Privacy policy
Table of Contents
In the following we inform you in accordance with Art. 13, 14 GDPR about which personal data are Use of the TomFit service processed by TomFit AG, Eichelackerweg 55, 8700 Küsnacht ZH and for what purposes this data is used. You will also find out about your rights in this regard.
Our services are constantly changing and are subject to technical adjustments and additions. So we pass periodically update the information in this privacy policy.
You are not obliged to enter into an agreement with us and to provide your personal data To make available. However, in order to be able to offer you our services completely and without restrictions, we are on it instructed to collect and process your personal data.
The terms used are based on formulations contained in the General Data Protection Regulation (“GDPR”) be used.
1. Your rights
You have the right to receive information about the personal data we have stored about you free of charge receive.
You also have the following rights:
- Right of access – the right to know what data has been collected and how it is being processed
- Right to rectification – the right to request that personal data be amended if it is not up-to-date or incorrect;
- Right to erasure – the right to request erasure of personal data;
- Right to restriction of processing – the right to limit the processing of personal data;
- Right to data portability – the right to receive personal data in a machine-readable format and/or transmit it to another controller;
- Right to object – the right to withdraw consent given or to object to the processing of personal data;
- Right to lodge a complaint with a higher authority – the right to lodge a complaint against us with a higher authority. To do this, you can contact the supervisory authority responsible for us specified below or the supervisory authority at your usual place of residence or work.
The authority responsible for us is:
Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
CH – 3003 Bern
If you would like to make use of your rights as a data subject, do not hesitate to contact us at the contact address given under Section 8.1 below.
2. When, why and how we collect your data and how we handle it
In order to be able to provide you with our service, we need to collect various personal data, process, store and sometimes even share (i.e. disclose to third parties). You can see which ones below of your data, for what purposes we need it, and under what circumstances we share your data with others.
Personal data is information from which we can directly or indirectly infer your person, such as first and last name, telephone number, date of birth or e-mail address.
In order to give you a good overview of the details, we use the table form. We think, that in this way we can provide you with the information in a transparent, understandable and easily accessible manner in a clear and can provide simple language. Since there are different types of data, we have them grouped into categories of data as we believe this makes the information easier to understand.
2.1 Personal data that we always process when you use our service (even without to to register)
Every time you use our service, even without registering, we collect the following personal Data:
| Data category | Explanation | Data source |
|---|---|---|
| Device information | Connection data | User himself |
| Operating system and corresponding version or other device identifiers | Time, date and duration of access to our service, origin, corresponding IP address and other log data (hardware or type of mobile device, software or browser type, operating system, application version and language settings) | User himself |
2.2 Personal data that we process as part of the registration process
In order to be able to use our service, you must first register. As part of the registration process, you must provide the personal data required for registration. After successful registration, you will receive a user account for our service (“TomFit Account”). With your registration, you give us your consent and authorization to use personal data for the processing with the following processing purposes.
We process the following additional personal data:
| Data category | Explanation | Data source |
|---|---|---|
| Credentials | Phone number | User himself |
| User information | first name, last name, date of birth, declaration of consent to terms and conditions and data protection, consent opt-ins, marketing opt-ins, verification status phone number | User himself |
All data collected is assigned to clearly defined purposes. We process the data collected from you during registration in order to identify you as our contractual partner, i.e. to establish, implement and process a connection contract between you and us in accordance with the contract and, in the corresponding case, relevant To provide information from your user account. We also verify your phone number in order to detect and prevent any misuse of data.
2.3 Personal data we collect when you use our service.
As a registered user our service enables you to continuously evaluate your activity data in order to derive your activity status from it. For this purpose, in addition to the data mentioned in Section 2.2 , the following personal data is collected and processed from you:
| Data category | Explanation | Data source |
|---|---|---|
| Activity data | Visits and their duration in our participating Partner studios | User himself |
We process your data to help you determine your activity status.
