PRIVACY POLICY
As of 13 January 2026
1. Scope of personal data processing
You can trust us to protect and secure your personal data: Protecting your privacy when processing personal data is an important concern for HYROX World GmbH ("HYROX", "we", "us") and one that we take into account in all our business processes. With this privacy policy, we would therefore like to explain the basic rules governing our handling of personal data, which is, of course, carried out in compliance with the applicable European and national data protection regulations. We collect and use personal data from our users only to the extent necessary to provide a functional website and our content and services. The collection and use of personal data from our users is regularly only carried out with the user's consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.
This privacy policy applies to all German-language pages of the domain hyrox.com, hyroxdach.com, hyroxnordics.com and HYROX events.
The privacy policy for the English-language pages can be found at https://hyroxgermany.com/privacy-policy/.
2. Information about the controller and the data protection officer
Data controller:
HYROX World GmbH
Bahrenfelder Straße 322
22765 Hamburg
External data protection officer:
Dr Malte Schafstedde
eagle lsp GmbH
Neustädter Neuer Weg 22
20459 Hamburg
Email: [email protected]
3. Definitions
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, distribution or otherwise making available, alignment or combination, restriction, erasure or destruction;
"Restriction of processing" means the marking of stored personal data with the aim of limiting their future processing;
"Profiling" means any form of automated processing of personal data consisting of using that personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
"Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
"recipient" means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those authorities shall be carried out in compliance with the applicable data protection rules according to the purposes of the processing;
"third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
"Consent" means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
"Personal data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
"Health data" means personal data relating to the physical or mental health of a natural person, including the provision of health services, and from which information about their state of health can be derived;
"Group of companies" means a group consisting of a controlling company and its dependent companies;
"binding internal data protection rules" means measures for the protection of personal data to which a controller or processor established in the territory of a Member State commits itself with regard to data transfers or a category of data transfers of personal data to a controller or processor belonging to the same group of undertakings or the same group of companies carrying out a joint economic activity, to one or more third countries;
"supervisory authority" means an independent public authority established by a Member State pursuant to Article 51;
"cross-border processing" means either
processing of personal data which takes place in the context of the activities of establishments of a controller or processor in the Union in more than one Member State, where the controller or processor is established in more than one Member State; or
processing of personal data that takes place within the framework of the activities of a single establishment of a controller or processor in the Union, but which has or may have a significant impact on data subjects in more than one Member State.
4. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6(1)(a) of Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") serves as the legal basis for the processing of personal data.
When processing personal data that is necessary for the performance of a contract to which the data subject is party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.
5. Description, purpose and scope of data processing
a) Accessing our website
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. This data is recorded in the form of logs.
The following data is collected:
- Website visited
- Time of access
- Amount of data sent in bytes
- Source/reference from which you accessed the site
- Browser used
- Operating system used
- IP address used
This data is not merged with other data sources.
We use the logs to provide you with the website and its functions. We use the collected data to optimise our website and to ensure the security of our IT systems. We use logs in the context of our legitimate interest in providing and continuously developing our website. The legal basis is Article 6(1)(f) GDPR.
b) Booking and holding events
(1) Event booking and execution
Our website features an event booking form that can be used to book events electronically and request event photography. If a user takes advantage of this option , the data entered in the input mask (name, email address, date of birth, billing address, gender, name and telephone number of an emergency contact and the registration number) is transmitted to us and our processors and stored. In addition, you can optionally indicate how you heard about us and whether you are a member of a gym or partner gym. No data other than the information you enter in the respective input mask will be recorded.
In connection with the event booking, we pass on the data you enter to our processor Vivenu GmbH, based at Kesselstraße 2, 40221 Düsseldorf, Germany. We have concluded a data processing agreement with Vivenu. Payment for the booking is processed by our processor Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland ("Stripe").
The data will only be used for processing the booking and for holding the event, i.e. the processing of personal data from the input mask is used solely for the purpose of processing the booking, handling the payment, holding the event, compiling statistics on the event (see below under (2)) and event photography (see below under (4)). When you make a booking, you will receive important information about the event you have booked via a mailing list by email. We use the same processor for this as for sending the newsletter (Active Campaign). If you no longer wish to receive this information, you can unsubscribe from this mailing list at any time by clicking on "Unsubscribe" in the respective newsletter or by sending an email to [email protected]. We compile the statistics using our processor Fanalist B.V., based at Kerkstraat 45, 1191JD, Ouderkerk aan de Amstel, Netherlands.
If you have agreed to receive a newsletter when making your booking, we will also process the data for this purpose. The legal basis for this processing is your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time with future effect by sending an email to [email protected]. Further information on the processing of your data for the purpose of receiving a newsletter can be found in the "Newsletter" section below.
We will delete the data as soon as it is no longer necessary for the purpose for which it was collected. For personal data from the input mask of the event booking form and data sent by email, this is the case when the respective event booked by the customer has ended.
(2) Event results
For the evaluation of the event and presentation of the results, we collect your name, nationality, date of birth, and intermediate and final times in the race.
The legal basis for data processing is Article 6(1)(b) and (f) of the GDPR. The data is required for the presentation of the race results, Art. 6(1)(b) GDPR. In addition, we have a legitimate interest in recording the results of the participants in the race in order to organise qualifications and the races as a competition, Art. 6(1)(f) GDPR.
With regard to the publication of this data on the website, the legal basis is Art. 6(1)(f) GDPR; we have a legitimate interest in publishing the results of all participants in pseudonymous form in order to enable comparison between participants and to organise our races as local and international competitions.
For technical reasons, our race timing system and the associated results list do not allow for anonymous or pseudonymised participation or publication of race results.
