Privacy Policy
A. Name and address of the person responsible
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is: Volker Fezer and Steffen Schuck GbR An der Mauer 1 73614 Schorndorf Email: support -at- sentiero.de
B. General information on data processing
1. Scope of processing of personal data
As a general rule, we only collect and use personal data from our users to the extent that this is necessary to provide a functional website and our content and services. The collection and use of our users’ personal data regularly only takes place with the user’s consent. An exception applies in cases in which obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.
2. Legal basis for processing personal data
To the extent that we obtain the consent of the data subject for processing personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. When processing personal data that is necessary to fulfill a contract to which the data subject is a party, Art. 6 Para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 Paragraph 1 Letter c GDPR serves as the legal basis. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 Para. 1 lit. f GDPR serves as the legal basis for the processing.
3. Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data to conclude or fulfill a contract.
C. Automatic data collection when you access and use the website
I. Provision of the website and creation of log files
1. Description and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected: (1) The user's IP address is anonymized (2) Date and time of access The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Article 6 (1) (f) GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. To do this, the user's IP address must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. The data also serves us to optimize the website and to ensure the security of our information technology systems. The data will not be evaluated for marketing purposes in this context. These purposes also include our legitimate interest in data processing in accordance with Article 6 Paragraph 1 Letter f of the GDPR.
4. Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after 30 days at the latest. Storage beyond this is possible. In this case, the users' IP addresses are deleted or altered so that it is no longer possible to assign the calling client.
5. Possibility of objection and removal
The collection of data to provide the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is therefore no possibility for the user to object.
II. Use of cookies a) Description and scope of data processing Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is accessed again. Cookies cannot run programs or transmit viruses to your computer and therefore cannot cause any harm. They serve to make the Internet offering more user-friendly and effective overall, i.e. more pleasant for you. Cookies can contain data that makes it possible to recognize the device used. In some cases, cookies only contain information about certain settings that are not personally identifiable. However, cookies cannot directly identify a user. A basic distinction is made between transient (session) cookies, which are deleted as soon as you close your browser, and persistent (permanent) cookies, which are stored beyond the individual session. In terms of their function, cookies are differentiated between: – Technical cookies: These are absolutely necessary to move around the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes or remember which websites you have visited; – Performance cookies: These collect information about how you use our website, which pages you visit and e.g. B. whether errors occur when using the website; they do not collect any information that could identify you - all information collected is anonymous and is only used to improve our website and find out what interests our users; – Advertising cookies, targeting cookies: These serve to offer the website user tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers; Advertising and targeting cookies are stored for a maximum of 13 months; – Sharing cookies: These serve to improve the interactivity of our website with other services (e.g. social networks); Sharing cookies are stored for a maximum of 13 months. We only use technical cookies on our website to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change. The following data is stored and transmitted in the cookies: (1) Language settings (2) Log-in information b) Legal basis for data processing The legal basis for the processing of personal data using technically necessary cookies is Art. 6 Para. 1 lit. f GDPR. c) Purpose of data processing The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change. We regularly require cookies for the following applications: (1) Adopting language settings (2) Customer account/customer registration process For these purposes, our legitimate interest also lies in the processing of personal data in accordance with Article 6 (1) (f) GDPR. The user data collected through technically necessary cookies is not used to create user profiles. e) Duration of storage, possibility of objection and removal Transient cookies are automatically deleted when you close the browser. These include, in particular, the technically necessary session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
III. Google Web Fonts
This site uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. We have set up the tool for you so that the browser you use does not have to connect to Google's server. The required WebFonts are loaded directly from our server. Because of this tool, Google therefore has no knowledge that our website was accessed via your IP address. Google Web Fonts are used in this form in the interest of a uniform and attractive presentation of our online offerings. This represents a legitimate interest within the meaning of Article 6 Paragraph 1 Letter f of the GDPR. If your browser does not support web fonts, a standard font will be used by your computer. Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy at https://www.google.com/policies/privacy/.
IV. MapBox
This site uses the online map service Mapbox via an API interface. The provider is Mapbox Inc., 740 15th Street NW, 5th Floor, District of Columbia 20005, USA.
In order to use the functions of Mapbox, it is necessary to save your IP address. This information is usually transferred to a Mapbox server in the USA and stored there. The provider of this site has no influence on this data transfer. In addition, according to the provider Mapbox, further information such as browser information, location and usage data as well as information about your operating system is automatically transmitted to MapBox. According to the provider, the data collected, particularly the IP address, is automatically deleted after 30 days.
