Privacy Policy App
Preface
We, MATS GmbH (hereinafter referred to as "the company," "we," or "us"), would like to inform you as a user of our application software for mobile devices "MATS App" (hereinafter referred to as "MATS App") and our website at https://app.mats.coach (hereinafter referred to as "MATS Platform") about our data protection practices in accordance with our obligations as a data controller under Articles 13 and 14 of Regulation (EU) 2016/679 (hereinafter referred to as "GDPR"). "MATS platform") based on our obligations as the data controller pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (hereinafter referred to as the "General Data Protection Regulation" or "GDPR") regarding the handling of your personal data within our company (hereinafter referred to as the "Privacy Policy").
In our privacy policy, we will refer to you as the data subject using terms such as "customer," "user," "you," or "data subject."
Guidance: Structure of our privacy policy
Our privacy policy is modular in structure to make it easier and quicker for you to find the information you need. Our privacy policy is therefore structured as follows:
-
In the general section of our privacy policy (I. General information), we provide you with information that is generally important when our company processes your personal data and is therefore relevant or may be relevant to all specific situations in which your personal data is processed.
-
In section II. of this privacy policy, you will find information about your rights as a data subject vis-à-vis us. To exercise these rights, you can use the contact details provided in section I. 2 of the general section (I.) of this privacy policy.
-
You can find out the specific purposes for which your personal data is processed when you use our MATS app, the legal basis for this processing, and how long your data is stored in the special section of our privacy policy (III. Data processing operations in detail).
Structure of our privacy policy
Guidance: Structure of our privacy policy. 1
Structure of our privacy policy. 1
2. Identity and contact details of the controller. 7
3. Lawfulness of processing (legal basis) 8
4. Information on storage duration 10
6. Recipients or categories of recipients. 10
7. Transfer of personal data to third countries 11
8. Information on automated decision-making (including profiling) 12
9. Use of cookies and cookie management. 12
10. Information on the obligation to provide personal data. 15
11. Legal obligation to transfer certain data 15
12. Changes to the privacy policy. 15
II. Your rights as a data subject. 16
4. Right to restriction of processing. 16
5. Right to data portability 17
7. Right to withdraw consent. 17
8. Right to lodge a complaint. 18
III. Data processing operations in detail 18
1. Information on downloading the MATS app from third-party providers (app stores) 18
2. Technical operation of the MATS app. 18
3. Registration and management of a user profile. 21
4. Planning sports activities and performance diagnostics. 24
5. Orders and transactions via the MATS app or MATS platform. 28
6. Payment methods and payment service providers 29
7. Use of analysis tools (Google Firebase/ Google Analytics 4) 34
8. Feedback function and support 38
10. Statutory commercial and tax retention obligations. 40
11. Legal defense and enforcement. 42
I. General
1. Definitions
1.1. "Personal data" (Art. 4 No. 1 GDPR)
is any information relating to an identified or identifiable natural person ("data subject"). A person is identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity. Identifiability may also be achieved by linking such information with other additional information. The existence, form, or embodiment of the information is irrelevant (photographs, video or audio recordings may also contain personal data).
1.2. "Processing" (Art. 4 No. 2 GDPR) means any operation performed on personal data, whether or not with the aid of automated (i.e., technology-based) procedures. This includes, in particular, the collection (i.e., obtaining), recording, organization, structuring, a) organization, a) storage, a) a) adaptation or alteration, a) reading, a) consultation, a) use, a) disclosure by transmission, a) dissemination or otherwise making available, a) alignment or combination, a) restriction, a) erasure or destruction of personal data, as well as the change of a purpose for which personal data are originally collected.
1.3. "Controller" (Art. 4 No. 7 GDPR) is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
1.4. "Processor" (Art. 4 No. 8 GDPR) is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller, in particular in accordance with its instructions (e.g., IT service providers). In terms of data protection law, a processor is not a third party.
1.5. "Third party" (Art. 4 No. 10 GDPR) is any natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or processor, are authorized to process personal data; this also includes other legal entities belonging to the same group.
1.6. "Consent" (Art. 4 No. 11 GDPR) of the data subject means any freely given, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by other clear affirmative actions, signifies agreement to the processing of personal data relating to him or her.