We store the data in order to comply with legal requirements (e.g. tax and commercial law storage obligations) or to exercise and defend legal claims.
We will send you push messages to inform you about your sporting goals and To inform challenges, to remind you and to motivate or encourage you. If you don’t wish, you can make the appropriate settings on your mobile device so that you are no longer affected by us.
You have the option of joining one or more groups (so-called “teams”) with other users to join forces and compete together in competitions and challenges. If you If you choose and join one or more teams, this information will appear in your TomFit account as your express consent to further data processing. Further we store the time at which you joined the relevant team.
We record your invitation(s) to join teams from other users as well as those from others Invitations sent to you to join your teams, along with corresponding acceptances and rejection. Other users can use your first and last name, with the appropriate activation, your pseudonym or your See initials and your scores on the teams you’re a member of.
TomFit keeps and publishes so-called result lists in the app, which show the rank and the totality of the results. If you participate in challenges, you give us your consent, your results Result data as well as the result data of your team including your rank, in the result list opposite others disclose to users. We also create anonymous evaluations using your activity data, Age, gender and, if you have connected with a partner company via our service, also Her Partner company affiliation to assess and continuously improve our services.
The following personal data is processed as part of activity-based sports funding:
| Data category | Explanation | Data source |
|---|---|---|
| Usage information | Duration of use, time, app functions used, Interaction(s) with other users of the service, information about results, Information on team memberships, consent opt-ins, marketing opt-ins, other voluntary information (free text fields) | User himself, TomFit |
| Activity data | Visits and their duration in our participating partner studios, | User himself, TomFit |
| Communication content | Content provided for the user by TomFit such as in particular training plans, challenges and news to inform and motivate the user etc., Content provided to the user by other users, such as in particular requests for the formation of teams etc., Content provided by the user, such as interests in particular and wishes within the framework of sports promotion and for others User Provided Content | User himself, other users, TomFit |
You have the opportunity to connect with your partner company by using the Use program ID. If you do not have a program ID and your partner company for our service want to inspire, you also have the opportunity to connect with your company if you send us an inquiry. In doing so, we also process the following personal data. Insofar as one of our partner companies pays the usage fee for your activity-based sports promotion (“sponsored activity-based sports promotion”), we have contacted the partner company(s) which/which promotes your activity-based sports promotion, in a special contract for transmission of Inactivity messages are required in the event that you have a partner company defined in more detail Period (usually one quarter) (not) participate in the funded activity-based sports funding. Besides that we transmit the anonymous evaluations created by us (see above) to those partner companies from which They are promoted in order to make the quality of our service more measurable there as well. In addition to the above data, the following are used for the activity-based sports funding more personal data processed by you:
| Data category | Explanation | Data source |
|---|---|---|
| User information | First and last name, (company) email address, phone number, Program ID | User himself |
| Sports promotion data | Information about participation (eligible / not eligible), Information about the funding status (is funded/is not funded), program level (like S-XL), inactivity messages | Partner company, TomFit |
2.4 Personal data that we process when you personalize your user account
If you personalize your user account accordingly, we process all personal data that you us provide. You can also manage, save or change your passwords.
When you purchase paid courses or other services through our platform, you are making a purchase In-App Purchase or multiple in-app purchases. You authorize the “App Store” or the “Google Play Store” concerning you to use personal data and information for the processing of the payment service(s). TomFit is not responsible for this part of the data processing. More information about the Data processing of the respective store can be found in the data protection regulations in the stores.
