Google Analytics (see Sec. 4.7.1.6.). Please not that we use Google Analytics only with IP anonymization (see Sec. 4.7.1.6.).

The various analytics cookies are specified in our Cookies Information.

 

The legal basis for processing your personal data in connection with the use of these cookies is your consent according to Art. 6 para. 1 sentence.1 lit. a GDPR.

 

4.7.1.3. Personalization, targeting, and marketing cookies

We use these cookies to analyze your user behavior on social networks and on websites, which allows us to provide you with promotional offers tailored to your personal interests. These offers are not only appealing to you, but are also more valuable to us and to third-party advertisers.

The various personalization, targeting, and marketing cookies are specified in our Cookies Information.

 

The legal basis for processing your personal data in connection with the use of these cookies is your consent according to Art. 6 para. 1 sentence.1 lit. a GDPR.

 

4.7.1.4 Social Media

We embed videos stored on platforms in our website to make our offer more interesting and informative for you. Since in these cases data about your use of our website is transmitted to the platform operators, we need your consent. Here you can give us your consent. If you reject the access to these platforms, we will set cookies to block access to the videos.

The social media accessible on our website are specified in our Cookies Information.

 

The legal basis for processing your personal data by allowing access to the video platforms, in particular for the processing of your personal data by the operators of these platforms is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

 

4.7.1.5. Deactivation of cookies settings

With your browser settings, you can reject cookies, delete them from your computer, block them or enable the feature that you will always be asked to set a cookie. Accepting cookies is not required to visit our website. However, we point out that the use of the offer on our website, in particular the comfort of use may be limited if you have disabled cookies.

Here’s an example of how to disable cookies:

Example in the browser Internet Explorer:

  1. Open Internet Explorer.
  2. In the “Tools” menu, select “Internet Options”.
  3. Click on the “Privacy” tab.
  4. Now you can set whether cookies should be accepted, selected or rejected.
  5. With “OK” you confirm your setting.

 

Example in the browser Firefox:

  1. Open the Firefox browser.
  2. In the “Extras” menu, select “Settings”.
  3. Click on the “Privacy” tab.
  4. In the drop-down menu, select “Create custom settings”.
  5. Now you can set whether or not to accept cookies, how long you want to keep these cookies, and add as exceptions which websites you always or never want to use cookies.
  6. With “OK” you confirm your setting.

 

Example in the browser Safari:

  1. Open the Safari browser.
  2. In the function bar, select “Settings” (pictogram: gray gear in the upper right corner) and click on “Privacy”.
  3. Under “Accept cookies” you can specify if and when Safari should accept cookies from websites. For more information, click Help (?).
  4. If you would like to receive more information about cookies stored on your computer, then click on “show cookies”.

 

Example in the browser Google Chrome:

  1. Open Google Chrome.
  2. Click on “Settings”.
  3. Click on “Show advanced settings”.
  4. In the “Privacy” section, select the “Content Settings” button.
  5. Under “Cookies”, you can control how cookies are used when you surf with Chrome.

 

Others Browser:

Information on cookie settings when using other browsers can be found via the “Help” button in the respective browser.

 

Please note that the complete rejection or deletion of cookies may even lead to the deletion of cookies used to block access to social networks, video platforms or other services. If you wish to block access to these services, please activate these cookies in the Cookies Information again.

 

4.7.1.6. Change of cookies settings

 

You can change your cookies settings at any time by visiting our Cookies Information and making a new selection.

 

4.7.2.

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereafter referred to as “Google”). Google Analytics is only used in conjunction with activated anonymous IP (IP masking). This means: The IP address of a user within the member states of the European Union and the contracting states of the Agreement on the European Economic Area will be shortened by Google. Only in exceptional cases, especially in the event of a technical defect in the European Union, will the IP address be sent to a US server and shortened there. Google uses this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website and internet usage. These services include, in particular, features for making advertisements visible, as well as Google Analytics reports, which contain information about the performance regarding the demographic aspects and interests of the website operator. Google will provide this information if necessary. If required by law or if third parties process data on behalf of Google. However, these are not personal data. The IP address provided in the browser will not be merged with other data provided by Google.

