Privacy Policy
Last Updated: March 23, 2026
This Privacy Policy informs you about the
nature, scope, and purpose of the processing of personal data within our mobile
application (the "App") for iOS and Android.
ATLETICA Deutschland GmbH (the
"Controller") is committed to protecting your privacy and ensuring
transparency in how your data is handled.
The party responsible for data processing (the
"Controller") is:
ATLETICA Deutschland GmbH
Görresstr. 5, 55131 Mainz, Germany
E-Mail: service@atletica.de
Designation of a data protection officer:
External Data Protection Officer at ATLETICA
Deutschland GmbH:
c/o TÜV SÜD Akademie GmbH
Westendstraße 160
80339 München
E-Mail: privacy@atletica.de
For any inquiries regarding data protection,
please contact us at the email addresses above.
We process your personal data in accordance with
the General Data Protection Regulation (GDPR).
a.
Information Provided by You
1)
Account Data: When you create an account, we process your name and email address to
set up and manage your user account, provide you with access to the App and
communicate with you about your registration and use of the service. The legal
basis for this processing is the performance of our contract with you (Art.
6(1)(b) GDPR).
2)
Personal Fitness Profile: To create and provide your individual training plan, the App requires
you to provide certain information during onboarding, including gender, age,
height, weight, training experience, training goals, preferred muscle groups,
available equipment, and intended training frequency. This information is
mandatory and cannot be skipped, as it is necessary to set up your profile and
generate the appropriate training program. Based on the height and weight you
provide, the App automatically calculates your BMI and categorizes it. We use
this information solely to determine the most suitable training program for you
and do not use it for unrelated purposes. The legal basis for this processing
is the performance of our contract with you (Art. 6(1)(b) GDPR); to the
extent that BMI calculation or categorization involves health-related data, the
processing is based on your explicit consent (Art. 9(2)(a) GDPR).
3)
User-Generated Content (Optional): After workouts, you can optionally rate your session and add personal
notes in the form of text, photos, or videos. We process this content to
provide and improve the training experience and the optional features you
actively choose to use (for example, to help you track your progress or reflect
on individual sessions). The legal basis for this processing is your consent
(Art. 6(1)(a) GDPR); where necessary to provide these optional features, Art.
6(1)(b) GDPR may also apply.
Where your notes, photos or videos contain information that
reveals or may reveal data concerning health, we process this content on the
basis of your explicit consent in accordance with Art. 9(2)(a) GDPR, which
you grant by voluntarily uploading such content and which you can withdraw at
any time with effect for the future (for example, by deleting the content or
contacting us).
4)
Search Functionality: When you use the in‑app search, we process your search queries and your IP address to return
relevant exercises and other content and to operate the search service
securely. The legal basis for this processing is the necessity of the
processing for the performance of our contract with you (Art. 6(1)(b) GDPR).
b.
Automatically Collected Technical Data
1)
To ensure the stability and security of the App,
we process certain technical information when you use it, such as your IP
address (for a short period for security and diagnostics), your device’s
operating system version and manufacturer, and crash reports (e.g. via Sentry).
The processing of these data is necessary to provide the app service and
to ensure the proper functionality and security of the program. The legal bases
for this processing are Art. 6(1)(b) GDPR (performance of a contract) and Art.
6(1)(f) GDPR (legitimate interest in maintaining the functionality and security
of the app).
To enable specific features, the App requires
access to the following on your device:
· Camera & Microphone: To record video or photo
memos.
· Photo Library: To upload existing media to your memos.
You can grant or revoke these permissions at any
time via your device settings.
We utilize trusted service providers who process
data strictly according to our instructions:
|
Name of the
processor |
Purpose of
processing |
Processor
Privacy Policy |
|
Google Ireland Ltd. (Firebase) |
Infrastructure, database hosting, and push
notification delivery |
https://policies.google.com/privacy |
|
Functional Software Inc. (Sentry): |
Real-time error monitoring and crash reporting |
https://sentry.io/privacy/ |
The listed service providers act as data
processors and process personal data solely on our documented instructions. All
processors are legally bound by a Data Processing Agreement (DPA) in accordance
with Art. 28 GDPR.
International Transfers: Sentry is a globally operating company. Due to its international
structure, personal data may be processed by Sentry affiliates located outside
the European Economic Area (EEA).
For transfers of personal data outside the
European Economic Area (EEA), Sentry ensures that appropriate safeguards in
accordance with Chapter V GDPR are implemented:
a.
Where personal data is transferred to countries
that benefit from an adequacy decision of the European Commission, such
transfers are based on Art. 45 GDPR.
b.
For transfers involving access from the United
States, Sentry relies on its certification under the EU-US Data Privacy
Framework.
c.
For transfers to other third countries where no
adequacy decision applies, Sentry implements Standard Contractual Clauses
(SCCs) as an appropriate safeguard pursuant to Art. 46 GDPR.
Our mobile App does not use cookies. If you
visit our associated website, we may use technically necessary cookies for
basic operation (e.g., session management), which do not require consent under
Section 25 TTDSG. You can manage cookies via your browser settings.
The App uses an algorithm to generate training
programs based on your provided fitness metrics. This automated processing is
necessary to provide the personalized service. This does not constitute
automated individual decision-making with legal effects under Art. 22 GDPR; you
have the right to obtain human intervention, express your point of view, and
contest the logic of the program generated by contacting us.
We adhere to the principle of data minimization:
a.
Active Account & Fitness Data: Stored for as long as your account is active.
b.
Account Deletion: Upon using the in-app "Delete Account" feature, your personal
data and media memos are purged from our active databases within 30 days.
c.
Technical Logs: Diagnostic logs in Firebase/Sentry are automatically deleted or
anonymized after 90 days.
Under the GDPR, you have the following rights:
a.
Access & Portability: Request a copy of your processed data.
b.
Rectification & Erasure: Correct inaccurate data or request deletion ("Right to be
forgotten").
c.
Withdrawal of Consent: You may withdraw your consent for health data processing at any time
by deleting your profile or account.
d.
Right to Object: Object to processing based on legitimate interests.
e.
Right to Complain: You have the right to lodge a complaint with a Data Protection
Supervisory Authority. The competent authority for our office is: Der Landesbeauftragte für den Datenschutz
und die Informationsfreiheit Rheinland-Pfalz,
Mainz.
Our Service is not directed at persons under the
age of 16. We do not knowingly collect personal data from children under 16
years of age. If we become aware that a child under 16 has provided us with
personal data without parental consent, we will take steps to delete that data
promptly.
This Service may contain links to third-party
websites. These external sites are not operated by us, and we have no control
over their content or privacy practices. We encourage you to review the privacy
policies of any third-party sites you visit.
We implement state-of-the-art security measures.
All data transmission between the App and our servers is encrypted using
TLS/HTTPS. Your media files (photos/videos) are stored in secure,
access-controlled environments.