| Data category | Explanation | Data source |
|---|---|---|
| User data | Data category Explanation Data source First name, last name, date of birth, gender, password, digital Signature, affiliated company, affiliated fitness apps, Data protection setting (deactivation/activation of anonymization), photo | User himself |
| Payment data (if service subject to a fee for users) | Confirmation of the successful processing of the in-app purchases (with a selected payment service provider) | User himself; App Store |
2.5 Personal data that we process when we communicate with you
Part of our service is still to communicate with you. We do this in particular in fulfillment ours connection contract, to give you information about booked services or to answer your questions to answer. Furthermore, we communicate with you in the context of marketing campaigns, market research and to improve our service etc. We process the following personal data:
| Data category | Explanation | Data source |
|---|---|---|
| Contact information | Email address, phone number | User himself |
| Communication content | Depending on the user’s request | User himself |
2.6 Data processing for legal purposes
In certain cases, we may use your personal data to process and resolve legal conflicts or to access it in the course of investigations and to comply with compliance guidelines. access. We may also use it to enforce compliance with the terms of the contract in effect between you and us contract terms between you and us, or to comply with any requests from law enforcement or Data protection authorities. In the context of data processing, we will – to the extent possible – take appropriate measures to protect your rights and freedoms. In other respects, we process your data to fulfill legal obligations, e.g. in accordance with commercial and tax laws, the Money Laundering Act or to comply with regulatory requirements.
3. Information about our cookies
3.1 Definition of cookies and which cookies we use
We use cookies to improve presentation and navigation. A cookie is a text file that from the web server is sent to the browser. This file stores the URL that was visited and the Date of the visit and an expiry date that determines the period of activity of the cookie. Cookies are made by us used on the one hand to determine the preferred areas of the platform and on the other hand to user to enable his personal settings to be saved so that they can be restored the next time the page is called up to To be available. To determine the preferred areas of the platform, aggregated statistics created about user behavior.
3.2 Third Party Cookies We Use
We use content and services from third-party providers on the platform in order to analyze and improve the platform. We also use cookies from these third-party providers to integrate their content or service.
3.3 What options do you have
When you call up our service for the first time, we inform you about the use of cookies via an info banner. You are given the choice to decide whether and to what extent you accept the use of cookies want. As soon as you click on details, you will be shown which cookies we are using and you will receive the Possibility to refuse the use of certain cookies. On the use of necessary cookies, ie You cannot do any such as are necessary for the operation of our service and its functions influence. First after you have made your choices regarding cookies, they will be used as part of our service used. If you do not accept cookies, you may not be able to use the full range of services Use features of our service.
You can also set your browser so that you are notified when you receive a cookie or She You can exercise your legal right to object by rejecting cookies in your browser settings. Further information on the handling of cookies can be found in the help pages of your browser and e.g. on the Website: http://www.allaboutcookies.org/ge/.
4. Who we share your data with
We never give your data to unauthorized third parties. In the following section we would like to give you a summary explain to whom and under what conditions we transfer your data and from whom we have data about you raise. In addition, we also want to create transparency regarding the countries to which we send your data to transfer.
4.1 Data exchange with partner companies in the event of participation in the funded activity based Sports promotion and publication of your result data when participating in challenges in the form of Result/Leaderboards
As explained in section 2.3, data is exchanged with the partner company in order to the to support the collection of your claims against the partner company. We hereby fulfill the between You and us existing connection contract, so that our legal basis for the above Data processing is Art. 6 Para. 1 Letter b) GDPR. Furthermore, we include your result data your position in the participant results list open to other users if you publish in results/leaderboards have agreed, so that our legal basis for the above Data processing is Art. 6 Para. 1 Letter a) GDPR.
