Updates to Our Privacy Policy

At Runtastic, we’re continuously striving to provide you with the best possible experience – and your privacy is important to us.

With the following Privacy Policy we want to:

  • make it easier for you to understand which data we collect and how we use it

  • give you increased control over your data

  • and provide a detailed explanation of your rights as a user.

  1. In General
    1. Runtastic GmbH, FN 334397k, Pluskaufstraße 7, 4061 Pasching, Austria (see our imprint) (“Runtastic“), is a brand of adidas AG (Adi-Dassler Strasse 1, 91074 Herzogenaurach, Germany) (“adidas“). We, the team of Runtastic, email address: (“Email Address”), process your personal data when you use our apps (“Apps”, go here for a list of all Apps) or website (“Website” and, together with the Apps, “Products”). The processing of your personal data takes place in compliance with applicable local data privacy laws, e.g. the EU General Data Protection Regulation (“GDPR“), the Austrian data protection act in its current form and the California Consumer Privacy Act (“CCPA“).

    2. In this privacy policy (“Privacy Policy”) we want to provide you with information about us, the nature, scope and purposes of the data collection and use, giving you insights into the processing of your personal data.

  2. Controller
    1. Controller. In general the controller of data processing is Runtastic. For the adidas Membership Program, adidas is the data controller. You can contact us via email under the Email Address.

    2. Data Protection Officer. Our data protection officer can be contacted under the Email Address. Should you have any questions regarding the processing of your personal data, please do not hesitate to contact him/her.

  3. Which Data We Collect And Process
    1. In General. Runtastic processes personal data that you as a user of the Products make available to us, for example by using our Products, and that others provide to us (“Data”).

    2. Categories of Personal Data.

      These are the categories of personal data we collect directly or indirectly from you:

      Identity information – includes: name (first, last), date of birth, e-mail address, gender, profile picture, unique consumer identifier number (including your adidas Membership Program number), social media identifiers and information passed along to us via your Facebook or Google account, your device fingerprint, and gift card codes that are assigned to you. We use it to verify your identity.

      Contact information - includes: your phone number, shipping and billing address, e-mail address, Messenger ID, social media handle, any other communication channel you have used to contact us for more information. We use it to contact you for different reasons depending on the purpose.

      Location information - includes: your residential location, current log-in location (IP address), and/or GPS location (if you wish to share it with us, for example through your mobile device settings) or other phone related location data (e.g. via WiFi or Bluetooth), or the specific Runtastic and adidas site you visited that might give us clues about where you are. We use it to operate our products and adapt your product experience to your location.

      Size information - includes: shoe size, clothes size, height, weight, chest, waist, hip, inseam, body shape, heel-toe measurement. We use it to operate our products and make sure your gear fits.

      Purchase information - includes: payment provider, duration of your Runtastic subscription, price, currency, VAT (based on country info). We use payment providers to process payments. Although we do not store any credit card information ourselves, we store a payment ID number that is given out by the respective provider (e.g. Apple, Google, Adyen, PayPal) and can be allocated to you. We use it to process your payments.

      Behavioural and Profile information - includes: your adidas shopping history, your adidas shopping preferences, in-store interactions, product reviews, social media interactions with us, and any other intelligence we have about you to help us learn you as a consumer better, including “Community information”. We use it to know you better as a consumer, so we can send you marketing messages containing only products and services that we think you might be interested in.

      Community information – includes: friendship and follower information in the Runtastic community, information provided by you when you participate in various Runtastic or adidas events and groups/communities either as a trainer, team member, a participant or as a promoter of our events, including for example: pictures, videos, your team, your interests and preferences, your feedback, leaderboards, event participation, joined groups and registration details.

      If you explicitly allow us to access your phone book, we will compare the email addresses of your contacts with email addresses from registered users within the Runtastic community and send you a list with friend suggestions. We do not store this information in any way.

      We use Community information to operate our products, to organize the events and communities, and to connect you with other members within our communities.

      Social Media information – includes: information obtained through your interaction with us on various social media channels such as Facebook, Instagram, Google, etc., including: any social media information that is publicly available such as your social media handles, social media interactions and public postings, your “Likes” and other reactions, your social media connections, your photos that are public, or those you send to us by mentioning us or following our social media posts by using “handles” or “hashtags”. We obtain this information from the social media network (e.g. Facebook, Snapchat, Instagram, etc.) directly or indirectly through third-party agencies we have agreements with.

