Legal

Privacy Policy

Privacy Policy | smart Coaching

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Fitness Nation GmbH , Bergstr. 18, 59394 Nordkirchen, Germany

Contact for data protection: [email protected]

2. Data Protection Officer

Our Data Protection Officer is:

Mr. JĂĽrgen Recha , c/o interev GmbH, Robert-Koch-StraĂźe 55, 30853 Langenhagen

3. Overview: What is smart coaching about?

"Smart Coaching" is an AI-powered coaching feature within our app (covering topics such as nutrition, training, and balance). Users enter information into a chat; the AI ​​then generates suitable coaching content.

Important note regarding data minimization: Please do not enter any directly identifiable information (full name, address, email, phone number, etc.) during coaching sessions. Use only a nickname so that your entries cannot be easily linked to a real person.

4. What data do we process?

Depending on usage, we process the following categories of personal data:

a) Usage and contract data

  • Contract status (subscription duration), selected presale model (1/2/6 months), billing/transaction data [if processed by you; if external payment provider: see recipient]
  • App settings and feature usage (e.g., whether coaching is actively used)

b) Coaching/Chat dates

  • Content that users enter into the chat (e.g., goals, preferences, feedback)
  • AI-generated answers within the coaching process

c) “Relevant points” as a coaching memory (own database)

We do not necessarily store the entire chat history permanently, but rather save the relevant points from the coaching in our own database during the subscription period, so that the support remains consistent throughout the period (e.g. goals, limitations, preferences, interim results, important information from the communication).

d) Technical data

  • Device/app/log data, timestamps, error diagnostic information, IP address (technically required for operation and security)

e) Special categories of personal data (Art. 9 GDPR)

If users provide information during coaching that allows conclusions to be drawn about their health (e.g., weight, complaints, diagnoses, medications, stress, sleep), this may constitute health data within the meaning of the GDPR.

5. Purpose of processing

We process data for the following purpose:

  1. Provision of smart coaching and generation of AI answers
  2. Optimizing coaching (quality, relevance, user guidance, troubleshooting)
  3. Individualization/personalization of the coaching (e.g., adaptation to goals, preferences, level), including saving relevant points as a "reminder" for support during the subscription period.
  4. IT security and abuse prevention , as well as stability, debugging and system monitoring.
  5. Support (if users contact us and content is required for this)

6. Legal Basisn (Art. 6 GDPR)

We process personal data on the following legal bases:

  • Article 6(1) b GDPR (Contract) : for the provision of coaching and fulfillment of the user agreement
  • Article 6(1)(f) GDPR (legitimate interest) : IT security, abuse prevention, error analysis, stability and improvement of user experience

7. Health data / special categories (Art. 9 GDPR)

When users enter health data during coaching sessions, we only process this data if a legal basis for doing so exists according to Article 9 of the GDPR. In practice, this is regularly done on the basis of explicit consent (Article 9(2)(a) GDPR), which can be withdrawn at any time with effect for the future.

(Note: Consent must be actively, informed, and logging-able within the app – e.g., via a checkbox/confirmation – before health-related content is permanently used for personalization.)

8. Recipients and Service Providers (Data Processing)

a) OpenAI (KI-Service Provider via API)

We use an external AI service provider (OpenAI) via API to generate coaching responses. The content required for the response is transmitted to and processed by OpenAI.

We prioritize data minimization and use organizational/technical measures to avoid direct identification (e.g., using nicknames and pseudonymized internal IDs, where implemented).

b) Other recipients

In addition, the following categories of recipients may be used – insofar as this is necessary for operations and the contract:

  • Hosting/infrastructure providers (e.g., database/server operation)
  • Support/ticketing service provider [if applicable]
  • Payment service provider [if applicable]

(If you want/need to name specific service providers, you can add them here – depending on transparency requirements and design.)

9. Third Country Transfer

Insofar as recipients/service providers process data outside the EU/EEA (especially in the case of international cloud/AI services), this is only done under appropriate safeguards (e.g. EU standard contractual clauses) and additional technical/organizational measures.

10. Storage duration / Deletion

  • Relevant points in our own database (coaching memory): These are stored for the duration of the active subscription to ensure consistent support throughout its term. After the subscription ends, this data is deleted or anonymized unless there are legal retention obligations or legitimate reasons for longer storage.
  • Technical logs/error data: Stored only as long as necessary for security and error analysis, then deleted/anonymized.
  • Contract and billing data: Stored in accordance with statutory retention periods.

11. Safety (TOMs – Brief description)

We implement appropriate technical and organizational measures to protect data, including:

  • Access restrictions (role/rights concept)
  • Encryption during transport and – where provided – during storage
  • Logging, monitoring, updates/patching
  • Data minimization: Only the data relevant for customer service is stored during the subscription period.

12. Rights of data subjects

Under the GDPR, you have the following rights in particular:

  • Information, rectification, erasure, restriction of processing
  • Data portability (where applicable)
  • Objection to processing based on legitimate interests
  • Revocation of granted consent at any time with effect for the future
  • Complaint to a data protection supervisory authority

13. No purely automated decisions with significant impact

Smart coaching provides suggestions and content. It does not make purely automated decisions with legal consequences or similarly significant impact.

14. Changes to this Privacy Policy

We may update this privacy policy if features, processes, or legal requirements change. The most current version is available in the app.