You cannot participate in a race without your race results being processed. You can request deletion of your data at a later date.
We process this race data jointly with the respective local organiser. Therefore, in this respect, there is joint responsibility between us and the respective organiser in accordance with Art. 26 GDPR. For this purpose, we have concluded a contract with the respective organisers regarding this joint responsibility in accordance with Art. 26 GDPR. In the agreement, we have specified how we safeguard your rights and defined in more detail which obligations each party fulfils in accordance with the GDPR.
We, HYROX World GmbH, are responsible for processing your data subject rights. Regardless of the details of the joint responsibility agreement, you can assert your rights against any controller. For information on the contact details of the respective local organisers, please refer to the organisers' website.
In the event that an organiser is based in an unsafe third country, we base the transfer on the European Commission's standard contractual clauses pursuant to Art. 46 (2) (c) GDPR. Where necessary, additional technical and organisational measures will be taken if an adequate level of data protection cannot otherwise be guaranteed.
(3) RFID access control
During the check-in process for the HYROX Race Event, you will receive a personalised wristband with a chip, which uses RFID (Radio Frequency Identification) access barriers to identify you as an authorised person at our event. We use this method both for the purpose of access and admission control, but also for reasons of monitoring the permissible number of persons in certain areas.
The data processed includes:
- Surname, family name
- Date of birth
- Access control data (check-in/check-out times, etc.)
The legal basis for this processing operation is our legitimate interest in effective and satisfactory event organisation and execution, as well as compliance with all applicable security regulations in accordance with Art. 6(1)(f) GDPR.
The technical provision and storage of your personal data on your individualised wristband with chip is carried out by our contract data processor Global Event Technologies GmbH & Co KG (hereinafter referred to as "GET"), FN 468649S, Neualmerstraße 37, 5400 Hallein, Austria. We have concluded a separate data processing agreement with them.
(4) Event photography
Event photography is carried out by our contract data processor Sportograf Digitial Solutions GmbH, based in Aachen, Süsterfeldstr. 170. In the case of an event booking including event photography, your personal data will be processed for the purpose of fulfilling the contract with you in accordance with Art. 6 (1) lit. b GDPR, otherwise in accordance with Art. 6 (1) lit. a GDPR, in which case you can revoke your consent at any time by sending an email to [email protected] with effect for the future.
(5) Marketing of events
We process your personal data for the marketing of current and future events to customers.
The processing may concern the following data categories: name and email address.
The legal basis for data processing is Art. 6 (1) (a) or (f) GDPR.
c) Marketing and analysis
(1) Subscription to the email newsletter
If you decide to receive our newsletter, we will process your email address and send you our marketing communications. We obtain your consent to subscribe to the newsletter via a double opt-in procedure. This means that after you have entered your email address in our newsletter distribution list, we will send you a confirmation email to verify your email address.
If you confirm your email address by clicking on the confirmation link, we will send you our newsletter and marketing materials by email. Your email address will be used exclusively for verification, your registration and to send you our newsletter. The processing is based on your consent, with Art. 6 (1) (a) GDPR serving as the legal basis for this processing. If you do not confirm your email address within 48 hours, we will delete your email address. Otherwise, we will process your personal data until you unsubscribe from the newsletter. You can unsubscribe from the newsletter at any time if you no longer wish to receive marketing communications from us by clicking on the "Unsubscribe" link in one of our newsletter emails or by sending an email to [email protected].
(2) Direct marketing emails to customers
Regardless of your subscription to our marketing emails and after your first purchase, we are entitled to send you marketing communications by email on the basis of Art. 6(1)(f) GDPR (legitimate interest in marketing our products and services to customers).
For this purpose, we process your email address and your name. We process your personal data until you delete your account or unsubscribe from receiving marketing communications: You can object to this processing at any time by contacting us ([email protected]) or changing your settings in your account settings. You can unsubscribe from the newsletter at any time if you no longer wish to receive marketing communications from us by clicking on the "Unsubscribe" link in one of our newsletter emails.
(3) SMS marketing
If you have registered to receive our text messages via SMS and have therefore provided us with your telephone number, we will process your telephone number and send you our marketing communications via SMS. We will process your data until you unsubscribe. We obtain your consent to SMS marketing via a double opt-in procedure. This means that once you have entered your telephone number into our newsletter system, we will send you a confirmation SMS to verify your telephone number. If you confirm your telephone number by replying to the SMS with "y", we will send you marketing materials via SMS. We will contact you up to three times a week (excluding confirmation SMS). Your telephone number will be used exclusively for verification, your registration and to send you our newsletter. The legal basis for this processing is Art. 6 (1) lit. a GDPR. If you do not confirm your telephone number within 48 hours, we will delete your telephone number. Otherwise, we will process your personal data until you unsubscribe from SMS marketing. You can unsubscribe from SMS marketing at any time if you no longer wish to receive marketing communications from us. You can unsubscribe from this processing at any time by sending us an SMS with the word "STOP" or by contacting us by email at ([email protected]). Please note that additional message and data charges may apply.
(4) Retargeting on third-party websites
When you visit our websites, tags and cookies from our retargeting service providers are used. These record which products you have viewed or purchased on our sites. Based on this information, we are able to display personalised offers for HYROX products on third-party websites via our retargeting providers. We also analyse the results of these measures in order to continuously optimise our advertising strategies.
(a) Google Ads
We use the "Google Ads" service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") to draw your attention to our offers by means of advertisements from our retargeting providers.