      Device information – includes: Information about your device or browser that give us an idea about your browsing behaviour or device usage. Your device information is collected by our apps, and your browser information is collected by our cookies, tags, and pixels. This is often required for network security purposes. This includes, but not limited to: IP address, date and time of the visit, how long you remained on our website, transmitted data volume, the referral URL (if you came to our site via a different site or an advertisement), the pages visited on our site, your browser type (including language and version of the browser software) and add-ons, device identifier and features, device type, versions, operating system.

      Activity information - includes: fitness data (for example workout start and end times, activity type, sports category), sensor data (this includes, but not limited to: step goal, duration, pace, distance, calories, heart rate, RunScore and speed), nutrition information (e.g. time, calories, meal information (name, type, macronutrients, micronutrients), and other data (e.g. routes and photos including location data) related to your fitness app. We use it to operate our products, to help you improve your performance goals and improve your user experience and identify what products might be best for you based on your exercise patterns.

      Preference information - includes: preferred language, login location, units (distance, weight, temperature), personal goals and motivation (e.g. yearly running goal, weight goal), training plan information (e.g. start date, training plan, associated fitness activities), shoe information (brand, model, size, color, picture) and your adidas product reviews. We use it to give you convenience when you visit and/or shop on our sites and apps.

      Creators Club information – includes: Unique Member Identifier (member ID), date you became a member, store ID (if you signed up in a retail store), source ID, country and brand of your original membership, membership points, engagement history, rewards history, membership vouchers associated to members.

    3. Data from Others.

      Registration via Facebook or Google

      If you register a Runtastic account via social login, we will receive the following information:

      • Facebook Inc. (1601 South California Avenue, Palo Alto, CA 94304, USA, “Facebook”): First and last name, email address, gender, birthdate, profile picture;
      • Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA, “Google”): First and last name, email address, gender, birthdate; and profile picture.

      Facebook Friend List

      We will receive information about your friends on Facebook if you explicitly allow us to access it. We will use this information to make friend suggestions in the Products, but do not store it.

      Import Fitness Activity Information from Connected Accounts

      General. We offer an automatic import of your fitness activity information from other platforms like Garmin, Nokia Health (Withings), and Fitbit. You have to explicitly agree to connect your account from those platforms to your Runtastic account beforehand in order to import such data.

      Apple HealthKit. We use Apple’s (Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA; “Apple”) HealthKit (for more information see here) framework, which provides a central repository for health and fitness data on iPhone and Apple Watch and – with the user’s explicit consent – lets apps communicate with the HealthKit store to access and share this data. We process the following data, obtained through the HealthKit framework and the Apple CoreMotion processor (for more information see here), for the purposes described below and with explicit consent by the user: steps, calories, distance, duration, and heart rate. New data attributes may be added to the HealthKit framework, which will be portrayed in the Product and which you have to consent to. Runtastic and Runtastic’s analytics service providers may analyze engagement data for research purposes designed to provide a personalized experience and motivate engagement in healthy habits. Runtastic does not use information gained through the HealthKit framework for advertising or similar services. You can always stop Runtastic from accessing your data by changing the settings of your mobile device.

      Google Fit. We use Google’s Fit SDK (for more information see here) which is an open platform that lets users control their fitness data. We process the following data, obtained through the Google Fit SDK, for the purposes described below and with explicit consent by the user: steps, calories, distance, duration, and heart rate. New data attributes may be added to the Google Fit framework, which will be portrayed in the Product and which you have to consent to.


      As a brand of adidas we may receive and process your personal data (categories of personal data see here):

      • Activity information
      • Behavioral and Profile information
      • Community information
      • Contact information
      • Creators Club information (only for members of the adidas Membership Program)
      • Device information
      • Identity information
      • Location information
      • Preference information
      • Purchase information
      • Size information
      • Social Media information

      for the described purposes (see 4.Why We Process Data).

    4. Service Use

      Google Analytics

      This Website uses Google Analytics, a web analysis service of Google. Google Analytics uses cookies. See our Cookie Policy for more information on cookies and how to opt-out of them. We use Google Analytics to analyze and constantly improve the use of our Products. The Products use Google Analytics in conjunction with the option “_anonymizeIP()”. This means, IP addresses are processed in a shortened form in order to prevent transmission of any personal data. The basis for the processing of data are our legitimate interests.

