Below, we inform you which personal data are processed by MySports GmbH, Raboisen 6, 20095 Hamburg "MySports" whenever the MySports service is used and for what purposes these data are used. The following Data Protection Statement applies to all online services on our own website ("www.mysports.com") and through our own mobile app ( "app" ) as well as to websites on online platforms and apps that we run for our partner studios ( "partner websites"/"partner apps" ). Henceforth, the aforementioned services are also collectively referred to as "service".
The terminology used is based on wording from the General Data Protection Regulation ("GDPR").
You have the right to obtain information on the personal data related to you that we store, free of charge.
In addition, you have the following rights:
The authority responsible for us is: The Hamburg Officer for Data Protection and Freedom of Information Ludwig-Erhard-Str 22, 7. OG
20459 Hamburg
Tel.: [+49] 040 / 428 54 - 4040
Fax: [+49] 040 / 428 54 - 4000
Email: mailbox@datenschutz.hamburg.de
If you would like to exercise your rights as a data subject, do not hesitate to contact us at the contact address given in Paragraph 8.1 below.
info@mysports.com
If you would like to object to our collection, processing, or storage of your personal data according to applicable data protection law, you may send your objection by email to the address mentioned above.
Due to your objection, further use of the website may no longer be possible for technical reasons.
To provide you with our service, we need to collect, process, store, and sometimes even share (i.e., disclose to third parties) various personal data. Below, you can see which of your data we need for what purposes and under which circumstances we share your data with others.
Personal data is information from which we can directly or indirectly infer your person, such as your first and last name, address, telephone number, birthday, location data, or email address.
We use tables to give you a good overview of the details. We think that this way, we can provide the information to you in a transparent, comprehensible, and easily accessible manner in clear and simple language. Since there are different types of data, we have grouped them into data categories because we believe that this way, the information is easier to understand.
Every time you use our service, even without signing up, we collect the following personal data:
| Data Category | Explanation | Data Source |
|---|---|---|
| Device information | Connection data | Users themselves |
| Operating system and corresponding version or other device identifiers | Time, date, and duration of access to our service, origin, corresponding IP address, and other log data (hardware or type of mobile device, software or browser type, operating system, application version, and language settings) |
We inform you in detail about the use of cookies under Section 3.
When signing up, you need to provide the personal data required for sign-up. All data collected are assigned to clearly defined purposes. If you not only visit the service but also want to sign up, we process the following additional personal data:
| Data Category | Explanation | Data Source |
|---|---|---|
| Login data | Email address, password | Users themselves |
| User information | First name, last name, contact details, date of birth, declaration of consent to general terms and conditions and data protection, marketing opt-in, verification status email |
We process the data collected from you when you sign up in order to identify you as our contractual partner, i.e., to establish a connection contract between you and us, to implement that contract, and to process it according to the contract. We also verify your email address in order to identify and prevent any data misuse.
As soon as you are signed up for our service, you can log in and instruct us to search among those sports, leisure, and wellness facilities that work with us (henceforth referred to as "partner studios" or "studios" ) to find the ones for you with which there is the possibility of a technical connection ("Connect"). A Connect can be offered to you for those studios for which you have rights of use based on an ongoing contractual relationship. Some of our partner studios can also be suggested to you if there has been (at least) one previous contractual relationship between you and the studio in question (e.g., because you purchased a day ticket to use the studio in question). To protect your data, we work together with our partner studios on the basis of special contracts with shared responsibility. Details on this collaboration can be found in the summary of essential points that we have provided for you according to Art. 26, Para. 2, Clause 2 of the GDPR. We process these personal data in this context.
| Data Category | Explanation | Data Source |
|---|---|---|
| Login data | Email address or membership number at the studio, date of birth | Users themselves |
| User information | Your respective membership number at the studio, date of birth, name and address of the studio(s), and additional information on the studio(s) | |
| Storage of the selected studio(s) |
An essential element of our service is to enable you to connect to your studio and to communicate with it in a convenient way. We use your email address to ask our partner studios about the possibility of a Connect for you. If a Connect is not possible, no further data processing occurs between us and the partner studio requested. If, on the other hand, a Connect is possible, we offer you the relevant studio for the Connect by disclosing the studio data (studio name and address, additional information where appropriate) sent to us by the studio. If you reject a Connect suggested, we delete the data collected from the partner studio.
The connection established between you and your studio through the Connect enables you to communicate with the studio. In this regard, you can instruct us to process the following data for you:
| Data Category | Explanation | Data Source |
|---|---|---|
| Communication content | e.g., content provided by the studio for the user such as training schedules, offers from the studio, studio news, etc. | Users themselves and partner studio |
To arrange communication between you and your studio, we collect and transmit the communication content and save it for you in your user account.