The use of Mapbox is in the interest of an attractive presentation of our online offerings and to make it easy to find the locations we specify on the website. This represents a legitimate interest within the meaning of Article 6 Paragraph 1 Letter f GDPR.
If you have expressly consented to the data collection and storage, Art. 6 I a) GDPR represents the legal basis for data collection.
You can find more information about the handling of user data in Mapbox's privacy policy at: https://www.mapbox.com/legal/privacy
D. Data collection when registering and using a customer account
1. Description and scope of data processing
On our website we offer users the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and stored. A transfer of data to third parties does not take place. At the time of registration, the following data is collected and stored: (1) The user's IP address (2) Date and time of registration (3) First and last name and email address (inventory data) As part of the registration process, the user's consent is required processing of this data. After registration, access to the user account is possible using a password chosen by the user and the email address stored with us. When further setting up and using the user account, the following personal data can be provided by the user as a further step: - The training data collected as part of his training such as age, weight, heart rate, power, energy consumption, cadence, speed, distance, duration. - a so-called individual metabolic profile for calculating the optimal carbohydrate consumption, hereinafter also referred to as “training data”. The data can either be uploaded manually by the user or imported into the customer account using an interface.
2. Legal basis for data processing
The legal basis for the processing of the data, if the user has given his consent, is Article 6 (1) (a) GDPR. In addition, registration and processing of the training data serve to fulfill a contract to which the user is a party. The additional legal basis for processing the data is Article 6 (1) (b) GDPR.
3. Purpose of data processing
The user is registered for the purpose of using our services or to carry out pre-contractual measures. Once you have registered or opened a customer account, the inventory data and training data provided by the user are stored in a customer database. In this way, the user can log in at any time with their user name and password and access their data pool for evaluation purposes.
4. Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the user's collected inventory and training data if the customer account or individual data is deleted or changed by the user, but no later than six months after the last customer account login. Users are asked in advance to confirm their customer account and are informed of the impending deletion of account data if the customer account is inactive. However, even after the contract has been terminated and the customer account has been deleted, it may be necessary to store the contractual partner's personal data in order to comply with contractual or legal obligations. In this case, the data will be deleted immediately after the statutory retention periods have expired.
5. Possibility of objection and removal
The user has the option at any time to delete or change the data stored under his customer account, regardless of contractual obligations. However, if the user's data is required to fulfill a contract or to carry out pre-contractual measures, early deletion of the data is only possible unless contractual or legal obligations prevent deletion.
E. Data processing within the framework of a contract
1. Scope of data processing
As part of the ordering process via our website, we collect personal data such as name, address and email address.
2. Legal basis for data processing
The legal basis for storing your data is Article 6 Paragraph 1 Sentence 1 Letter b GDPR.
3. Purpose of data processing
We use the data provided during the ordering process exclusively to fulfill the contractual relationship concluded with the user. In this context, we only process personal data to the extent technically necessary. Under no circumstances will personal data be used, sold or otherwise passed on to third parties for any other purpose outside of our company without your express consent, which can be revoked at any time. However, in order to process payments, we pass on your payment data to the payment service provider PayPal, which is responsible for the payment. If you select the PayPal payment method, you will be automatically redirected to the online payment service PayPal (Europe) S.a`r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. In this case, the PayPal terms of use apply, which the customer can find at https://www.paypal.com/de/webapps/mpp/ua/useragreement-full or - if there is no PayPal account - at https://www .paypal.com/de/webapps/mpp/ua/privacywax-full. can retrieve. After entering the required data and choosing the payment method provided by PayPal (direct debit, credit card, invoice), the payment amount will then be debited from the customer's account via PayPal after the order has been completed. If the customer chooses “PayPal invoice” as the payment method, the seller assigns his payment claim against the customer to PayPal as part of an ongoing factoring contract. In this case, the General Terms of Use for the use of PayPal's purchase on account apply, available at https://www.paypal.com/de/webapps/mpp/ua/pui-terms.
4. Duration of storage, possibility of objection and removal
The user has the option to object to the processing of their personal data. However, if the data is necessary to fulfill a contract or to carry out pre-contractual measures, early deletion of the data is only possible if contractual or legal obligations do not conflict with deletion. In this case, once the contract has been completed and the purchase price has been paid in full, the user's data will be blocked for further use and deleted after the expiry of the tax and commercial law regulations, unless the further use of this data has been expressly consented to.
