1. scope of application
In the following, we inform you about the processing of your personal data when you - become a member and use facilities of KAIFU-LODGE, - visit our websites, our Facebook, Instagram, Twitter, YouTube or TikTok presence, - book the online fitness offers KAIFU live or KAIFU to go, - contact us with inquiries, applications, bookings or reservations, - register under myKAIFU, - subscribe to our newsletter and - participate in one of our events and promotions. We process personal data in accordance with the applicable data protection regulations, in particular on the basis of the Basic Data Protection Regulation of the European Union ("DSGVO") and the Federal Data Protection Act ("BDSG"). Personal data is any data relating to an identified or identifiable natural person, such as your name, membership number, email address and photograph.
Insofar as this data protection declaration refers to "we", "us", this refers to the responsible party named below and, in individual cases, also to its service providers bound by instructions.
2. person responsible
The person responsible for the processing of your personal data is
Fireball Freizeit-Einrichtungen GmbH & Co. KG
You can reach the data protection officer of the data controller at the above address or by e-mail at firstname.lastname@example.org.
3. data transfer to third parties
If requested by you or necessary for the fulfillment of an existing contract with you, or if we have a legitimate interest in the transfer of data, we will also transfer your personal data to third parties.
In some cases, we use external service providers to process personal data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. These may be the following categories of recipients: Service providers for an online booking system, body data diagnostics, online fitness courses, website hosting, sending invitations and newsletters, communication and IT, payment services, financial management and destruction of data carriers.
Among other things, our website includes tools from companies based in the United States. When these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on this processing activity.
4. data security and deletion
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk, in order to ensure an adequate level of protection.
Unless otherwise specified for individual data processing activities, the following applies to the duration of the storage of your personal data:
We delete your personal data as soon as the purpose of storage ceases to apply. Storage by us may take place beyond this if this has been provided for by the European or national legislator in Union regulations, in national laws or other regulations to which we are subject. Longer storage may also be necessary in individual cases due to the assertion or possible assertion of claims against us in connection with a contract. The same applies if, in individual cases, an assertion of claims by us takes place, is intended or is possible due to concrete circumstances. The data will then be stored for as long as the processing of the data is necessary for the assertion, exercise or defense of legal claims, plus the duration of any statutory retention obligation that may exist.
You are not obliged to provide us with personal data. However, if you wish to become a member or otherwise enter into a contract with us, in particular to provide services for us or seek employment, it is essential that you provide us with personal data. If you do not provide us with personal data in a particular case, you will not be able to conclude a contract with us.
The same applies in the event that you subscribe to a newsletter, attend one of our events or enter our facility as an external guest. All of these services can only be used if you provide us with the necessary personal data, which usually includes your name, your company and your e-mail address. In the case of further data, we will indicate in each case whether it is mandatory or voluntary.
5. membership in the KAIFU-LODGE
If you are or want to become a member of KAIFU-LODGE, we collect and process master data, namely your name, contact details (address, telephone number, e-mail), date of birth, place of birth and bank details, in order to fulfill our obligations arising from the contractual relationship.
In connection with the membership application, you agree that your photo may be stored and/or printed on a membership card. If you do not agree to such storage or printing, or if you later object, you must carry a photo identification document with you when using the KAIFU-LODGE facilities.
Furthermore, we may store and process health data voluntarily provided to us, insofar as you request the creation of a training program.
For the duration of the suspension of the membership contract, we may store a voluntarily submitted medical certificate of the member.
In the course of operating the KAIFU-LODGE, we also process personal data of the members in the context of our business organization, financial accounting and archiving. In this respect, we also disclose or transmit data to the financial administration and consultants, such as auditors.
The legal basis for the processing of the data is your consent, Art. 6 para. 1 sentence 1 lit. a DSGVO. We manage your personal master data to fulfill a contract with you on the legal basis of Art. 6 para.1 lit.b DSGVO.
