🎁 CHRISTMAS AT EVO – 50% OFF DECEMBER 🎁
Free trialJoin now

Privacy policy

1 General Information

1.1 Objective and Responsibility

  1. This Data Privacy Statement is to inform you about the nature, scope and purpose of the processing of personal data related to our online service and the related websites, features and contents (hereinafter collectively referred to as ‘online service’ or ‘website’). Details of these processing activities can be found in section 2.
  2. Details on data processing for the purpose of carrying out our business processes are described in section 3.
  3. The online service is provided by Lifestyle Concept Austria GmbH (Wehlistraße 66, 5.OG, 1200 Vienna, Austria) – hereinafter referred to as ‘we’ or ‘us’ – who is also legally responsible under the data protection law.
  4. Our online service is hosted by Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany). The server location is Germany.
  5. Our data protection officer can be contacted at the email address [email protected].
  6. The term ‘user’ encompasses all customers and visitors of our online service.

1.2 Legal Bases

In principle, we collect and process personal data based on the following legal grounds:

  1. Consent in accordance with article 6 paragraph 1 lit. a General Data Protection Regulation (GDPR). Consent meaning any freely given, specific, informed and unambiguous indication of agreement, which could be in the form of a statement or any other unambiguous confirmatory act, given by the data’s subject consenting to the processing of personal data relating to him or her.
  2. Necessity for the performance of a contract or in order to take steps prior to entering into a contract according to article 6 paragraph 1 lit. b GDPR, meaning the data is required in order for us to fulfil our contractual obligations towards you or to prepare the conclusion of a contract with you.
  3. Processing to fulfil a legal obligation in accordance with article 6 paragraph 1 lit. c GDPR, meaning that e.g. the processing of data is required by law or other provisions.
  4. Processing in order to protect legitimate interests in accordance with article 6 paragraph 1 lit. f GDPR, meaning that the processing is necessary to protect legitimate interests pursued by us or by a third party, unless such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data.

The specific legal bases for the individual processing operations are specified in the following sections.

1.3 Data Subject Rights

You have the following rights with regards to the processing of your data through us:

  1. The right to lodge a complaint with a supervisory authority in accordance with article 13 paragraph 2 lit. d GDPR and article 14 paragraph 2 lit. e GDPR.
  2. Right of access in accordance with article 15 GDPR
  3. Right to rectification in accordance with article 16 GDPR
  4. Right to erasure (‘right to be forgotten’) in accordance with article 17 GDPR
  5. Right to restriction of processing in accordance with article 18 GDPR
  6. Right to data portability in accordance with article 20 GDPR
  7. Right to objection in accordance with article 21 GDPR

Notice: Users may object to the processing of their personal data in accordance with legal allowances at any time with effect for the future. The objection may in particular be made against processing for the purposes of direct marketing.

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, employment or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

1.4 Data Erasure and Duration of Storage

The personal data of the data subject will be erased or blocked as soon as the purpose of the storage is inapplicable. Storage of data beyond that may occur if such storage is required by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or erasure of data also takes place when a retention period mandated by the standards mentioned expires, unless the continued storage of data is required for the conclusion of a contract or the fulfilment of contractual obligations.

1.5 Security of Processing

  1. We have implemented appropriate and state-of-the-art technical and organisational security measures (TOMs). Thus, the data that is processed by us is protected against accidental or intentional manipulation, loss, destruction and unauthorized access.
  2. These security measures include in particular the encrypted transfer of data between your browser and our server.

1.6 Transfer of Data to Third Parties, Subcontractors and Third Party Providers

  1. A transfer of personal data to third parties only occurs within the framework of legal requirements. We only disclose personal data of users to third parties, if this is required e.g. for billing purposes or other purposes, if the disclosure is necessary to ensure the fulfilment of contractual obligations towards the users.
  2. If we engage subcontractors for our online service, we have made appropriate contractual arrangements as well as adequate technical and organizational measures with these companies.
  3. If we use content, tools or other means from other companies (hereinafter collectively referred to as ‘third party providers’) whose registered offices are located in a third country, it is assumed that a transfer of data to the home countries of these third party providers occurs. The transfer of personal data to third countries takes place exclusively only, if an adequate level of data protection, the user’s consent or another legal permission is present.