These advertisements are displayed via so-called "ad servers". For this purpose, we use "ad server cookies" that enable the measurement of certain success parameters, such as the display of advertisements or the click rate. These cookies also help us to provide you with individual product recommendations on our website based on the analysis of your user behaviour (e.g. products viewed, shopping basket contents). In this context, HYROX acts as a "Google Ads customer".
The Google Ads cookie typically stores the following information: a unique cookie ID, the number of ad impressions per placement (frequency), information about any opt-outs, and the time of the last visit for post-view conversions. Each Google Ads customer is assigned a separate cookie, so that tracking across the websites of different customers does not take place.
When using Google Ads, we use the "server-side tagging" provided by Google. You can find more information on this in the relevant section of our privacy policy. Your IP address is not transmitted directly to Google LLC in the USA.
In the event that your personal data is transferred to Google LLC in the USA, Google LLC has implemented appropriate safeguards to ensure compliance with the level of data protection applicable in the European Union (e.g. through certification under the EU-U.S. Data Privacy Framework or the conclusion of EU standard contractual clauses).
If the Google Ads cookie is active, both Google and HYROX can track that you have arrived at our website by clicking on a corresponding advertisement.
Through server-side tagging, we receive only statistical evaluations of the respective advertising measures from Google. We do not receive any detailed information about individual users and cannot identify you based on this data. These evaluations enable us to assess the effectiveness of our advertising campaigns. We have no influence on the further collection and use of data by Google.
To the best of our knowledge, Google can assign your visit to our websites to your Google user account if you are registered with Google and logged in.
The processing of your personal data is based on your consent in accordance with Art. 6 (1) (a) GDPR, which you give by activating the cookies. You can revoke your consent at any time with effect for the future. To do this, you can deactivate the corresponding cookie in our cookie settings, which will set an opt-out cookie that prevents future processing. Please note that deactivation may limit the functionality of our website.
Further information on data processing by Google can be found at:
https://policies.google.com/privacy
https://business.safety.google/privacy/
https://services.google.com/sitestats/de.html
You can object to data processing for personalised advertising at any time by clicking on the following link: https://adssettings.google.com
If you have consented to both performance measurement by Google Ads and the use of Google Analytics, the data generated by Google Analytics may be used in conjunction with Google Ads. For more information, please refer to the section on Google Analytics.
(b) Google Enhanced Conversions for the web
To better attribute clicks on our Google Ads to actual conversions (e.g. purchases) on our websites, we use Google Enhanced Conversions for the Web, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
The technical implementation is carried out using so-called conversion tracking tags, which are managed via Google Tag Manager. These are measurement codes that are configured via a web-based interface. No separate cookie is set for this purpose.
If you place an order on our websites after clicking on one of our ads, we collect your data, including your email address.
Your email address is used as an identifier, collected by the conversion tracking tag, pseudonymised using a hashing process and transmitted to Google in this form. Google uses this hashed data to associate your actions on our website with your Google account, provided you were logged into your Google account at the time you clicked on the ad. We have no influence on the further use of data by Google.
We use this information to measure the conversion rate on our websites more accurately by tracking sales and other actions and assigning them to Google.
The processing of your personal data is based on your consent in accordance with Art. 6 (1) (a) GDPR.
You can give your consent to Google Enhanced Conversions in our cookie banner and revoke it at any time with future effect by deactivating the corresponding setting in our cookie settings.
Further information about this service can be found at:
Google Enhanced Conversions: https://support.google.com/google-ads/answer/9888656?hl=de
General data protection at Google: https://business.safety.google/privacy/ and https://policies.google.com/privacy
d) Online presence on social media
We maintain online presences within social networks in order to communicate with interested parties and users active there and to inform them about our events and news. In this context, we integrate external services or content by linking to them on our website. When you use such a service (by clicking on the link and opening the platform) or when third-party content is displayed to you, communication data (such as IP addresses or general device information) is exchanged between you and the respective provider for technical reasons.
In addition, the provider of the respective external services or content may collect personal data about you - for example, by means of corresponding cookies - and then process it for further purposes of its own. To the best of our knowledge and belief, we have configured services or content from providers who are known to process data for their own purposes in such a way that either no communication takes place for purposes other than displaying the content or services on our website, or communication only takes place when you actively decide to use the external service. However, as we generally have no influence on the data collected by third parties and their processing by them, we cannot provide any binding information on the purpose and scope of the processing of your data.
Further information on the purpose and scope of the collection and processing of your data by the providers of the corresponding external services, as well as information on the data protection notices of the respective providers of the external services or content integrated by us, can be found in the following explanations:
(1) Facebook fan page
HYROX operates an online presence on Facebook, a so-called Facebook fan page of Meta Platforms Inc. The following additional information on data processing applies to visits to our fan page.
We are jointly responsible with Meta for the operation of our Facebook fan page in accordance with Art. 26 GDPR. To this end, Meta has entered into an agreement with us specifying who fulfils which obligations with regard to data protection. This agreement can be accessed here. According to this agreement, Meta is primarily responsible for providing the data subject with information about the joint processing and enabling them to exercise their data protection rights. Irrespective of this, we hereby inform you about your visit to our fan page and thus provide you with the information required under data protection law.
Information on data protection at Meta in general can be found here.
The Meta company responsible for us is:
Meta Ireland Ltd.
Merrion Road, Dublin 4
D04 X2K5, Ireland.
You can contact Meta online here.
You can contact Meta's data protection officer at
https://www.facebook.com/help/contact/540977946302970
Our contact details and the contact details of our data protection officer can be found in this privacy policy under section 9.