In relation to financial accounting and compliance with legal obligations, the legal basis is also Art. 6 para. 1 lit. c. DSGVO.
We also have a legitimate interest in sending our members information on special promotions or communications following social customs, such as Christmas greetings, and thereby making our offer attractive in the interest of the members. The legal basis in this respect is Art. 6 para. 1 lit. f DSGVO.
We store your data until the termination of the membership plus any existing retention obligations, if necessary also until the settlement of outstanding claims.
6. use of the facilities of the KAIFU-LODGE
Parts of the course offer, workshops, trial trainings, actions and events are subject to registration. We also accept reservations in our restaurant and for the squash courts. In this respect, we store or process your name, membership number if applicable and your contact details. When using childcare, the data also refers to your child.
To book fitness courses and the use of the swimming pool, we use the online booking system of sysTeam GmbH, Martin-Schmeißer-Weg 14, 44227 Dortmund. The personal data of the member or external guest, namely name, membership number and e-mail address, are transmitted with a booking.
When members or external guests enter the facilities of KAIFU-LODGE, the date, time and membership number of the member may be recorded and stored.
For our cardioscan services for the measurement and analysis of various body data, we use the diagnostic system of Cardioscan GmbH, Valentinskamp 30, 20355 Hamburg. The recorded body data as well as name and e-mail address are transmitted to enable the user to query the recorded data and analyses.
We monitor parts of the facilities with video cameras and store the recordings on a case-by-case basis, to the extent and for as long as this is necessary in individual cases for the safety of its members and for the investigation of criminal offenses. The circumstance of the observation and the person responsible are made recognizable by information signs.
The legal basis for the processing of data relating to registrations, bookings, etc. is Art. 6 para.1 lit. a. In case of booking cardioscan services, data processing is justified according to Art. 6 para.1 lit. b for the fulfillment of the contract. With regard to the use of video cameras, the legal basis is Art. 6 para. 1 sentence 1 lit. f DSGVO: We have a legitimate interest in controlling who enters the KAIFU LODGE in order to exclude access by unauthorized persons. Due to its recognizability, the recognizable video surveillance is intended to have a preventive effect and to prevent behavior directed against us. Video recordings also serve to clarify criminal offences and other relevant incidents.
We delete registrations, bookings, reservations and corresponding inquiries as soon as we can consider the request to be settled according to the circumstances or the facts concerned have been clarified, or restrict processing if there are legal obligations to retain data. If you have provided us with personal data of you as an external guest of KAIFU-LODGE, your personal data will generally be deleted after the end of the visit, unless you have expressly requested that we continue to store your personal data. Video recordings are generally only stored for a few days. A longer storage period may also arise in these cases, if in individual cases there are indications that you will assert claims against us or from our side the assertion of such claims is considered.
7. KAIFU live and KAIFU to go
KAIFU live and KAIFU to go are offerings of online fitness classes that can be accessed in a web browser or via an app on Android or iOS devices.
KAIFU live is operated by our affiliated company KAIFU-LODGE New Media GmbH & Co. KG, Georg-Wilhelm-Straße 189, 21107 Hamburg, Germany. Registration on the KAIFU live platform is required for use. If we enable you as a member to use KAIFU live free of charge or at a discount, we will transmit your name, membership number, e-mail address and the term of your membership. Information about the processing and storage of your data when using KAIFU live can be found at kaifu-live.com/p/privacy.
KAIFU to go is provided by ourselves. Booking KAIFU to go requires that you provide your name, address, membership number, email address, Kaifu Lodge membership term, and bank account information. After a booking, a password chosen by yourself, which is required together with the e-mail address for logging in, is furthermore stored.
Legal basis of Art. 6 para.1 lit.b DSGVO regarding the activation and use of KAIFU to go. A transfer of your data to KAIFU-LODGE New Media GmbH & Co. KG is necessary to enable you to use KAIFU live free of charge or at a discount and therefore takes place on the basis of your consent, Art. 6 para.1 lit.a DSGVO.
