Data protection

Data protection

Thank you for visiting our website and for your interest in our company and our products. In doing so, we respect your privacy and ensure the protection of your personal data by processing your personal data in accordance with the content of this Privacy Policy and the applicable data protection laws.

You can visit our website without telling us who you are. In order to display our website, you are only required to provide the data transmitted by your browser to our server (see “Log files”). Further personal data is only stored if you voluntarily enter it on the website or use the corresponding functions, e.g. when entering data via our contact form or when creating a profile.

Ergoscreenings

If you would like to carry out an ergoscreening, you must first register on our website and create a profile. This requires you to enter your name, an e-mail address, the Ergofox ID of your ergoscreening device and a password. All of this information is mandatory information that we require to provide our service (Art. 6 para. 1 sentence 1 lit. b GDPR).

As part of the ergoscreening, data is collected via sensors, which allows conclusions to be drawn about your health. On the other hand, we process health data that you enter in a questionnaire before the measurement and in the feedback survey after the measurement. We may only process this particularly sensitive and protected health data in accordance with Art. 9 para. 1 GDPR with your express consent in accordance with Art. 9 para. 2 lit. a GDPR, which you can give when you register. Please note that without this consent to the processing of your health data, we cannot provide our services and cannot carry out the ergoscreening.

The measurement data is recorded using the 3D sensor of the Ergoscreening device. The integrated depth sensor detects distances in three-dimensional space and thus calculates a depth image of the measurement environment. The resulting depth image in the form of point data serves as the basis for our algorithms for recognizing sitting posture. Based on the depth data transmitted by the sensor, the built-in single-board computer calculates selected body points directly in the device in real time. These are sent to the ergofox server as encrypted 3D coordinates (x/y/z) via an integrated SIM card.

In connection with the performance of the ergoscreening, further data may also be collected which, although not a prerequisite for participation itself, may be helpful and may also have an effect on the evaluation and the further course of the screening - so-called optional data (Art. 6 para. 1 sentence 1 lit. a GDPR).

Ergogames

When participating in Ergogames, you control the game primarily through body movements, which are recorded by the camera on your end device. This data is processed locally on your device to control the Ergogame and is not saved.

If you participate in an Ergogame by a provided link, you have the option of entering a name after completing the game, which will be displayed in a ranking (number of points achieved in a high score) for you and all other participants who play the Ergogame under the same link (possibly the same company or institution that booked the Ergogame). Entering a name is optional and in this case is done with your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). However, you can also enter a pseudonym or make no entry. No further storage of personal data (such as evaluations or scores) or disclosure of this data to third parties takes place. On request, we will provide our contractual partner (who has booked the Ergogame) with statistics showing the number of participants. These statistics do not contain any personal data and do not allow any conclusions to be drawn about the participants.

If you book an Ergogames product yourself (e.g. as part of the City Hopper prevention course), you must first register on our website and create a profile. This requires the information marked with an asterisk as well as a password. All of this information is mandatory information that we require to provide and bill our services (Art. 6 para. 1 sentence 1 lit. b GDPR). In connection with the implementation of the ergogames, further data may also be collected (e.g. in questionnaires), which are not a prerequisite for participation itself, but which may be helpful and may also have an effect on the evaluation - so-called optional data (Art. 6 para. 1 sentence 1 lit. a GDPR). You can call up results and statistics on the ergogames you have completed via your profile.

Data security, data transfer and data deletion for ergoscreenings and ergogames

All our IT systems in which your personal data is stored and processed are protected by strict measures and are only accessible to a selected and additionally trained group of employees. We maintain up-to-date technical and organizational measures to ensure data security, in particular to protect your personal data from risks during data transfers and from unauthorized access by third parties. These are adapted to the current state of the art.

Your personal data will not be passed on to third parties unless

- overriding legal provisions provide for the transfer of data to recipients of public bodies

- we use processors in accordance with Art. 28 GDPR (e.g. for hosting an application) who have been carefully selected and commissioned by us

- the data is necessary for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data;

- you have given your express consent for your data to be passed on to external bodies.