Collection and storage of personal data, as well as the nature and purpose of its use:
(a) Data collected by Meta on Facebook
If you are a Facebook user, Meta collects the data described in the Facebook Data Policy under "What types of information do we collect?". If you are not a Facebook user, cookies, small text files, may still be stored in your browser with identifiers that enable tracking of your user behaviour.
As a rule, user data is also processed by Meta for market research and advertising purposes when you visit Facebook. Based on user behaviour (including when visiting our fan page), complex user profiles are created that Meta can use to display personalised advertisements to visitors both within and outside of Facebook. You can find more information on this in the Facebook Data Policy.
If you do not agree to this, you can object here (opt-out).
(b) Data used by us ("Page Insights") and legal basis
Meta provides us with statistics and usage data that we can use to analyse the use of our fan page (known as "page insights"). This enables us to continuously improve our offering on Facebook. As the operator, we do not make any decisions regarding the processing of Insights data and all other information arising from Art. 13 GDPR, such as the storage period of cookies on user devices. The primary responsibility for the processing of Insights data in accordance with the GDPR lies with Meta. In this regard, we also refer to the joint responsibility agreement in accordance with Art. 26 GDPR, which Meta has entered into with us, and to the obligations subsequently assumed by Meta.
As the page administrator, we have no other way of evaluating user behaviour on our fan page, not even through user tracking. It is also fundamentally impossible for us to identify visitors to our fan page based on page insights. In particular, according to the agreement with Meta, we have no right to demand that Meta disclose individual visitor data. identification is only possible for us if we can assign individual profile pictures to "Likes" for the page; however, this is only possible if our fan page has been marked with a "Like" by the respective visitor and the "Likes" are set to "public".
You can find out what information Meta uses to create page insights here.
The operation of the Facebook fan page and the use of page insights serve our legitimate interest in effective external representation and communication with our prospects. This interest justifies the operation of the page both in relation to the legitimate interests of Facebook users and in relation to visitors to our fan page who do not have a Facebook account. The legal basis is therefore Art. 6 (1) lit. f GDPR.
(2) Instagram
HYROX operates an online presence on Instagram. Instagram is an audio-visual platform from Meta that allows users to share photos and videos and also distribute them on other social networks.
The Meta company responsible for us is:
Meta Ireland Ltd.
Merrion Road, Dublin 4
D04 X2K5, Ireland.
You can reach Meta online here.
You can contact Meta's data protection officer at
https://www.facebook.com/help/contact/540977946302970.
Further information and Instagram's applicable privacy policy can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
(a) Data collected by Meta on Instagram
If you are an Instagram user, Meta collects the data described in the Instagram Data Policy under "What types of information do we collect?". If you are not an Instagram user, cookies, small text files, may still be stored in your browser with identifiers that enable tracking of your user behaviour.
As a rule, user data is also processed by Meta for market research and advertising purposes when you visit Instagram. Based on user behaviour (including when visiting our Instagram), complex user profiles are created that Meta can use to display personalised advertisements to visitors both within and outside of Instagram. You can find more information on this in the Instagram Data Policy.
(b) Data used by us ("Page Insights") and legal basis
Meta provides us with statistics and usage data that we can use to analyse the use of our Instagram page (so-called "Page Insights"). This enables us to continuously improve our offering on Instagram. As the operator, we do not make any decisions regarding the processing of Insights data and all other information arising from Art. 13 GDPR, such as the storage period of cookies on user devices. The primary responsibility for the processing of Insights data under the GDPR lies with Meta.
As site administrators, we have no other way of evaluating user behaviour on our Instagram page, not even through user tracking. It is also fundamentally impossible for us to identify visitors to our Instagram page using page insights. In particular, according to our agreement with Meta, we have no right to request Meta to disclose individual visitor data. In addition to any personal data transmitted directly to us by users, we can see information about their profile, likes and posts, depending on the user's privacy settings.
The operation of the Instagram page serves our legitimate interest in effective external representation and communication with our prospects. This interest justifies the operation of the page both in relation to the legitimate interests of Instagram users and in relation to visitors to our fan page who do not have an Instagram account. The legal basis is therefore Art. 6 (1) lit. f GDPR.
(3) LinkedIn
HYROX operates a profile on LinkedIn. LinkedIn is a social network and online platform for professionals, specialists and executives.
We are jointly responsible with LinkedIn for the use of Page Insights in the operation of our LinkedIn profile in accordance with Art. 26 GDPR. To this end, LinkedIn has entered into an agreement with us specifying who fulfils which obligations with regard to data protection. This agreement can be accessed here. According to this agreement, LinkedIn is primarily responsible for providing the data subject with information about the joint processing and enabling them to exercise their data protection rights. Irrespective of this, we hereby inform you about your visit to our profile and thus provide you with the information required under data protection law.
You can contact LinkedIn at:
LinkedIn Ireland Unlimited Company
Wilton Place,
Dublin 2, Ireland
You can reach LinkedIn online here.
You can contact LinkedIn's data protection officer at https://www.linkedin.com/help/linkedin/ask/TSO-DPO
Further information and LinkedIn's applicable data protection regulations can be found at https://www.linkedin.com/legal/privacy-policy?_l=de_DE.
(a) Data collected by LinkedIn
If you are a LinkedIn user, LinkedIn collects the data described in the LinkedIn Data Policy under "Information we collect". For members who are not logged in to LinkedIn, a LinkedIn cookie is not set, so identification is not possible. For more information, please refer to the LinkedIn Cookie Policy at https://de.linkedin.com/legal/cookie-policy.
As a rule, user data is also processed by LinkedIn for market research and advertising purposes when visiting LinkedIn. Based on user behaviour (including when visiting our LinkedIn profile), complex user profiles are created that LinkedIn can use to display personalised advertisements to visitors to both within and outside of LinkedIn. Further information on this can also be found in the LinkedIn Privacy Policy.