In principle, the data is only stored for the duration of the membership period and then deleted.
8. use of our websites
We operate the websites kaifu-lodge.de, on which KAIFU-LODGE and our offer are presented, and kaifutogo.de.
(1) Processing of data transmitted in the background
During the mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we collect the following data and store it in the log files of our system. This includes the following data:
- IP address,
- Date and time of the request,
- Time zone difference to Greenwich Mean Time (GMT), content of the request (specific page),
- Access status/HTTP status code, amount of data transferred in each case,
- Website from which the request comes, operating system and its interface,
- Browser, language and version of the browser software.
The anonymous data of the log files are stored separately from all personal data provided by you. This anonymously collected data and information is evaluated by us on the one hand statistically and on the other hand with the aim of increasing data protection and data security, in order to ultimately ensure an optimal level of protection for the personal data we process.
In addition to the data mentioned above, so-called cookies are stored on your terminal device when you use our websites. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which the body that sets the cookie (in this case by us) receives certain information. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the Internet offer as a whole more user-friendly and effective.
You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may then not be able to use all functions of this website.
Our websites use the following types of cookies, the storage period and functionality of which are explained below.
Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your terminal device to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.
Persistent cookies are deleted automatically after a specified duration, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
(3) Google Analytics
The Websites use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). In this context, pseudonymized usage profiles are created and cookies are used. The information generated by the cookie about your use of this website such as
- Browser type/version,
- operating system used,
- Referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of the server request
is usually transferred to a Google server in the USA and stored there.
A transmission of data to the USA cannot be excluded. In this respect, Google states that it ensures that Google LLC complies with the obligations under the standard data protection clauses of the European Commission with regard to such transfers.
The users' personal data is deleted or anonymized after 14 months.
(4) Adobe Fonts (Typekit)
These websites use the Adobe Fonts service from Adobe Systems Software Ireland Ltd, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland ("Adobe Ireland") to display fonts.
Adobe Fonts is a service that is used to display various fonts used in the creation of our websites as we have used them, regardless of the user's terminal device. Adobe Fonts does not set cookies. But when a font is requested by the website visitor's browser, its IP address is collected, stored, and used by Adobe for analytics purposes. For transfers of personal data across borders, particularly to the United States, Adobe relies on the European Commission's standard contractual clauses or adequacy decisions regarding specific countries. Adobe says it ensures that Adobe U.S. complies with its obligations under the standard data protection clauses.
For more information about Adobe and fonts, please see Adobe's privacy policies: www.adobe.com/de/privacy/policy.html and Adobe Fonts: www.adobe.com/de/privacy/policies/adobe-fonts.html.
(5) Google Maps
For the collection and management of cookie consents, we use the tool Usercentrics <https: usercentrics.com="" de=""> of Usercentrics GmbH, Rosental 4, 80331 Munich ("Usercentrics"). With the help of this tool, you can agree to all, individual or no data processing by cookies.
Your consent or revocation, your IP address, information about your browser, your terminal device and the time of your visit are transmitted to Usercentrics in the course of your website visit. In addition, Usercentrics uses a necessary cookie to store the consents and revocations you have given.
(7) Legal basis
With regard to Usercentrics, the legal basis is Art. 6 para. 1 sentence 1 lit. c DSGVO.
In the case of purely informational use of our website, we store the above data for seven days. However, storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
9. use of our mobile apps
If you wish to use our mobile app, we collect the following data, which is technically necessary for us to offer you the functions of our mobile apps and to ensure stability and security:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request
- Access status/HTTP status code
- Amount of data transferred in each case
- Web page from which the request came
- Operating system and its interface
- Language and version of the browser software and the terminal device
Furthermore, we may need your device identification, unique number of the terminal device (IMEI = International Mobile Equipment Identity), unique number of the network subscriber (IMSI = International Mobile Subscriber Identity), mobile phone number (MSISDN), MAC address for WLAN use, name of your mobile terminal device, e-mail address.
