The protection of your personal data is important to us. We take this topic seriously and have outlined the handling of your personal data when you visit our website or use services offered on our website (e.g. subscribe to our newsletter, etc.) below.
The controller pursuant to Art. 4 (7) of the European General Data Protection Regulation (GDPR) for the offer at http://www.level-up-hr.com and the services and functionalities offered there is EGYM Wellpass GmbH, Einsteinstraße 172, 81677 Munich. You can contact us at any time using the contact details provided in our legal notice, e.g. by sending an email to info@egym-wellpass.com. You can contact our data protection officer with concerns about data protection, e.g. by e-mail at info@egym-wellpass.com or by post to our postal address with the addition “the data protection officer”.
You have the following rights vis-à-vis us with regard to your personal data:
You also have the right to lodge a complaint with a data protection supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement concerning the processing of your personal data by us if you consider that the processing of personal data relating to you is unlawful. If you have given us your consent to process your data, you can revoke this at any time with effect for the future. This does not affect the legality of the processing of your data until you withdraw your consent. To assert your rights or for other data protection concerns, you can contact us at any time via the contact channels listed in section 1 above and/or the contact channels listed in our legal notice.
We would also like to point out that if your personal data is processed on the basis of legitimate interest in the context of the balancing of interests pursuant to Art. 6 para. 1 sentence 1 f) GDPR and/or your personal data is processed for direct marketing purposes, you have the right to object to the processing of your personal data at any time.
We collect and process your personal data in the following cases when you use the services offered on our website:
With your consent, you can subscribe to our newsletter on our website. Only your e-mail address is required to subscribe to the newsletter. We use the so-called double opt-in procedure to subscribe to our newsletter. This means that after you have registered, we will send you an email to the email address you have provided, in which we ask you to confirm that you wish to receive the newsletter. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis for the processing described above for the purpose of sending the newsletter is Art. 6 para. 1 sentence 1 lit. a) GDPR (processing based on the consent of the data subject). In addition, we store the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller). You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation e.g. by clicking on the unsubscribe link provided in every newsletter e-mail or e.g. by sending a message to the contact details given in the imprint.
With your consent, you can register on our website as a member of the Level Up HR Community. First name, surname, e-mail address and company are required to register for membership. We only use your first name and surname so that we can address you personally in our member communications. We require your company name to ensure that you meet the criteria for membership. We use the so-called double opt-in procedure to register for our membership. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to become a member. After your confirmation, we store your e-mail address for the purpose of sending you member communications. The legal basis for the processing described above for the purpose of member communication is Art. 6 para. 1 sentence 1 lit. a) GDPR (processing based on the consent of the data subject). In addition, we store the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller). You can revoke your consent to the sending of our member communication at any time and unsubscribe from the newsletter. You can declare your revocation e.g. by clicking on the unsubscribe link provided in every newsletter e-mail or e.g. by sending a message to the contact details given in the imprint.
When you contact us by email or post using the contact methods listed in the legal notice or via the contact form provided on the website, the data you provide will be stored by us in order to process and respond to your questions or concerns. We delete the data collected in this context after storage is no longer necessary (usually after your request has been fully dealt with), or restrict processing if there are statutory retention obligations. Depending on the content of your request, the legal basis for the processing described above is Art. 6 para. 1 sentence 1 lit. f. GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller) or for communications in connection with the establishment, execution and performance of a contractual relationship with you Art. 6 para. 1 sentence 1 lit. b. GDPR (processing is necessary for the performance of a contract with the data subject).
If you wish to use the services and functionalities offered on our website, you must provide the personal data required for the respective service. If you do not provide us with this data, it will not be possible for us to provide you with the requested service.
