1. General Information
2. Information about the data controller
The Data Controller responsible for processing the data on this website is:
REALZ Pilates, owner Kathleen Adler
10117 Berlin Mitte
Phone: + 49 (0) 172 – 313 8526
The Data Controller is a physical or legal person who decides on the goals and methods of processing personal data, alone or together with others (e.g., names, email addresses, etc.).
3. Data collection on our website collection of general information when visiting our website
When you visit our website, general information is collected automatically (i.e., not by means of registration). The web servers that are used store data by default:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
The purpose of this processing is so that our website can be accessed from your device and to allow it to be displayed correctly on your device or in your browser. We also use these data to optimise our website and to ensure our systems are secure.
The legal basis for temporary storage of data and log files is Art. 6 (1)(1)(f) GDPR. We have a legitimate interest in presenting you with an optimised website and allowing you to communicate between our server and your device.
All data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of data collection for provision of the website, this will be undertaken once the respective session has ended.
Visitors to our website can use most of our information without having to provide personal data. Insofar as personal data are collected on our website, this is always done on a voluntary basis as best possible. These can, for example, be data that you enter in our contact form or that you send us within the framework of registering for a course when you register via our online booking system. Which data are collected can be seen from the respective contact or registration form. This includes, in particular, your name and your email address. We then collect and use data for a specific purpose and in compliance with the statutory provisions.
If you send us enquiries via the contact form, we will collect the data shown on the form (in particular, name and email address) as well as any other personal data that you voluntarily provide to us as part of the contact enquiry. We only use your personal data to answer your enquiry. These data shall not be passed on to third parties.
In the case of a general contact enquiry without reference to the conclusion of a contract, the legal basis for data processing is Art. 6 (1)(1)(f) GDPR, as we need your contact details to answer your enquiry (legitimate interest). If the purpose of contacting us is to conclude a contract, then the legal basis is Art. 6 (1)(1)(b) GDPR (implementation of pre-contractual measures that are carried out at the request of the data subject.
The personal data transmitted via the contact form will be deleted after 3 months, unless there are other legal bases for processing (e.g., after the conclusion of a contract: in this case, further processing is necessary for executing the contract; Art. 6 (1)(1)(b)GDPR)
Online Booking System
If you book a Pilates lesson via our online booking system, we collect the personal data shown in the input screen, in particular your name, email address and bank details. The legal basis for this data processing is Art. 6 (1)(1)(b) GDPR, as REALZ Pilates requires the information to conclude and process the contract. The operator of the online booking system is Eversport GmbH, based in Vienna, Austria, to whom we pass on your data when you use the online booking system.
We have concluded an order processing contract with Eversport GmbH in accordance with Art. 28 GDPR. As a processor, Eversport GmbH processes your data exclusively on behalf of and according to expressly documented instructions from REALZ Pilates. Your data will not be disclosed to other third parties.
4. SSL OR TLS Encryption
This site uses SSL or TLS encryption for security reasons and for protecting the transmission of confidential content, such as orders or enquiries you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://”, as well as the lock symbol in your browser bar. If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
a) Technically necessary cookies
We use technically necessary cookies, i.e., cookies that are absolutely necessary for the operation of the website or for the provision of its functions. The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1)(f) GDPR (legitimate interest).
b) Cookies for marketing, tracking or analysis purposes
6. Third-Party content
a) Information on data transfer to a third country
Basically, your personal data will not be transferred to a third country or an international organisation. However, if you click on a YouTube video placed on our website and thereby activate it, information, including personal data (e.g., your IP address), can be transmitted to servers in the USA (see details below).
We would like to point out that the USA is not a secure third country under EU data protection law. For the USA, there is a decision on adequacy of the European Commission. On 16/07/2020, the European Court of Justice ruled that the previous so-called Privacy Shield does not represent a suitable basis for the transmission of personal data to the USA. We would like to point out that even if other guarantees exist to ensure data protection (e.g., standard contractual clauses of the European Commission), US companies may be obliged to surrender personal data to security agencies without you as the data subject being able to take legal action against this. As such, it cannot be ruled out that US authorities (for example, intelligence services) process, evaluate and permanently store your data located on US servers for surveillance purposes. We have no influence over these processing activities. Therefore, there is the possibility that, even if the standard contractual clauses of the European Commission or other guarantees to ensure data protection are used in the USA, there is no adequate protection, as these may not be fully enforceable. Insofar as data is transmitted to the USA, this shall only occur with your consent.
b) Third parties
(1) Social media buttons (links)
Buttons from the following social networks are integrated on our website:
- Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA)
- Instagram, c/o Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
The buttons are marked with the logo of the respective social network. When you visit our website, no automatic connection is established between your browser and the Facebook or Instagram server. Regular links are implemented in the buttons of the social networks mentioned, not plug-ins. Only when you click on the button does your browser establish a direct connection to the relevant REALZ Pilates presence on the respective social network. This prevents the unintentional and unwanted collection and transmission of data to these service providers.
We do not collect any personal data using the social media buttons or about how they are used. The links to the social media presences are not of plug-in quality and do not trigger any processing operations of the respective social network on our pages. We have no influence on which data the respective social network collects and how they are used by the respective provider; we are also not aware of the social media providers’ purposes of processing and storage periods.