No other participants have access to the data stored in your profile without knowing your password. Please choose a sufficiently complex password and keep your password secret.

The personal data stored for your profile, including the measurement data from ergoscreenings or statistics at Ergogames, will be anonymized 12 months after your profile has been created so that individual details about personal or factual circumstances can no longer be assigned to a specific or identifiable natural person. The data relating to the contractual relationship will be deleted once the statutory retention obligations have expired. You have the option of having your profile deleted at any time. To do so, please contact us using the contact details provided under “Responsible parties”.

Contact

You can enter your personal data on our website in order to contact us. All data fields are mandatory. This data will be used and stored with your consent exclusively for the purpose of processing your message (Art. 6 para. 1 sentence 1 lit. a GDPR). It will not be used for other purposes or passed on to third parties unless you expressly agree to this (consent).

Cookies

Cookies are very small text files used by websites, which your browser stores on your end device and can send certain information to us or, if applicable, to a third party. Transient cookies are automatically deleted when you close your browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your device to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. In contrast to transient cookies, deletion does not occur automatically when the browser is closed. However, you can also delete cookies at any time in the security settings of your browser.

Cookies that are absolutely necessary to provide a service expressly requested by the user (“necessary cookies”) are processed within the scope of our legitimate interest in providing and operating the website on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR and §25 para. 2 TTDSG. The following necessary cookies are set when you visit our website

name                           description                     duration of storage

sessionid                     session                             2 weeks

flysess                         session                            12 months

csrftoken                Cross Site Request               12 months

                               Forgery protection

In addition, other information is stored or accessed on your end device that is not absolutely necessary to provide a service expressly requested by the user. The storage or access only takes place if you give your consent (Art. 6 para. 1 sentence 1 lit. a GDPR and §25 para. 1 TTDSG). Details on the type of information, purpose of processing, storage period of the information and possible recipients of the data can be found later in this privacy policy.

You can set your browser so that it generally does not accept cookies or so that only certain cookies are stored or not stored. You can revoke any consent you may have given to the processing of data using cookies at any time by deleting the relevant cookies directly via your browser settings. You can find out more about this in your browser's help system. If your browser rejects all cookies, it is possible that not all functions of this website can be used.

Fanpages

In order to provide customers, partners or other interested parties with up-to-date information and to get in touch with them, we operate so-called “fan pages” on the following social networks in addition to our own website: LinkedIn.

Data processing is carried out by the provider of the social media platform. Data processing outside the European Union cannot be ruled out. The provider of the platform may provide us with aggregated usage data, but we do not have access to personal data if you only visit the fan page.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. In the case of consent in the form of an opt-in (“tick the box”, “activate button”) or any other form of obtaining consent, the legal basis is Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time without giving reasons to the person to whom it was given, with effect for the future.

As the data processing is carried out by the provider of the platform, we recommend that you contact the respective provider of the platform to exercise your rights of access, rectification, erasure, data portability and objection when visiting our fan page. If necessary, we will of course support you in exercising your rights.

In addition, cookies may be placed on your end device. The purposes and legal basis for the use of cookies can be found under “Cookies” in this privacy policy or in the privacy policies of the platform provider.

Further information can be found under the following links:

- LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland; http://www.linkedin.com/legal/privacy-policy.

Logfiles

Each time you access our website, we collect the following information about your end device: the IP address of your end device, the request from your browser and the time of this request. In addition, the status and the amount of data transferred as part of this request are recorded, as well as product and version information about the browser used and the operating system of your device. We also record the website from which our site was accessed. The IP address of your device is only stored for the duration of your use of the website and then immediately deleted or anonymized by shortening it. The other data is stored for a limited period of time. We use this data for the operation of our website, in particular to detect and eliminate errors on the website, to determine the utilization of the website and to make adjustments or improvements (legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR).

