At Runtastic, we’re continuously striving to provide you with the best possible experience – and your privacy is important to us.
The recent updates due to the new EU General Data Protection Regulation (GDPR), effective as of May 25, 2018:
make it easier for you to understand which data we collect and how we use it
give you increased control over your data
and provide a detailed explanation of your rights as a user.
We, the team of runtastic GmbH, FN 334397k, Pluskaufstraße 7, 4061 Pasching, Austria (see our imprint) (“Runtastic“), email address: email@example.com (“Email Address”), process your personal data when you use our apps (“Apps”, go here for a list of all Apps) or website (“Website” and, together with the Apps, “Products”). The processing of your personal data takes place in compliance with the General Data Protection Regulation (“GDPR“) and the Austrian data protection act in its current form.
Controller. The controller of data processing is Runtastic. You can contact us via email under the Email Address.
Data Protection Officer. Our data protection officer can be contacted under the Email Address. Should you have any questions regarding the processing of your personal data, please do not hesitate to contact him/her.
In General. Runtastic processes personal data that you as a user of the Products make available to us, for example by using our Products, and that others provide to us (“Data”).
Data You Provide to Us.
Mandatory Information: You have to provide us with certain information in order to register with us:
Optional Information: Certain information is optional during registration and can also be added or deleted later on by you, such as:
Health & Fitness Activity Information
Friendship and Group Information
Payment and Subscription Information. We use payment providers (e.g. Apple, Google, Adyen, PayPal) to process payments. Although we do not store any credit card information ourselves, we store a payment ID number that is given out by the respective provider and can be allocated to a person by that payment provider, as well as duration of your subscription, price, currency, VAT (based on country info), and payment provider.
Phone Book Contact List
If you explicitly allow us to access your phone book, we will compare the email addresses of your contacts with email addresses from registered users of Runtastic and send you a list with friend suggestions. We do not store this information in any way.
Data from Others.
Registration via Facebook or Google
If you register a Runtastic account via social login, we will receive the following information:
Facebook Friend List
We will receive information about your friends on Facebook if you explicitly allow us to access it. We will use this information to make friend suggestions in the Products, but do not store it.
Import Fitness Activity Information from Connected Accounts
General. We offer an automatic import of your fitness activity information from other platforms like Garmin, Nokia Health (Withings), and Fitbit. You have to explicitly agree to connect your account from those platforms to your Runtastic account beforehand in order to import such data.
Apple HealthKit. We use Apple’s (Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA; “Apple”) HealthKit (for more information see here ) framework, which provides a central repository for health and fitness data on iPhone and Apple Watch and – with the user’s explicit consent – lets apps communicate with the HealthKit store to access and share this data. We process the following Data, obtained through the HealthKit framework and the Apple CoreMotion processor (for more information see here ), for the purposes described below and with explicit consent by the user: steps, calories, distance, duration, and heart rate. New data attributes may be added to the HealthKit framework, which will be portrayed in the Product and which you have to consent to. Runtastic and Runtastic’s analytics service providers may analyze engagement data for research purposes designed to provide a personalized experience and motivate engagement in healthy habits. Runtastic does not use information gained through the HealthKit framework for advertising or similar services. You can always stop Runtastic from accessing your data by changing the settings of your mobile device.
Google Fit. We use Google’s Fit SDK (for more information see here ) which is an open platform that lets users control their fitness data. We process the following Data, obtained through the Google Fit SDK, for the purposes described below and with explicit consent by the user: steps, calories, distance, duration, and heart rate. New data attributes may be added to the Google Fit framework, which will be portrayed in the Product and which you have to consent to.
If you explicitly agree to connect your adidas account with Runtastic, certain information may be exchanged between adidas and Runtastic. Please see the separate adidas – Runtastic Privacy Notice for more information on such data exchange (e.g. which data, for what purposes, storage period).
Google Analytics for Mobile
General. For Apps on iOS and Android we use Google’s Google Analytics for Mobile (for more information see here ). User data is transmitted in an anonymized form to Google. Our Apps use identification for mobile devices, including the Google Advertising ID (“GAID”) and the ID for Advertising for iOS (“IDFA”), as well as technologies similar to cookies for the use execution of the Analytics for mobile service.