In addition to the previously mentioned data, when you use our mobile app, the individual settings made by you as a user are stored on your device. This information is only stored locally on your end device. This is done with the help of so-called identifiers.
The legal basis for the described processing is Art. 6 para. 1 sentence 1 lit f. DSGVO. They serve to make the apps user-friendly and effective overall.
10. our appearances in social networks
We are represented in social networks with appearances or profiles of KAIFU-LODGE in order to communicate there with our members and interested parties, among other things, and to provide information about our range of services. In particular we use
- LinkedIn and
Social networks can generally analyze your user behavior extensively when you visit their platform or a website with integrated content (e.g. Like buttons or advertising banners). Visiting our presences on the social networks triggers numerous processing operations relevant to data protection. In detail:
If you are logged into your user account on a platform and visit our presence there, the platform operator can assign this visit to your user or profile account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have a user account on this social network. In this case, this data collection takes place, for example, via cookies that are stored on your terminal device or by recording your IP address.
With the help of the data collected in this way, the platform operators can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside our presence on the social network. If you have a user account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.
We use a KAIFU-LODGE fan page on the Instagram platform, for which we are jointly responsible with Facebook. For information on settings, please visit www.instagram.com/accounts/login/.
If you contact us electronically, in particular by e-mail to email@example.com or firstname.lastname@example.org , or by telephone, e.g. to make appointments, cancel bookings, reservations, complaints or with inquiries, your name, if applicable your membership number, your e-mail address and the content of the message will be stored and processed by us, e.g. with regard to registrations or cancellations for our range of courses.
The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. The legal basis for the processing of data transmitted in the course of an inquiry is Art. 6 (1) lit. f DSGVO, because in this respect there is a legitimate interest in effective processing. If the e-mail contact aims at the conclusion or fulfillment of a contract, the legal basis for the processing is furthermore Art. 6 para. 1 lit. b DSGVO.
Your data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data sent in the case of inquiries by e-mail, this is the case when the communication with the user has ended. Mandatory legal provisions - in particular legal retention periods - remain unaffected.
If you are a member and register with myKAIFU on our website, we store personal data such as your name, gender, address, email address, membership number and a password in a user account. Upon completion of the registration process, your data is stored with us for use of the protected personal area. As soon as you log in to our website with your e-mail address as your user name and password, this data is made available for actions performed by you on our website.
The legal basis for the processing is your consent (Art. 6 para. 1 sentence 1 lit a. DSGVO). You can revoke your consent at any time, preferably by sending an e-mail to email@example.com. We will then delete your data.
If you register for the KAIFU-LODGE newsletter, we process the data collected from you in this context. In order to register, we need your name, and your e-mail address to which the newsletter should be sent.
We use CleverReach to send the newsletter. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of receiving newsletters (e.g. e-mail address) is stored on CleverReach's servers in Germany or Ireland.Our newsletters sent with CleverReach allow us to analyze the behavior of newsletter recipients. Here, among other things, it can be analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a predefined action has taken place after clicking on the link in the newsletter. For more information on data analysis by CleverReach newsletters, please visit: www.cleverreach.com/de/funktionen/reporting-und-tracking/.
You can revoke your consent at any time as well as object to the use of your personal data for the purpose of sending you our newsletter at any time without incurring any costs other than the transmission costs according to the prime rates. You can send your revocation or objection in writing or by e-mail to our contact address above. You can also use the option set up at the end of our newsletter emails to stop receiving further emails by clicking a button.
The legal basis for the processing is your consent (Art. 6 para. 1 sentence 1 lit. a DSGVO). Furthermore, the legal basis is Art. 6 para. 1 sentence 1 lit. f DSGVO, insofar as we store your IP address and the time of confirmation after your confirmation in the double opt in procedure. The purpose of this is to provide evidence of your registration for the e-mail newsletter and, if necessary, to recognize and prevent misuse of your personal data. If the data processing is based on your consent, we store your data until you revoke your consent. We will then delete your data. The same applies if you object to further use of your personal data for sending newsletters.