(b) Data used by us and legal basis
LinkedIn provides us with statistics and usage data that we can use to analyse the use of our LinkedIn page (so-called "Page Insights"). This enables us to continuously improve our offering on LinkedIn. As the operator, we do not make any decisions regarding the processing of Insights data and all other information arising from Art. 13 GDPR, such as the storage period of cookies on user devices. The primary responsibility for the processing of insights data under the GDPR lies with LinkedIn. In this regard, we also refer to the joint responsibility agreement pursuant to Art. 26 GDPR that LinkedIn has entered into with us and to the obligations subsequently assumed by LinkedIn.
As the page administrator, we have no other way of evaluating user behaviour on our LinkedIn page, not even through user tracking. It is also fundamentally impossible for us to identify visitors to our LinkedIn page using Page Insights. In particular, according to the agreement with LinkedIn, we have no right to demand that LinkedIn disclose individual visitor data. In addition to any personal data transmitted directly to us by users, we can see information about their profile, likes and posts, depending on the user's privacy settings.
You can see what information LinkedIn uses to create Page Insights here.
The operation of the LinkedIn profile and the use of Page Insights serves our legitimate interest in effective external representation and communication with our prospects. This interest justifies the operation of the page both in relation to the legitimate interests of LinkedIn users and in relation to visitors to our profile who do not have a LinkedIn account. The legal basis is therefore Art. 6 (1) lit. f GDPR.
(4) YouTube
HYROX operates a profile on YouTube. YouTube is a video platform owned by Google Ireland Limited ("Google").
You can contact Google at:
Google Ireland Limited,
Gordon House,
4 Barrow St,
Dublin, D04 E5W5,
Ireland
You can reach YouTube online here.
You can contact Google's data protection officer at
Further information and Google's applicable privacy policy can be found at https://policies.google.com/privacy?hl=de.
(a) Data collected by Google on YouTube
When you use YouTube, your personal data is collected, transferred, stored, disclosed and used by Google and, regardless of your place of residence, transferred to and stored and used in the United States, Ireland and any other country in which Google does business. It is transferred to companies affiliated with Google and to other trusted companies or individuals who process it on Google's behalf.
Google processes the data you voluntarily enter, such as your name and user name, email address and telephone number. Google also processes the content you create, upload or receive from others when using the services. This includes, for example, photos and videos you save, documents and spreadsheets you create, and comments you write on YouTube videos.
On the other hand, Google also evaluates the content you share to determine which topics you are interested in, stores and processes confidential messages that you send directly to other users ( ), and can determine your location based on GPS data, information about wireless networks or your IP address in order to send you advertising or other content.
Google may use analysis tools such as Google Analytics for evaluation purposes. We have no influence on Google's use of such tools and have not been informed of any such potential use. If tools of this kind are used by Google for our YouTube channel, we have neither commissioned nor otherwise supported this in any way. Furthermore, the data obtained during the analysis is not made available to us. Only certain subscriber profiles are visible to us via our account. Moreover, we have no way of preventing or stopping the use of such tools on your YouTube channel.
Finally, Google also receives information when you view content, for example, even if you have not created an account. This so-called "log data" may include your IP address, browser type, operating system, information about the website you previously visited and the pages you visited, your location, your mobile phone provider, the device you are using (including device ID and application ID), the search terms you used and cookie information.
You can restrict the processing of your data in the general settings of your Google account. In addition to these tools, Google also offers specific privacy settings for YouTube. You can find out more about this in Google's guide to privacy in Google products: https://policies.google.com/technologies/product-privacy?hl=de&gl=en.
(b) Data used by us and legal basis
Google provides us with statistics and usage data that we can use to analyse the use of our YouTube channel (known as "channel analytics"). This enables us to continuously improve our YouTube offering. As the operator, we do not make any decisions regarding the processing of analytics data and all other information arising from Art. 13 GDPR, such as the storage duration of cookies on user devices. The primary responsibility for the processing of analytics data under the GDPR lies with Google.
As the site administrator, we have no other way of evaluating user behaviour on our YouTube channel, not even via user tracking. It is also fundamentally impossible for us to identify visitors to our YouTube channel using channel analytics. In addition to any personal data transmitted directly to us by users, we can see information about their profile, their interaction (e.g. likes or dislikes), their saved and shared videos, their comments and their own videos, depending on the user's privacy settings.
You can see here what information Google uses to create channel analytics.
The operation of the YouTube channel and the use of channel analytics serves our legitimate interest in effective external representation and communication with our prospects. This interest justifies the operation of the site both in relation to the legitimate interests of YouTube or Google users and in relation to visitors to our profile who do not have a YouTube or Google account. The legal basis is therefore Art. 6(1)(f) GDPR.
(5) TikTok
HYROX operates a profile on TikTok. The social media application TikTok is an international video portal. It is operated in Europe by TikTok Technology Limited, a company registered in the Republic of Ireland with its registered office at 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.
You can access TikTok online here.
The TikTok terms of use can be found at https://www.tiktok.com/legal/terms-of-use?lang=de.
TikTok's privacy policy can be found at: https://www.tiktok.com/legal/privacy-policy?lang=de#section-1
(a) Data collected by TikTok
If you are an Instagram user, TikTok collects the data described in the privacy policy. If you are not a TikTok user, cookies, small text files, may still be stored in your browser with identifiers that enable tracking of your user behaviour.