Purpose. We use Google Analytics to analyze and constantly improve the use of our Products. Through the statistics we are able to improve our services and make them more interesting for users. In those special cases in which personal data is transmitted to the USA, Google is certified via EU-US privacy shield. The basis for the processing of Data are our legitimate interests.
Google DoubleClick for Publishers
For Apps on iOS and Android we use the services of Adjust GmbH (Saarbrücker Str. 37a, 10405 Berlin, Germany, “Adjust”). This allows us to us to track and analyze which marketing channels or sources are producing the best results for directing users to download the Products and to help us understand how our users are using our app. For this purpose, Adjust processes mobile identifiers such as the IDFA, GAID or similar mobile identifiers. For more information on Adjust, see here , especially section 3. To opt out of tracking by Adjust please go here. The basis for the processing of Data are our legitimate interests.
Runtastic Event Tracking
When you are using our Products, we will collect certain event information (e.g. opening a Runtastic app, starting a sport activity, visiting our Website) and send them to our servers. This allows us to analyze and constantly improve the use of our Products.
For Apps on iOS and Android we use Facebook Analytics (for more information see here ). This allows us to us to track and analyze which marketing channels or sources, in connection with Facebook, are producing the best results for directing users to download the Products and to help us understand how our users are using our app. For this purpose, Facebook Analytics processes mobile identifiers such as the IDFA, GAID or similar mobile identifiers. For more information on Facebook Analytics, see here. The basis for the processing of Data are our legitimate interests.
Cookies and Similar Technologies.
What Are Cookies. The Website uses 'cookies' – small text files that are placed on your computer, mobile device and/or stored by the browser. The basis for the processing of Data via cookies are our legitimate interests.
The Runtastic Products include social media plug-ins, such as (i) Facebook; (ii) Google +, 1600 Amphitheatre Parkway, Mountain View, CA 94043; (iii) Twitter, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; and (iv) WhatsApp, WhatsApp Inc., 650 Castro Street, Suite 120-219, Mountain View, CA 94041, USA.
RUNTASTIC IS NOT RESPONSIBLE FOR THE USE OF, OR GUIDELINES REGARDING THE USE OF, PERSONAL DATA BY THIRD-PARTY PROVIDERS.
Users may recognize the respective plug-ins of third parties, e.g. by the respective logo or other characteristics typical for the respective social media platform on our Website. You can find an overview of Facebook plug-ins here. You can find an overview of Google+ plug-ins here. You can find an overview of Twitter plug-ins here.
If users do not want to have the respective social media platform associate their visits to our Website with their social media account, users must log out from their social media account.
Do Not Track Signals
The Products do not recognize or respond to browser-initiated Do Not Track signals. To learn more about Do Not Track signals, you can visit https://allaboutdnt.com.
Device and Location Information.
When you visit or leave our Products, we receive
Operating the Products. We process your Data to be able to provide you with a seamless user experience when using the Products.
Providing Services. To operate the Products and provide the services, including to
Connect with Friends. To make it easier for you to find and connect with others. We may use the information you have shared within the Products, including GPS data, to suggest connections between you and people you may know. For example, we may associate information that we learn about you through your and your friends’ use of the Products, and information you and others provide, to suggest people you may know or may want to transact with through our Products.
Customer Support. To investigate, respond to your requests, and resolve complaints and service issues, e.g. to contact you about a question you submitted to our customer service team.
Business Needs. We process your Data to manage our business needs.
Performance. We process Data to monitor, analyse and improve the use of our Products, as well as protect the security or integrity of the Products, and their performance and functionality. For example, we analyze user behaviour and perform research about the way you use our Products.
Research and Development. We process Data, including public feedback, to conduct research for the further development of our Products, in order to provide you and others with a better, more intuitive and personalized experience, and drive user growth and engagement in our Products.
Advertising. We target and measure the performance of ads to registered users and visitors directly or through DFP (see 3.4 above) using the following data, whether separately or combined:
Marketing General. We process Data to deliver (tailored) marketing materials about Runtastic products and online services to you.
