Privacy Policy app

Privacy Policy app

The operators of this app take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration. The following notes give a simple overview of what happens to your personal data and for what purposes when you register in our app. Personal data within the meaning of the General Data Protection Regulation is any information that relates to an identified or identifiable natural person (hereinafter "data subject"). This includes, for example, your name or your e-mail address.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.

  1. Who is responsible for data processing

The responsible body for data processing in this app is:

Britta Hugenroth,
Björn Peters

Latupo GmbH
Stahltwiete 21
22761 Hamburg

Phone: +49 40 432 824 39 10

Responsible body is the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Legally required data protection officer

If you have any questions about data protection or want to assert your rights, please contact our data protection officer at the following email address:

  1. General information on data processing

If you only use or download the app for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you want to view our app, we collect the following data that is technically necessary for us to show you our app and to ensure stability and security. The legal basis for this is Art. 6 Para. 1 f GDPR:

Browser type and browser version used:
- operating system
- referrer URL
- host name of the accessing computer
- time of the server request
- IP address
Die Data is stored for the purposes mentioned, including the IP address, for a period of 7 days and then deleted. If there are statutory retention requirements, processing will be restricted accordingly. This data is not stored together with other personal data of the user.

  1. Contact

If you contact us by e-mail or via our contact form, the data you provide (e.g. your e-mail address, possibly your name and telephone number) will be stored by us for the purpose of processing your request . This information is provided expressly on a voluntary basis and with your consent. Insofar as this concerns information on communication channels (e.g. e-mail address, telephone number), you also agree that we may also contact you via this communication channel in order to answer your request. We delete the data arising in this connection when the storage is no longer necessary to fulfill the purpose. If statutory retention requirements prevent deletion, we restrict the processing. The legal basis for the processing of your personal data in the context of entering into a contract is your consent, Article 6 (1) sentence 1 lit. a GDPR.Of course, you have the option at any time to revoke your consent to us in this regard for the future. Simply contact

  1. Account

To be able to use our app, registration is required. You have the option of creating an account for this. For the registration we need your name, your e-mail address and a password of your choice. In addition, you have the option of voluntarily providing us with further information. Once you have registered, you will receive personal, password-protected access and can view and manage the data you have stored there. The personal data stored in your customer account is available to you for the duration of your use of the app and will be stored by us for this duration. This data will be deleted if you ask us to delete it (this is possible directly via the app) and the purpose of storage or statutory retention requirements do not prevent deletion, or if you or we terminate the user contract. The legal basis for the processing of your personal data in connection with your customer account is Article 6 (1) (b) GDPR. With regard to the personal data you voluntarily provide, the legal basis is Article 6(1)(a) GDPR.

  1. Analysis

For the purposes of analyzing and optimizing our app, we use various services that are presented below. For example, we can analyze how many users visit our app, which information is most in demand or how users find the offer. Among other things, we collect data on which sub-pages of the app were accessed or how often and for how long a sub-page was viewed. This helps us to design and improve our offers in a user-friendly manner. The data collected is not used to personally identify individual users. Anonymous or at most pseudonymous data is collected. The legal basis for this is Art. 6 Para. 1 lit.f GDPR.

5.1. Firebase Google Analytics

This app uses Firebase Analytics, a web analytics service provided by Google Inc, (1600 Amphitheater Parkway Mountain View, CA 94043, USA) Use includes the Firebase Analytics operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus to analyze a user's activities across devices as part of a pseudonymous user profile.

Firebase Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, by activating IP anonymization on this app, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, The IP address transmitted by your browser as part of Firebase Analytics will not be merged with other Google data.

On behalf of the operator of this app, Google will use this information to evaluate your use of the website, to compile reports on app activities and to provide other services related to app use and internet use to the app operator. These purposes also include ours legitimate interest in data processing. The legal basis for the use of Firebase Analytics is § 15 Para. 3 TMG or Art. 6 Para. 1 f DSGVO.

The data sent by us and linked to cookies and/or user IDs (e.g. user ID) will be automatically deleted after 14 months. Data that has reached the end of its retention period is automatically deleted once a month. You can find more information about Google's terms of use and data protection at or at ?hl=en

You can prevent the storage of the Firebase Analytics cookies by setting your browser software accordingly or delete these cookies at any time. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by using the https://tools. and install. Opt-out cookies prevent future collection of your data when you visit this website. To prevent Universal Analytics from collecting data across different devices, you must opt ​​out on all systems used. If you click here, the opt-out cookie will be set: Disable Firebase Analytics

5.2 Google Tag Manager

For reasons of transparency, we would like to point out that we use the Google Tag Manager from the provider Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager itself does not collect any personal data. The Google Tag Manager makes it easier for us to integrate and manage our tags. Tags are small pieces of code used, among other things, to measure traffic and visitor behavior, understand the impact of online advertising and social channels, set up remarketing and audience targeting, and test and optimize websites. We use the Tag Manager for the Google Analytics service. If you have made a deactivation, this deactivation will be taken into account by Google Tag Manager. For more information about the Google Tag Manager see:

Google is EU-US Privacy Shield certified. You can view the certificate at

5.3. API Google Ajax Search API

This website uses Google AJAX Search API using Java Script code. If you have activated Java Script in your browser and have not installed a Java Script blocker, your browser may transmit personal data, such as your IP address, to a Google server in the USA when using a search field or reloading fonts transfer. The data protection regulations of Google ( apply. Google Ajax Search API is used in the interest of a uniform and appealing presentation of our online offers and improvement of the user experience. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law.