2 Processing in the context of our online services

2.1 Collection of information on the use of the online offer

  1. When using the online offer, information is automatically transmitted to us by the user’s browser; this includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
  2. This information is processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR (e.g. optimisation of the online offer) and to ensure the security of processing pursuant to Article 5(1)(f) GDPR (e.g. to defend against and investigate cyberattacks).
  3. The information is automatically deleted at the latest 4 weeks after the end of the connection – i.e. use of the online offer – provided that there are no other retention periods to the contrary.
  4. The collection of the data and the storage of the data in log files is absolutely necessary for the provision of the online offer. The user therefore has no right to erasure, objection or rectification.

2.2 Coudflare

  1. Our online offer uses services from “Cloudflare” (provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). Cloudflare operates a content delivery network (CDN) and provides protection functions for the website (web application firewall).
  2. The data transfer between your browser and our servers flows through Cloudflare’s infrastructure and is analysed there to prevent attacks. Cloudflare uses cookies to enable you to access our website.
  3. The use of Cloudflare is in the interest of a secure use of our online offer and the defence against harmful attacks from the outside. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
  4. For further information, please refer to the Cloudflare privacy policy: cloudflare.com/privacypolicy

2.3 Complianz GDPR/CCPA Cookie Consent

  1. Our website uses the cookie consent technology of ‘Complianz GDPR/CCPA Cookie Consent’ to obtain your consent to the storage of certain cookies in your browser and to document this in compliance with data protection regulations. The provider of this technology is Complianz B.V., Atoomweg 6b, 9743 AK Groningen, Netherlands (hereinafter referred to as Complianz).
  2. When you enter our website, a Complianz cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored.
  3. The data collected will be stored until you ask us to delete it or delete the Complianz cookie yourself or until the purpose for data storage no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Complianz can be found at complianz.io/privacy-statement.

2.4 CreateSend

  1. You have the option of subscribing to a newsletter. The newsletter provides you with information about interesting products and services. You can unsubscribe from the newsletter at any time. The corresponding link is provided in each individual newsletter. The legal basis for the use of personal data is Art. 6 (1) (a) GDPR.
  2. Our newsletter is sent by CreateSend, Suite 11, Information Age Park, Ennis. Co. Clare, Tel. +353 1 531 2002, Fax +353 65 689 5010, Email [email protected].
  3. Further information on data protection at CreateSend can be found at the following link: createsend.ie/privacy

2.5 Fastly

  1. Our website uses the Fastly content delivery network (CDN) to deliver content. The Fastly CDN is operated by Fastly Inc., General Counsel 475 Brannan St, Suite 300 San Francisco, CA 94107. Fastly acts as a subcontractor for Webflow.
  2. The Fastly CDN makes content from our website available on various servers distributed worldwide. This reduces the loading time of the website, achieves greater reliability and provides increased protection against data loss. The content embedded on this website, such as images and videos, is obtained from the Fastly CDN when the page is accessed. When you access the page, information about your use of our website (such as your IP address) is transferred to Fastly servers outside the EU and stored there. This happens as soon as you use the website with this content.
  3. Fastly Web Services and the Fastly CDN are used in the interests of greater reliability, increased protection against data loss and improved website loading speed. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
  4. The current Fastly privacy policy can be found here: fastly.com/privacy.