1.7. "Health data" (Art. 4 No. 14 GDPR) means personal data related to the physical or mental health of a natural person, including the provision of health services, and which reveal information about their health status.
2. Identity and contact details of the controller
2.1. We are the controller responsible for processing your personal data:
MATS GmbH;
Address: Max-Ernst-Straße 4, 50354 Hürth;
Phone number: 0176 81119190;
Email address:support@mats.coach .
Further information about our company can be found in the legal notice on our website at https://mats.coach/de/imprint-de/
3. Lawfulness of processing (legal basis)
3.1. In accordance with the General Data Protection Regulation, any processing of personal data is prohibited in principle and only permitted if specific data processing can be covered by one of the following justifications:
a) Consent, Art. 6 para. 1 sentence 1 lit. a GDPR
The legal basis for processing is consent if the data subject has freely given, informed, and unambiguous consent by means of a statement or other unequivocal affirmative action indicating that they agree to the processing of their personal data for one or more specific purposes.
b) Performance of a contract, Art. 6 (1) (b) GDPR
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. b GDPR if the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
c) Compliance with a legal obligation, Art. 6 para. 1 sentence 1 lit. c GDPR
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. c GDPR if processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., a statutory retention obligation).
d) Protection of vital interests, Art. 6 para. 1 sentence 1 lit. d GDPR
The legal basis for processing is Art. 6 (1) (d) GDPR if processing is necessary to protect the vital interests of the data subject or another natural person.
e) Tasks carried out in the public interest, Art. 6 (1) (e) GDPR
The legal basis for processing is Art. 6 (1) (e) GDPR if processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
f) Overriding legitimate interest, Art. 6 para. 1 sentence 1 lit. f GDPR
The legal basis for processing is Art. 6 (1) (f) GDPR if processing is necessary to safeguard the legitimate (in particular legal or economic) interests of the controller or a third party, unless the interests or rights of the data subject override these interests (in particular if the data subject is a minor).
3.2. In the specific section (III.) of this privacy policy, we will indicate the specific legal basis on which we process your personal data. However, processing may also be based on several legal bases at the same time. We will also indicate the legal basis for storing information on your device or accessing such information.
4. Information on storage duration
4.1. For the processing operations we carry out, we specify in the special section (III.) of this privacy policy how long the data will be stored by us and when it will be deleted or blocked.
4.2. Unless an explicit storage period is specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies.
5. Data security measures
5.1. We use appropriate technical and organizational security measures to protect your personal data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties (e.g., TSL encryption for our website), taking into account the state of the art, implementation costs, and the nature, scope, context, and purpose of the processing, as well as the existing risks of a data protection incident (including its likelihood and impact) for the data subject. Our security measures are continuously improved in line with technological developments.
5.2. We will be happy to provide you with further information on request. To contact us, please use the contact details provided in section I. 2. in the general section (I.) of this privacy policy.
6. Recipients or categories of recipients
6.1. We work with external technical service providers (e.g., for data center services, payment processing, IT security) to operate the MATS app and the MATS platform. These may therefore be recipients of your personal data. However, cooperation only takes place in compliance with data protection regulations and in accordance with our instructions and on the basis of data protection agreements, in particular order processing agreements in accordance with Art. 28 (3) sentence 1 GDPR. Specifically, the following processors are recipients of your personal data:
-
Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (Germany); we use this provider to host our web servers, on which we operate the MATS app and the MATS platform, among other things, and store your user profile (if available).
Each time you use the services of the MATS app/MATS platform or your user profile, this provider processes your personal data on our behalf.
6.2. Categories of recipients may also include government agencies/authorities, insofar as this is necessary to fulfill a legal obligation to which we are subject. The legal basis for the transfer of your personal data is Art. 6 para. 1 sentence 1 lit. c GDPR.
6.3. If, within the scope of specific data processing under Part (III.) of this privacy policy, there are further recipients or categories of recipients of your personal data, we will inform you of this separately at the appropriate point.
