Data protection information PUMATRAC App
The following information relates to the Processing of Personal Data from users of the PUMATRAC App (“Data Subject” in terms of GDPR; hereinafter referred to as “you” / “your”).
For the purpose of this data protection information, the terms listed in this section II., when used in their capitalized form, shall have the meaning set forth below
“GDPR” means General Data Protection Regulation (Regulation (EU) 2016/679).
“Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Art. 4 sec. 1 GDPR).
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4 sec. 7 GDPR).
“Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law (Art. 4 sec. 7 GDPR).
“Data Recipient“ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing (see Art. 4 sec. 9 GDPR).
III. Data Controller and its data protection officer
PUMA SE (PUMA Way 1, 91074 Herzogenaurach, Germany; firstname.lastname@example.org) acts as Data Controller (hereinafter referred to as “PUMA”, “we” or “our”).
PUMA has appointed a data protection officer which can be contacted via email (email@example.com).
IV. Situations, purposes and legal bases of Processing your Personal Data
1. Login via PUMATRAC Account credentials or via Facebook / Twitter account
To use PUMATRAC App you have to log in to PUMATRAC App with either the credentials (email and password) of the PUMATRAC account you registered for or with your Facebook or Twitter account credentials.
If you have registered for a PUAMTRAC account, we process your PUMATRAC credentials (email address and password) for login.
For login via Facebook or Twitter you will be forwarded to Facebook or Twitter where you have to login via your Facebook or Twitter credentials and grant PUMATRAC App access to your Personal Data from your public profile (e.g. name, picture etc.) and – if you give the permission in your Facebook/Twitter platform settings – your email address, date of birth and/or friends list.
This processing is necessary for the provision of our service, namely to provide you with dedicated access to your profile (see sec. 2) (Legal base: Art. 6 para. 1 lit. b) GDPR).
2. PUMATRAC profile
When you log in to PUMATRAC App for the first time, we collect Personal Data from you to complete your user profile.
This includes mandatory Personal Data like your (nick-)name, email (if registering via email/password) and gender, as well as information on your fitness goals, preferred activities and training habits. This processing is necessary to provide you with the core functionalities of the PUMATRAC App, namely customized workout recommendations and training motivation based on your fitness and training interest, habits and goals (Legal base: Art. 6 para. 1 lit. b) GDPR).
This may also include Personal Data that you voluntarily share with us in order to be able to use additional functionalities and to have an even more customized user experience, such as
- information on gender, weight and height which is necessary to provide you with a customized calculation of your calories burned during your workouts and/or
- information on your location which is necessary to provide you with information on trainers and workout courses near your location
(Legal base: Art. 6 para. 1 lit. b) GDPR). These voluntary data can be deleted from your profile at any time (see under VI. 2.) with the consequence that the described (customization) features / functions are no longer available.
3. Tracking, recording and sharing your workouts
If you want to track and record your workouts we are Processing your workout data (e.g. date, duration, distance or repetitions, speed, calories etc.). This data may be collected directly via the PUMATRAC App or indirectly via access to the relevant data (e.g. heart rate) from third party apps (e.g. health app on your device) and/or (fitness) sensors and devices (e.g. GPS and/or gyroscope sensor integrated in your device, external heart rate monitors etc.), provided you gave PUMATRAC App the prior permission(s) to access data from the relevant apps, sensors and/or devices, which can be changed at any time in the account settings.
Once you finished a workout, this workout including the tracked workout data is recorded and stored to the calendar in your profile.
If you have set your profile visibility to “Public – Everyone” in the privacy settings of the PUMATRAC App, your completed and saved workouts will appear in the PUMATRAC Feed and are thus visible to other PUMATRAC users.
This processing is necessary to provide you with the functionality to track, record and share your workouts to the extent that you want (Legal base: Art. 6 sec. 1 lit. b) GDPR).
4. Push Notifications
If you have consented to receive push notifications, we process your device token ID to send you push notifications to your PUMATRAC App whenever a new version of the PUMATRAC App is available (Legal base: Art. 6 sec. 1 lit a) GDPR).
You have the right to withdraw your consent at any time by disabling the push notifications for PUMATRAC App in your device settings. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
5. App Analytics
We also use analytics services from Adobe Systems Software Ireland (Adobe Analytics), Google Ireland Limited (Google Analytics for Firebase) and Facebook Ireland Ltd. (Facebook Analytics) to evaluate and improve PUMATRAC App and its functionalities.
For more information on the data collection of these services please refer to the following links:
This Processing is necessary for the purposes of the legitimate interests pursued by us, namely app analytics and statistics (Legal base: Art. 6 para. 1 lit. f) GDPR; § 15 para 3 German Telemedia Act (“Telemediengesetz”; TMG)).
You can object to / deactivate the data collection for analytics at any time in the privacy settings for PUMATRAC App in your device.
V. Categories of Data Recipients
Your Personal Data may be disclosed to the following categories of Data Recipients:
- Our third party vendors who are involved in the development and provision of PUMATRAC App and its functionalities as well as our third party login and analytics providers; we ensure that suitable safeguards for adequate data protection, like an EU-US Privacy Shield Certification and/or the conclusion of EU Model Clauses are in place, if Personal Data is disclosed to vendors established outside the EU/EEA;
- Selected employees of PUMA SE on a need-to-know base (e.g. for support); and
- Other PUMATRAC as follows:
- If “Private – Only me” is set in the privacy settings of the PUMATRAC App ( default setting), other PUMATRAC users can only access (anonymous) basic information from your profile ((nick)name (any last name you enter will be shortened to the initial letter); country/town; TRAC score and number of your followers and number of PUMATRAC users you are following);
- If you have set “Public – Everyone” in the privacy settings of the PUMATRAC App, other PUMATRAC users also have access to your workouts and related training information.
VI. Storage and deletion
All Personal Data that you share with us or that are generated in the context of the use of the PUMATRAC App are securely stored in your PUMATRAC App (Frontend) as well as in our cloud database (Backend). Your Personal Data will be deleted from both, the PUMATRAC App and the cloud database, upon request (see hereafter).
1. Workout history
Your saved workouts and related Personal Data can be deleted at any time.
2. PUMATRAC profile data and account
In the user settings (“About you”) you can also delete non-mandatory Personal Data from your PUMATRAC profile at any time. You can also delete your whole PUMATRAC profile and account by contacting our support under firstname.lastname@example.org.
VII. Your data protection rights
In accordance with the applicable data protection regulations, you have following rights concerning your Personal Data processed by us:
- Right of access (Art. 15 GDPR),
- Right to rectification (Art. 16 GDPR),
- Right to erasure (“Right to be forgotten”) (Art. 17 GDPR),
- Right to restriction of Processing (Art. 18 GDPR),
- Right to data portability (Art. 20 GDPR),
- Right to object (Art. 21 GDPR),
Most of these rights can be exercised directly in account settings in PUMATRAC App. In other cases, please direct your requests to exercise the respective right by email to email@example.com. To handle your request and for authentication we will also process Personal Data from you (Legal base: Art. 6 sec. 1 lit. c) GDPR).
You also have the right to lodge a complaint with our supervisory authority (Art. 77 GDPR).