2.6 Information about Google Services

  1. We use various services of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland on our website.
    For more information on the individual concrete services of Google that we use on this website, please refer to the further privacy policy.
  2. Through the integration of Google services, Google may collect information (including personal data) and process it. It cannot be ruled out that Google also transmits the information to a server in a third country.
    The transmission to the USA depends on the function in which personal data is transmitted. As the responsible party, we ourselves may transfer data to Google in the USA for further use.
    Google is registered in the data privacy framework. Furthermore, Google has committed to comply with the standard contractual clauses for the transfer of personal data to third countries (Standard Contractual Clauses – SCC).
    More information about the Standard Contractual Clauses is available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractuals-clauses-scc_de  and at policies.google.com/privacy/frameworks .
  3. We ourselves cannot influence which data Google actually collects and processes. However, Google states that, in principle, the following information (including personal data) may be processed, among others:
      • Log data (in particular the IP address)
      • Location-related information
      • Unique application numbers
    • Cookies and similar technologies
      Information on the types of cookies used by Google can be found at policies.google.com/technologies/types.
  4. If you are logged into your Google account, Google may add the processed information to your account depending on your account settings and treat it as personal data.
  5. Google states the following about this, among other things:
    “If you are not signed into a Google Account, we store the data we collect with unique identifiers associated with the browser, app, or device you are using. This allows us to ensure, for example, that your language settings are maintained across all browser sessions.
    If you are logged into a Google account, we also collect data that we store in your Google account and consider to be personal data.” (privacy.google.com/take-control).
  6. You can prevent this data from being added directly by logging out of your Google account or also by making the appropriate account settings in your Google account. Furthermore, you can change your cookie settings (e.g. delete cookies, block cookies, etc.).
  7. You can find more detailed information in the privacy notices of Google, which you can access here: google.com/policies/privacy
  8. You can find notes on Google’s privacy settings at privacy.google.com/take-control.

2.7 Google Ads Conversion-Tracking

  1. We use “Google Ads” (formerly Google AdWords Conversion) on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”). Google Ads enables us to draw attention to our attractive offers with the help of advertising media on external websites. This enables us to determine how successful individual advertising measures are. These advertisements are delivered by Google via so-called “AdServers”. We use so-called AdServer cookies for this purpose, through which certain parameters for measuring success, such as display of the ads or clicks by the users, can be measured. If you access our website via a Google ad, Google Ads will store a cookie on your PC. These cookies usually lose their validity after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). These cookies enable Google to recognise your web browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer will be able to recognise that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked via the websites of Ads customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. These evaluations enable us to recognise which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising tools; in particular, we cannot identify users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. To the best of our knowledge, Google receives the information that you have called up the relevant part of our website or clicked on one of our ads. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, it is possible that Google will obtain and store your IP address.
  2. We use Google Ads for marketing and optimisation purposes, in particular to serve relevant and interesting ads to you, to improve campaign performance reports and to achieve a fair calculation of advertising costs. This is also our legitimate interest in the processing of the above data by the third-party provider. The legal basis is Art. 6 para. 1 p. 1 lit. f) GDPR.
  3. You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all the functions of our website to their full extent. It is also possible to prevent the storage of cookies by setting your web browser to block cookies from the domain “googleadservices.com” (google.de/settings/ads). We would like to point out that this setting will be deleted when you delete your cookies. In addition, you can deactivate interest-based ads via the link optout.aboutads.info. Please note that this setting will also be deleted when you delete your cookies.
  4. Information of the third party provider: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.
  5. Further information on data use by Google, on setting and objection options and on data protection can be found on the following Google web pages:

2.8 Google Ads Remarketing

  1. We use the remarketing function of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) on our website. This feature enables us to present interest-based advertisements to visitors to our website within the Google advertising network. To do this, Google stores cookies on your device that enable it to recognize you when you visit websites that belong to the Google advertising network.
  2. Among other things, information about your visit to our site (e.g., subpages viewed) may be collected. The information generated may be transmitted to a Google server in the USA and stored there.
  3. The legal basis for the processing is your consent pursuant to Article 6 (1) (a) GDPR.

