Privacy Policy

The protection of your personal data is of particular concern. That's why we keep the collection and processing of personal data strictly to the law and would like to inform you hereinafter in detail about the nature, scope and purpose of collecting and using your personal data when using our services.

1. Scope

The following privacy policy applies to these services (hereinafter referred to as “Passion Climb Service” or, collectively, as the “Passion Climb Services” or, generally, “Passion Climb”):

  • The Passion Climb Website (www.passion-climb.com) and
  • The Passion Climb Apps (available for iOS and Android).

2. Processing of personal data as part of the Passion Climb services

2.1 Website

You can generally use our website (www.passion-climb.com) without providing any personal data. In the case of purely informational use, we only collect the data that your browser transmits to our server.

The data is of the following categories:

  • Device information: Usually the Internet browser and the device with which you open the site, the website or other source that linked or forwarded you to our site, your IP address, your operating system, your screen size and similar technical information.
  • Usage information: Information about your interaction with the website, including the access date and time. This information enables us to understand the screens you are viewing and other actions on the website. We or authorized third parties automatically collect log data when you access and use the website.
  • Location information: We can also use device and usage information to determine general location information (“Location Information”). We use a third party database to determine the general location based on IP address. The location information is limited to the country and city - we do not determine an exact location.

We use this information on the basis of a legitimate interest for technical defense, to improve our services, to analyze trends and the use of the website, as well as to gather broad demographic data for aggregated use.

2.2 User account

In order to use the Passion Climb Apps, a user account must be created in advance. Your email address, your first and last name and a password of your choice are required for the user account. Registration takes place via our app. After registration, for security reasons we will first send you an email, in which we ask you to verify your registration by clicking on a confirmation button. After clicking on the button, you will be redirected to our app, in which we finally confirm the registration. Only then is the registration process complete.

If you do not confirm your registration, your personal data will be deleted no later than 7 days after the confirmation link has expired.

Alternatively, you can also log in with your Apple, Facebook or Google account. In this case, the registration process is complete once you have entered the account details of your respective account and confirmed the registration.

As soon as the registration process is complete, your Passion Climb user account will be created and you can access our services.

The legal basis for the processing described above is the implementation of a contractual or usage relationship with you (Art. 6 Paragraph 1 Clause 1 lit. b GDPR).

2.3 Passion Climb App

Prior registration is required to use the Passion Climb App (see 2.2).

With the Passion Climb App you can perform workouts and training plans and log your training sessions and results. In addition to documenting the training and training progress, this data also enables analyzes of maximum strength and endurance, flexibility and activity level.

You can also share your training sessions and results with other users of the Passion Climb App and compare them in a ranking list.

The legal basis for the processing described above is your consent according to Art. 6 Para. 1 S. 1 lit. Art. 9 para. 2 lit. a) GDPR. If you withdraw your consent, you will no longer be able to use the relevant functionalities.

2.4 Newsletter

You can subscribe to a newsletter via our website and apps. A valid email address and your first name are required to subscribe to the newsletter.

In order to confirm that you, the owner of the email address, have actually signed up for the newsletter, we use the so-called “double opt-in” procedure. For this purpose, we log the registration for the newsletter, the sending of a confirmation email and the receipt of the requested response.

The legal basis for the aforementioned procedure and the dispatch of the newsletter you have subscribed to is your consent in accordance with Article 6 Paragraph 1 Clause 1 lit. a) GDPR.

You can revoke your consent to the storage and use for sending the newsletter of your personal data at any time with effect for the future. You will find a corresponding link in every newsletter.

2.5 Cookies, tracking pixels and similar technologies

Google Webfonts

In order to present our content correctly and graphically appealing across browsers, we use “Google Web Fonts” from Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; hereinafter “Google”) to display fonts.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/.

3. Data transfer to third parties / recipients, use of service providers

Your personal data will only be passed on or transmitted by us to third parties if this is necessary for the fulfillment of the contract with you, if there is a legitimate interest on our part, you have given your consent to this and / or if we are based on statutory provisions or by official or judicial orders are obliged to do so.

Your personal data will be transmitted by us to third parties in the cases described below and for the purposes described below:

  • Cloud and software providers / processors: We use service providers who provide web hosting services for us and also use cloud or web-based third-party software solutions that enable us to manage and host personal data in the cloud with external service providers, in order to relieve our own servers and to work effectively with new software solutions. We have concluded data processing agreements with the respective service providers, which ensure that the service providers do not process the data for their own purposes, but only within the scope of our instructions and on our behalf. Legal basis for the use of these service providers is Art. 6 Para. 1 S. 1 lit. f) GDPR (processing is necessary to safeguard the legitimate interests of the person responsible) in conjunction with Art. 28 GDPR (order processing).
  • E-mail delivery services: In order to send our e-mails to you (e.g. transactional emails like the dispatch of a registration confirmation) and for the dispatch of a newsletter that you have subscribed to, we use e-mail service providers, that use your e-mail address and first name on our behalf and only within the scope of our instructions on the basis of order processing agreements in accordance with Art. 28 GDPR for the purpose of sending you the respective message and not for their own purpose to contact you.
  • Quality assurance: When using our website and apps, data is collected and stored which is used to generate information using pseudonymous usage profiles for purposes of web analysis. These usage profiles serve to analyze visitor behavior and are evaluated to improve and design our services based on demand. In addition, we measure and analyze technical performance data (e.g. response and load times) and application data (hardware and software used) in order to improve the performance of our products. Cookies are used to do so. These are text files saved on your computer that allow us to analyze how you use our website. The pseudonymous usage profiles are not associated with personal data on the bearer of the pseudonym without the concerned party's express consent. You can object to future data collection and storage for the purpose of web analysis at any time by deactivating cookies in your browser settings.