Please note that when using our website and the services/functionalities offered, you will not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Your personal data will only be passed on or transmitted by us to third parties if this is necessary for the fulfillment of the contract with you, if there is a legitimate interest on our part or on the part of a third party, if you have given your consent and/or if we are obliged to do so by law or by official or court orders. Your personal data will be transferred by us to third parties in the cases and for the purposes described below:
Within the Group/ EGYM: We also pass on personal data within the Group to the Group company EGYM GmbH, Einsteinstraße 172, 81677 Munich, Germany, within the framework of order processing, within which EGYM GmbH provides and makes available personal data from EGYM Wellpass for the purpose of Group-wide, internal administrative purposes and other related services, such as hosting and server capacities, for us on our behalf and on our instructions. Furthermore, EGYM GmbH provides services in connection with the collection of anonymized data for usage statistics as part of order processing as described above.
E-mail dispatch service provider: To send you our newsletter, we use the e-mail dispatch service provider Mailchimp (The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, USA), which processes your e-mail address on our behalf and only within the scope of our instructions on the basis of an order processing agreement in accordance with Art. 28 GDPR for the purpose of sending the newsletter, but not for other purposes and not for our own contact by the e-mail dispatch service provider. The email addresses of newsletter recipients are stored on Mailchimp's servers outside the European Union/the European Economic Area in the USA. The EU standard contractual clauses have been concluded with Mailchimp.
In addition, we use service providers who provide web hosting services for us and also use third-party cloud or web-based software solutions that enable us to manage and host personal data in the cloud with external service providers in order to relieve our own servers and work effectively with new software solutions. We have concluded order processing agreements with the respective service providers, which ensure that the respective service providers do not process the data for their own purposes, but only within the scope of our instructions and on our behalf. The legal basis for the use of service providers is Art. 6 para. 1 sentence 1 lit. f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller) in conjunction with Art. 28 GDPR (order processing).(Auftragsverarbeitung).
Some of the service providers we use, who process personal data for us on our behalf and in accordance with our instructions as so-called processors pursuant to Art. 28 GDPR, are based outside the EU/EEA. Before transferring data to processors outside the EU/EEA, we ensure that the processor has an adequate level of data protection. This results, for example, for processors in countries such as Canada and Israel from an adequacy decision of the EU Commission (so-called safe third countries) and for other processors by concluding the EU standard contractual clauses before the start of processing by the respective processor. We also select service providers according to whether they provide additional guarantees, such as acquired protection certificates and/or proof of additional and appropriate technical and organizational measures to protect your personal data (e.g. data encryption).
Even without a special request, we naturally comply with our obligations to delete personal data (e.g. in accordance with Art. 17 GDPR) and therefore only store data for as long as is necessary to provide the desired service or for the respective purpose. For example, we only store data in connection with the sending of our newsletter for as long as you are registered for the newsletter and the data will be deleted by us as soon as storage is no longer necessary, e.g. after you have unsubscribed from the newsletter or revoked your consent. Please note that deletion will be replaced by blocking or restriction of processing if deletion conflicts with statutory retention obligations that we must fulfill. For example, in accordance with the statutory provisions in Section 257 of the German Commercial Code (HGB), we must retain offers sent to you and other contract-related communications with you for a period of up to ten years.
When using our website for information purposes only, i.e. if you do not use our contact form to request further information or one of the services offered on our website
(e.g. booking a newsletter), we only collect the data that your browser transmits to our server. For the use of cookies for web analysis and advertising purposes, please see the separate information in section 8 below. Each time you use the Internet, your Internet browser automatically transmits certain information that we store in so-called log files. This involves the following data, which is required to display our website to you and to ensure stability and security: IP address (Internet Protocol address), date and time of the request, content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request comes, browser, operating system and its interface, language and version of the browser software. It is not possible for us to draw conclusions about individual persons from this data. This data is stored by us for reasons of technical security, e.g. to prevent attacks on our web server, whereby the data is anonymized after seven days at the latest by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual website user. The log files are only stored or retained beyond the aforementioned period if further storage or retention is necessary for evidence purposes in the event of a security incident, e.g. in the event of an attempted attack on our website/server, and the log files are deleted after the security incident in question has been clarified. The legal basis for the processing described above is Art. 6 para. 1 sentence 1 lit. f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller).
For the use of cookies and tracking technologies on our website, please see the separate information in our cookie policy.