en

PrivacyPolicy

PRIVACY POLICY FOR TRIAL TRAINING AND MEMBERSHIP CONTRACTS

of the studio lines “McFIT”, “JOHN REED”, “High5” and “JOHN REED WOMEN’S CLUB”.

The following privacy policy is intended to inform you about how we process your personal data within the scope of trial training and membership contracts of the studio lines “McFIT”, “JOHN REED”, “High5” and “JOHN REED WOMEN ́S CLUB” with RSG Group GmbH, Tannenberg 4, 96132 Schlüsselfeld (here after referred to as “RSG Group”).

The protection of your privacy and your personal rights is very important to us. We therefore ask you to read this information carefully.

We will inform you below about the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) when concluding and executing the contract.

For the basic use of our online offer under the websites mcfit.comjohnreed.fitness or high5.com exists in each case a separate data protection notice.

I. Name and Address of The Person Responsible

The responsible party for the conclusion of a membership contract with RSG Group within the meaning of the General Data Protection Regulation (here after “DSGVO”) and other national data protection laws of the Member States as well as other provisions of data protection law is:

RSG Group GmbH

Tannenberg 4

96132 Schlüsselfeld

Telephone: +49 9552 / 93 19 0

Fax: +49 9552 / 93 19 115

E-Mail: info@rsggroup.com

Representative (Managing Director): Rainer Schaller

You can reach the data protection officer of the responsible person under:

datenschutzbeauftragter@rsggroup.com

II. Scope of The Processing Of Personal Data

We process personal data of prospective customers of our offer and members in principle only, as far as this is necessary for the preparation and execution of contracts. The processing of your personal data takes place regularly only after your consent. An exception to this is if obtaining your consent is not possible for actual reasons or if the processing of your data is permitted by legal provisions.

III. Legal Basis for the Processing of Personal Data

We would like to inform you about the legal basis for our data processing. If the legal basis is not mentioned in our privacy policy, the processing of your personal data is based on the following legal bases:

  • Act. 6 (1) lit. a DSGVO serves as our legal basis if we have obtained your consent for a specific processing purpose.
  • Act. 6 (1) lit. b DSGVO is the legal basis if the processing of personal data is necessary for the performance of a contract, e.g. if you conclude a membership contract via the online offer. This legal basis also applies to the processing of personal data that is necessary for the performance of pre-contractual measures, e.g. when you contact us with inquiries regarding our products and services.
  • Act. 6 (1) lit. c DSGVO is our legal basis, insofar as processing of personal data is necessary for the fulfilment of a legal obligation, such as the fulfilment of obligations under commercial and tax law.
  • If vital interests of you or another natural person make processing of personal data necessary, Act. 6 (1) lit. d DSGVO serves as the legal basis.
  • If processing is necessary to protect the legitimate interests of our company or a third party and if the interests, fundamental rights and freedoms of you do not outweigh the first-mentioned interest, the personal data will be processed on the basis of Act. 6 (1) f DSGVO.

IV. Data Deletion and Storage Period

We would like to inform you about the storage period and data deletion in our data processing. Unless our privacy policy in the following sections on this is not regulated in more detail, we apply the storage period and data deletion the following:

We process and store your personal data only for the period necessary to fulfil the purpose of processing and storage. Your data may be stored beyond this period if this has been provided for by the European or national legislator in regulations, laws or other provisions with which we must comply. Your data will also be blocked or deleted if a storage period provided for by the standards expires, unless there is a need to continue storing your data for the conclusion or fulfilment of a contract. If the personal data is blocked, it will be deleted as soon as there are no legal or contractual retention periods to the contrary, there is no reason to believe that deletion would impair your interests worthy of protection and deletion would not cause disproportionate expense due to the nature of the storage.

V. Processing of Your Personal Data During Trial Training, Conclusion of A Membership Contract/Creation of an Account And Execution of The Contract

1. Description and Scope Of Data Processing

We process data that we receive from you or collect from you in the context of agreeing on a trial training or applying for and executing your membership contract.

If you arrange or carry out a trial training with us, we process the following data:

  • Gender
  • Name and first name
  • Date of birth
  • Medical History
  • Contact information (address, e-mail, telephone)

If you want to sign a membership contract with RSG Group, you have to create an account at the same time. In addition to the data mentioned above, we also process the following data:

  • e-mail address
  • Password
  • Your bank details (BIC and IBAN)
  • a photo.

When you enter a fitness studio, RSG Group collects the following data (which are summarized below as “access data”):

  • Date of access
  • Time of the access
  • the studio visited
  • your membership number

2. Purpose of Data Processing and Legal Basis For Processing Personal Data

RSG Group processes personal data of interested parties and members (including their photos) as far as this serves the purpose of the contractual relationship. The legal basis is therefore Act. 6 para. 1 lit. b DSGVO. If RSG Group collects a photo of you, this serves the purpose of a later access control, legal basis for this is Art. 6 para. 1 lit. b and lit. f DSGVO.