Another part of our service involves providing self-service. This enables you to view and, if necessary, change your personal data stored at the respective studio with which you have established a Connect. Furthermore, the self-service option offers you the opportunity to balance your member account. To disclose your personal data stored at your studio to you, we collect them from your studio without permanently saving them in our systems.
If you initiate payments to your member account, you give us your booking information, which we pass on to business partners for you for the purpose of payment processing. The transaction data are forwarded to us by the payment service provider, and we save them for you in your user account. We also store the data in order to meet legal requirements (e.g., retention obligations under tax and commercial law) or to exert and defend legal claims.
To protect your data, we work together with our partner studios on the basis of special contracts with shared responsibility. Details on this collaboration can be found in the summary of essential points that we have provided for you according to Art. 26, Para. 2, Clause 2 of the GDPR. When you use the self-service option, we collect the following personal data from your studio:
| Data Category | Explanation | Data Source |
|---|---|---|
| Member data | First name, last name, date of birth, sex, title, date of birth, address data, contact details, payment data, digital signature, and any other user-related member data stored by the studio | Partner studio and users themselves (in the event of changes) |
| Contract details | Information on the current contract, such as tariff name, start of the contract, contract term, notice period, fee, contract document as PDF | |
| Off-time | Reason for off-time, off-time fee, status, and any other user-related information stored by the studio | |
| Member account information | Due date, debt collection, amount, open amount, and any other user-related information stored by the studio | |
| Payment data (for payments to the member account) | Transaction data | Users themselves and payment service providers |
| COVID vaccination data | Vaccination date, vaccination dose, vaccine, country in which vaccination was administered, validity, organisation of vaccination | Users themselves |
| "Recovered" data | Date of positive result, country in which positive test result was issued, organisation of test results | Users themselves |
Part of our service is still to provide you with bookable service offers from our partner studios.
If you wish to book a service offer with a studio, we first check whether a Connect to the studio in question is already in place. In this case, we only collect and save the following additional personal data from you:
| Booking details | Specific information on the service booking such as time, place, type of service |
|---|---|
| Payment details | Transaction data (from the payment service provider) |
If a service offer is booked with a studio with which there is no Connect, we first check whether a Connect to the studio in question can be offered. The process described in Paragraph 2.3 is carried out with the relevant studio, and the data described there is collected, provided that the requirements for a Connect are met. In the event of a potential Connect, that Connect is offered to you. Subsequently, as soon as the Connect has been established, only the data described in this Paragraph 2.6 at the beginning are collected from you.
If the process described in Paragraph 2.3 does not lead to a Connect with the studio in question, the following personal data are collected, processed, and saved in our systems:
| Member data | First name, last name, birthday, sex, address data, contact details, payment detailsDeclaration of consent to general terms and conditions and data protection, marketing opt-inVerification status |
|---|---|
| Booking details | Specific information on the service booking such as time, place, type of service |
| Payment details | Transaction data (from the payment service provider) |
If you book chargeable services through our service, you give us your booking information, which we pass on to business partners for you for the purpose of payment processing. The transaction data are forwarded to us by the payment service provider, and we save them for you in your user account. We also store the data in order to meet legal requirements (e.g., retention obligations under tax and commercial law) or to exert and defend legal claims.
If, as a registered user, you are a beneficiary of an activity-based sports sponsorship/corporate sponsorship, our service makes it possible for you to task us with recording your activity data, the amount of the resulting sponsorship entitlement, and with notifying the sponsoring company that supports you of the sponsorship entitlement determined. To do so, we need to collect and process the following additional personal data from you:
| Data Category | Explanation |
|---|---|
| User information | Employee number (number assigned by the sponsoring company) |
| Contact details | First name, last name, date of birth, email |
| Activity data | Activity data relevant to sponsorship entitlement (e.g., number and duration of visits to our partner studios, outdoor activities) |
| Sponsorship conditions and entitlement | Applicable sponsorship conditions and the amount determined for the user's monthly sponsorship entitlement |
We process your data in order to calculate your entitlement to sports sponsorship and to communicate that entitlement to the sponsoring company that supports you. That way, we support you in handling your contractual relationship with the sponsoring company supporting you and at the same time fulfill a contractual relationship that exists between us and the sponsoring company supporting you. We also store the data in order to meet legal requirements (e.g., retention obligations under tax and commercial law) or to exert and defend legal claims.