4.2 Which other third parties (except third parties in Within the meaning of clause 4.1) have access to personal data
As part of our work, we use the services of selected service providers and give you limited and strictly controlled access to some our data. These service providers are carefully selected, only act on the instructions of TomFit and are contractually obliged to comply with the applicable data protection requirements. Below we want you to be transparent and understandable about all our data recipients and the respective reasons inform:
| Data receiver | Explanation |
|---|---|
| Service provider | They support our business activities, for example by providing payment services provide, evaluate and optimize marketing campaigns for us, but also by they provide personalized advertising, IT solutions and infrastructure or the Ensure the security of our business operations, for example by preventing disruptions recognize and fix. Legal basis for the transfer of personal data Data of personal data is that of us with the relevant service provider concluded contract in conjunction with Article 6 (1) (f) GDPR. |
| Law enforcement agencies and legal process | Personal data is released if we are obliged to do so or – in our interest to avert damage, to enforce our claims and to reject unjustified claims. The legal basis for the transmission of personal data is Art. 6 Para. 1 Letter f) GDPR. |
4.3 To which countries we transfer your data
We primarily process your data in the European Union (EU) and the European Economic Area (EEA). However, some of the service providers we mention above are based outside of the EU and EEA (“Third Country”). The GDPR places high demands on the transfer of personal data to so-called third countries. For some The European Commission has decided that third countries offer an adequate level of data protection (e.g. Switzerland, Canada, Argentina). If we transfer data to a third country, for which such a If there is no adequacy decision, the corresponding data transfer is based – unless in this Privacy Policy otherwise stated – on a contract between us and the relevant recipient under Use of the standard data protection clauses of the European Union, and possibly others with the Recipients agreed additional measures to ensure an adequate level of data protection. For For more information, you can contact our data protection officer.
4.4 Special treatment of activity and health data
Your activity and health data as defined in section 2.4 is not shared with third parties other than for running the service as hosting service providers or legally required for law enforcement agencies and legal process. So there is strictly no transfer to advertising platforms, data brokers, or information resellers.
5. On the basis of which legal basis we process your data
| Data processing process | Legal basis |
|---|---|
| Providing the service (Section 2.1) | The processing of the data collected when accessing the service represents a pre-contractual measure within the meaning of Art. 6 Para. 1 Letter b) GDPR. Otherwise, it serves to protect our legitimate interests (Art. 6 Para. 1 Letter f) GDPR). The legitimate interest of TomFit consists in that business interest, a technically error-free and optimized service to provide. |
| Registration (Section 2.2) | The data processing serves to fulfill a contract concluded with the user Connection contract or to carry out pre-contractual measures in the sense of Art. 6 Para. 1 Letter b) GDPR. Incidentally, it serves to protect our legitimate interests (Article 6 (1) (f) GDPR). |
| Activity based sport promotion, determination of Activity levels (Section 2.3) | The data is processed on the basis of consent in accordance with Art. 6 para. 1 letter a) GDPR, insofar as the user has given their consent. The user has the right to revoke consent given to TomFit at any time with effect for the revoke future. The revocation must be explained to us. In case of one Withdrawal of consent, TomFit may only process the personal data to the extent further processing than TomFit processing to another legal basis can support. Change Consent | revoke consent The data processing serves to fulfill a contract concluded with the user Connection contract or to carry out pre-contractual measures in the sense of Art. 6 Para. 1 Letter b) GDPR. Incidentally, it serves to protect our legitimate interests and the legitimate interests of the respective Partner company (Article 6 (1) (f) GDPR) or one Contract concluded between the user and the partner company (Art. 6 Paragraph 1 letter b) GDPR). There are contracts with the partner companies in accordance with Art. 28 GDPR. With the In this respect, partner studios have contracts in accordance with Art. 26 GDPR. The data processing also serves to fulfill a legal obligation Obligation (Art. 6 Para. 1 Letter c) GDPR) e.g. according to trade and Tax laws, regulatory requirements. |
| Personalization of the User accounts (Section 2.4) | The data processing serves to fulfill a contract concluded with the user connection contract (Article 6 (1) (b) GDPR). Otherwise, it serves Safeguarding our legitimate interests (Art. 6 Para. 1 Letter f) GDPR). Otherwise, it serves to fulfill a legal obligation (Art. 6 Para. 1 Letter c) GDPR) e.g. identification requirements, regulatory requirements. In this respect, there are contracts with the partner studios in accordance with Art. 26 GDPR. |