      Firebase & Google Analytics for Mobile

      General. For Apps on iOS and Android we use Google’s Firebase (for more information see here) and Google Analytics for Mobile (for more information see here). User data is transmitted in an anonymized form to Google. Our Apps use identification for mobile devices, including the Google Advertising ID (“GAID”) and the ID for Advertising for iOS (“IDFA”), as well as technologies similar to cookies for the use execution of the Analytics for mobile service.

      Purpose. We use Firebase and Google Analytics to analyze and constantly improve the use of our Products. Through the statistics we are able to improve our services and make them more interesting for users. In those special cases in which personal data is transmitted to the USA, Google is certified via EU-US privacy shield. The basis for the processing of data are our legitimate interests.


      For Apps on iOS and Android we use the services of Adjust GmbH (Saarbrücker Str. 37a, 10405 Berlin, Germany, “Adjust”). This allows us to us to track and analyze which marketing channels or sources are producing the best results for directing users to download the Products and to help us understand how our users are using our app. For this purpose, Adjust processes mobile identifiers such as the IDFA, GAID or similar mobile identifiers. For more information on Adjust, see here, especially section 3. To opt out of tracking by Adjust please go here. The basis for the processing of data are our legitimate interests.

      Runtastic Event Tracking

      When you are using our Products, we will collect certain event information (e.g. opening a Runtastic app, starting a sport activity, visiting our Website) and send them to our servers. This allows us to analyze and constantly improve the use of our Products.

      Facebook Analytics

      For Apps on iOS and Android we use Facebook Analytics (for more information see here). This allows us to us to track and analyze which marketing channels or sources, in connection with Facebook, are producing the best results for directing users to download the Products and to help us understand how our users are using our app. For this purpose, Facebook Analytics processes mobile identifiers such as the IDFA, GAID or similar mobile identifiers. For more information on Facebook Analytics, see here. The basis for the processing of data are our legitimate interests.

    5. Cookies and Similar Technologies.


      What Are Cookies. The Website uses 'cookies' – small text files that are placed on your computer, mobile device and/or stored by the browser. The basis for the processing of data via cookies are our legitimate interests.

      Cookie Policy. For more information on the cookies we use, which, if any, personal data they collect, and how to disable them, please see our Cookie Policy here.

      Do Not Track Signals The Products do not recognize or respond to browser-initiated Do Not Track signals. To learn more about Do Not Track signals, you can visit

  4. Why We Process Data (“Purposes”)
    1. Operating the Products. Runtastic and adidas process your data to be able to provide you with a seamless user experience when using the Products.

      Providing Services. To operate the Products and provide the services, including to

      • authenticate your access to an account;
      • track and display your health and fitness activities
      • show your training progress and statistics; and

      Global credential to all adidas/Runtastic Platforms. We know you don’t like to remember usernames and passwords, or having to register multiple times. To enable our users to log on to all platforms, portals, services, communities and apps operated by or on behalf of adidas Data Controllers (which includes the Runtastic Apps and services) (“adidas Platforms”) with one set of log-in credentials (“adidas Log-In”), we store your adidas/Runtastic Log-In in the global authentication platform from adidas. When you use your adidas/Runtastic Log-In to enter any adidas/Runtastic Platform, we will use a token to verify your identity from the adidas/Runtastic global authentication platform. This also further ensures our network and domain security. The basis for the processing of data are our legitimate interests.

      Connect with Friends. To make it easier for you to find and connect with others. We may use the information you have shared within the products, including GPS data, to suggest connections between you and people you may know. For example, we may associate information that we learn about you through your and your friends’ use of the products, and information you and others provide, to suggest people you may know or may want to transact with through our products.

      Customer Support. To investigate, respond to your requests, and resolve complaints and service issues, e.g. to contact you about a question you submitted to our customer service team.

    2. Business Needs. We process your data to manage our business needs.

      Performance. We process data to monitor, analyse, and improve the use of our Products, as well as protect the security or integrity of the Products, and their performance and functionality. For example, we analyze user behaviour and perform research about the way you use our Products.

      Research and Development. We process data, including public feedback, to conduct research for the further development of our Products, in order to provide you and others with a better, more intuitive and personalized experience, and drive user growth and engagement in our Products.

      adidas Membership Program (where applicable).