Google Analytics uses so-called cookies (see Sec. 4.7.1.1 to 4.7.1.4.). You can prevent the storage of cookies by a corresponding setting of your browser software (see Sec. 4.7.1.5.).

In addition, you may prevent Google’s data collection and processing by:

 

To prevent Google’s data processing, please make the appropriate selections within our Cookies Information. Please remove the check mark next to the “Statistics Cookies” and “Marketing Cookies” before using our www.anytimefitness.de. An opt-out cookie will be installed on your device. This will prevent the collection by Google Analytics for this website and for this browser in the future.

For detailed information about Google’s Terms of Use and Privacy Policy using the Google Analytics Tracking Tool, see https://support.google.com/analytics/answer/6004245?hl=de&ref_topic=2919631 and https://policies.google.com/privacy?hl=de&gl=de.

Please note that Google LLC complies with both the EU-US Privacy Shield and Switzerland-US Privacy Shield requirements. These are agreements between the United States and the European Union or Switzerland, which ensure that the level of data protection required by the European Union is also respected by the relevant United States-based certified companies. Further explanations can be found here: https://www.privacyshield.gov/. You can see a list of certified companies here:www.privacyshield.gov/list. However, it should be noted that even if US corporations were to submit to the EU-US Privacy Shield and they have undertaken to comply with the data protection rules set out in the Agreement, the transfer of data outside Europe, in particular in the US because of state access, but may be associated with data protection risks. The exceptional transfer of your data to Google is only with your consent.

 

  • Integration of Videos (YouTube/Vimeo)
    • YouTube

We include videos from the platform “You Tube” of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For information about data use by Google when viewing videos, see the Google Privacy Policy: https://www.google.com/policies/privacy/ and the Terms of Use of YouTube: https://www.YouTube.com/static?gl=DE&template=terms&hl=de.

When viewing a YouTube video, cookies are typically used to transfer personal information to YouTube and the Google DoubleClick tracking service to analyze user behavior. In this case, cookies are set at every website call and make it possible for Google in principle to gather all the pages you have visited as a user in order to create a profile. It is therefore also possible that these data stored in the respective network are assigned to a person.

In the Cookie-Banner, you can already select whether you agree with the setting of the cookies from YouTube. You are free to not allow the setting of YouTube cookies. Please note that in this case, YouTube content cannot be displayed on our website.

To prevent a transfer of data to Google without activating the video, you can block the placement of YouTube cookies in the cookie banner displayed when the website is accessed. This causes no data to be forwarded to Google, but no video can be displayed to you. You can still watch the video if you accept the data transfer to YouTube by clicking on the link on the locked video interface.

It is possible that through the YouTube videos a transfer of your data to servers in third countries, e.g. to the US could occur. The responsibility for the operation compliant with data protection is to be guaranteed by their respective providers. Please note that Google LLC complies with both the EU-US Privacy Shield and Switzerland-US Privacy Shield requirements. These are agreements between the United States and the European Union or Switzerland, which ensure that the level of data protection required by the European Union is also respected by the relevant United States-based certified companies. Further explanations can be found here: https://www.privacyshield.gov/. You can see a list of certified companies here: www.privacyshield.gov/list.

However, we note the following facts: Even if companies in the US should comply with the EU-US Privacy Shield (see List of Companies at www.privacyshield.gov/list) or the EU Standard Contractual Clauses in order to comply with the data protection rules set out in the contract, the transfer of data outside Europe, in particular to the USA, nevertheless involves data protection risks.

By means of our software solution, a transfer of the data to Google takes place only if you allow only the YouTube or all social media cookies. Google cannot collect data from you before. This way, you can use our offer without making your data available to Google.