2.9 Google Ads

  1. We use the ‘Google Ads’ service on our website to promote our products and services online. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Irland.
  2. The legal basis for the use of Google Ads is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
  3. The data processed by Google Ads includes your IP address, browser and device information, location data, search queries, interactions with advertisements and websites, and it sets cookies.
  4. If you are logged into a Google account, Google Ads may link collected data to your user profile for personalized advertising purposes.
  5. The purpose of data processing is to display personalized advertisements and measure advertising effectiveness.
  6. It cannot be ruled out that personal data may be transferred to unsafe third countries (United States) where the level of data protection is lower than in the EU. We have entered into a data processing agreement (DPA) with Google that ensures that personal data will only be processed in accordance with our instructions and in compliance with the GDPR. Google is certified under the EU-US Data Privacy Framework, which regulates the secure processing of EU citizens data in the US.
  7. Further information on the privacy policy of Google Ads can be found at: business.safety.google/adsprocessorterms

2.10 Google Adsense

  1. This website uses Google Adsense, a web advertising service of Google Inc, USA (”Google”).
  2. Google Adsense uses so-called ”cookies” (text files), which are stored on your computer and enable your use of the website to be analysed.
  3. Google Adsense also uses so-called ”web beacons” (small invisible graphics) to collect information. By using the web beacon, simple actions such as visitor traffic on the website can be recorded and collected.
  4. The information generated by the cookie and/or web beacon about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.
  5. Google will use this information to analyse your use of the website with regard to the advertisements, to compile reports on the website activities and advertisements for the website operators and to provide further services associated with the use of the website and the Internet.
  6. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.

2.11 Google Adsense for Youtube

  1. We use the “Google AdSense for YouTube” service on our website as part of the “YouTube” service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Irland.
  2. The legal basis for the use of Google Adsense for Youtube is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
  3. The data processed by Google AdSense for YouTube includes your IP address, device information, viewing behavior, interaction data, and cookies are set to provide personalized advertising.
  4. If you are logged into a Google account, Google Adsense for YouTube may link data collected to your user profile in order to display personalized advertising.
  5. Google processes this data to display personalized advertising and analyze user interactions with advertisements.
  6. It cannot be ruled out that personal data may be transferred to unsafe third countries (United States) where the level of data protection is lower than in the EU. We have concluded a Data Processing Addendum with Google, which guarantees that personal data will only be processed in accordance with our instructions and in compliance with the GDPR. Google is certified under the EU-US Data Privacy Framework, which regulates the secure processing of EU citizens data in the US.
  7. Further information on the privacy policy of Google Adsense for Youtube can be found at: policies.google.com/privacy

2.12 Google Analytics

  1. We use “Google Analytics” on our website, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”). Google uses cookies, i.e. small text files that are stored on your terminal device and enable an analysis of your use of our website. The information generated by the cookie about the use of our website is usually transmitted to a Google server and stored there. If anonymisation of the IP address to be transmitted by the cookie is activated on the website (“IP anonymisation”), your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server outside the EU and shortened there. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage. In doing so, pseudonymous usage profiles can be created from the processed data. The IP address transmitted when using Google Analytics will not be merged with other Google data.
  2. We only use Google Analytics with the activated IP anonymisation described above. This means that your IP address is only processed by Google in a shortened form. This excludes the possibility of personal references.
  3. We use Google Analytics to analyse the use of our website and to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behaviour, we can improve our offer and make it more interesting for you as a user. The legal basis is Art. 6 para. 1 p. 1 lit. a) GDPR (consent).
  4. You can also prevent the storage of cookies generated by Google Analytics by making the appropriate settings in your web browser. Please note that in this case you may not be able to use all the functions of our website. If you wish to prevent the collection of the data generated by the cookie and related to your user behaviour (including your IP address) as well as the processing of this data by Google, you can also download and install the web browser plugin available at the following link: tools.google.com/dlpage/gaoptout.
  5. In order to oblige Google to process the transmitted data only in accordance with our instructions and to comply with the applicable data protection regulations, we have concluded an order processing agreement with Google.
  6. Information from the third-party provider: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.
  7. For further information on the use of data by Google, on setting and objection options and on data protection, please refer to the following Google web pages:
  8. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
  9. Deletion of user and event level data linked to cookies, user identifiers (e.g. User ID) and advertising IDs (e.g. DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers]) will take place no later than 50 weeks after collection.