Some of the service providers we use, who process personal data for us on our behalf and within the framework of our instructions as so-called contract processors in accordance with Art. 28 GDPR, are based outside the EU / EEA. Before transmitting data to processors outside the EU / EEA, we ensure that the processor has an adequate level of data protection. This results, for example, for processors in countries such as Canada and Israel from an adequacy decision by the EU Commission (so-called safe third countries) and for other processors through the conclusion of the EU standard contractual clauses before the start of processing by the respective processor.

4. Duration of storage

We adhere to the principles of data avoidance and data economy. That is why we only store your personal data for as long as is necessary to provide the service you have requested (see in detail the services listed in section 2), i.e. as long as there is a contractual relationship with you and / or yours consent is given.

After loss of the respective processing purpose or in the case of the termination / cancellation of a contractual relationship or after your consent has been withdrawn, the corresponding data will be blocked or deleted by us, unless further storage is required due to statutory retention requirements (e.g. in accordance with the provisions of the Commercial Code) that we must comply with.

5. Obligation to provide personal data

In order to be able to use the services you want, you need to provision the personal data required for the respective services for the purpose of concluding a contract or for the purpose of providing the services you have requested.

The provisioning of data that is not required for the conclusion of the contract or absolutely necessary for provisioning the services you want, is voluntary and you can recognize such data by the fact that the corresponding input fields are marked with “optional”.

A possible non-provisioning of the data required for the conclusion of the contract or for the provisioning of the desired services could result in us not being able to provide the respective service or in us not being able to provide the respective service in accordance with the contract.

6. Use of anonymized data for sports science studies

For the purpose of sports science studies, partly in cooperation with research institutions, universities and institutes, we process anonymized and aggregated (i.e. summarized) user data on the training behavior of users in order to gain sport scientific knowledge from this, e.g. with regard to training intensity and frequency, and to be able to publish studies.

Your training data is completely anonymized in the process, so that Passion Climb can no longer draw any conclusions about individual users and so that the anonymization can not be reversed.

In the course of this research institutions, universities and institutes only receive anonymized data for evaluation. The legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR (processing in the context of legitimate interests of the controller).

7. Non-existence of an automated decision-making

We would like to point out that when using the Passion Climb Service, you will not be subjected to a decision based solely on automated processing - including profiling - which will have legal effect on you or significantly affect you in a similar manner.

8. Data security and encryption

We use state-of-the-art encryption methods (e.g. SSL) over HTTPS to protect your data in transit.

9. Links to other websites

Our website may contain links to the websites of other providers. Please note that this Privacy Policy applies only to the Passion Climb Website and Apps. We have no influence on or control over the compliance of other providers with applicable data protection regulations.

10. Your rights

10.1 Rights of data subjects

You have the right to:

  • Request information about your personal data stored by us and its processing (Art. 15 GDPR),
  • Rectification of incorrect personal data (Art. 16 GDPR),
  • Erasure if your personal data stored by us (Art. 17 GDPR),
  • Restriction of processing your personal data, if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
  • Objection to the processing of your data by us (Art. 21 GDPR) and
  • Data portability, provided you have consented to the data processing or have concluded a contract with us (Art. 20 GDPR).

10.1.1 Account deletion

In order to delete your account you have the following options.

Via app

Go to “Profile”, then “Account details”. Click on “Delete Account” at the bottom of the page. A verification email will be sent to your email address. Click on the verification link in the email and confirm the deletion to complete the process.

Via support request

Contact us at privacy@passion-climb.com to request deletion of your account. A support representative will get in contact with you to verify your identity. Your account will be deleted upon successful verification.

Subscribers should note that deleting your account doesn’t automatically cancel the next renewal of your subscription. For this reason, it is very important to remember to cancel your subscription in the Apple App Store or Google Play Store in addition deleting your account.

10.2 Withdrawal of consent

If you have given us your consent, you can revoke it at any time with effect for the future.

10.3 Right of appeal

If you assume that your data has been processed unlawfully, you can submit a complaint to the responsible data protection authority.

10.4 Right in the event that data is processed for direct marketing purposes

You have the right pursuant to Article 21 (2) GDPR to object to the processing of personal data concerning you. In the event that you object to processing for direct marketing purposes, we will no longer process your personal data for this purpose. Please note that this withdrawal will only apply prospectively. This does not affect processing that took place prior to a withdrawal.

10.5 Information on the right to object in the case of balance of interests

If we process your personal data based on a balance of interests, you can object to such processing. If you exercise this right to object, please state the reasons why we should not process your data as we have described. If your objection is justified, we will review the situation and either stop or adjust data processing or explain our compelling legitimate reasons for processing to you.

11. Changes to the Privacy Policy

We reserve the right to amend or adjust this Privacy Policy at any time subject to compliance with applicable data protection regulations.

12. Controller

Responsible body for the collection, processing and use of your personal data within the meaning of data protection laws, in particular the General Data Protection Regulation (hereinafter “GDPR”) is Thomas Obermüller, Passion Labs, Donnersbergerstraße 19, 80634 Munich, Germany.

If you have a concern about data protection, please contact us by post at the above address or via email at privacy@passion-climb.com.

Last revised: August 2021