The legal basis for processing your personal data in connection with the integration of YouTube videos is your consent according to Art. 6 Abs. 1 S.1 lit. a GDPR.

 

  • Vimeo

We include videos from the platform Vimeo of Vimeo Inc., 555 West 18th Street New York, New York 10011, USA. For information on using the data by Vimeo when viewing videos, see the Privacy Policy: https://vimeo.com/privacy and the Vimeo Cookie Policy https://vimeo.com/cookie_policy.

When viewing a video, cookies are usually used to transfer personal data to Vimeo. In this case, cookies are set with every website call and make it possible for Vimeo in principle to gather all the pages you have visited as a user in order to create a profile. It is therefore also possible that these data stored in the respective network are assigned to a person.

Already in the cookie banner, you can select whether you agree with the setting of cookies by Vimeo. You are free to refuse the use of Vimeo cookies. Please note that in this case, Vimeo content cannot be displayed on our website.

In order to prevent data transfer to Vimeo without you activating the video, you can block the setting of Vimeo cookies in the Cookie Banner that is displayed when the website is accessed. This causes no data to be forwarded to Vimeo, but no video can be displayed to you. You can still watch the video if you accept the data transfer to Vimeo by clicking on the link on the locked video interface.

The Vimeo videos transfer your data to servers in the United States. The responsibility for the operation compliant with data protection is to be guaranteed by their respective providers. Please note that Vimeo meets both the requirements of the so-called EU-US Privacy Shield and Switzerland-USA. These are agreements between the United States and the European Union or Switzerland to ensure that the level of data protection required by the European Union is also respected by relevant United States-based certified companies. You can find further explanations here: https://www.privacyshield.gov/. A list of certified companies can be found here: www.privacyshield.gov/list. However, it should be noted that even if US corporations were to submit to the EU-US Privacy Shield and they have undertaken to comply with the data protection rules set out in the Agreement, the transfer of data outside Europe, in particular in the US because of state access, but may be associated with data protection risks. The transfer of your data to Vimeo is only with your consent.

By means of our software solution, a transfer of the data to Vimeo takes place only if you allow only the Vimeo or all social media cookies. Vimeo cannot collect data from you before. In this way you can use our offer without providing your data to Vimeo.

The legal basis for processing your personal data in connection with the integration of Vimeo videos is your consent according to Art. 6 para. 1 sentence.1 lit. a GDPR.

 

  • Job Applications

If you send us your application by post, e-mail or fax, we will collect, store and process your contact data that you have provided to us specifically, e.g. your first name, last name, address, telephone number, fax number and e-mail address to use to communicate with you during the application process. Your complete application documents as well as other documents provided by you in the course of the application process and our records will also be stored confidentially and protected against access. Paper documents are stored with access control. We process your application documents in order to be able to assess your professional suitability, qualification and capability for the position you have applied for and to have the basis for our selection decision.

If your application documents contain special categories of personal data, such as information on your health, your religious conviction or your ethnic origin, we base their treatment on our legal obligations as an employer and the associated protection of your fundamental rights and thus also on Art. 9 para. 2 lit. b GDPR. In addition, we also process your information on the basis of Art. 9 para. 2 lit. h GDPR to assess the workability of potential workers and, where appropriate, to take occupational health or health care measures.

Upon successful completion of the application process, we will use and process your documents and data within the employment relationship. For this you will receive separate information. Otherwise, the application process ends with the sending of a cancellation addressed to you.

No later than four months after sending our cancellation, your data will be deleted and the paper copies will be properly destroyed and disposed of or returned to you, unless longer storage is required to defend against legal claims or to fulfill a legal obligation. Of course, we will do the same if you inform us that you want to refrain from your application.

If, after refusing your application, you wish us to include you in a subsequent selection process, we will store your application documents if you have given us a written consent. If necessary, we will collect this from you separately. The legal basis for this continuing storage and processing of your personal data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. This information is routinely deleted after two years, or in the case of the revocation of your consent at any time, if longer storage is not required to defend against legal claims or to fulfill a legal obligation.