      Please note this section only applies when you are part of the adidas Membership Program. If you are part of the adidas Membership Program, adidas maintains and administers your membership as described in Part B of the Runtastic Terms & Conditions. Details regarding all data processing activities by adidas can be found here.

      In particular, your personal data is used for, but not limited to:

      • calculating your club points to provide you rewards;
      • providing you access to special offers and promotions;
      • sending you invitations to exclusive events;
      • allowing you access to limited edition products;
      • providing you access to a premium Runtastic subscription when eligible;

      When you use your adidas Membership Program membership ID, adidas receive the information to calculate reward points for you, such as when you purchase in participating adidas brand retail stores.

      You will receive email marketing messages from Runtastic and adidas if you are a member of the adidas Membership Program.

      When you use the Apps with your adidas Membership Program membership, Runtastic and adidas use push notifications in the app to communicate information about your membership or promotional activities and offers. You can switch off push notifications at any time using “Settings” on your mobile devices. However, if you switch off push notifications, Runtastic and adidas may need to contact you via email for important messages relating to your membership. The basis for the processing of your personal data is the performance of contract.

      Marketing General. We process Data to deliver (tailored) marketing materials about adidas/Runtastic products and online services to you.

      Email/Push Message Marketing. With your consent, Runtastic and adidas will send you personalized marketing emails or push messages with information on fitness and health-related topics as well as adidas products. Based on your consent, Runtastic shares personal data with adidas for personalization purposes and vice-versa.

      We would like to inform you that we assess your user behavior when reading the emails with the help of so-called web beacons or tracking pixels. The information created by this is then linked to the information collected in in 3.2 Categories of Personal Data, your email address, and an individual ID. With this merged information, we can create a user profile to personalize our marketing emails / push messages. We collect data on when you “Click on” our emails, or which links you click, and combine this with your actions in the Product.

      We store and use your data for the purpose of email marketing or marketing on the Website by Runtastic and adidas. You can revoke your consent to the marketing emails and push messages at any time, by clicking the link at the end of the email or changing your device settings concerning push messages. We store the tracking information as long as you are subscribed to our marketing emails.

      Targeted messages on 3rd-party advertising platform.

      Runtastic and adidas use third-party advertising platforms, such as (but not limited to) Facebook, Google, YouTube, Instagram, Twitter, Snapchat, Pinterest to send you messages that are targeted at you, based on your behaviour and browsing pattern, at specific times and locations of these platforms to increase the efficiency of our advertising campaigns. Runtastic and adidas use third-party solutions such as Google Audience and Facebook Audience (but not limited to) to help us do a better job at targeting our campaigns and messages for our consumers. Your personal data (see 3.2 Categories of Personal Data) is shared with the third-party advertising platforms, and they will attempt to match your profile in their database to determine the optimal time and place (e.g the page you are browsing) to show you an advertisement from Runtastic or adidas. We also need to analyse necessary information to understand the impact of our campaigns. If you don’t accept that we use and share your personal data for this purpose, you will still see Runtastic and/or adidas advertisements on other platforms at random.

      You can learn more about how our Advertising Partners help us achieve this purpose by visiting their sites:

      Google Personalised Advertising:
      Google Advertising Policies:

      Facebook Lookalike Audiences: Facebook Custom Audience Terms:

      The basis for the processing of your personalized data is based on your Marketing Consent. An opt-out is possible at any time in your privacy settings. It may take a few days after the opt-out until you are removed from all audiences.

    3. Compliance and Enforcement.

      Compliance. We process your data to comply with our obligations and in compliance with all applicable laws and regulations.

      Enforcement. We process your data, if we think it’s necessary for security purposes or to investigate possible fraud or other violations of our Terms & Conditions or this Privacy Policy and/or attempts to harm our members or visitors.

  5. Sharing of Personal Data
    1. General.

      We share data with third parties

      • if this is necessary, for the purposes,
      • due to a request from a national authority,
      • due to a court ruling,
      • if required by law,
      • if necessary to investigate and defend ourselves against any third-party claims or allegations,
      • to exercise or protect the rights and safety of Runtastic, our members, personnel, or
      • if you have (explicitly) consented beforehand.

      We attempt to notify you about legal demands for your data when we think it is appropriate, unless prohibited by law or court order, or when the request is an emergency. We may dispute such demands when we believe that the requests are overbroad, vague or lack proper authority.