7. Transfer of personal data to third countries
The use of certain services may require us to transfer your personal data to countries outside the EEA ("third countries"). Such transfers to third countries are considered risky and require, in particular, an independent basis for transfer in accordance with Art. 44 (1) GDPR. You will be informed separately in the special section (III.) of this privacy policy whether and to what extent transfers to a third country are made in connection with a specific service used by us. The following constellations may be relevant in this context:
7.1. No transfer to third countries
If your personal data is not transferred to third countries, no additional legal basis is required under Art. 44 (1) GDPR.
7.2. Transfer to third countries
If we transfer your personal data to third countries, this is only permitted in compliance with the special requirements of Art. 44 (1) GDPR. We will specify the relevant legal basis in the relevant sections of the special section (III.) of this privacy policy. The following legal bases may apply:
a) Adequacy decision
The European Commission certifies certain third countries as having a level of data protection comparable to the EEA standard by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found at here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). This adequacy decision constitutes the legal basis for the transfer pursuant to Art. 45 (1) sentence 1 GDPR.
b) Appropriate safeguards
However, in certain third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. Where this is the case, we ensure that data protection is adequately guaranteed. This is possible on the basis of appropriate safeguards in accordance with Art. 46 (1) and (2) GDPR, in particular through binding corporate rules, standard data protection clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. Please use the contact details in section I. 2 of the general part (I.) of this privacy policy if you would like to receive further information from us.
7.3. Transfers to the USA
The processing of your personal data by US providers used by us, such as Google or Apple, may result in your personal data being transferred to the USA. There is an adequacy decision by the EU Commission pursuant to Art. 45 (1) sentence 1 GDPR based on the so-called "EU-U.S. Data Privacy Framework," which certifies that the US provides an adequate level of protection. This adequacy decision therefore constitutes the legal basis for a transfer.
8. Information on automated decision-making (including profiling)
We do not intend to use personal data collected from you for automated decision-making (including profiling).
9. Use of cookies and cookie management
9.1. General description
We use cookies to operate the MATS app. Cookies are small text files that are stored on the device memory of your mobile device and assigned to the app you are using, through which certain information flows to the entity that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make an app or website more user-friendly and effective overall, i.e., more pleasant for the user.
Cookies may contain data that enables the device used to be recognized. However, some cookies only contain information about certain settings that are not personally identifiable. Cookies cannot directly identify a user.
9.2. Types of cookies
A distinction can be made between two types of cookies based on their storage duration:
a) Transient cookies (session cookies)
Session cookies/transient cookies are automatically deleted when a user closes an app or leaves a website. These cookies store a so-called session ID, which can be used to assign various requests from a mobile app or website to the same user. This allows a user's device to be recognized when they return to a particular app or website. Session cookies are deleted when a user logs out of an app or closes it, or leaves a website.
b) Persistent cookies
Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie.
Cookies are also differentiated according to their function as follows:
a) Technical cookies
Technical cookies are strictly necessary to enable the user to navigate within an app or on a website and to use basic functions, as well as to ensure the security of an app or website; they do not collect information about users for marketing purposes, nor do they store which websites users have visited.
b) Performance cookies
Performance cookies collect information about how users use an app or website, which websites they visit, and, for example, whether errors occur during app use. They do not collect any information that could identify the user—all information collected is anonymous. The purpose of using performance cookies is to improve an app or website and find out what interests users.
c) Marketing/targeting cookies
Marketing or targeting cookies are used to provide users of a website or app with tailored advertising within the app or on the website or offers from third parties and to measure the effectiveness of these offers.
d) Sharing cookies
Sharing cookies are used to improve the interactivity of a website or app with other services (e.g., social networks).
9.3. Special legal bases under the TTDSG
In accordance with the German Telecommunications and Telemedia Data Protection Act (Telekommunikations-Telemedien-Datenschutz-Gesetz, "TTDSG"), the storage of information on an end user's device or access to information already stored on that device is only permitted if there is a justification under the TTDSG. We will specify these in the special section (III.) of this privacy policy. The legal basis under the TTDSG regularly applies in addition to that of the GDPR, if the information is personal data. The following legal bases of the TTDSG are generally applicable:
a) Consent, Section 25 (1) sentence 1 TTDSG
The legal basis is consent if the end user has indicated, on the basis of clear and comprehensive information, by means of a statement or other unequivocal affirmative action, that they agree to the storage of information on their end device or to access to information stored there. Consent is therefore regularly required for performance, marketing/targeting, or sharing cookies.
b) Technical necessity, Section 25 (2) No. 2 TTDSG
The legal basis is Section 25 (2) No. 2 TTDSG if the storage of information on the end user's terminal device or access to information already stored there is absolutely necessary in order for the provider of a telemedia service to be able to provide a telemedia service expressly requested by the user, such as an app. The use of technical cookies can generally be justified on this legal basis.