Legal basis of the collection and processing of your data in the context of the application process are basically their necessity for the decision on the establishment of an employment relationship (Art. 6 para. 1lit. b GDPR, § 26 para. 1 sentence 1 BDSG) and our legitimate interest in the use for the purpose of the orderly procedure of the application process (Art. 6 para. 1 sentence 1 GDPR). More information on the balancing test is available upon request. In the case of special categories of personal data, legal bases are Art. 9 para. 2 lit. b and h GDPR (see above).

 

  • Requests of potential franchisees

If you are interested in opening your own gym and joining our franchise system, you can send us a request on the online-form provided by us. In this case, we collect and process your first name, last name, your e-mail address and your telephone number, your place of residence and the preferred country, where you would like to engage, in order to contact you and to get in touch with you and to be able to answer your inquiry in detail. You are also welcome to send us further messages or questions on a voluntary basis.

Please note that these additional data provided voluntarily are not required for us to respond to your messages and you should check carefully if you want to provide us with this information.

Upon termination of communication with you, such data will be routinely deleted, subject to any statutory or regulatory retention requirements or the lawfulness of processing the data on any other legal basis. This generally happens at the latest after we have not communicated with you for a year or you have informed us that you will not pursue the offer. If you become a member of our franchise system, your data will be further processed as a franchisee. You will then receive separate privacy notices.

To provide you with an interesting offer as a potential franchisee the Anytime Fitness® franchise system, we also transfer your information to our US based franchisor, Anytime Fitness, LLC, 111 Weir Dr., Woodbury, MN 55125, USA. The franchisor will analyse the situation in the market and will work with us to check if and in which form an offer can be made to you, and which are the most favorable conditions that can be offered to you.

Anytime Fitness, LLC has been certified by the US Department of Commerce to meet both the requirements of the EU-US Privacy Shield and Switzerland-USA. These are agreements between the United States and the European Union or Switzerland to ensure that the level of data protection required by the European Union are also respected by relevant United States-based certified companies. You can find further explanations here: https://www.privacyshield.gov/. A list of certified companies can be found here: www.privacyshield.gov/list. However, it should be noted that even if US corporations were to submit to the EU-US Privacy Shield and they have undertaken to comply with the data protection rules set out in the Agreement, the transfer of data outside Europe, in particular in the US because of state access, but may be associated with data protection risks.

The legal basis for the processing of your personal data both by us and our franchisor is our legitimate interest in communicating with you in order to answer your inquiry and to answer your questions (Art. 6 para. 1 sentence 1 lit. f GDPR). More information on the balancing test is available upon request. In addition, the data is required to carry out pre-contractual measures with a view to a potential conclusion of a contract. The legal basis in this respect is Art. 6 para. 1 sentence 1 lit. b GDPR.

 

  • Children and adolescents

Our websites are not designed for children and adolescents under the age of 16. We therefore do not knowingly and willingly collect any personal data from children and adolescents. If you are under the age of 16, please do not enter any information through this website. If we become aware that we have received personal data from children and adolescents under the age of 16, we will delete them without delay, subject to any retention obligations.

 

  • Membership and subscription

When you purchase membership from us, you have a closed log-in section on the website of our franchisor at www.anytimefitness.com. It is subject to the data privacy policy of our franchisor which is accessible on the website (see 4.13.).

 

  • Anytime Fitness® App and Third Party Offer / Country-specific Websites of Anytime Fitness Group and Franchise System

We offer you the opportunity to use the Anytime Fitness® app provided by Anytime Fitness, LLC, 111 Weir Dr., Woodbury, MN 55125, USA. Responsible provider for this app is Anytime Fitness, LLC, USA. The access to this app and the use of this app is subject to a separate privacy policy of Anytime Fitness, LLC, which is solely responsible for collecting and processing your data in connection with the use of the app. You can also purchase additional third-party products and services. The contracts are concluded in these cases directly with the third party providers. In that regard, only the third parties are responsible for data protection law.