As a rule, user data is also processed by TikTok for market research and advertising purposes when you visit TikTok. Based on user behaviour (including when visiting our TikTok page), complex user profiles are created, which TikTok can use to display personalised advertisements to visitors both within and outside of TikTok. You can find more detailed information on this in the privacy policy.
(b) Data used by us ("Page Insights") and legal basis
TikTok provides us with statistics and usage data that we can use to analyse the use of our TikTok page (so-called "TikTok Insights"). This enables us to continuously improve our offering on TikTok. As the operator, we do not make any decisions regarding the processing of insights data and all other information arising from Art. 13 GDPR, such as the storage period of cookies on user devices. The primary responsibility for the processing of insights data under the GDPR lies with TikTok.
As the page administrator, we have no other way of evaluating user behaviour on our TikTok page, not even through user tracking. It is also fundamentally impossible for us to identify visitors to our TikTok page based on page insights. In particular, according to our agreement with TikTok, we have no right to demand that TikTok disclose individual visitor data. In addition to any personal data transmitted directly to us by users, we can see information about their profile, likes and posts, depending on the user's privacy settings.
The operation of the TikTok page serves our legitimate interest in effective external representation and communication with our interested parties. This interest justifies the operation of the page both in relation to the legitimate interests of TikTok users and in relation to visitors to our fan page who do not have a TikTok account. The legal basis is therefore Art. 6 (1) lit. f GDPR.
e) External services and content on our website
(1) Google Analytics
This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, ("Google").
Google Analytics 4 uses so-called "cookies", text files that are stored on your computer and enable an analysis of your use of the website. The following data is processed for this purpose:
- Pages accessed
- Your behaviour on the pages (e.g. length of stay, clicks, scrolling behaviour)
- Your approximate location (country and city)
- Your IP address (in abbreviated form, so that no unique assignment is possible)
- Technical information such as browser, internet provider, device and screen resolution
- Source of your visit (i.e. which website or advertising medium brought you to us)
As a rule, your data, insofar as it is still personally identifiable, is processed within the EU. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Data Privacy Framework, https://www.dataprivacyframework.gov/s/. The personal data transmitted by your browser within the scope of Google Analytics is not merged with other Google data.
When using Google Analytics 4, the IP address is truncated by default, thus ruling out any direct personal reference. If the data collected about you is therefore personally identifiable, this is immediately excluded and the personal data is deleted immediately.
We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offering and make it more interesting for you as a user. The legal basis for the processing of your data and the storage of cookies by Google Analytics 4 is your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke or change this consent at any time at https://hyroxgermany.com/de/#consent-change. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
(2) Google Maps
We use Google Maps (API) from Google on our website. Google Maps is a web service for displaying interactive (land) maps to visually represent geographical information. By using this service, our location is displayed to you and any journey to us is made easier.
By using Google Maps, information about the use of this website, including your IP address and the (start) address entered in the route planner function, may be transmitted to Google. When you visit our website and have consented to the use of Google Maps, your browser establishes a direct connection to Google's servers. The map content is transmitted directly from Google to your browser and integrated into the website.
We have no influence on the scope of the data processed by Google. To the best of our knowledge, this includes at least the following data:
- Date and time of the visit to the relevant website,
- Internet address or URL of the website accessed,
- IP address, (start) address entered for route planning.
In principle, your data, insofar as it is still personally identifiable, is processed within the EU. For the exceptional cases in which transfers personal data to the USA, Google has submitted to the EU-US Data Privacy Framework, https://www.dataprivacyframework.gov/s/. The personal data transmitted by your browser within the framework of Google Maps is not merged with other Google data.
The legal basis for the processing of personal data is your consent in accordance with Art. 6 (1) (a) GDPR, which you have given on our website. You can revoke or change this consent at any time at https://hyroxgermany.com/de/#consent-change.
Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options for protecting your privacy: http://www.google.de/intl/de/policies/privacy.
(3) TikTok Pixel
We use TikTok Pixel on our website. TikTok Pixel is a TikTok advertiser tool from TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok"). TikTok Pixel is a code that enables us to understand and track the activities of visitors to our website. To this end, TikTok Pixel collects and processes information about visitors to our website or the devices they use. The data collected via TikTok Pixel is used to target our advertisements, improve ad delivery and personalise advertising. For this purpose, the data collected on our website using TikTok Pixel is transmitted to TikTok. Some of this data is information stored on your device. In addition, TikTok Pixel also uses cookies to store information on your device. Such storage of information by TikTok Pixel or access to information already stored on your device will only take place with your consent.
The legal basis for the processing of personal data is therefore your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke or change this consent at any time at https://hyroxgermany.com/de/#consent-change.
For more information on data protection by TikTok, please refer to TikTok's privacy policy at https://www.tiktok.com/legal/privacy-policy?lang=de-DE.
(4) Newsletter
Our website offers the option to register for a newsletter. We use the platform of our data processor ActiveCampaign LLC to send the newsletter. Active Campaign is a service provided by ActiveCampaign, LLC, 150 N. Michigan Ave Suite 1230, Chicago, IL, US, USA ("Active Campaign"). If a user takes advantage of this option, the data entered in the input mask is transmitted to us and Active Campaign and stored. No data other than the information you enter in the respective input mask (name and email address) is recorded.
In connection with the newsletter registration, we pass on the data to Active Campaign, which sends out the newsletter on our behalf. In this context, the data is not passed on to third parties. The data is used for the registration and dispatch of the newsletter, i.e. the processing of personal data from the input mask serves us solely for this purpose.
The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from the Active Campaign server when the newsletter is opened. During this retrieval, technical information such as information about your browser and your system, as well as your IP address and the time of retrieval, is initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times.
