Privacy Policy
IDS Diagnostic Systems AG

The following data protection declaration applies to all online services on our websites (www.ids-ds.de and www.mysportsapp.net/de/ ) and to our mobile app (“mySportsApp”).
The terms used are based on formulations of the General Data Protection Regulation (“GDPR”).

Principles of data processing

the “mysportsapp”, which in this case is explained separately below, it is necessary to provide an e-mail address. The legal basis for data protection can be found in particular in the General Data Protection Regulation (GDPR).
When you visit our website or apps, some information is transmitted, such as your IP address. They also provide information about the end device used (computer, smartphone, tablet, etc.), the browser used (Internet Explorer, Safari, Firefox, etc.), the time of access to the website, the so-called referrer and the amount of data transferred.
This data is not used by us to identify individual users. The information is used exclusively to determine the attractiveness of our offers and to improve the performance and content of our offers.
However, we would like to point out that in the case of a static IP address, a personal reference could be established via a RIPE query in individual cases, but we do not do this under any circumstances.

Collection and processing of personal data

Personal data is only collected by us if you contact us and actively provide data, in particular when registering an account, requesting information or entering it in your profile within our app.
When transmitting and storing any type of data, it is always encrypted. Your personal data is thus protected against unauthorized or unlawful access, alteration or disclosure.
We use the personal data you provide exclusively for the fulfillment and processing of our services.
We store your data for as long as is necessary to fulfill the intended purpose, or until you delete your account or statutory retention periods make storage necessary. Your personal data will then be deleted or its processing restricted in accordance with the statutory provisions.
In the case of purely informational use, we generally only collect the personal data that your browser transmits to our server. If you only visit our website, we only collect data that is technically necessary for us to display our content to you and to ensure stability and security (legal basis is the legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR).
We have carried out a balancing of interests in accordance with Art. 6 para. 1 lit. f GDPR. In doing so, we have taken into account and weighed up our interest in the provision and your interest in data protection-compliant processing of your personal data. For technical reasons, the following data is necessary for the provision of our service in order to be able to offer our services and also to ensure the stability and security of our services, in particular to protect against misuse. We have therefore come to the conclusion that this data can be processed – with a guarantee of data security based on the state of the art – taking due account of your interest in data protection-compliant processing.

data	Purpose of the processing	Storage duration
Operating system used	Evaluation by device to ensure an optimized display of the website and app	Up to 30 days after deletion of the customer account
	Evaluation of the browsers used in order to optimize our websites for this purpose	Up to 30 days after deletion of the customer account
IP-address	Display of the website on the respective device; clarification and prevention of fraud; proof of the user’s consent to the newsletter dispatch	Up to 30 days after deletion of the customer account
Date and time of the call	Display of the website on the respective device; clarification and prevention of fraud; proof of the user’s consent to the newsletter dispatch	Up to 30 days after deletion of the customer account
If applicable, manufacturer, type designation and version of the smartphone, tablet or other end device as well as the app version and the app provider	Evaluation of device manufacturers and types of mobile devices for statistical purposes	Up to 30 days after deletion of the customer account
Session ID	Identification of the installation	Up to 30 days after deletion of the customer account

The collection of data for provision and the storage of data in log files are absolutely necessary for the operation of the website and the apps. Consequently, there is no possibility of objection on the part of the user.

Registration/Installation of a mySportsApp account

The app can be downloaded via the Google Play Store and the Apple App Store, either directly or via a store link on the mySportsApp website. When starting the app, an e-mail address and optionally a name must be entered. An email with an activation number or activation link will be sent to this email address. The app is activated by entering this number or by opening the activation link. After activation, the app can be used on the device without having to log in again.

Required permissions
The following permissions are required by the app:

• identity

◦ Search for accounts on the device

• Contacts

◦ Search for accounts on the device

• Location

◦ Access the approximate location (network-based)

◦ Access the exact location (GPS and network based)

◦ Access additional location provider commands

• Photos / Media / Files

◦ Read USB memory contents

◦ Change or delete USB memory contents

• Miscellaneous

◦ Access all networks

◦ Disable hibernation

◦ Pair with Bluetooth devices

◦ Access Bluetooth settings

◦ Retrieve network connections

◦ Read synchronization settings

◦ Enable or disable synchronization

◦ Run at startup

◦ Detect activity

◦ Receive push messages

Collected and processed data
Data for registration

Required Information: These data must be provided upon registration.