2.13 Google Tag Manager

  1. We use the Google Tag Manager on our website. The Google Tag Manager is a service of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
  2. Through the Google Tag Manager, we can integrate various codes and services on our website in an orderly and simplified manner. The Google Tag Manager implements the tags or “triggers” the embedded tags. When a tag is triggered, Google may process information (including personal data) and process it. In doing so, it cannot be ruled out that Google also transmits the information to a server in a third country.
  3. Information on the standard contractual clauses and the transfer to the USA from us to Google and other relevant data on data processing by Google in the context of the use of Google services can be found in this data protection declaration under section 2.4 ‘Information about Google Services’.
  4. In particular, the following personal data is processed by the Google Tag Manager:
  5. Furthermore, we have concluded an order processing contract with Google for the use of the Google Tag Manager (Art. 28 GDPR). Google processes the data on our behalf in order to trigger the stored tags and display the services on our website. Google may transfer this information to third parties if required by law or if third parties process this data on behalf of Google.
  6. If you have deactivated individual tracking services (e.g. by setting an opt-out cookie), the deactivation remains for all affected tracking tags that are integrated by the Google Tag Manager.
  7. By integrating the Google Tag Manager, we pursue the purpose of being able to carry out a simplified and clear integration of various services. In addition, the integration of the Google Tag Manager optimizes the loading times of the various services.
  8. The legal basis for the processing of personal data described here as part of the measurement process is consent expressly granted by you in accordance with Art. 6 Para. 1 lit. a GDPR.
  9. The legal basis for the processing of those data that are processed in the context of obtaining consent is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. We have a legitimate interest in being able to prove that you have given your consent to the measurement procedure (Art. 7 (1) GDPR).

2.14 Hotjar

  1. We use the ‘Hotjar’ service on our website to analyze user behavior and improve user experience. The provider is Hotjar Ltd. (“Hotjar”), Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta.
  2. The legal basis for the use of Hotjar is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
  3. The data processed by Hotjar includes your IP address (stored anonymously), device information, browser information, geographic location (country only), language preference, referring URL, date and time of visit, and information on website interaction; Hotjar also sets cookies in your browser.
  4. Hotjar may collect data to create user profiles based on user interactions with the website.
  5. The purpose of data processing is the statistical analysis of user behavior and the creation of anonymous user profiles.
  6. Hotjar stores user data by default for 365 days (12 months).
  7. Further information on the privacy policy of Hotjar can be found at: hotjar.com/legal/policies/privacy
  8. You can prevent the processing of your data by clicking on this link: hotjar.com/policies/do-not-track

2.15 Meta Pixel (Facebook Custom Audience)

  1. We use on our website Facebook Website Custom Audiences and have integrated the so-called Facebook pixel.
  2. This pixel is used to collect pseudonymous information about the use of this website (e.g. information about viewed content). The transmitted data of the pixel can be used to target you on Facebook with individualized advertising, provided you have a Facebook account.
  3. For more information about the scope and purpose of data collection, please see Facebook’s privacy policy at facebook.com/privacy/explanation. You can deactivate the data collection at any time under the following link: facebook.com/help/769828729705201.
  4. The legal basis for the processing is your consent pursuant to Article 6 (1) (a) GDPR.

2.16 Unbounce

  1. We use the service provided by Unbounce Marketing Solutions, Inc. (400-401 West Georgia Street, Vancouver, BC V6B 5A1, Canada) – hereinafter ‘Unbounce’ – to create and display individual subpages (e.g. landing pages for promotions and advertising campaigns). Canada has been classified by the EU Commission as a safe third country with an adequate level of data protection (‘Adequacy Decision of the European Commission’). In addition, we have concluded a corresponding data processing agreement with Unbounce.
  2. Since subpages that use Unbounce’s services are provided directly by Unbounce, your browser communicates directly with Unbounce when you visit such a subpage. Your IP address, browser signature, operating system and device type are transmitted, and cookies (text files stored on your computer) may be set. The information provided to us is anonymous, so we cannot establish any personal reference based on the data from page visits.
  3. Data that you voluntarily enter in forms on such a subpage is also stored by Unbounce and then processed by us in accordance with the specified purposes (e.g. use of an entered email address to send a newsletter). For security reasons, the IP address and the time of transmission of the form are also transmitted and stored when filling out a form.
  4. Further information on data protection at Unbounce can be found at: unbounce.com/privacy and unbounce.com/product/security/gdpr