As part of our service, you can instruct us to automatically import your fitness activities from Apple HealthKit and Google Fit in order, for example, to incorporate the data into an activity-based sports sponsorship. You need to give us your express consent to connect your Apple HealthKit or Google Fit account to your user account in order to have us import data.
Apple HealthKit We use the HealthKit framework from Apple (Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA; "Apple"), which provides a central storage location for health and fitness data on the iPhone and Apple Watch and – with express consent from the user – lets apps communicate with the HealthKit store in order to access and pass on these data. We process the following data, which are obtained by the HealthKit framework and the Apple CoreMotion processor, in order to import data:
Google Fit We use the Fit SDK from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). It is an open platform that allows users to control their fitness data. We process the following data, which we receive through the Google Fit SDK, with your express consent in order to import data:
The following data are collected:
| Data Category | Explanation | Data Source |
|---|---|---|
| Activity data | Number of steps taken and any other activity-relevant values if offered by "HealthKit" or "Google Fit" and selected by the user | Apple/Google |
You can prevent MySports from accessing your data at any time by changing your mobile device settings.
Communicating with you is still part of our service. We particularly do so in fulfillment of our connection contract in order to give you information on services booked or to answer your questions. We also communicate with you within the framework of marketing campaigns, market research, and to improve our services, etc. We process the following personal data:
| Data Category | Explanation | Data Source |
|---|---|---|
| Contact details | Email address, telephone number | Users themselves |
| Communication content | depending on the concerns of the user | Users themselves and partner studio |
In certain cases, we may use your personal data to process and resolve legal disputes or refer to them as part of investigations and to adhere to compliance guidelines. We may also use them to enforce compliance with the contractual terms applicable between you and us or to respond to any inquiries from law enforcement agencies or data protection authorities. Within the framework of data processing, we will – wherever possible – take suitable measures to protect your rights and freedoms. Apart from that, we will process your data to meet legal obligations, e.g., according to commercial and tax laws, the Money Laundering Act, or to comply with regulatory requirements.
We use cookies to improve presentation and navigation. A cookie is a text file that is sent to the browser by the web server. This file includes details of the URL visited, the date of the visit, and an expiration date that determines how long the cookie remains active. We use cookies both to identify the areas of the platform that are preferred and to enable users to save personal settings so that those settings are available again for future visits to the site. To determine the preferred areas of the platform, aggregated statistics are created on user behavior.
We use content and service offers from third-party providers on the platform in order to analyze and improve the platform. We also use cookies from these third-party providers to integrate their content or service. Information on the providers can be found in the following overview: Cookies
When you call up our service for the first time, we inform you about the use of cookies through an information banner. You are given the option of deciding whether and to what extent you want to accept the use of cookies. As soon as you click on Details, you are shown which cookies we use, and you are given the option of declining the use of certain cookies. You cannot influence the use of necessary cookies, i.e., those that are required for the operation of our service and its functions. Only after you have made your selection with regard to cookies are they used as part of our service. If you fail to accept any cookies, you may not be able to use the full range of functions of our service. You can also set your browser to alert you whenever you receive a cookie, or you can exercise your legal right of objection by rejecting cookies in the browser settings.
Further information on the handling of cookies can be found in the help pages of your browser and, e.g., on the following website: http://www.allaboutcookies.org/ge/.
We never give your data to unauthorized third parties. In the following section, we would like to use a summary to show you to whom and under what conditions we transfer your data or from whom we collect your personal data. In addition, we would like to create transparency with regard to the countries to which we transfer your data.
As we have already explained under Paragraph 2.3, data is exchanged with our partner studios in order to offer you the appropriate Connects or to enable you to use the self-service option with studios that you have selected. Since we hereby fulfill the connection contract between you and us, our legal basis for the data processing described above is Art. 6, Para. 1, Letter b) of the GDPR. For their part, the partner studios act on the basis of Art. 6, Para. 1, Letter f) of the GDPR since the expansion of the partner studios' service associated with the data exchange is in the legitimate interest of the partner studios. To protect your data, we have also concluded special contracts with our partner studios that regulate the handling of your data and the respective responsibilities. Details on this collaboration can be found in the summary of essential points that we have provided for you according to Art. 26, Para. 2, Clause 2 of the GDPR.
As we have stated under Paragraph 2.6, data is exchanged with your sponsoring company in order to support you in raising your claims against the sponsoring company. We hereby fulfill the connection contract between you and us, so that our legal basis for the data processing described above is Art. 6, Para. 1, Letter b) of the GDPR.