The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of Active Campaign to monitor individual users. The evaluations serve us much more to identify the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
As a matter of principle, your data, insofar as it is still personally identifiable, is processed within the EU. For the exceptional cases in which personal data is transferred to the USA, Active Campaign has submitted to the EU-US Data Privacy Framework, https://www.dataprivacyframework.gov/s/. The personal data transmitted by your browser within the framework of Active Campaign is not merged with other data from Active Campaign.
We have also entered into a data processing agreement with Active Campaign. You can view this at https://www.activecampaign.com/legal/dpa. Where necessary, additional technical and organisational measures will be taken if an adequate level of data protection cannot otherwise be guaranteed.
(5) Ranking
Our website features a ranking of results from past events and a list of the best performers. These results are recorded by us and our processor MIKA Timing GmbH, Kürtener Str. 11B, 51465 Bergisch Gladbach, Germany for all our events. In this ranking, athletes are ranked according to their results. For this purpose, the name, start number, gym, age group, nationality and times are processed. No other data is processed for the ranking. In this context, no data is passed on to third parties.
The legal basis for the processing of your data is your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke this consent at any time with future effect by sending an email to [email protected]. Please include your name, the event and your start number in this email so that we can delete your data. We will then remove you from the ranking immediately. Otherwise, this data will be deleted as soon as it is no longer required for the purpose for which it was collected.
(6) YouTube
We use the YouTube.com platform to post our own videos and make them publicly available. YouTube is a service provided by a third party not affiliated with us, namely Google Ireland Limited, based at Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland ("YouTube").
Some of our web pages contain links or references to YouTube. In general, we are not responsible for the content of linked websites. However, if you follow a link to YouTube, we would like to point out that YouTube stores its users' data (e.g. personal information, IP address) in accordance with its own data usage guidelines and uses it for business purposes.
We also embed videos stored on YouTube directly on some of our websites. When this happens, content from the YouTube website is displayed in parts of a browser window. However, the YouTube videos are only accessed by clicking on them separately. This technology is also known as "framing". When you visit a (sub)page of our website on which YouTube videos are embedded in this form, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser.
YouTube content is only integrated in "extended data protection mode". This is provided by YouTube itself and ensures that YouTube does not initially store any cookies on your device. However, when you visit the relevant pages, your IP address and the other data mentioned in section 4 are transmitted, thereby revealing which of our websites you have visited. However, this information cannot be traced back to you unless you have logged in to YouTube or another Google service (e.g. Gmail) before visiting the page or are permanently logged in.
As a matter of principle, your data, insofar as it is still personally identifiable, will be processed in the EU. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Data Privacy Framework, https://www.dataprivacyframework.gov/s/. The personal data transmitted by your browser within the framework of Google will not be merged with other Google data.
The legal basis for the processing of personal data is your consent in accordance with Art. 6 (1) (a) GDPR, which you have given on our website. You can revoke or change this consent at any time at https://hyroxgermany.com/de/#consent-change.
As soon as you start playing an embedded video by clicking on it, YouTube only stores cookies on your device that do not contain any personally identifiable data, unless you are currently logged into a Google service. These cookies can be prevented by adjusting your browser settings and extensions accordingly.
Address and link to YouTube's privacy policy: https://www.youtube.com/static?gl=DE&template=terms&hl=en
(7) Vimeo
We use the provider Vimeo, operated by Vimeo, Inc., 555 West 18th Street, New York, New York 10011 ("Vimeo"), to embed videos on our website.
When you access videos via Vimeo on our website, a connection is established to the Vimeo servers in the USA. This transmits certain information to Vimeo, regardless of whether you have a Vimeo account or not. This may include, for example:
- Your IP address
- Your browser information, e.g. language settings
- Cookie information about vimeo cookies already set
- Information about the website from which you are accessing the Vimeo site
Insofar as Vimeo offers the use of certain additional functions, such as rating or sharing videos, these functions are offered exclusively by Vimeo and the respective third-party providers. You should carefully review their privacy policies before using the respective functions. We have no knowledge of the content of the data collected by Vimeo or third-party providers and have no influence on its use. This transmits to the Vimeo server which of our web pages you have visited. If you are logged in as a member of Vimeo, Vimeo assigns this information to your personal user account at . When using the plugin, e.g. by clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.
Vimeo processes personal data in the USA and bases this on, among other things, the European Commission's standard contractual clauses. Further information can be found at https://vimeo.com/privacy#international_data_transfers_and_certain_user_rights in section "14.2 GDPR (EEA Users)".
Vimeo may share your data with third parties. These include, for example, affiliated companies, business partners and advertising partners, who in turn use tracking technologies on the Vimeo website.
Further information on data processing and information on data protection by Vimeo can be found at https://vimeo.com/privacy and in the cookie policy at https://vimeo.com/cookie_policy.
The legal basis for the processing of personal data is your consent in accordance with Art. 6 (1) (a) GDPR, which you give by clicking on the video.