2.17 Vimeo

  1. We use the provider Vimeo for the integration of videos. Vimeo is operated by Vimeo.com, Inc (headquarters: 555 West 18th Street, New York, New York 10011; USA).
  2. We use plugins from the provider Vimeo on some of our websites. When you play a Vimeo video, e.g. by clicking on the start button of a video (consent pursuant to Article 6(1)(a) GDPR), a connection to the Vimeo servers is established This transmits to the Vimeo server which of our websites you have visited. If you are logged in to Vimeo as a member, Vimeo assigns this information to your personal user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.
  3. Vimeo acts as an independent controller; i.e. Vimeo is neither a processor pursuant to Art. 28 GDPR nor a joint controller pursuant to Art. 26 GDPR. Data is only transferred to Vimeo on the basis of your consent in conjunction with the EU standard contractual clauses (Controller To Controller).
  4. Further information on data processing and information on data protection by Vimeo can be found at vimeo.com/privacy.
  5. You can find Vimeo’s cookie policy here: vimeo.com/cookie_policy

2.18 Withgoogle Websites

  1. We use the ‘Withgoogle Websites’ service on our website to create and manage web content. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Irland.
  2. The legal basis for the use of Withgoogle is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.
  3. The data processed by Withgoogle Websites includes your IP address, device information, browser type, and information on your interaction with the website; cookies may also be set to enhance user experience and analyze website usage.
  4. The purpose of data processing is to provide website creation, hosting, and management services, enabling users to build and maintain their own websites.
  5. It cannot be ruled out that personal data may be transferred to unsafe third countries (United States) where the level of data protection is lower than in the EU. Google is certified under the EU-US Data Privacy Framework, which regulates the secure processing of EU citizens data in the US. We have entered into a data processing agreement (DPA) with Google that ensures that personal data will only be processed in accordance with our instructions and in compliance with the GDPR.
  6. Further information on the privacy policy of Withgoogle can be found at: policies.google.com/privacy

2.19 WordPress

  1. We use WordPress for website development based on the balancing of interests pursuant to Art. 6 para. 1 lit. f GDPR.
  2. WordPress uses only necessary or functional cookies and similar technologies. No data is transferred to third parties.

2.20 YouTube

  1. We use the video portal “YouTube” of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”) on our internet pages (videos) in order to achieve a smooth integration of the videos as well as an appealing design of our website. The legal basis for the data processing is your consent in accordance with Art. 6 (1) a GDPR.
  2. We use the “extended data protection mode” option provided by Google for this purpose.
  3. When you call up a page that has an embedded video, a connection is established to the Google servers and the content is displayed on the website by informing your browser.
  4. According to Google’s information, in “extended data protection mode” your data – in particular which of our web pages you have visited as well as device-specific information including the IP address – is only transmitted to the YouTube server in the USA when you watch the video. By activating a video, you consent to this transmission.
  5. If you are logged in to Google at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.
  6. In some cases, information is transmitted to the parent company Google Inc. based in the USA, to other Google companies and to external partners of Google, each of which may be located outside the European Union. Google uses standard contractual clauses approved by the European Commission for this purpose and relies on adequacy decisions issued by the European Commission with regard to certain countries.
  7. For more information on data protection in connection with YouTube, please refer to Google’s privacy policy.
  8. During the use of the video portal, the domains ytimg.com („Youtube images“), youtube-nocookie.com („Youtube NoCookie“), googlevideo.com (“Google Video”), ggpht.com (“Google Photos”) and fonts.gstatic.com (Google Fonts) are called up.