• E-mail address

Optional Information: This information will be collected during registration and may be changed later in the profile./div>

• Personal information: name, gender, age / date of birth, height, weight, resting heart rate, maximum heart rate, language

• Reason and motivation: main goal, training goals, athletic performance level

• Health check: yes / no answers to health questions, eg. heart problems, pain, dizziness, bone or joint problems, medication

Data on health and fitness activities

• Fitness activities: e.g. duration and time, distance and altitude profile, calories, heart rate

• Routes: e.g. training distance, distance, altitude profile, speed, if the authorization for positioning has been granted

• Pulse curve: heart rate if a heart rate sensor has been paired

• HeartTicket: HeartTicket code, appointments and calculated heart age

Data about app usage
If you have enabled error logging (opt-in), data on usage and errors in the app will be collected. We use this data to analyze problems and constantly improve the app.

Payment information about subscriptions
Payments are handled by payment providers Google and Apple. Although we do not store any financial data ourselves, we receive from the provider with each transaction a transaction ID, duration, price, currency and VAT for the purchased product. The payment provider can trace the purchase to a person using the transaction ID.
If your data is processed outside the EU, the payment service provider has undertaken to comply with the EU standard contractual clauses. In some cases, the payment service providers also collect this data themselves under their own responsibility. Further information on the processing of personal data by payment service providers can be found in their data protection guidelines:

• Apple Pay (Apple Inc.), One Apple Park Way, MS 169-3 IPL Cupertino, CA 95014 USA. Further information can be found in the privacy policy of Apple Pay.

• Google Pay (Google Ireland Limited), Gordon House, Barrow Street, Dublin 4, Irland. Further information can be found in the privacy policy of Google Pay.

Die Rechtsgrundlage fuer diese Verarbeitung ist Art. 6 Absatz 1 Buchstabe b DSGVO (Erfuellung eines Vertrages) und Art. 6 Abs. 1 Buchstabe a DSGVO.

Amazon Web Services
We use Amazon Web Services (AWS) to deliver the videos and media files. The app downloads this content directly from AWS. This will give Amazon personal information such as IP address and information about the device, the operating system and the installed web browser.
See the Amazon AWS privacy policy for details on whether and how Amazon uses this information (https://aws.amazon.com/en/compliance/data-privacy/).

Devices and location information
When using the app, we receive the following data:

• IP address

• Request the app

• Time of the request

• Access status and transferred amount of data

• Product and version information about the app and the installed web browser

• Operating system of the device

• Device ID and features

• Information about the ISP or wireless service provider

App Analysis
App installations, used devices, and in-app purchase information can be evaluated for statistical purposes. Crash reports can be transmitted voluntarily via the corresponding functionality in the operating system.

Storage periods and deletion of the data used
Storage periods for active use
The data is stored as long as the user account exists. Beyond that, data will only be stored if required by law (due to warranty, statute of limitations or retention periods) or otherwise.

Deletion of your data
When your user account is deleted, all data will also be deleted, except for the data required to fulfill contractual obligations or to fulfill legal retention requirements. These data are not deleted, but minimized to the extent necessary.

Contact form

You have the option of contacting us via our e-mail address or the contact form.
We will of course use the personal data transmitted to us in this way exclusively for the purpose for which you provide it to us when contacting us.
The legal basis in this respect is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. If your request is aimed at concluding a contract (e.g. purchase of a subscription), the legal basis for the processing of the data provided is also the necessity for the provision of (pre)contractual services, in accordance with Art. 6 para. 1 lit. b GDPR.
Insofar as we request information via our contact form that is required to contact you, we have always marked this as mandatory (*). All information without an asterisk is optional. This information is used to specify your request and to improve the processing of your request. This information is provided expressly on a voluntary basis and with your consent. If this involves information on communication channels (e.g. e-mail address, telephone number), you also agree that we may also contact you via this communication channel in order to respond to your request.
You can of course revoke your consent at any time for the future. To exercise your right of revocation, please contact the office named at the end of this declaration.

Push notifications

If you would like to receive our push notifications on your mobile iOS device or on your Android device, even if you are not currently in our app, we ask for your consent.