5.4. Google “double click”

We may include third-party ads based on Google's "DoubleClick" marketing service.DoubleClick uses cookies that enable Google and its partner websites to serve ads based on user visits to this website or other websites on the internet. Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server in the USA. Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law. Google DoubleClick is used for the economic operation of the website and to be able to show you offers that are tailored to your interests. The legal basis for the processing of your data is Art. 6 Para. 1 lit. f GDPR. If you do not wish to receive user-based advertising, you can opt out of being served ads using Google's Ads Preferences. You can read more about what types of cookies and how Google uses them in the Google privacy policy and under "Types of cookies used by Google". Further information on DoubleClick by Google is available at

5.5. Google Web Fonts

This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display text and fonts correctly.

For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that our website was accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offering. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR.

If your browser does not support web fonts, a standard font will be used by your computer.

You can find more information about Google Web Fonts at and in Google's privacy policy: /policies/privacy.

5.6. Google Maps

This site uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

Google Maps is used in the interest of an attractive presentation of our online offers and to make it easier to find the places we have indicated on the website. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR.

More information on handling user data can be found in Google's data protection declaration:

5.7. Facebook Connect

We offer you the possibility to register and login via your Facebook account. The provider of the "Facebook Connect" service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). If you register through Facebook, Facebook will ask for your consent to share certain information in your Facebook account with us.This may include the following data:

  • Facebook name
  • Facebook profile and cover photo
  • Facebook cover photo
  • Email address stored on Facebook
  • Facebook ID
  • Facebook friend lists
  • Facebook Likes
  • date of birth
  • Sex
  • country
  • language
  • Location
  • Link to your Facebook profile
  • time zone

This data is collected by Facebook and transmitted to us in compliance with the provisions of Facebook's data policy ( You can control the information we receive from Facebook through the privacy settings in your Facebook account.

This data is used to set up, provide and personalize your account.

If you register with us via Facebook, your account will automatically be connected to your Facebook account and information about your activities on our websites may be shared on Facebook and published in your timeline and news display for friends.

The legal basis for the data processing operations mentioned is. 6 Paragraph 1 lit. a GDPR, i.e. your consent.

Facebook is EU-US Privacy Shield certified. You can view the certificate at

5.8. Facebook Custom Audience

We use the Custom Audiences service from Facebook Inc. (1601 S. California Avenue, Palo Alto, CA 94304, USA) as part of usage-based online advertising. For this purpose, we define target groups of users in the Facebook ads manager based on certain characteristics, which are subsequently displayed within the Facebook network. The users are selected by Facebook based on the profile information they provide and other data provided through the use of Facebook. If a user clicks on an advertisement and then gets to our website, Facebook receives information via the Facebook pixel integrated on our website that the user has clicked on the advertising banner. Basically, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which is transmitted to Facebook for analysis and marketing purposes. A Facebook cookie is set. This collects information about your activities on our website (e.g. surfing behaviour, subpages visited, etc.). Your IP address will also be stored and used for the geographic control of advertising. We do not use Facebook Custom Audiences via the customer list or the "extended matching" function.

Further information about the purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your setting options for protecting your privacy can be found in Facebook's data protection guidelines. You can make settings for which advertisements are displayed to you on Facebook under this link and in the Facebook account settings.

The transmission of data to the USA is permitted under Art. 45 GDPR, since Facebook is Privacy Shield-certified and thus according to Commission Implementing Decision (EU) 2016/1250 (https://eur-lex. there is an adequate level of data protection. The certification can be viewed at

You can find more information about Facebook's Custom Audiences service at:

Further information on data processing and storage duration can be obtained from the provider or at

Logged-in users can deactivate the "Facebook Custom Audiences" function at <

The legal basis for the use of Custom Audiences is your consent, Art. 6 (1) sentence 1 lit. a GDPR. You can revoke your consent by clicking on the following link:

Cookie Settings

A persistent opt-out cookie will be set to prevent future collection of your data when you visit this website.

You can also prevent the storage of cookies by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent. You can find additional options for disabling third-party cookies at or on the Digital Advertising Alliance Opt-Out Platform at http://optout.aboutads. info/?c=2&lang=en.

5.9. Amplitude

Amplitude, an analysis service provided by Amplitude Inc. (631 Howard St 5th floor, San Francisco, CA 94105, US), is used to analyze user behavior. For this purpose, the LifeTime app transmits anonymous information about your usage to an Amplitude server. There is no transmission of data that allows conclusions to be drawn about an individual user.

The legal basis for the transmission is your consent in accordance with Article 6 (1) (a) GDPR. You can revoke your consent to tracking at any time in the app settings.