At this time, you should assume that direct connections will be established to the services of the respective provider and that, at the least, your IP address and device-related information will be recorded and used. Providers may also try to save cookies on your computer. The data are passed on regardless of whether you have an account with the respective social media provider or are logged in there. If you are logged into a social network, the respective social network can also allocate the collected information and data directly to your account on the respective social network after activating the button. If you do not wish to be associated with your account when using a social media provider, you must first log out before clicking the button. If you do not want social networks to collect data about you, you must not press the buttons.
For details about the collection and storage of your personal data, as well as the type, scope and purpose of their use by the operator of the respective social network, please refer to the data protection declarations of the respective operator listed below.
(2) YouTube in the extended data protection mode (with consent)
YouTube videos are integrated into our website. This allows us to show you various videos of our activities and events on our website. The company providing the service in the European Economic Area and Switzerland is Google Ireland Limited, a company incorporated and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland.
The videos on our website are integrated into the so-called extended data protection mode. According to YouTube, extended data protection means that YouTube videos can be embedded without cookies being set to analyse usage behaviour; no data on user activities are collected to personalise video playback. Instead, video recommendations are rather based on the current video.
The legal basis for the processing of your personal data is your consent (Art 6 (1)(1)(a) GDPR): By activating the playback of an embedded YouTube video by clicking on it, you are giving your consent that
YouTube and DoubleClick (Google, USA) can set cookies on the device you are using, and personal data can be transmitted to them. You also give your consent if you click on “Accept all” in the cookie banner or click on the “YouTube” category in the “cookie settings”. Your consent also expressly includes the transfer of data to the USA,whereby you have been informed above about the possible risks of such data transfers without an adequacy decision and without suitable guarantees (information on data transfer to a third country).
7. Google Analytics (with anonymisation function)
We use Google Analytics on our website, a web analysis service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We only use Google Analytics with activated IP anonymisation (“anonymise IP”). Your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases (for example, in the case of technical problems in Europe) will the full IP address be sent to a Google server in the USA (and truncated there).
Google will use this information on our behalf for us to evaluate your visit to the website and to compile reports on website activities for us. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. The following categories of data are processed by Google: browser data, IP address (anonymised) and website activities. The legal basis for the use of Google Analytics is your consent in accordance with Art. 6
(1) (1)(a) GDPR. You give your consent by actively clicking “Accept all” in the cookie banner or by giving your consent under “Cookie settings”. Your consent also expressly includes a possible transfer of data to the USA,whereby you have been informed above about the possible risks of such data transfers without an adequacy decision and without suitable guarantees (information on data transfer to a third country).
8. Rights of data subjects
If REALZ Pilates processes your personal data, you are the data subject within the meaning of the GDPR. You have the following rights vis-à-vis REALZ Pilates as the data controller. If you wish to exercise your rights, please send us a message via one of the email addresses stated in the site notice.
a) Right to revoke consent (Art. 7 (3) GDPR)
If you have given us your consent, you can revoke it at any time going forward. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
b) Right of objection (Art. 21 GDPR)
According to Art. 21 GDPR, you have a right of objection if we base the processing of personal data on our legitimate interest or legitimate interest of a third party in accordance with Art. 6 (1)(1)(f) GDPR:
After an objection, we will no longer process the personal data that concerns you, unless we can prove compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise, or defend legal claims. The legality of the processing carried out before the objection shall not be affected by the objection.
c) Right of the data subject to be informed (Art. 15 GDPR)
You have the right to request confirmation from us as to whether we are processing your personal data. If there is such processing, you have the right to obtain information about which data concerning you are being processed by us and how.
d) Right to rectification (Art. 16 GDPR)
If your personal data are incorrect or incomplete, you have the right to request that they be corrected or completed.
e) Right to deletion (Art. 17 GDPR)
You have the right to request that we delete your personal data if the requirements from Art. 17 GDPR are met. Your right to deletion depends on, whether, for example, your data are still required to fulfil a legal obligation or for the purposes for which they were processed.
f) Right to restriction of processing (Art. 18 GDPR)
If we are not yet allowed to delete your data due to, among other things, legal obligations, you can request the restriction of processing of personal data concerning you under the conditions of Art. 18 GDPR.
You have the right to restriction of processing, for example, if you have entered an objection to processing in accordance with Art. 21 1 GDPR and it has not yet been determined whether the legitimate reasons of the data controller outweigh your reasons.
g) Right to data portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you that you have provided to us in a structured, current and machine-readable format and to transmit these data to another data controller without hindrance from us; possibly also the right to demand that we transfer the data directly to another data controller, insofar as this is technically feasible and the rights and freedoms of other persons are not impaired.
h) Right to complain to a supervisory authority (Art. 77 GDPR)
You have the right to complain to a supervisory authority without prejudice to any other administrative or judicial remedy. Your supervisory authority will vary depending on your country of residence, your work and the nature of the alleged infringement. A list of regulatory authorities with addresses can be found at: bfdi.bund.de.