Google Analytics

Our websites, expressly not our app (“mySportsApp”), use Google Analytics, a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”). Google Analytics uses cookies that enable your use of the website and our app to be analyzed. The information generated by the cookie about your use of this website or our app is usually transferred to a Google server in the USA and stored there.
The information is used by Google on our behalf to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator or app owner. Pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with activated IP anonymization. This means that Google will truncate the IP address of users in member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent the storage of cookies by adjusting the settings in their browser software accordingly. We have made data protection-friendly default settings.
Section 25 (1) sentence 1 of the GDPR and, for the subsequent processing of personal data, Article 6 (1) (a) of the GDPR are the legal basis for the use of Google Analytics. Users can prevent Google from collecting the data generated by the cookie and relating to their use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser add-on. Opt-out cookies then prevent the future collection of data when visiting this website. If you click here, the opt-out cookie will be set: Deactivate Google Analytics. Google has signed the EU standard contractual clauses as a guarantee in accordance with Art. 44ff GDPR.

Further information on data processing by Google Analytics can be found in the provider’sPrivacy policy of the provider.
If you no longer wish to be tracked by Google Analytics in the future, you can send an email to info@ids-ds.de at any time.

Data transfer to third parties

We only pass on your personal data to third parties if:

• you have expressly given your consent to this

• the disclosure is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,

• in the event that there is a legal obligation for the disclosure, and

• this is legally permissible and necessary for the processing of contractual relationships with you.

If data is transferred outside the European Union, the high European level of data protection does not apply. In the case of a transfer, it may be that there is currently no adequacy decision by the EU Commission within the meaning of Art. 45 para. 1, 3 GDPR.
This means that the EU Commission has not yet positively determined that the country-specific level of data protection corresponds to the level of data protection in the European Union on the basis of the GDPR. If the recipient is located outside the European Union / European Economic Area, we have taken the necessary measures, such as signing the EU standard contractual clauses approved by the EU Commission, and have also taken appropriate security precautions.

Possible risks that cannot be completely ruled out in connection with the transfer of data are in particular

• Your personal data could possibly be processed beyond the actual purpose.

• There is also the possibility that you may not be able to assert and enforce your rights under data protection law, such as your right to information, rectification, erasure or data portability.

• There may also be a higher probability that incorrect data processing may occur and that the protection of personal data does not fully meet the requirements of the GDPR in terms of quantity and quality.

Instruction of data subject rights

Every data subject has the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to object under Art. 21 GDPR and the right to data portability under Art. 20 GDPR. The restrictions under Sections 34 and 35 BDSG apply to the right of access and the right to erasure.

Deletion of your mySportsApp account

Via website:
Please use folgendes Formular: https://mysportsapp.net/delete_account_antrag.html

Via app:

• Go to Settings in the profile at the bottom right

• Open the item “Support”

• Click on “Delete profile”

• You will receive an email confirming the deletion of your data. It is important that you always cancel on the platform on which the subscription was taken out before deleting the account. If the subscription was taken out via an app store, the subscription must also be canceled via the app store.

Instruction on the right of appeal

You also have the right to complain to the competent data protection supervisory authority about the processing of your personal data by us.

Instruction on revocation of consent

You can withdraw your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were given to us before the General Data Protection Regulation came into force, i.e. before May 25, 2018. Please note that the revocation is only effective for the future. Processing that took place before the withdrawal is not affected.

Right in the case of data processing for direct marketing purposes

Pursuant to Art. 21 (2) GDPR, you have the right to object at any time to the processing of personal data concerning you. If you object to processing for the purposes of direct marketing, we will no longer process your personal data for these purposes. Please note that the objection will only take effect for the future. Processing that took place before the objection is not affected.

Reference to the right to object when balancing interests

If we base the processing of your personal data on a balancing of interests, you can object to the processing. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as described by us. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or explain to you our compelling reasons worthy of protection.

Links to other websites

Our websites may contain links to websites of other providers. We would like to point out that this data protection declaration applies exclusively to the websites of IDS Diagnostic Systems AG. We have no influence on and do not check that other providers comply with the applicable data protection regulations.

Changes to the privacy policy

We reserve the right to amend or adapt this privacy policy at any time in compliance with the applicable data protection regulations.

Withdrawal of consent and objection to data processing

If you have given us your consent, you can revoke it at any time with effect for the future.
Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
You can object to the processing of your personal data for advertising and data analysis purposes at any time.
You can send us your revocation or objection using the contact details under “Controller”.

Your rights at a glance

You have the following rights vis-à-vis us with regard to your personal data:

• Right of access

• Right to rectification or erasure

• Right to restriction of processing

• Right to object to the processing

• Right to data portability.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

Person responsible

IDS Diagnostic Systems AG, Zehntwiesenstraße 35 b, 76275 Ettlingen; Tel.: +49 721 1702998-10; Fax: +49 721 1702998-19; E-Mail: info@ids-ds.de

Data Protection Officer