F. Data processing through email contact
1. Description and scope of data processing
Visitors to our website can contact us using the email address provided. In this case, the user's personal data transmitted with the email will be stored by us. In this context, the data is not passed on to third parties. The data is used exclusively for processing the conversation.
2. Legal basis for data processing
The legal basis for the processing of the data, if the user has given his consent, is Article 6 (1) (a) GDPR. The legal basis for the processing of data transmitted when sending an email is Article 6 (1) (f) GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for the processing is Article 6 Paragraph 1 Letter b GDPR.
3. Purpose of data processing
The sole purpose of processing personal data is to process the contact. If you contact us via email, this also represents the necessary legitimate interest in processing the data.
4. Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when it can be seen from the circumstances that the matter in question has been finally clarified.
5. Possibility of objection and removal
The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot continue. In this case, all personal data that was stored in the course of contacting us will be deleted.
G. Rights of the data subject
If your personal data is processed, you are the data subject within the meaning of the GDPR and you have the following rights towards the person responsible:
1. Right to information
You can request confirmation from the person responsible as to whether personal data concerning you is being processed by us. If such processing occurs, you can request information from the controller about the following information: (1) the purposes for which the personal data is processed; (2) the categories of personal data that are processed; (3) the recipients or categories of recipients to whom your personal data has been or will be disclosed; (4) the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period; (5) the existence of a right to rectification or deletion of personal data concerning you, a right to restrict processing by the controller or a right to object to this processing; (6) the existence of a right to lodge a complaint with a supervisory authority; (7) all available information about the origin of the data if the personal data is not collected from the data subject; (8) the existence of automated decision-making including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject. You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.
2. Right to rectification
You have the right to request correction and/or completion from the person responsible if the personal data processed concerning you is incorrect or incomplete. The person responsible must make the correction immediately.
3. Right to restriction of processing
You may request the restriction of the processing of personal data concerning you under the following conditions: (1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data; (2) the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data; (3) the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or (4) if you have objected to the processing in accordance with Article 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh your reasons. If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the person responsible before the restriction is lifted.
4. Right to deletion
a) Obligation to delete
You can request from the person responsible that the personal data concerning you be deleted immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies: (1) The personal data concerning you are for the purposes for which they were collected or otherwise processed is no longer necessary. (2) You revoke your consent on which the processing was based in accordance with Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a GDPR and there is no other legal basis for the processing. (3) You object to the processing in accordance with Article 21 Paragraph 1 of the GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Article 21 Paragraph 2 of the GDPR. (4) The personal data concerning you were processed unlawfully. (5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject. (6) The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.
b) Information to third parties
If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Article 17 Para. 1 GDPR, he will take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to ensure that the person responsible for data processing to inform those processing the personal data that you, as the data subject, have requested them to delete all links to that personal data or copies or replications of that personal data.
c) Exceptions
The right to deletion does not exist if the processing is necessary (1) to exercise the right to freedom of expression and information; (2) to comply with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller became; (3) for reasons of public interest in the area of public health in accordance with Article 9 Paragraph 2 Letters h and i and Article 9 Paragraph 3 GDPR; (4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR, insofar as the law referred to in section a) is likely to make the achievement of the objectives of this processing impossible or seriously impair it, or (5) to assert, exercise or defend legal claims.
5. Right to information
If you have asserted the right to rectification, deletion or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or deletion of the data or restriction of processing, unless: this turns out to be impossible or involves disproportionate effort. You have the right to be informed about these recipients by the person responsible.
6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that (1) the processing is based on consent in accordance with Article 6 Paragraph 1 Letter a of the GDPR or Article. 9 Paragraph 2 Letter a GDPR or on a contract in accordance with Article 6 Paragraph 1 Letter b GDPR and (2) the processing is carried out using automated procedures. In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another controller, to the extent that this is technically feasible. The freedoms and rights of other people must not be impaired by this. The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is carried out on the basis of Article 6 (1) (e) or (f) of the GDPR; This also applies to profiling based on these provisions. The person responsible will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising. If you object to processing for direct advertising purposes, your personal data will no longer be processed for these purposes. In connection with the use of information society services - regardless of Directive 2002/58/EC - you have the opportunity to exercise your right to object using automated procedures that use technical specifications.
8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before its revocation. 9. Right to complain to a supervisory authority Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged violation, if you are of the opinion that the processing of your personal data violates the GDPR. The supervisory authority to which the complaint was submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.