Email/Push Message Marketing. With your explicit consent we will send you marketing emails or push messages with information on fitness and health-related topics. We will ask you to confirm your email address before you receive any marketing emails.
We would like to inform you that we assess your user behavior when reading the emails with the help of so-called web beacons or tracking pixels. The information created by this is then linked to the information collected in 3.6, your email address, and an individual ID. With this merged information, we can create a user profile to personalize our marketing emails / push messages. We collect data on when you read our emails, or which links you click, and combine this with your actions in the Product.
We store and use your Data for the purpose of email marketing or marketing on the Website by Runtastic. You can revoke your consent to the marketing emails and push messages at any time, by clicking the link at the end of the email or changing your privacy settings concerning push messages. We store the tracking information as long as you are subscribed to our marketing emails.
Retargeting. You might see marketing messages (ads) on the platforms listed below, if you give us your explicit consent to share your advertising identifier (IDFA, GAID) with those platforms. In addition, other users who have similar characteristics to you on those platforms could see marketing messages on those platforms as well (i.e. Facebook Lookalike audience). An opt-out is possible at any time in your privacy settings. It may take a few days after the opt-out until you are removed from all audiences.
List of other platforms: Facebook, Instagram, Google, Twitter, Snapchat, MyTarget, and Pinterest.
Compliance and Enforcement.
Compliance. We process your Data to comply with our obligations and in compliance with all applicable laws and regulations.
We share Data with third parties
We attempt to notify you about legal demands for your Data when we think it is appropriate, unless prohibited by law or court order, or when the request is an emergency. We may dispute such demands when we believe that the requests are overbroad, vague or lack proper authority.
Special categories of personal data, such as heart rate data or other health data, will never be shared with advertisers or similar agencies.
Profile. Your profile is fully visible to your friends on Runtastic by default. This means, as soon as you add friends in the Products, those people will be able to see your profile, including when you join groups and events. In your privacy settings you can also set your profile visibility to “Only me” or “Everybody”. Please note that your first name, last name, and profile picture are visible to everybody at all times. This is necessary to enable others to send you a friend request.
News Feed. Our services allow viewing and sharing information, including through posts, likes, and comments. Certain actions, such as tracking an activity, starting a training plan, upgrading to Premium Membership or establishing a new friendship connection, will be automatically posted in the News Feed. By default setting, only you and your friends will be able to see such activities in their News Feed. You can modify the visibility anytime in your privacy settings.
Leaderboard. If you track an activity, you will automatically join a weekly/monthly Leaderboard of accumulated distance, duration, or number of steps among your friends. This means, once you add friends, you will be part of the Leaderboard. You can opt out of this at any time in your privacy settings.
LIVE Tracking. The Products include a “LIVE Tracking” feature (“LIVE Tracking”), which enables other Runtastic users to see the route and data, including heart rates, of your sports activity on certain of the Products. LIVE Tracking can only be either activated or deactivated for all other Runtastic users. LIVE Tracking is deactivated by default and can be activated by you at your own discretion. Once activated, it stays activated for new activities, unless you turn it off again. By activating the feature, you accept the responsibility for such activation at your own risk. If you do not want to give third parties access to your training route and data, then LIVE Tracking should not be activated.
Heart Rate Monitor. Personal health information collected and stored by Runtastic, and subsequently shared by the user via Heart Rate Monitor, may not be protected under the American Health Insurance Portability and Accountability Act (HIPAA).
HealthKit. If a registered user explicitly consents, Runtastic may share said registered user’s data obtained through the HealthKit framework with a third party for medical research.
Services You May Use. Runtastic lets you connect to third-party services. For example, to enable you to connect other accounts to your Runtastic profile or for sharing your activities with friends.
Health and Fitness Services. Runtastic transfers your information to other health and fitness services, such as Apple HealthKit, Google Fit or MyFitnessPal, only after you explicitly consent to the transfer when you connect to such services.
Social Networks and Messenger Services. You can decide to share finished activities via Facebook, Twitter, WhatsApp, Telegram or any other messenger service you may use on your mobile device. Please note that we do not have any influence on or knowledge of the scope and the further use of the Data by the respective messaging service, and cannot take any responsibility for the use of your Data by the respective messaging provider. Please see the messaging service’s respective privacy policies for details.