Matomo

This website uses the web analysis service Matomo to analyze and regularly improve the use of our website. We have a legitimate interest in using the statistics obtained to improve our website and make it more interesting for you as a user. We use Matomo without cookies for this purpose. The legal basis for the use of Matomo is Art. 6 para. 1 sentence 1 lit. f GDPR.

You can prevent the use of Matomo by clicking on the following link to set an opt-out cookie: [Matomo iFrame]. Please note that by opting out, a cookie with the name ??? will be set on your end device for the duration of ??? to prevent tracking - which is technically necessary to guarantee your right to object. If you then delete cookies from your end device, the opt-out cookie will also be deleted, so that a new objection may be necessary.

This website uses Matomo with the extension “Anonymize Tracking Data”. This means that IP addresses are further processed in abbreviated form, so that they cannot be directly linked to individuals. The IP address transmitted by your browser via Matomo is not merged with other data collected by us. You can obtain information from Matomo on data protection at https://matomo.org/privacy/.

Payment data

For individual bookings, we offer you the payment methods PayPal, credit card, SEPA direct debit mandate, instant bank transfer or bank transfer on account. We process your payment data in order to process the payments. Depending on the selected payment method, we pass on your payment data to the credit institution commissioned with the payment and, if applicable, to the payment service provider commissioned by us (Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin and SOFORT GmbH, Theresienhöhe 12 in 80339 Munich).

Embedded content from third parties (e.g. Vimeo, Canva)

If content from third-party providers such as Vimeo is displayed on our websites, your IP address and the content shown under “Logfiles” must be transmitted to the third-party provider in order for this content to be made available and displayed in your browser. This serves the purpose of an appealing presentation of our website. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have no influence on data processing by the third-party provider. If you are logged into a user account with the third-party provider, the third-party provider can assign your user behavior to your user account. The third-party provider may store your data as a user profile and use it for the purposes of advertising, market research and/or the needs-based design of its website. You must contact the third-party provider if you wish to object to the creation of these user profiles.

Further information on the purpose and scope of data collection and its processing by the third-party provider can be found in their privacy policy. There you will also find further information on your rights and setting options to protect your privacy:

- Vimeo.com, Inc, 330 West 34th Street, 10th Floor, New York, New York 10001, USA, https://vimeo.com/privacy. Data transfers to the USA take place on the basis of the EU Commission's adequacy decision on the EU-U.S. Data Privacy Framework.

- Canva Pty Ltd, 110 Kippay St, Surry Hills, NSW 2010, Australia, https://www.canva.com/de_de/richtlinien/privacy-policy/. Data transfers to Australia are based on EU standard contractual clauses.

Revocation of consent

If you have given us your consent, e.g. in the context of an inquiry via our contact form or in another context, you can revoke this at any time with effect for the future.

Objection to data processing

Insofar as we base the processing of your personal data on a balancing of interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you may object to the processing. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue the processing.

You can object to the processing of your personal data for advertising and data analysis purposes at any time.

You can send us your revocation or objection using the contact details under “Responsible parties”.

Your rights

You have the following rights vis-à-vis us with regard to your personal data:

- Right to information as to whether we process data about you. If we process data about you, you have the right to obtain information about the nature and circumstances of the data processing (Art. 15 GDPR),

- Right to rectification of inaccurate data (Art. 16 GDPR) or the right to erasure of your data, provided that the requirements of Art. 17 (1) GDPR are met

- Right to restriction of processing (Art. 18 GDPR),

- Right to object to processing under the above-mentioned conditions (Art. 21 GDPR)

- Right to data portability under the conditions of Art. 20 GDPR.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

Responsible parties

ergofox GmbH, Ruckteschellweg 8a, 22089 Hamburg

Telephone: 0157 501 512 26; E-Mail: info [at] ergofox.me

Data protection officer: datenschutzanfragen@xdsb.de or at our postal address with the addition “the data protection officer”

Hamburg, December 2024