      Special categories of personal data, such as heart rate data or other health data, will never be shared with advertisers or similar agencies.

    2. Our Services.

      Profile. Your profile is fully visible to your friends on Runtastic by default. This means, as soon as you add friends in the products, those people will be able to see your profile, including when you join groups and events. In your privacy settings you can also set your profile visibility to “Only me” or “Everybody”. Please note that your first name, last name, and profile picture are visible to everybody at all times. This is necessary to enable others to send you a friend request.

      News Feed. Our services allow viewing and sharing information, including through posts, likes, and comments. Certain actions, such as tracking an activity, starting a training plan, upgrading to Premium Membership or establishing a new friendship connection, will be automatically posted in the News Feed. By default setting, only you and your friends will be able to see such activities in their News Feed. You can modify the visibility anytime in your privacy settings.

      Leaderboard. If you track an activity, you will automatically join a weekly/monthly Leaderboard of accumulated distance, duration, or number of steps among your friends. This means, once you add friends, you will be part of the Leaderboard. You can opt out of this at any time in your privacy settings.

      Challenges. These are competitions with a specific goal in a defined timeframe. There are different challenges available for registered users to join and with the possibility to win prices. You can compare your ranking with all users who are part of the same challenge. First name, last name, profile picture and performance metrics (e.g. total distance, total duration) are visible to all users within a specific challenge.

      Groups & Communities. Every registered user can create groups and can invite other users to that group as well as users can be invited to communities. Within a group or community you can interact with other members and compare your ranking with all users. First name, last name, profile picture and performance metrics (e.g. total distance, total duration) are visible to all users within a specific group or community.

      LIVE Tracking. The Products include a “LIVE Tracking” feature (“LIVE Tracking”), which enables other Runtastic users to see the route and data, including heart rates, of your sports activity on certain of the Products. LIVE Tracking can only be either completely activated or completely deactivated. LIVE Tracking is deactivated by default and can be activated by you at your own discretion. Once activated, it stays activated for new activities, unless you turn it off again. By activating the feature, you accept the responsibility for such activation at your own risk. If you do not want to give third parties access to your training route and data, then LIVE Tracking should not be activated.

      Heart Rate Monitor. Personal health information collected and stored by Runtastic, and subsequently shared by the user via Heart Rate Monitor, may not be protected under the American Health Insurance Portability and Accountability Act (HIPAA).

      HealthKit. If a registered user explicitly consents, Runtastic may share said registered user’s data obtained through the HealthKit framework with a third party for medical research.

    3. Services You May Use. Runtastic lets you connect to third-party services. For example, to enable you to connect other accounts to your Runtastic profile or for sharing your activities with friends.

      Health and Fitness Services. Runtastic transfers your information to other health and fitness services, such as Apple HealthKit, Google Fit or MyFitnessPal, only after you explicitly consent to the transfer when you connect to such services.

      Social Networks and Messenger Services. You can decide to share finished activities via Facebook, Twitter, WhatsApp, Telegram or any other messenger service you may use on your mobile device. Please note that we do not have any influence on or knowledge of the scope and the further use of the Data by the respective messaging service, and cannot take any responsibility for the use of your Data by the respective messaging provider. Please see the messaging service’s respective privacy policies for details.

    4. Service Providers

      Service Providers. We share your information to others who help us provide and improve our Products (e.g. maintenance, analysis, audit, payments, fraud detection, marketing and development). Service providers will have access to your information as reasonably necessary to perform these tasks on our behalf, and are obligated not to disclose or use it for other purposes. We use processors such as Adjust, Google, Facebook, Amazon Web Services, Inc., Emarsys eMarketing Systems AG, Pushwoosh, Inc., NewRelic, Inc., Apptimize, Inc. or Zendesk, Inc.

    5. adidas

      We share personal data (categories of personal data (see here):

      • Activity information
      • Behavioral and Profile information
      • Community information
      • Contact information
      • Creators Club information (only for members of the adidas Membership Program)
      • Device information
      • Identity information
      • Location information
      • Preference information
      • Purchase information
      • Size information
      • Social Media information

      for the described purposes (see 4.Why We Process Data) with the following data controllers (categories of recipients):

      • adidas Data Controllers: adidas AG is a Joint Controller for all locations with the adidas Local Selling Entity (see here).

    6. Recipients of personal data. As stated in sections 5.1 - 5.5, your personal data may be disclosed to different organizations. For additional information on what categories of your personal data may be disclosed to which categories of recipients, please see here.