As part of our work, we use the services of select service providers and give them limited and strictly monitored access to some of our data. These service providers are carefully selected, only act on the instructions of MySports, and are contractually obligated to comply with the applicable data protection requirements. Below, we would like to inform you about all our data recipients and the respective reasons in a transparent and comprehensible manner:
| Data Recipient | Explanation |
|---|---|
| Service providers | They support our business activities, for example, by providing payment services, evaluating and optimizing marketing campaigns for us, but also by providing personalized advertising, IT solutions, and infrastructure or by ensuring the security of our business operations, for example, by detecting and eliminating faults. The legal basis for transmitting personal data is the contract that we have concluded with the relevant service provider in conjunction with Art. 6, Para. 1, |
| Letter f) of the GDPR. | |
| Members of the Sport Alliance group | Sometimes it is necessary within a corporate group to use resources efficiently. In particular, we provide technical support for systems in order to make the service available to users as error-free as possible, for analysis purposes, and to improve the service, in order to detect, prevent, and investigate fraudulent activities and data protection violations. The legal basis for the associated processing of personal data is the contract that we have concluded with the respective member company in conjunction with Art. 6, Para. 1, Letter f) of the GDPR. |
| Law enforcement agencies and legal procedures | Personal data is released if we are obligated to do so or – in our interest to avert damage, to enforce our claims, and to reject unjustified claims. The legal basis for transmitting personal data is Art. 6, Para. 1, Letter f) of the GDPR. |
We process your data mainly in the European Union (EU) and in the European Economic Area (EEA). However, some of the service providers that we mentioned above are based outside of the EU and EEA. The GDPR places high demands on the transfer of personal data to so-called third countries. Service providers that process your personal data on our behalf in third countries are only used if there is a "suitability decision" from the European Commission (Art. 45 of the GDPR) for this third country and the recipient has "suitable guarantees" (Art. 46 of the GDPR) or "internal data protection regulations" (Art. 47 of the GDPR). General information on the suitability decisions can be found at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_de, information on the available guarantees at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_de and https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_de, and information on the internal data protection regulations at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/binding-corporate-rules_de. For further information, you may contact our data protection officer.
| Data Processing Procedure | Legal Basis |
|---|---|
| Provision of the service (Paragraph 2.1) | The act of processing the data collected during access to the service is a pre-contractual measure within the meaning of |
| Art. 6, Para. 1, Letter b) of the GDPR. Apart from that, it serves to safeguard our legitimate interests as well as the legitimate interests of our partner studios (Art. 6, Para. 1, Letter f) of the GDPR). The legitimate interest of MySports is in the business interest to provide a technically error-free and optimized service. | |
| Sign-up (Paragraph 2.2) | Data processing serves to fulfill a connection contract concluded with the user or to carry out pre-contractual measures within the meaning of Art. 6, Para. 1, Letter b) of the GDPR. Apart from that, it serves to safeguard our legitimate interests as well as the legitimate interests of our partner studios |
| (Art. 6, Para. 1, Letter f) of the GDPR) and the legitimate interests of our sponsoring companies (Art. 6, Para. 1, Letter f) of the GDPR) or a contract concluded between you and the sponsoring company (Art. 6, Para. 1, Letter b) of the GDPR). | |
| Connect (Paragraph 2.3) | Data processing serves to fulfill a connection contract concluded with the user (Art. 6, |
| Para. 1, Letter b) of the GDPR). Apart from that, it serves to safeguard our legitimate interests as well as the legitimate interests of our partner studios (Art. 6, Para. 1, Letter f) of the GDPR). | |
| Use of the self-service option (Paragraph 2.4) | Data processing serves to fulfill a connection contract concluded with the user (Art. 6, |
| Para. 1, Letter b) of the GDPR). Apart from that, it serves to safeguard our legitimate interests as well as the legitimate interests of our partner studios (Art. 6, Para. 1, Letter f) of the GDPR). Apart from that, it serves to fulfill a legal obligation (Art. 6, Para. 1, Letter c) of the GDPR), e.g., identification obligations, regulatory requirements. | |
| Use of the booking portal (Paragraph 2.5) | Data processing serves to fulfill a connection contract concluded with the user (Art. 6, |
| Para. 1, Letter b) of the GDPR). Apart from that, it serves to safeguard our legitimate interests as well as the legitimate interests of our partner studios (Art. 6, Para. 1, Letter f) of the GDPR). Apart from that, it serves to fulfill a legal obligation (Art. 6, Para. 1, Letter c) of the GDPR), e.g., identification obligations, regulatory requirements. In this respect, there are contracts with the partner studios according to Art. 26 of the GDPR. | |
| Activity-based sports sponsorship/corporate sponsorship | |
| (Paragraph 2.6) | Data processing serves to fulfill a connection contract concluded with the user (Art. 6, |