2.21 Facebook

  1. Elements of the social network Facebook are integrated into this website (Facebook Social Plugins). The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected will also be transferred to the USA and other third countries.
  2. You can find an overview of the Facebook social media elements here: developers.facebook.com/docs/plugins.
  3. If the social media element is active, a direct connection is established between your device and the Facebook server. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook “Like” button while you are logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to assign your visit to this website to your user account. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information can be found in Facebook’s data protection declaration at: facebook.com/privacy/policy.
  4. The use of this service is based on your consent in accordance with Article 6 Paragraph 1 Letter a GDPR and Section 25 Paragraph 1 TDDDG. Consent can be revoked at any time.
  5. To the extent that personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Article 26 GDPR). The joint responsibility is limited exclusively to collecting the data and passing it on to Facebook. The processing carried out by Facebook after the forwarding is not part of the shared responsibility. Our joint obligations have been set out in a joint processing agreement. The text of the agreement can be found at: facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-safe implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly on Facebook. If you assert your data subject rights with us, we are obliged to forward these to Facebook.
  6. Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Further information can be found in Facebook’s data protection declaration at: facebook.com/privacy/policy.
  7. The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when data is processed in the USA. Every DPF certified company undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: dataprivacyframework.gov/participant/4452.

2.22 Instagram

  1. Functions of the Instagram service are integrated into this website. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
  2. If the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information about your visit to this website.
  3. If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to assign your visit to this website to your user account. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.
  4. The use of this service is based on your consent in accordance with Article 6 Paragraph 1 Letter a GDPR and Section 25 Paragraph 1 TDDDG. Consent can be revoked at any time.
  5. To the extent that personal data is collected on our website using the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Article 26 GDPR). The joint responsibility is limited exclusively to collecting the data and passing it on to Facebook or Instagram. The processing carried out by Facebook or Instagram after forwarding is not part of the shared responsibility. Our joint obligations have been set out in a joint processing agreement. The text of the agreement can be found at: facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for the data protection-safe implementation of the tool on our website. Facebook is responsible for the data security of Facebook and Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly on Facebook. If you assert your data subject rights with us, we are obliged to forward these to Facebook.
  6. Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Further information can be found in Instagram’s privacy policy: privacycenter.instagram.com/policy.
  7. The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when data is processed in the USA. Every DPF certified company undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: dataprivacyframework.gov/participant/4452.

2.23 TikTok

  1. We have integrated the TikTok Pixel on this website. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter TikTok). With the help of TikTok Pixel, we can show interest-based advertising on TikTok to website visitors who have viewed our offers (TikTok Ads). At the same time, we can use the TikTok Pixel to determine how effective our advertising on TikTok is. This allows the effectiveness of TikTok advertisements to be evaluated for statistical and market research purposes and optimized for future advertising measures. Various usage data is processed here, such as: B. IP address, page views, length of stay, operating systems used and origin of the user, information about the ad that a person clicked on on TikTok or an event that was triggered (time stamp). This data is summarized in a user ID and assigned to the website visitor’s respective device.
  2. The use of this service is based on your consent in accordance with Article 6 Paragraph 1 Letter a GDPR and Section 25 Paragraph 1 TDDDG. Consent can be revoked at any time.
  3. Data transfer to third countries is based on the EU Commission’s standard contractual clauses. Details can be found here: tiktok.com/legal/page/eea/privacy-policy and ads.tiktok.com/i18n/official/policy/controller-to-controller.

3 Processing for the purpose of carrying out our business processes

3.1 Membership

  1. As a member of EVO, you can manage your membership yourself online under ‘MyEVO’. An overview of the processed data can be viewed there.
  2. The legal basis is Article 6 (1) (b) GDPR; i.e. we use this data exclusively for the establishment, implementation and processing of your membership.
  3. We store your personal data for the duration of your membership with EVO and for a further 3 months thereafter. Notwithstanding this, statistical data about your studio visits is stored for a period of 1 year and then anonymised. Contract data is stored in accordance with the statutory retention period for accounting and tax documents.
  4. We use the following service providers in particular for data processing for your membership.
    • Payment service provider: Verifone Payments GmbH, Karl-Hammerschmidt-Straße 1, 85609 Aschheim, Germany
    • Service provider ‘CRM’: Credlock Systems AS, Karenslyst allé 50, 0279 Oslo, Norway
  5. We have concluded data protection agreements with these service providers. Your personal data will only be passed on to third parties (e.g. to a law firm in the event of legal disputes) if this is necessary and on the basis of a valid legal basis.
  6. Further details on membership and payment terms can be found in the General Terms and Conditions at evofitness.at/en/membership-terms.