| Communication (section 2.5) | As far as we communicate with you with reference to the connection contract, the Data processing for the fulfillment of the connection contract concluded with you (Art. 6 Para. 1 Letter b) GDPR) As far as the subject of the communication Marketing campaign, market research or generally an improvement of our service is, we only act on the basis of consent given to us within the meaning of Art. 6 Para. 1 Letter a) GDPR. The user has the right to revoke consent given to us revoked at any time with effect for the future. The revocation is towards us to explain. Change Consent | revoke consent |
| Legal purposes (Section 2.6) | The data processing serves to fulfill a legal obligation (Art. 6 Para. 1 Letter c) GDPR), e.g. according to commercial and tax laws, official Requirements. Furthermore, data processing is carried out to protect legitimate rights Interests within the meaning of Art. 6 Para. 1 Letter f) GDPR of TomFit or third party It is in our legitimate interest to enforce legal claims or to defend ourselves in the event of a claim. When we collect personal information use for legitimate interests, we will always balance your interests and yours Rights to the protection of your data, with rights and interests of us and the third party off. |
| Cookies (number 3) | The use of technically necessary cookies to carry out the service takes place in accordance with Art. 6 Para. 1 Letter b) GDPR. To perform the service Technically unnecessary cookies (tracking) are only used with the consent of the user within the meaning of Art. 6 Para. 1 Letter a) GDPR. The user can change or revoke their consent at any time on our website. Change Consent | revoke consent |
6. How we protect and when we delete your data
6.1 Data protection mechanisms
We implement industry-standard technical and organizational measures by using a variety of security technologies and procedures to help protect your data from unauthorized access, use, loss, destruction or disclosure.
- As part of our security measures, we utilize Secure Sockets Layer (SSL) technology to secure data transmission between our systems. This means that any data transferred between us and you, including any sensitive data, is encrypted during transmission to prevent unauthorized access.
- Your data is secured on the storage level using Advanced Encryption Standard (AES)-256 encryption algorithm, an industry-standard for data encryption. This helps to ensure that your information is kept confidential.
- To further safeguard your data, such as health and fitness data, we implement additional data protection methods such as pseudonymization and aggregation.
6.2 Deletion of your data
We only store your personal data for as long as it is necessary. Access data will be deleted if her knowledge is no longer required for the purposes described in this data protection declaration, insofar as this is not the case statutory provisions prescribe a longer storage period. We erase your personal data your request when you let us know. If your account has been inactive for three years, we will also delete it. In addition to the deletion rules defined by us, there are statutory retention periods, which we also have to comply with are. For example, tax records must be for a period of six to ten years or more in some cases even be kept longer. These specific retention periods vary according to local legal requirements provisions. It can therefore happen that, despite your request for the deletion of your data, we We still have to keep the stored data for legal reasons. In this case we will continue However, restrict the processing of the data. All personal data that we hold is covered by this privacy statement.
7. How we use mobile devices
We offer apps. These apps collect and process your personal data in a very similar way as the Website. With your consent, we will send you push notifications with information about you booked services. In the manual of your mobile device you will find information on how to change the settings and the receipt of push messages can be activated or blocked.
8. Responsible office(s)
The person responsible is the body responsible for processing your personal data and over decides the purpose and means of processing your personal data.
8.1 Responsible body for all data processing processes
TomFit AG
Eichelackerweg 55
8700 Küsnacht ZH
Managing Director: Thomas Stämpfli
Email: data-protection@tom.fit
8.2 Contradictions
Would you like us to collect, process or store your personal data in accordance with the If you object to applicable data protection law, you can send your objection by e-mail to the above address to the address specified in Section 8.1. Due to your objection, the further use of our service could be canceled technical reasons are no longer possible or only possible to a limited extent.
9. Subject to change
This data protection declaration can be accessed at any time under the link https://privacy.tom.fit/privacy-policy.html be printed out. Due to changes in the law or changes to our internal company processes, an adjustment of this data protection declaration may make it necessary, we reserve the right to maintain this data protection declaration Requirement to adapt to changed factual or legal conditions and ask you to read this data protection declaration regularly to retrieve.