The recording of the fact of health problems serves the defence against legal claims of the RSG Group with the legal basis Art. 9 para. 2 lit. f DSGVO. In addition, you should be sure in the context of the conclusion of the contract that no health impairments prevent you from carrying out a training. Thus, Act. 6 para.1 lit. d DSGVO is also the legal basis.

The specification of the e-mail address and a password serve to create a member account in which you can independently view and manage your contract data. The password you choose serves to protect your contract data. The legal basis for this data processing is Act. 6 para. 1 lit. b DSGVO.

The Following Applies to the Access Data:

As far as RSG Group processes the gym, date, time and member number of the member when entering the gym, this is done in the context of access control to our studios for the execution of the contract with you. The legal basis is therefore also Act. 6 para. 1 lit. b and lit. f DSGVO.

RSG Group stores the access data for the purposes of safeguarding house rights, defending against legal claims and protecting the interests of members. In anonymized form, this data is also used to optimize training conditions and market research.

The legal basis for this processing is Act. 6 para. 1 lit. f and lit. d DSGVO, thus a processing for the protection of the legitimate interests of the RSG Group and its members. Profiling does not take place.

3 Duration of Storage/Blocking of Data

We process and store your data for the duration of your contract with us. In addition, we are subject to various storage and documentation obligations.

In Germany, these may result from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The retention and documentation periods specified there are up to ten years. In addition, the storage period is also assessed according to the statutory limitation periods, which according to §§ 195 ff. BGB (German Civil Code), whereby the regular limitation period is three years.

In the case of a trial membership, we will block your data six months after termination of your trial membership contract. For all contracts, the access data will be blocked automatically three days after the date of collection. If the personal data is blocked, it will be deleted as soon as there are no legal or contractual retention periods to the contrary, there is no reason to believe that deletion would impair your interests worthy of protection, and deletion would not cause disproportionate expense due to the special nature of the storage.

As soon as the storage of the data is no longer necessary for the execution of the contract with us and no legal retention periods exist, your data will be deleted immediately, unless there is reason to believe that a deletion would impair your interests worthy of protection and a deletion does not cause a disproportionate effort due to the special nature of the storage, in which case your data will be blocked.

VI. Newsletter

If you register for the newsletter, you agree until revoked to receive a personalized newsletter from RSG Group and its subsidiaries CYBEROBICS GmbH, THE REED GmbH, Qi² Sports Nutrition GmbH, LOOX Sports GmbH and McFIT MODEL AGENCY GmbH and the related companies of RSG Group may send advertising on products, services, promotions and satisfaction surveys. In order to send a newsletter optimized for you, you consent to an evaluation by the aforementioned companies, which measures whether and when the newsletter is opened and which links you click on. You can find detailed information about the dispatch procedure and the data collected during newsletter dispatch in the following text. You can cancel the receipt of the newsletter at any time, i.e. revoke your consent. For this purpose, you will find a corresponding link in each newsletter. You can also revoke your consent by sending us a simple message by mail (RSG Group GmbH, Tannenberg 4, 96132 Schlüsselfeld) or by e-mail (meine-daten@rsggroup.com ). You will not incur any costs other than the transmission costs according to the prime rate.

1 Description and Scope Of Data Processing For Newsletter Dispatch

Within the framework of the conclusion of a membership contract with the RSG Group, you have the possibility to subscribe to a free newsletter. For this purpose, we need your e-mail address.

For the processing of the data, your consent is obtained during the registration process and reference is made to this privacy policy.

The registration for our newsletter is done by a double opt-in process. This means that after registering for the newsletter, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with a foreign e-mail address. The registrations to the newsletter are logged in order to be able to prove the registration process according to the legal requirements. For this purpose, it is necessary to store the time of registration and confirmation, as well as the IP address.

Even if you have not registered for our newsletter, we can use your stored e-mail address for sending a newsletter if you purchase goods or services from the RSG Group on our online offer or in one of the studios and enter your e-mail address. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter.

2 Legal Basis and Purpose of Data Processing

The legal basis for sending the newsletter and the associated performance measurement is your consent pursuant to Act. 6 (1) lit. a DSGVO.

The logging of the registration process is based on our legitimate interest pursuant to Act. 6 para. 1 lit f DSGVO. Here, our interest is directed towards the use of a user-friendly and secure newsletter dispatch process, which on the one hand serves our business interests and enables us to prove your consent and at the same time also meets your expectations.