5.10. sentry

We use the Sentry service (Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA) to improve the technical stability of our service by monitoring system stability and identifying code errors. Sentry serves these goals alone and does not evaluate any data for advertising purposes. User data, such as information about the device or the time of the error, is collected anonymously and used in a non-personal manner and then deleted. For more information, see Sentry's privacy policy:

  1. Your rights in relation to the processing of your personal data

You have the following rights towards us with regard to your personal data:

6.1. General Rights

You have the right to information, correction, deletion, restriction of processing, objection to processing and data portability. If processing is based on your consent, you have the right to revoke this with effect for the future.

6.2. Right to object

You can object to the use of your data for advertising using electronic mail at any time without incurring any costs other than the transmission costs according to the basic tariffs.

Rights in data processing on the basis of a legitimate interest According to Art. 21 Para 6 Paragraph 1 e GDPR (data processing in the public interest) or based on Article 6 Paragraph 1 f GDPR (data processing to protect a legitimate interest), this also applies to profiling based on this provision.In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims

6.3. Direct Mail Rights

If we process your personal data in order to operate direct advertising, you have the right, in accordance with Article 21 (2) GDPR, to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling to the extent related to such direct marketing.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes

6.4. Right to lodge a complaint with a supervisory authority

You also have a right of appeal to the competent supervisory authority if you believe that the processing of your personal data violates data protection regulations. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link:

If you have any questions about data protection and the processing of your personal data, you can also contact our data protection officer. This is also at your disposal for applications, requests for information, suggestions or complaints.

6.5. Processing of data (customer and contract data)

We collect, process and use personal data only insofar as they are necessary for the establishment, content or change of the legal relationship (inventory data). This is based on Article 6 Paragraph 1 Letter b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures. We collect, process and use personal data about the use of our website (usage data) only to the extent necessary to enable the user to use the service or to bill the user.

The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

  1. Disclosure of personal data

A transfer of your data to third parties does not take place, unless we are legally obliged to do so, or the data transfer is necessary for the execution of the contractual relationship or you have previously expressly consented to the transfer of your data. The basis for data processing is Art. 6 Paragraph 1 lit. b GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.

We work with service providers who take on technical and content-related tasks when providing the website. This includes services such as hosting and maintenance of our website.

Insofar as external service providers come into contact with your personal data, we have taken legal, technical and organizational measures and carried out regular checks to ensure that they comply with the provisions of the data protection laws.

If you have any further questions about the individual recipients, please contact us using the contact details given in Section 1.

  1. Data Security

We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

  1. Newsletter

You can subscribe to our newsletter in our app , with which we will inform you about the activities of our company, current information about our services, special offers, promotions, events and competitions. The content of the individual newsletter is briefly described as part of the registration process. The legal basis for sending the respective newsletter is your consent in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR in conjunction with Section 7 Paragraph 2 No. 3 UWG. If we receive your e-mail address in connection with the sale of goods or services and you have not objected to this, we reserve the right to regularly send you offers for similar products to those already purchased on the basis of Section 7 (3) UWG , from our range by e-mail. This serves to safeguard our overriding legitimate interests in advertising to our customers within the framework of a balancing of interests.

We use the so-called double opt-in procedure to register for our newsletters. This means that after you have registered, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be automatically deleted after 3 days.

Mandatory information for sending the newsletter is your e-mail address. Providing further data is voluntary: This data is used to be able to address you more personally. After your confirmation, we will save your e-mail address for the purpose of sending the newsletter and until further notice. We also store your current IP address at the time of registration, the time of registration and the confirmation for up to three years after registration (statute of limitations). The purpose of this procedure is to be able to prove your registration in case of doubt and, if necessary, to be able to clarify any misuse of your personal data. The legal basis for logging the registration is our legitimate interest pursuant to Article 6 Paragraph 1 Clause 1 Letter f GDPR in proof of a previously given consent, see also Article 7 Paragraph 1 GDPR.

You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in each newsletter email or by sending an email to

9.1. Tracking

We would like to point out that we evaluate your user behavior when sending the newsletter in order to determine whether and when the newsletter was opened. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are stored on our server and are loaded when the newsletter is opened. Technical information such as browser type, time of opening and IP address are transmitted. For the evaluations, we link the data mentioned and the web beacons with your e-mail address and an individual ID via the third-party provider Mailchimp.

The data is processed pseudonymously, so the IDs are not directly linked to your other personal data. Nevertheless, the individual newsletter recipient can theoretically be identified based on the technical data. The legal basis for this data processing is your consent, Art. 6 Para. 1 S. 1 lit. a GDPR.You can revoke your consent to tracking at any time with effect for the future by clicking on the separate link provided in every e-mail

Such tracking is also not possible if you have deactivated the display of images in your e-mail program by default. In this case, the newsletter will not be displayed to you in full and you may not be able to use all functions. If you display the images manually, the tracking mentioned above takes place.

The information from the tracking will be stored for as long as you have subscribed to the newsletter. After you unsubscribe, the data will be anonymized and used for purely statistical purposes.

The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you have canceled the newsletter. Data stored by us for other purposes remain unaffected.

As of May 2022