    7. Data Selling. We do not sell any of your personal data to third parties.
  6. How Long We Store Data
    1. Retention Period. We need to maintain your data for as long as you have an account with us. If you are a user within the EU and you stop using our services without requesting to delete your data, we will keep it for 25 months after your last interaction with any Runtastic or adidas touchpoint. Beyond that, we only store data, if it is legally necessary (because of warranty, limitation or retention periods) or otherwise required.

    2. Account Deletion. If you decide to delete your account, all data Runtastic and adidas have about you will be deleted, with the following exceptions:

      • Any details made public by you (e.g. routes, comments on other registered users’ sport activities, will be anonymized, i.e. it will be made clear that such details were provided by a deleted user).
      • Any data required for Runtastic’s performance of contractual obligations or compliance with statutory retention obligations shall not be deleted, but minimized to the necessary extent.

      A deletion request does not affect data, if the storage is legally necessary, for example for accounting purposes.

  7. Which Rights You Have
    1. Exercise your Rights. To exercise your rights defined in sections 7.2 to 7.8, please send a request via email to the Email Address or via mail to our postal address.

    2. Revocation of Consent. You can revoke your consent – in those cases where consent for processing is necessary – for future data processing at any time. However, this does not affect the lawfulness of data processing based on the consent before the revocation. In certain cases, we may continue to process your information after you have withdrawn consent, if we have another legal basis to do so or if your withdrawal of consent was limited to certain processing activities.

    3. Right of Access. You have the right to obtain (i) confirmation as to whether or not your data is being processed by us and, if so, (ii) more specific information on the data. The more specific information concerns, among other things, processing purposes, categories of data, potential recipients, or the duration of storage.

    4. Right to Rectification. You have the right to obtain the rectification of inaccurate data concerning you from us. In case the data processed by us is not correct, we will rectify these without undue delay and inform you of this rectification. Please note that (i) you can rectify much of your information in the settings and (ii) it is not technically possible for us to rectify all kinds of data in our Product.

    5. Right to Erasure. You have the right to delete data we store about you. Should you decide to do so, please go to your account settings on the Website and delete your account there. If you are unable to do this, please contact us via the email address. As a safety measure, we will send you an email in order for you to confirm this deletion. We will delete your data after this confirmation. Please note that your phone may still have data stored on it after deletion of your account.

    6. Right to Restriction of Processing. You have the right to obtain a restriction of processing of your data from us in the following cases:

      • you make an inquiry pursuant para. 7.4, if you so request;
      • you are of the opinion that the processing of your data is unlawful, but are opposed to an erasure of Data;
      • you still require the data for the establishment, exercise or defense of legal claims; or
      • you have objected to the processing pursuant para. 7.8.
    7. Right to Data Portability. You have the right to (i) receive a copy of your Data in a structured, commonly used and machine-readable format and (ii) transmit those data to another controller without hindrance from us. You can download a copy of your data in your account settings on the website.

    8. Right to Object. You have the right to object at any time to the processing of data for which our legitimate interests are the legal basis, including profiling based on those provisions. You also have the right to object to processing of data for direct marketing purposes.

    9. Right to File a Complaint. You have the right to file a complaint with your local supervisory authority, if you think that the processing of data infringes applicable law.

  8. Further Important Information
    1. Legal Bases. Data protection laws regulate that we are only allowed to collect and process your data, if we have lawful bases for processing. The lawfulness of data processing stems from:

      • your (explicit) consent in cases where you have given (explicit) consent to the processing;
      • the necessity for the performance of your user contract, e.g. where data is needed for a satisfactory use of the Product; or
      • legitimate interests pursued by Runtastic or a third party, e.g. our use of cookies, plug-ins, or targeted advertising.

      Our legitimate interests include protecting you, Runtastic, or others from security threats or fraud, complying with all applicable laws, managing and improving our business (e.g. customer service, reporting) including possible corporate transactions (e.g. M&A), enabling users to share their and connect via their fitness experiences, and express all fitness and health-related opinions.

    2. Security Measures. We are committed to protecting your data and implement appropriate technical and organizational security measures to protect it against any unauthorized or unlawful processing and against any accidental loss, destruction, or damage. Those security measures are constantly revised to comply with the latest technological developments.