14. events and actions
We regularly hold events for members and external guests. For this purpose, you can register via a registration form on the e-mail address or event page provided for the respective event. Invitations can be sent by means of a mailing service provider.
Mandatory information for event registration is your first and last name, your address and your e-mail address. The provision of further data marked with an asterisk is voluntary. Of course, you can also register for events by telephone, fax or e-mail. Your data will be used to carry out the event.
If you also declare that you would like to be invited to future events by e-mail, your personal data, including your e-mail address, will be used for the purpose of informing you about the events. If you have informed us that you are interested in certain events or if we can assume a corresponding interest based on a course booking, we will also send you information about events without your express consent.
The legal basis for the processing is Art. 6 (1) sentence 1 lit. a DSGVO, provided you have given your consent. Furthermore, the legal basis is Art. 6 para. 1 sentence 1 lit. f DSGVO. Our legitimate interest is to be able to offer you events that correspond to your interests and to promote the attractiveness of the KAIFU-LODGE.
We store your data until the event has been held, or permanently if you have expressed interest in being invited to further events in the future, until you object to any further use of your personal data. You can object to the use of your personal data for the purpose of sending you invitation e-mails and event information at any time without incurring any costs other than the transmission costs according to the prime rates. You can send your objection in writing or by e-mail to the above address, Marketing Department. You can also use the option provided in an e-mail sent to you to stop receiving further e-mails by clicking a button.
15. your rights as a data subject
(1) Information, correction, deletion, restriction of processing and data portability.
You have the following rights with respect to us regarding your personal data:
- Art. 15 DSGVO: Data subject's right to information You have the right to obtain information from us about what data we are processing about you. Please note that we cannot comply with your request for information in all cases, in particular if the supply secrecy to be observed by us pursuant to Section 29 BDSG precludes the provision of the information.
- Art. 16 DSGVO: Right to rectification If the data concerning you is incorrect or incomplete, you may request the rectification of incorrect or the completion of incomplete information.
- Art. 17 DSGVO: Right to erasure Under the conditions of Art. 17 DSGVO, you may request the erasure of your personal data. Your right to erasure depends, among other things, on whether the data concerning you is still needed by us to fulfill our contractual and legal obligations.
- Art. 18 DSGVO: Right to restriction of processing Under the conditions of Art.18 DSGVO, you may request the restriction of the processing of personal data concerning you.
- Art. 20 DSGVO: Right to data portability Under the conditions of Art. 20 DSGVO, you may receive your personal data that you have provided to us in a structured, common and machine-readable format or request that it be transferred to another controller.
(2) Revocation of consent
If you have given your consent to the processing of your data, you may revoke this consent at any time without affecting the lawfulness of the processing that took place until the revocation. If applicable, the permissibility of processing the data on the basis of other legal grounds shall likewise remain unaffected. If your consent was the exclusive legal basis for the processing of your data, in particular if there is no legitimate interest on our part in the processing pursuant to Art. 6 (1) sentence 1 lit. f DSGVO, we will delete the data immediately after revoking your consent.
(3) Objection to certain processing
Insofar as we base the processing of your personal data on a balance of interests (Art.6 (1) sentence 1 lit. e or f DSGVO), you may object to the processing of the personal data in question at any time for reasons arising from your particular situation (Art.21 DSGVO). When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the merits of the case and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.
You may object to the processing of your personal data for purposes of advertising and data analysis at any time without incurring any costs other than the transmission costs according to the prime rates.
(4) Complaints to the supervisory authority
Furthermore, you have the right to complain to the supervisory authority if you believe that the processing of your data is not lawful (Article 77 DSGVO). The address of the supervisory authority responsible for us is:
The Hamburg Commissioner for Data Protection and Freedom of Information.
Tel.: 040 / 428 54 - 4040
Fax: 040 / 428 54 - 4000
16. up-to-dateness and changes