Please also note that the provider of the www.anytimefitness.com website is the franchisor Anytime Fitness, LLC, 111 Weir Dr., Woodbury, MN 55125, USA. The providers of the individual country-specific websites, such as www.anytimefitness.de, are the respective Master Franchisees in the individual countries. These are the respective data controllers  and each are responsible for the data processing in connection with the use of these websites. The privacy policies displayed on the relevant websites apply.

We are not responsible for the collection and processing of your personal data in the event of the use of the Anytime Fitness® app or in the case of the use of a third-party offer nor for the websites www.anytimefitness.com or the other country-specific websites under data protection law.

 

  1. Order processing / transfer of data
  • Order processing

Without prejudice to other provisions, we reserve the right to transfer or disclose your data to third parties (processors) commissioned by us on the basis of the aforementioned legal basis (eg in the context of IT support, hosting, destruction of files, newsletter dispatch, etc.). There are always agreements on order processing with the contracted service providers. These ensure that the data passed on according to our data are used by our agents only for the fulfillment of the tasks specified by us and in compliance with the necessary technical and organizational measures for data security and data protection.

 

  • Transmission of data to third parties

Incidentally, your personal data will not be transmitted to third parties for purposes other than those listed below. We only share your personal information with third parties if:

–     You have given express consent according to Art. 6 para. 1 lit. a GDPR;

–     the transfer according to Art. 6 para. 1 lit. f GDPR is necessary because of a legitimate interest and there is no reason to believe that your interests outweigh fundamental rights or freedoms for the protection of your personal data (Art. 6 para. 1 sentence 1 lit. f GDPR);

–     disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR is legally required;

–     the transmission pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR is required for the execution of contractual relationships with you,

–     the transmission is required for the protection of vital interests pursuant to Art. 6 para. 1 sentence 1 lit. d GDPR or

–     the transmission is required to perform a task in the public interest in accordance with Art. 6 para. 1 sentence 1 lit. e GDPR.

  1. Data security

6.1.  We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks. In particular, we take all reasonable technical and organizational security measures to protect your personal data transmitted, stored or otherwise processed against destruction, manipulation, partial or complete loss, alteration, unauthorized disclosure or against unauthorized access by third parties – whether it be accidental or unlawful.

6.2.  Our security measures are continuously improved and developed in line with technological developments.

 

  1. Deletion of data /Limitation of data processing

Generally, your data will be deleted if your consent has been removed or if it is no longer necessary for the purpose of data processing and no other legal basis exists and no legitimate interest in further storage and processing exists. However, if these data still need to be stored because of existing legal, regulatory or contractual obligations (for example, warranty, financial accounting), data processing is restricted by marking and blocking this data. In the event of a change in the purpose of the data processing compared to the original purpose, we will inform you in accordance with data protection and comply with the data protection regulations.

 

  1. Rights of the data subject

As the person affected by the data processing (data subject) you have the following rights:

  • Right of access (Art. 15 GDPR)

You have the right to obtain from us information on the personal data stored on you. This encompasses, in particular, information on the purposes of the processing, the categories of the processed personal data, the categories of recipients to whom your personal data have been or will be disclosed, the storage period, the existence of a right to rectification, or erasure or restriction of processing or to object to such processing, the existence of the right to lodge a complaint, where the data are not collected from you, information as to their source, and on the existence of automated decision-making, including profiling and, if applicable, meaningful information on the details thereof. Further, you have the right to receive a copy of your personal data undergoing processing by us.

  • Right to rectification (Art. 16 GDPR)

You have the right to obtain from us without undue delay the rectification of inaccurate personal data and the right to have incomplete personal data completed.