3.2 Video surveillance

Below you will find our data protection notice within the meaning of Article 13 GDPR regarding the processing of personal data within the scope of our video surveillance.

  1. The processing of video recordings is based on Article 6 (1) (f) GDPR; the so-called legitimate interest.
  2. Our legitimate interests are:
    • Protection of house rules
    • Protection against theft, protection of property
    • Investigation of burglary and theft
    • Protection of guests and employees
  3. The video recordings are processed exclusively for the purposes stated.
  4. Any further use or disclosure of the video recordings will only occur if necessary for potential criminal prosecution. In this case, the recipients will be the relevant law enforcement authorities.
  5. We use external service providers to maintain the video surveillance system, although access to the video surveillance system or stored video recordings cannot be ruled out.
  6. Video recordings will be deleted no later than 3 days after recording, unless special incidents have occurred that justify or require further storage.

3.3 Contact form

  1. If you send us inquiries using the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us in order to process the inquiry and in case of follow-up questions. We will not pass on this data without your consent.
  2. This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR, provided your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.
  3. The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

3.4 Inquiries by email, telephone of fax

  1. If you contact us by email, telephone or fax, your request, including all resulting personal data (name, request), will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.
  2. This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR, provided your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time.
  3. The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

3.5 Communication via Whatsapp

  1. To communicate with our customers and other third parties, we use, among other things, the instant messaging service WhatsApp. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
  2. Communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the communication content. However, WhatsApp receives access to metadata that is created during the communication process (e.g. sender, recipient and time). We would also like to point out that WhatsApp says it shares personal data of its users with its US-based parent company Meta. Further details on data processing can be found in WhatsApp’s privacy policy at: whatsapp.com/legal/privacy-policy-eea.
  3. The use of WhatsApp is based on our legitimate interest in communicating as quickly and effectively as possible with customers, interested parties and other business and contractual partners (Art. 6 Para. 1 lit. f GDPR). If appropriate consent has been requested, data processing is carried out exclusively on the basis of consent; this can be revoked at any time with effect for the future.
  4. The communication content exchanged between you and us on WhatsApp will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
  5. The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when data is processed in the USA. Every DPF certified company undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: dataprivacyframework.gov/participant/7735.
  6. We have concluded an order processing contract (AVV) with the above-mentioned provider.

4 Cookies

4.1 General Information

  1. Cookies are information transmitted by our web server or third-party web servers to the users’ devices where they are stored for later retrieval. Cookies can be in the form of small files or any other types of information storage.
  2. In the case that users do not want that cookies are stored on their device, they will be asked to disable the corresponding option in their browser’s system settings. Saved cookies may be deleted in the system settings of the browser. The exclusion of cookies can lead to functional impairments of this online service.

4.2 Cookie overview, objection

  1. You can find an up-to-date overview of the cookies and services used on this website in our consent management platform (see section 2.3 „Complianz GDPR/CCPA Cookie Consent“)
  2. You can also manage your individual consents and preferences there.

5 Changes to the Data Privacy Policy

  1. We reserve the right to change this Data Privacy Policy with regards to the data processing, in order to adapt it to changed legal situations, to changes of the online service or of the data processing.
  2. If users’ consents are required or if elements of the Data Privacy Policy contain provisions in regards to the contractual relationship with the users, the changes will only be made with the consent of the users.
  3. Users are requested to keep themselves informed about the content of this Data Privacy Policy on a regular basis.

Version: December 2025