    3. What does Runtastic do when we transfer your personal data outside of the EU/EEA? Depending on the personal data processing activity, your personal data is shared with different “Categories of Recipients”. Where the recipient is located outside the EU/EEA, we have implemented necessary measures such as singing the EU Standard Contractual Clauses approved by the EU Commission or selecting vendors that certify and comply with the EU-US Privacy Shield Framework.

    4. California Consumer Privacy Act (“CCPA”) For information regarding your rights as a Resident of the US State of California under the California Consumer Privacy Act (CCPA), please refer to Annex 1 - Information for Citizen of the US-State of California under the California Consumer Privacy Act (“CCPA”).

  9. Changes to the Privacy Policy
    1. General. We review and update the Privacy Policy periodically to reflect any changes resulting from our day-to-day business operations. You can always check the date of the Privacy Notice to find out when we last made any changes. We will notify you when we make significant changes that you must be aware of.

    2. Last Updated. This Privacy Policy was last modified on 13 Dec, 2019.

  10. Questions, Complaints and Support
    Ask customer service: General help pages GDPR help pages CCPA help pages runtastic GmbH Pluskaufstraße 7 4061 Pasching Austria
    Toll free number for requests under CCPA by residents of the US-State of California: 888 694 6364
    Austrian Data Protection Authority Österreichische Datenschutzbehörde +43 (0) 1 52152 2550 Barichgasse 40-42 1030 Wien Austria
  1. Annex 1 - Information for Citizen of the US-State of California under the California Consumer Privacy Act (“CCPA”)

    Consumers residing in California have some additional rights with respect to their personal information under the California Consumer Privacy Act or (“CCPA”). If you are a California resident, this section applies to you and supplements the main privacy policy above.

    1. Categories of Personal Information Collected. In the preceding 12 months, we have collected the categories of personal information listed below. For more details about the data points we collect, please see section “3. Which Data We COLLECT AND Process” above.
      • Identifiers, such as name, email addresses, and billing and shipping address for online purchases, unique personal identifier, online identifier, Internet Protocol address, or other similar identifiers
      • Categories of personal information described in the California Customer Records statute (California Civil Code Section 1798.80), including physical characteristics, payment information and, for employment candidates, education and employment history.
      • Characteristics of protected classifications under California law, such as gender and age (over 40).
      • Commercial information, including records of products or services purchased or purchasing habits.
      • Biometric information, including any exercise data and preferences you share with us.
      • Internet and other similar network activity, such as browsing history or information regarding a consumer’s interaction with our website or products.
      • Geolocation data.
      • Audio and visual information, such as pictures you may upload to our site and recorded customer services calls.
      • Professional or employment-related information, for example, from employment candidates.
    2. Your Rights. Under the California Consumer Privacy Act of 2018 ("the CCPA"), California consumers have the right to request access to the specific pieces of personal information we have collected about them in the last 12 months. You may also request additional details about our information practices, including the categories of personal information we have collected about you, the categories of sources of such collection, the business or commercial purpose for collecting personal information, the categories of third parties with whom we share your personal information, the categories of personal information we have disclosed about you in the preceding 12 months. If you are a California consumer, you also have the right to request deletion of your personal information (subject to certain exceptions), to opt out of sales of personal information and to receive equal service and price and not be discriminated against even if you exercise any of their other CCPA rights.

      Please note that any CCPA rights requests made before January 1, 2020 will be treated as if made on January 1, 2020.

      California consumers may make a rights request by sending a request via email to the Email Address, via mail to our postal address or by making a call to our toll free service number. For all relevant contact information please see Section “10. Questions, Complaints and Support” above. Your request must include sufficient information that allows us to reasonably verify you are the person about whom we collected personal information, which may include your email address, name and account id (which is required only if you already have an account with us). We will not discriminate against you if you choose to exercise your rights under the CCPA.
    3. Sale of Personal Information. We do not sell any of your personal data to third parties.
    4. Further disclosures. For further disclosures regarding your personal information, as required by the CCPA, please refer to the main privacy policy above. You can find information about the business and commercial purposes for which we collect your personal information in Section “4. Why We Process Data (“Purposes”)”. For information regarding the sources from which we collect personal data from please refer to Section “3.3 Data from Others”. Section “5. Sharing of Personal Data” provides information about the categories of third parties to whom we disclose your personal information to, as well as information regarding which categories of personal information are being disclosed.