6. Cookies and similar technologies
Cookies and similar technologies are used when you visit our website. Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site and agree to the cookies in accordance with our cookie banner, or if they are technically necessary cookies. Information is stored in a cookie that is related to the specific device used. However, this does not mean that we obtain knowledge of your identity. We use the following types of cookies.
a) Essential cookies
Essential cookies are necessary for the basic functionality of the website. They only contain technically necessary services. These services cannot be rejected. We use the following essential cookies:
| Name of the cookie | Purpose | Storage period |
|---|---|---|
| wp-wpml_current_language | Storage of the visitor's language settings | 1 day |
| tfd_visitor_lang | Storage of visitor language settings | Session |
| icl_visitor_lang_js | Storage of visitor language settings | Session |
| real_cookie_banner* | Storage of the user's consent settings | 365 days |
| real_cookie_banner*-tcf | Storage of the user's consent settings | 365 days |
| real:cookie_banner-test | Storage of the user's consent settings | 365 days |
The data processed by essential cookies is necessary for the functioning of our website, i.e. our legitimate interests pursuant to Art. 6(1)(f) GDPR.
b) Statistical cookies
We also use statistical cookies from Google Analytics to track and analyse the use of our website. Details on the data processed can be found in section 4 of this privacy policy. The following performance cookies may be set for the functions of Google Analytics:
| Name of the cookie | Provider | Purpose | Storage period |
|---|---|---|---|
| _ga | Google Tag Manager | Contains a randomly generated user ID. Google Analytics uses this ID to recognise returning users on this website and merge data from previous visits. | 2 years |
| _gid | Google Tag Manager | Contains a randomly generated user ID. Google Analytics uses this ID to recognise returning users on this website and merge data from previous visits. | 24 hours |
| _gat_UA-117035483-1 | Google Tag Manager | Certain data is only sent to Google Analytics once per minute at most. The cookie has a lifetime of one minute. As long as it is set, certain data transfers are prevented. | 1 minute |
| _gcl_au | Google Tag Manager | Used by Google Tag Manager to display the actions of users who visit the website after viewing or clicking on an advertisement. | 3 months |
c) Marketing cookies
Marketing cookies are used by us and third parties to record the behaviour of individual users, analyse the data collected and, for example, display personalised advertising. These services enable us to track users across multiple websites. The following marketing cookies are used on our website:
| Name of cookie | Provider | Purpose | Storage period |
|---|---|---|---|
| uid_tt_ss | TikTok | Used by TikTok to recognise TikTok users. | 2 months |
| cmpl_token | TikTok | Used by TikTok to recognise TikTok users. | 2 months |
| store-country-code | TikTok | Used by TikTok to recognise TikTok users. | 1 year |
| passport_csrf_token_default | TikTok | Used by TikTok to recognise TikTok users. | 2 months |
| uid_tt | TikTok | Used by TikTok to recognise TikTok users. | 2 months |
| sid_guard | TikTok | Used by TikTok to recognise TikTok users. | 1 year |
| passport_auth_status | TikTok | Used by TikTok to recognise TikTok users. | 1 month |
| passport_csrf_token | TikTok | Used by TikTok to recognise TikTok users. | 2 months |
| cookie-consent | TikTok | Used by TikTok to recognise TikTok users. | 13 months |
| msToken | TikTok | Used by TikTok to recognise TikTok users. | 1 hour |
| tt_webid_v2 | TikTok | Used by TikTok to recognise TikTok users. | 1 year |
| passport_auth_status_ss | TikTok | Used by TikTok to recognise TikTok users. | 1 month |
| sessionid | TikTok | Used by TikTok to recognise TikTok users. | 2 months |
| tt_webid | TikTok | Used by TikTok to recognise TikTok users. | 1 year |
| ssid_ucp_v1 | TikTok | Used by TikTok to recognise TikTok users. | 2 months |
| * | TikTok | Used by TikTok to recognise TikTok users. | 10 hours |
Functional, performance and marketing cookies are only set if you have consented to their storage. You can manage the cookies set on our site with your consent at any time and have the option of changing your acceptance or rejection of cookies. The changes take effect immediately. If you change your settings and reject cookies, certain functions and features of our website may not work as intended.
Any use of cookies that is not technically necessary constitutes data processing that is only permitted with your express and active consent in accordance with Art. 6 (1) (a) GDPR. This applies in particular to the use of functional, performance and marketing cookies. Furthermore, we will only pass on your personal data processed by cookies to third parties if you have given your express consent in accordance with Art. 6 (1) (a) GDPR.
7. Data deletion and storage period
Personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also be necessary if this has been provided for by European or national legislators in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract. For technical reasons, we anonymise stored data after 24 hours and delete it after 7 days at the latest.
8. Rights of data subjects
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
- Right to information about the data we have stored about you (Art. 15 GDPR);
- Right to rectification, erasure or restriction of processing of your personal data (Articles 16-18 GDPR);
- Right to object to processing that serves our legitimate interest, a public interest or profiling, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR);
- Right to data portability (Art. 20 GDPR);
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is the Hamburg Commissioner for Data Protection and Information Security, Ludwig-Erhard-Str. 22, 20459 Hamburg, telephone: +49 (0)040-42854-4040, email: [email protected];
- Right to revoke your consent to the collection, processing and use of your personal data at any time with effect for the future. For more information, please refer to the respective sections above, where data processing based on your consent is described (Art. 7 (3) GDPR).
If you wish to exercise your rights, you can address your request to the data protection officer named below or send an email to[email protected] .
9. Right to object and option to delete
The user has the option of revoking their consent to the processing of personal data at any time (see also Rights of data subjects). If the user contacts us by e-mail, they can object to the storage of their personal data at any time.
The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to object.
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL NO LONGER PROCESS THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR THESE MARKETING PURPOSES AT ANY TIME. YOU CAN EXERCISE YOUR OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL NO LONGER PROCESS THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES. THE LEGAL EFFECT OF THE PROCESSING OF YOUR DATA BEFORE THE OBJECTION IS NOT AFFECTED BY THIS.
10. Changes to this privacy policy
This policy is effective as of the date above. We may change this policy from time to time, so please review it regularly. Any changes will take effect when the revised privacy policy is posted on our online services. We will notify you of any significant changes, for example by email.