Privacy
In the following, we would like to inform you about the processing of personal data carried out by real BI GmbH. In all data processing operations (e.g. collection, processing and transmission), we proceed in accordance with the statutory provisions.

Personal data is any data with which you can be personally identified.

We use your personal data to provide and improve our Service. By using this Service, you consent to the collection and use of information in accordance with this Privacy Policy.

I. Definitions

Application means the provided software program named Fit Q that you have downloaded on an electronic device or used as a web application.

Company (referred to in this Agreement as either "the Company," "we," "us," or "our") refers to real BI GmbH, Teichstr. 58, 19230 Hagenow, Germany.

Device means any gadget such as a computer, cell phone or digital tablet that can access our Service.

Personal Data means information that is or can be directly or indirectly attributed to you.

Service refers to the application.

Service Provider refers to any natural or legal person who processes the Data on behalf of the Company. It refers to third party companies or individuals employed by the Company to facilitate, provide the Service on behalf of the Company, provide services related to the Service, or assist the Company in analyzing the use of the Service.

Usage Data refers to data that is automatically collected and generated either through use of the Service or through the Service infrastructure itself (e.g., IP address, duration of use).

Service means the service provided by the application.

Initiator means a person or institution that creates and provides a community training or competition.

II. Responsible entity

The responsible entity for data processing is

real BI GmbH
Teichstr. 58
19230 Hagenow
Germany
E-mail: danny@fit-q.net
Phone: +49 3883 6191230
Register court: County court Schwerin
Registration number: HRB 9745
VAT Reg No: DE258783885

Data protection officer:
Danny Wallschlaeger
real BI GmbH
Teichstr. 58
19230 Hagenow
Germany

E-Mail: danny@fit-q.net
Phone: +49 3883 6191230

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses or similar).

III. Data collection and use

The following data protection information informs you about the nature and extent of the processing of personal data by us.

Data processing by us can essentially be divided into two categories:

Personal data
Personal data may be entered for the purpose of performing our service. There is no compulsion of any input. The personally identifiable information may include, but is not limited to: Email address, first name, last name, date of birth, address, zip code, city, country, club, location incl. GPX paths.
The specific data collected can be seen from the respective input forms in the application.

Usage data
Usage data is collected automatically when the application is used. Usage data may include information such as the internet protocol address of your device (e.g. IP address), browser type, browser version, the pages of our service that you visit, the time and date of your visit, the time spent on these pages and the unique identifiers of your device.

If you access the application through a mobile device, we may automatically collect additional information including, but not limited to, the type and the unique ID of the mobile device you are using, the IP address of your mobile device, the operating system of your mobile device, and the type of mobile internet browser you are using.

We may also collect information that your browser sends when you visit our Service or when you access our Service from a computer or mobile device.

Use of data
When you access the application, a variety of information is exchanged between your terminal device and our server. This may also involve personal data. The IP address of your end device and the other data listed above are used by us for the following purposes:

  • Ensuring a smooth connection setup
  • Ensuring a comfortable use of our application
  • Evaluation of system security and stability
  • Detection and prevention of fraud, spam, abuse, security incidents and harmful activities

The data is stored for a period of 24 months and then automatically deleted.

Within the app there is the possibility to record GPX paths. For this we need access to the location data. This data allows us to display the distance traveled. Also, you can share your location during workouts to capture locations where you are working out. These locations are aggregated and shown to all users on a map.

In the event that you use our service to transmit your personal training or competition results to an initiator, we store the time of the training/competition and the data recorded and displayed in the respective training/competition. Also the personal data will be send to the initiator, if you allow to send. The transmission is encrypted to the initiator, so we cannot see any personal data.

Basis of data collection
We collect, store and process your data on the basis of consent, for the fulfillment of a contract, a legal obligation and for legitimate interest.

Data transmission
We use appropriate technical and organizational security measures to protect your personal data stored by us against manipulation, partial or complete loss, and against unauthorized access by third parties. Our security measures are continuously improving in line with technological developments. All data transmitted by you personally will be transferred using the generally accepted and secure standard SSL (Secure Socket Layer). SSL is a secure and proven standard that is also used, for instance, in online banking. A secure SSL connection can be recognized, among other things, by the appended s at the http (i.e. https://...) in the address bar of your browser or by the lock symbol in the lower area of your browser.

Data collection by third parties
When you call up our application, information is automatically sent to the server of our application by the browser used on your terminal device. In the course of the transmission and on our server, data is temporarily stored in a so-called log file with which you or your device can be identified. We have no influence on this. To the best of our knowledge, the following information is collected without your or our intervention and stored until automated deletion:

  • the IP address of the requesting internet-capable device
  • the date and time of access
  • the name and URL of the file accessed
  • the website/application from which the access was made (referrer URL)
  • the browser you use and, if applicable, the operating system of your Internet-enabled computer as well as the name of your access provider

Furthermore. We are collecting data for your usage of the application to constantly improve your experience. More details below in the Third Parties section.