The legal basis for sending the newsletter without newsletter registration as a result of the sale of goods or services is in the Federal Republic of Germany § 7 para 3 UWG and in Austria § 107 para 2 and 3 TKG. In addition, the legal basis is also Act. 6 para. 1 lit. f DSGVO, as we have a legitimate interest in direct marketing.

The processing of your e-mail address serves to deliver the newsletter to you.

3. Duration f Storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Your e-mail address will therefore be stored for the newsletter dispatch for as long as you have subscribed to a newsletter.

You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. For this purpose, you will find a corresponding link in each newsletter. You can also revoke your consent by sending a simple message to us. You can use the following contact data for this purpose without incurring any costs other than the transmission costs according to the basic tariff:

Via mail: RSG Group GmbH, Tannenberg 4, 96132 Schlüsselfeld or

Via e-mail: meine-daten@rsggroup.com .

To be able to prove a previously given consent, we can store the unsubscribed e-mail address for up to three years on the basis of our legitimate interests before it is deleted. In this case, it is only stored for the purpose of possible defence against claims.

4. Newsletter Dispatch by Cleverreach

The newsletter is sent by means of the dispatch service provider CleverReach GmbH & Co. KG (hereinafter “CleverReach”), Mühlenstraße 43, 26180 Rastede, Germany. You can view the privacy policy of the shipping service provider at cleverreach.com.

We use the services of CleverReach based on our legitimate interest pursuant to Act. 6 (1) lit. f DSGVO.

CleverReach may use the recipients’ data without attribution to a specific user to optimize or improve its own service, e.g. for the technical optimization of the dispatch and the improvement of the presentation of the newsletter. CleverReach will not use the data of our newsletter recipients to contact them or to pass them on to third parties.

5 Newsletter Performance Measurement

The newsletters may contain so-called “web-beacon”. These are pixel-sized files that are retrieved from our server or from the server of our dispatch service provider when a newsletter is opened. As part of this retrieval, technical information such as information about your browser and operating system, but also your IP address and the time of retrieval of the newsletter are collected.

The legal basis for the processing of data regarding the newsletter performance measurement is Act. 6 para. 1 lit. f DSGVO.

All this information is used to improve the service based on the technical data or the target groups and their reading behaviour based on the retrieval locations or access times. Also collected is the determination of whether the newsletter was opened, when it was opened and which links were clicked. Even if this information can be assigned to an individual newsletter recipient for technical reasons, neither we nor the dispatch service provider will monitor individual users. The evaluations serve us to recognize reading habits of our users and to adapt our contents to them or to send interest-oriented newsletters to our users.

VII. Passing on of Your Data

1. Who Receives Your Personal Data?

Within the company, only those departments receive your data that need them to carry out the membership contract and legal obligations. Contractors and other service providers used by us may also receive data for these purposes. These are companies in the categories of IT services, banks, telecommunications, debt collection and printing services.

Otherwise, we will only pass on your data if this is required by law, you have given your consent or we are authorized to provide information. Under these conditions, recipients of personal data may be, for example, public bodies and institutions (e.g. offices, tax authorities, law enforcement agencies) in the event of a legal or official obligation. Other data recipients may be those bodies for which you have given us your consent to transfer data.

2. Will Your Data Be Transferred to a  Third Country or to an International Organization?

Data will only be transferred to countries outside the European Economic Area (third countries) if this is necessary for the execution of your contract, is required by law or you have given us your consent.

VIII. Your Rights

We would like to inform you at this point about your rights regarding the processing of your data. If you wish to exercise any of these rights, you can send us a simple message. You can use the following contact details without incurring any costs other than the transmission costs according to the basic tariff:

Via mail: RSG Group GmbH, Tannenberg 4, 96132 Schlüsselfeld or

Via e-mail: meine-daten@rsggroup.com

For your own protection, we reserve the right to request further information to confirm your identity. If we are unable to identify you, we will refuse to process your request.

You have the right To:

  • Information about the data stored about you (Act.15 DSGVO)
  • the immediate correction and/or completion of the personal data concerning you (Act.16 DSGVO)
  • the deletion of your personal data stored by us (Act.17 DSGVO)
  • the restriction of the processing of your personal data (Act.18 DSGVO)
  • data portability (Act.20 DSGVO)
  • as well as objection against the processing (Act.21 DSGVO).
  • Complaint to the supervisory authority (Act. 77 DSGVO), if you are of the opinion that the processing of your personal data violates existing data protection regulations, you can complain to a supervisory authority without prejudice to other legal remedies. You may address the complaint to a supervisory authority in the Member State of your residence, place of work or place of the alleged infringement.

IX. Modification of the Data Protection Notice

We reserve the right to adapt this privacy policy at any time so that it always complies with the current legal requirements or to implement changes to our services in the privacy policy, e.g. if we change our online offer or introduce other services. The new data protection declaration will then apply to your next visit to our online offer.

Status: 08.04.2019