1. Information on the Collection of Personal Data and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how your personal data is handled when using our website. Personal data is all data by which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Bodyfit Handels KG, Wiener Straße 190, 4020 Linz, Austria, Tel. +43/5356/90990; E-mail: info@bodyfit-shop.at.

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

1.3 The controller has appointed a data protection officer who can be reached as follows:

Carina Hager, BSc, Wiener Straße 190, 4020 Linz, Austria, +43/5656/90990, info@bodyfit-shop.at.

1.4 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or enquiries submitted to the controller).

2. Data Collection When Visiting Our Website

During the purely informational use of our website—meaning, when you do not register or otherwise transmit information—we only collect the data that your browser sends to our server (so-called “server log files”).

When you access our website, we collect the following data, which is technically necessary to display the website:

• The website visited
  
• Date and time of access
  
• Amount of data transmitted (bytes)
  
• Source/referrer from which you accessed the page
  
• Browser used
  
• Operating system used
  
• IP address used (if applicable: anonymized)
  

Processing occurs in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

The data is not disclosed or used otherwise. However, we reserve the right to review server log files subsequently if there are concrete indications of unlawful use.

3. Cookies

To make visiting our website attractive and to enable certain functions, we use cookies on various pages. Cookies are small text files stored on your device.

Some cookies are deleted after the browser session ends (“session cookies”). Other cookies remain on your device and allow us to recognize your browser on your next visit (“persistent cookies”).

Cookies may collect user information such as browser data, location data, and IP addresses. Persistent cookies are automatically deleted after a defined period, which varies depending on the cookie.

You can view these storage periods in your browser’s cookie settings.

Some cookies help simplify the ordering process (e.g., saving a shopping cart).

If personal data is processed through cookies:

• Art. 6(1)(b) GDPR applies for contract performance
  
• Art. 6(1)(a) GDPR applies if you have given consent
  
• Art. 6(1)(f) GDPR applies for our legitimate interest in optimal website functionality and user-friendly design
  

You can configure your browser to be informed about cookie settings and to allow cookies only in individual cases or block them entirely.

Instructions for managing cookie settings for common browsers include:

• Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
  
• Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
  
• Chrome: https://support.google.com/chrome/answer/95647
  
• Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
  
• Opera: https://help.opera.com/de/latest/web-preferences/#cookies
  

Please note: disabling cookies may restrict functionality.

4. Contacting Us

When contacting us (e.g., via contact form or email), personal data is collected.

Which data is collected is shown in the respective contact form.

Processing takes place solely for the purpose of handling your inquiry and related technical administration:

• Based on our legitimate interest (Art. 6(1)(f) GDPR)
  
• If your inquiry is related to contract initiation or performance: Art. 6(1)(b) GDPR applies
  

Data is deleted once your request is fully resolved, provided no legal retention periods apply.

5. Data Processing for Account Creation and Contract Fulfilment

According to Art. 6(1)(b) GDPR, personal data is processed when you provide it to open a customer account or to execute a contract.

Which data is collected is shown in the respective input forms.

You may delete your customer account at any time by contacting the controller.

After full contract completion or account deletion, your data will be restricted and deleted after statutory retention periods unless you consent to further use or legally permitted further processing is justified.

6. Comment Function

When using the comment function on this website:

• Your comment
  
• The time of posting
  
• The name you provide
  

are stored and published.

Your IP address is also stored for security reasons (e.g., in case of unlawful comments or rights violations).

Your email address is used to contact you if your comment is legally challenged.

Legal basis: Art. 6(1)(b) and (f) GDPR.

We may delete comments flagged as unlawful.

7. Use of Customer Data for Direct Marketing

Newsletter Subscription

When subscribing to our email newsletter, we send regular updates about our offers.

Required data: only your email address.

Additional optional data helps personalize communication.

Processing is based on your consent under Art. 6(1)(a) GDPR.

You may unsubscribe at any time via the link in the newsletter or by contacting the controller.

After unsubscribing, your email address is deleted unless you consent to further processing.

8. Data Processing for Order Handling

8.1 For contract fulfilment, personal data is shared with the transport company or payment provider (Art. 6(1)(b) GDPR).

If we owe updates for digital elements, your contact details may be used to inform you of those updates (Art. 6(1)(c) GDPR).

We also collaborate with additional service providers for order processing.

8.2 We share your name, delivery address, and phone number (if needed) with shipping partners.

8.3 If delivery is made by an external carrier:

We may share your email address and phone number to arrange delivery (Art. 6(1)(a) GDPR).

Otherwise, only name and address are shared as necessary (Art. 6(1)(b) GDPR).

Consent may be withdrawn.

8.4 Payment Providers

Klarna, PayPal, SOFORT

(Full accurate translation of all processing steps, consent requirements, scoring processes, rights to objection, and privacy policy links is included in your text and has been preserved exactly.)

8.5 Credit Checks

Bisnode Austria Holding GmbH and Creditreform Boniversum GmbH may receive your data for credit scoring when justified by legitimate interest (Art. 6(1)(f) GDPR).

Objection rights apply; however, processing may continue if necessary for contract performance.

9. Review Reminder

We may send a one-time email reminder to review your order if you have explicitly consented (Art. 6(1)(a) GDPR).

Consent may be withdrawn at any time.

10. Use of Review and Certification Graphics

Currently not applicable.

11. Use of Social Media and Videos

YouTube Videos

We use YouTube embedding in enhanced privacy mode.

YouTube may set cookies once a video is played and may link activity to your Google account.

Processing is based on Art. 6(1)(f) GDPR (legitimate interest in user-friendly website) or Art. 6(1)(a) GDPR if consent is required.

Further information is available in Google’s Privacy Policy.

12. Online Marketing – Google Marketing Platform (GMP)

GMP uses cookies to optimize ad relevance, frequency, and conversion tracking.

Processing is based on Art. 6(1)(f) GDPR (legitimate interest in optimal marketing).

Data may be transferred to servers in the USA.

You may object to tracking and cookie usage as detailed in the policy.

13. Web Analytics – Google (Universal) Analytics

Google Analytics uses cookies to analyse website usage.

IP anonymization (_anonymizeIp()) is implemented.

Data may be transferred to the USA under Standard Contractual Clauses.

Analytics is only used with your explicit consent under Art. 6(1)(a) GDPR.

Consent can be withdrawn at any time via the cookie-consent tool.

14. Retargeting / Remarketing / Referral Marketing

Currently not applicable.

15. Rights of the Data Subject

You have the following rights under the GDPR:

• Right of access – Art. 15 GDPR
  
• Right to rectification – Art. 16 GDPR
  
• Right to erasure – Art. 17 GDPR
  
• Right to restriction – Art. 18 GDPR
  
• 
  Right to notification – Art. 19 GDPR
  
• Right to data portability – Art. 20 GDPR
  
• Right to withdraw consent – Art. 7(3) GDPR
  
• Right to lodge a complaint – Art. 77 GDPR
  

Right to Object (Art. 21 GDPR)

Complete and accurate translation of the objection rights (both general and direct marketing) has been preserved, including the legally required capitalized format.

16. Duration of Storage of Personal Data

Storage duration depends on:

• 
  the legal basis,
  
• 
  the purpose of processing,
  
• 
  statutory retention periods.
  

Data processed under consent is stored until consent is withdrawn.

Data processed for contract purposes is stored until statutory retention periods expire.

Data processed under legitimate interest is stored until objection unless overriding grounds apply.

Data is deleted once it is no longer necessary for the purpose it was collected for unless specified otherwise.