| Para. 1, Letter b) of the GDPR) and to fulfill a legal obligation (Art. 6, Para. 1, Letter c) of the GDPR), e.g., according to commercial and tax laws, regulatory requirements. The user's consent to data processing (Art. 6, Para. 1, Letter a) of the GDPR). If the user has given MySports consent to processing his or her personal data for certain purposes (e.g., to process imported fitness activity information), the legality of this processing is given based on the consent. If consent is revoked, MySports may only process the personal data further to the extent that MySports can base processing on another legal basis. | |
| Import of fitness activity information from other accounts (Paragraph 2.7) | Data is processed with the user's consent within the meaning of Art. 6, Para. 1, Letter a) of the GDPR). The user has the right to revoke consent given to processing his or her personal data at any time. The revocation is to be explained to us. The contact details are listed below under Paragraph 8.1. In the event of a revocation, the relevant data will not be processed further. |
| Communication | |
| (Para. 2.8) | If we communicate with you with reference to the connection contract, data processing serves to fulfill the connection contract concluded with you (Art. 6, Para. 1, Letter b) of the GDPR). If the subject of communication is marketing campaigns, market research, or an improvement in our service in general, we only act on the basis of consent given to us within the meaning of Art. 6, Para. 1, Letter a) of the GDPR. The user has the right to revoke any consent given to us at any time with effect for the future. The revocation is to be explained to us. Change consent |
| Legal purposes (Paragraph 2.9) | Data processing serves to fulfill a legal obligation (Art. 6, Para. 1, Letter c) of the GDPR), e.g., according to commercial and tax laws, regulatory requirements. Furthermore, data is processed to safeguard legitimate interests within the meaning of Art. 6, Para. 1, Letter f) of the GDPR from MySports or third parties. It is in our legitimate interest to enforce legal claims or to defend ourselves in the event of a claim. When we use personal data for legitimate interests, we always weigh your interests and your rights to protect your data against our rights and interests and those of the third party. |
| Cookies (Section 3) | Technically necessary cookies are used to perform the service according to Art. 6, |
| Para. 1, Letter b) of the GDPR. Cookies (tracking) that are not technically necessary for performing the service are only used with the user's consent within the meaning of | |
| Art. 6, Para. 1, Letter a) of the GDPR. The user has the right to revoke consent given at any time. The user can change or revoke his or her consent at any time on our website. Change consent | Revoke consent |
We only save your personal data as long as necessary. Access data are deleted if knowledge of them is no longer required for the purposes described in this Data Protection Statement, unless statutory provisions stipulate longer storage. We delete your personal data either at your request, if you inform us of that request, or three years after they have been collected. If your account is inactive for three years, we delete it as well.
In addition to the deletion rules defined by us, there are statutory retention periods that we are to observe as well. For example, tax records must be retained for a period of six to ten years or in some cases even longer. These specific retention periods vary according to local legal requirements. Therefore, despite your request to have your data deleted, we may still need to keep some of the data stored for legal reasons. In this case, however, we will limit further processing of the data. All personal data that we save are covered by this Data Protection Statement.
We offer free apps (app and partner apps). These apps collect and process your personal data in a very similar way to the website or the partner websites. With your consent, we send you push notifications with information on the services you have booked. In the instructions for your mobile device, you will find information on how to change the settings and how to activate or block the receipt of push notifications. In addition, please refer to the explanations above under Paragraph 2.8.
The entity responsible is the authority that is responsible for processing your personal data and decides on the purpose and means of processing your personal data.
MySports GmbH Raboisen 6
20095 Hamburg
Managing Director Daniel Hanelt
Phone: +49 40 / 228679020
Email datenschutz@mysports.com
For the processes described in Paragraphs 2.3, 2.4, and 2.5 as well as the use of technically unnecessary cookies (tracking) according to Paragraph 3.2 on partner websites, MySports (cf. Paragraph 8.1 above) is responsible along with the partner studio in question. Details can be found in the summary of essential points that we have provided for you according to Art. 26, Para. 2, Clause 2 of the GDPR.
If you would like to object to our collection, processing, or storage of your personal data according to applicable data protection law, you may send your objection by email to the address mentioned above under Paragraph 8.1. Due to your objection, further use of our service may no longer be possible or only possible to a limited extent for technical reasons.
This Data Protection Statement may be retrieved and printed out at any time under the link /privacy. Since changes to the law or changes to our internal company processes may make it necessary to adjust this Data Protection Statement, we reserve the right to adjust this Data Protection Statement to changes in material or legal conditions if necessary and ask you to retrieve this Data Protection Statement on a regular basis.
Last updated: August 2021