Service Providers and Other Third Party Services.
Service Providers. We share your information to others, who help us provide and improve our Products (e.g. maintenance, analysis, audit, payments, fraud detection, marketing and development). Service providers will have access to your information as reasonably necessary to perform these tasks on our behalf, and are obligated not to disclose or use it for other purposes. We use processors such as Adjust, Google, Facebook, Amazon Web Services, Inc., Emarsys eMarketing Systems AG, Pushwoosh, Inc., NewRelic, Inc., Apptimize, Inc. or Zendesk, Inc.
adidas. We may – with your explicit consent – share your Data with adidas AG (Adi-Dassler-Strasse 1, 91074 Herzogenaurach, Germany; “adidas”) for the purpose of seamless user experiences between adidas and Runtastic Products. Please see the separate adidas – Runtastic Privacy Notice for more information on such data exchange with adidas (e.g. which data, what purposes, storage period).
Storage Period. We store your Data as long as you are a registered user of the Products. Beyond that, we only store Data, if it is legally necessary (because of warranty, limitation or retention periods) or otherwise required.
Account Deletion. If you decide to delete your account, all Data we have about you will be deleted, with the following exceptions:
A deletion request does not affect Data, if the storage is legally necessary, for example for accounting purposes.
Exercise your Rights. To exercise your rights defined in sections 7.2 to 7.8, please send a request via email to the Email Address or via mail to our postal address.
Revocation of Consent. You can revoke your consent – in those cases where consent for processing is necessary – for future data processing at any time. However, this does not affect the lawfulness of Data processing based on the consent before the revocation. In certain cases, we may continue to process your information after you have withdrawn consent, if we have another legal basis to do so or if your withdrawal of consent was limited to certain processing activities.
Right of Access. You have the right to obtain (i) confirmation as to whether or not your Data is being processed by us and, if so, (ii) more specific information on the Data. The more specific information concerns, among other things, processing purposes, categories of Data, potential recipients, or the duration of storage.
Right to Rectification. You have the right to obtain the rectification of inaccurate Data concerning you from us. In case the Data processed by us is not correct, we will rectify these without undue delay and inform you of this rectification. Please note that (i) you can rectify much of your information in the settings and (ii) it is not technically possible for us to rectify all kinds of data in our Product.
Right to Erasure. You have the right to delete Data we store about you. Should you decide to do so, please go to your account settings on the Website and delete your account there. If you are unable to do this, please contact us via the Email Address. As a safety measure, we will send you an email in order for you to confirm this deletion. We will delete your Data after this confirmation. Please note that your phone may still have Data stored on it after deletion of your account.
Right to Restriction of Processing. You have the right to obtain a restriction of processing of your Data from us in the following cases:
Right to Data Portability. You have the right to (i) receive a copy of your Data in a structured, commonly used and machine-readable format and (ii) transmit those Data to another controller without hindrance from us. You can download a copy of your Data in your account settings on the Website.
Right to Object. You have the right to object at any time to the processing of Data for which our legitimate interests are the legal basis, including profiling based on those provisions. You also have the right to object to processing of Data for direct marketing purposes.
Right to File a Complaint. You have the right to file a complaint with your local supervisory authority, if you think that the processing of Data infringes applicable law.
Legal Bases. Data protection laws regulate that we are only allowed to collect and process your Data, if we have lawful bases for processing. The lawfulness of processing of Data stems from:
Security Measures. We are committed to protecting your Data and implement appropriate technical and organizational security measures to protect it against any unauthorized or unlawful processing and against any accidental loss, destruction, or damage. Those security measures are constantly revised to comply with the latest technological developments.
Material Changes. If we make material changes to it, we will provide notice directly in our Products, or by other means (e.g. via email), to offer you the opportunity to review the changes before they become effective. Material changes could, for example, include further tracking, profiling, and analytics services. Should your consent be necessary, we will ask for it before the changes become effective. If you object to any changes, you may need to close your account as it might not function properly.