  • Right to erasure “Right to be forgotten” (Art. 17 GDPR)

You have the right to obtain from us the erasure of your personal data subject to the statutory requirements. If the erasure is opposed by statutory or official retention obligations or to the extent that the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims, the processing of the data shall be restricted (see below).

  • Right to restriction of processing (Art. 18 GDPR)

You have the right to obtain from us, subject to the statutory requirements, the restriction of the processing of your personal data, i.e. by marking the personal data and restricting the future processing thereof (blocking).

  • Right to data portability (Art. 20 GDPR)

You have the right to require of us, subject to the statutory requirements, that the personal data you provided be transmitted in a structured, commonly used and machine-readable format to you or to a controller named by you.

  • Right to object to direct marketing (Art. 21 GDPR)

You have the right to object at any time to the processing of your personal data for advertising purposes (“objection to advertising”).

  • Right to object to data processing in the event of the legal ground of “legitimate interest” (Art. 21 GDPR)

You have the right to object at any time to the processing of your data by us if this is based on the legal ground of “legitimate interest”. We will then discontinue processing the data unless we can demonstrate – in accordance with the statutory requirements – compelling legitimate grounds for the continued processing which override your interests.

  • Right to withdraw consent (Art. 7 (3) GDPR)

If you have given us your consent to the collection and processing of your da-ta, you have the right to withdraw this consent at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of the processing of your data based on consent before its withdrawal.

  • Right to lodge a complaint with the supervisory authority (Art. 77 GDPR)

You have the right to lodge a complaint with the competent supervisory authority if you consider that the processing of your personal data infringes applicable law. In this respect you have the possibility of lodging a complaint with the data protection authority responsible at your habitual residence or in your country, or with the data protection authority with responsibility for us.

 

  1. Supervisory Authority Responsible

The supervisory authority responsible for us is

Landesbeauftragte für Datenschutz und

Informationsfreiheit Nordrhein-Westfalen

Kavalleriestr. 2-4

40213 Düsseldorf

Telefon: 0211/38424-0

Fax: 0211/38424-10

E-Mail: poststelle@ldi.nrw.de

 

  1. Current Privacy Policy, Changes

This policy is currently valid and has the status [date].

 

Due to the further development of our website and offers or due to changed legal or regulatory requirements, it may be necessary to change this privacy policy.

 

The current privacy policy may be accessed, printed and stored at any time on the website at www.anytimefitness.de.

 

Date: …

Partly AF, LLC as franchisor as well as Eighty8 Health & Fitness GmbH as master franchisee are both processing users’ or members‘ data. For example, this applies to data which are being processed in connection with feedbacks, 7-days trials, membership enquiries and requests of potential franchisees. As already explained before, we assume that in all these cases data is processed by joint controllers (joint controllership according to Art. 26 GDPR). The current case-law of the European Court of Justice (siehe ECJ, judgment of 5th July 2018, Wirtschaftsakademie Schleswig-Holstein GmbH vs. Facebook Ireland Ltd., C-210/16, EU:C:2018:388; ECJ, judgment of 10th July 2018, Tietosuojavaltuutettu vs. Jehovan todistajat, C-25/17, EU:C:2018:551 as well as ECJ, judgment of 29th July 2019, Verbraucherzentrale NRW e.V. vs. Facebook Ireland Ltd., C-40/17, EU:C:2019:629) as well as the European and German data protection authorities (Art. 29 Data Protection Working Party, WP 169 v. 16.02.2010 and Short Paper of the Conference of German State and Federal data protection authorities (DSK) Nr. 16 v. 19.03.2018) are requiring an agreement between the joint controllers duly reflecting the respective roles and relationships of the joint controllers vis-à-vis the data subjects.  Furthermore the joint controllers have to take care for detailed information of the data subjects about the different responsibilities of each data controller and their exercising of the rights of the data subject. If necessary, we will have to make modifications to this privacy note with regard to joint controllership. Please give us your ideas and drafts of agreements pursuant to Art. 26 GDPR.