IV. Third parties

We use Google Firebase in our apps, a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Firebase"). As a result of the settings we make, your personal data will be processed and stored wherever possible within the member states of the European Union or in other contracting states to the Agreement on the European Economic Area. However, we cannot exclude that Firebase also transfers your personal data to the USA. The USA is an unsafe third country. However, Google Inc. has voluntarily certified itself under the US-EU data protection agreement "Privacy Shield" and has thus undertaken to comply with EU data protection requirements. Firebase uses this data on our behalf for the above-mentioned purposes. The legal basis for the processing of personal data is Art. 6 (1) lit. f DSGVO. As a guarantee according to Art. 44ff DSGVO, Google has signed the EU standard contractual clauses.

We currently use the following services from Firebase:

Google Analytics for Firebase: Google Analytics uses the data it collects to provide analytics and attribution information. Exactly what data is collected varies by device and environment. Google Analytics retains ID-related data for 60 days and collected reporting and campaign data indefinitely, unless the Firebase customer changes Google Analytics data retention settings or deletes the project. For Analytics for Firebase, Google uses not only the instance ID mentioned above, but also the advertising ID of the end device. You can change the use of the advertising ID in the device settings of your mobile device. Android: Settings > Google > Ads > Reset Ad ID. iOS: Settings > Privacy > Advertising > No ad tracking.

Firebase Crashlytics: We use Firebase Crashlytics to stabilize and improve our apps. In the process, data about the end device you use and the use of our apps is collected (e.g., the timestamp, when the respective app was started and when the malfunction occurred), which enables us to diagnose and solve malfunctions. When using Firebase Crash Report, your data is only collected in anonymized form, so that neither Google Inc. nor we can draw any conclusions about your person. In these respective aforementioned purposes also lies our legitimate interest in the processing of personal data according to Art. 6 para. 1 lit. f DSGVO. For further information on data protection, please refer to the data protection conditions https://www.google.com/policies/privacy/ of Google Inc.

Firebase authentication: uses the data to enable anonymous end-user authentication and simplify end-user account management. It also uses user agent strings and IP addresses to provide additional security and prevent misuse during authentication. Firebase authentication retains logged IP addresses for several weeks. Other authentication information is retained until the Firebase customer initiates deletion of the associated user. After that, the data is removed from live and backup systems within 180 days.

Firebase Firestore: We use the Firebase Firestore to provide you with the services Meet-Places, Meet-Messages, Share Workouts, Create Battle. Private data such as name, address, email address are transmitted only to the initiator. These private data are stored by RSA encryption in Firestore. So the service Firestore has no private data about you. Personal data such as age and sex can be set by you, and are bind to an userID and a nickname. We can have no combination of userID and your private data.

Firebase Realtime Database: We use Firebase Realtime Database to provide you with the common training and competition mode. Firebase Realtime Database stores IP addresses and userIDs. The realtime database stores IP addresses and userIDs for a few days.

Google Maps
This website uses Google Maps to display interactive maps. Google Maps is a map service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, information about the use of this app, including your IP address and the address entered as part of the search, may be transmitted to Google in the USA. When you access a page with maps from our app that contains Google Maps, your device establishes a direct connection with Google's servers. The map content is transmitted by Google directly to your device and integrated by it into the app. Therefore, we have no influence on the scope of the data collected by Google in this way. According to our knowledge, this is at least the following data:

Date and time of the visit to the page in question, IP address, address entered as part of the search. We have no influence on the further processing and use of the data by Google and therefore cannot accept any responsibility for this. If you do not want Google to collect, process or use data about you via our app, you can deactivate Map Services in your settings. In this case, however, you will not be able to use the map display. The purpose and scope of the data collection and the further processing and use of the data by Google, as well as your rights in this regard and setting options for protecting your privacy, can be found in Google's privacy policy (https://policies.google.com/privacy?hl=de). By using our app, you consent to the processing of data about you by Google Maps in the manner and for the purposes set out above.

Initiators: Initiators create joint training or competitions. Initiators receive personal data (name, address, age, gender, email address, club), if you want to enter and send this data. For running competitions or cycling races with GPS, initiators can request users' GPX paths to check the validity of the run/race.

V. Your rights

You have various rights that you can assert against us. These include the right to object to selected data processing, in particular data processing for advertising purposes. If you have any questions about our data protection information or about the collection, processing or use of your personal data, for information, correction, blocking or deletion of data, as well as revocation of consent also granted or objection to a particular use of data, please contact the responsible office mentioned in 2.
In addition to the right to revoke your consent given to us, you have the following further rights:

  • - Right to information about your personal data stored by us; in particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data if it has not been collected directly from you,
  • Right to have inaccurate data corrected or correct data completed,
  • Right to delete your data stored by us insofar as no legal or contractual retention periods or other legal obligations or rights to further storage are to be observed,
  • Right to restriction of the processing of your data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its deletion; the responsible party no longer requires the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing,
  • Right to data portability , i.e. the right to have selected data stored by us about you transferred in a common, machine-readable format, or to request its transfer to another controller. We treat your personal data as strictly confidential and therefore transfer to unauthorized third parties is generally excluded.
  • Right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

Right of objection

Many data processing operations are only possible with your express consent. You can revoke an already given consent at any time. For this purpose, an informal communication by e-mail to the responsible office mentioned in 2. is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

In the event of a revocation, your personal data will be deleted, unless there are legal or contractual retention periods or other legal obligations or rights to further storage.

If you object to the data processing, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.