9.4. Cookie management and overview
You can manage cookie settings and disable certain types of tracking. To do this, select the "More" option in the footer and then select the "Profile" button to access the settings options.
10. Information on the obligation to provide personal data
We do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. As a customer or user, you are generally not under any legal or contractual obligation to provide us with your personal data. However, if you do not provide us with such data, we may only be able to provide certain services to a limited extent or not at all, and you may therefore not be able to use our offers and services or only to a limited extent.
If, in the context of the services we offer and the services used as described in the special section (III.) of this privacy policy, there is an exceptional legal or contractual obligation to provide data or if failure to provide data has certain consequences, you will be informed of this separately at the appropriate point.
11. Legal obligation to transfer certain data
We may be subject to a specific legal or regulatory obligation to disclose lawfully processed personal data to third parties, in particular public authorities. The legal basis for fulfilling this obligation is Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with the relevant legal provision, e.g. from police, criminal procedure, or tax law.
12. Changes to the privacy policy
As part of the ongoing development of data protection law and technological or organizational changes in our company, our data protection information is regularly reviewed for the need for adaptation or supplementation. We will inform you accordingly of any relevant changes to our data protection information.
II. Your rights as a data subject
You can exercise your rights as a data subject with regard to the personal data we process at any time by contacting us using the contact details provided in section I. 2 of the general section (I.) of this privacy policy. As a data subject, you have the following rights:
1. Right to information
In accordance with Art. 15 GDPR, you can request information about your data processed by us. In particular, you can obtain information about the purposes of the processing, the categories of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period of the data or, if this is not possible, the criteria for determining the storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, and the existence of automated decision-making, including profiling and, where applicable, meaningful information about its details.
2. Right to rectification
In accordance with Art. 16 GDPR, you may request the immediate rectification of inaccurate data or the completion of your data stored by us.
3. Right to erasure
In accordance with Art. 17 GDPR, you may request the erasure of your data stored by us, unless processing is necessary for the exercise of the right of freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, or for the assertion, exercise, or defense of legal claims.
4. Right to restriction of processing
In accordance with Art. 18 GDPR, you may request the restriction of the processing of your data if you dispute the accuracy of the data or if the processing is unlawful.
5. Right to data portability
In accordance with Art. 20 GDPR, you may request that we provide you with your data that you have provided to us in a structured, commonly used and machine-readable format or request the unrestricted transfer of this data to another controller.
6. Right to object
In accordance with Art. 21 GDPR, you have the right to object to the processing of your data if the processing is based on Art. 6 para. 1 sentence 1 lit. e or f GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. Unless the objection is to direct marketing, we ask you to explain the reasons why we should not process your data as we have done when you exercise this right. In the event of your justified objection, we will examine the situation and either stop or adjust the data processing or inform you of our compelling legitimate grounds for continuing the processing.
7. Right to withdraw consent
In accordance with Art. 7 (3) GDPR, you are entitled to revoke your consent at any time if you have given it to us, i.e. your voluntary, informed, and unambiguous declaration of intent, made in a clear manner by means of a statement or other unequivocal affirmative action, that you agree to the processing of the personal data concerned for one or more specific purposes. This means that we will no longer be allowed to continue processing the data based on this consent in the future. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
You can also withdraw your consent via the settings of the MATS app on your mobile device. To do this, select "More" in the footer and then select the "Profile" button in the user settings. There you can withdraw your consent for the data processing listed there using the selection boxes.
8. Right to lodge a complaint
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority regarding the processing of your personal data in our company.
III. Data processing operations in detail
In this section of our privacy policy, you will find detailed information on how we process your personal data.
1. Information on downloading the MATS app from third-party providers (app stores)
1.1.
The MATS app is available for download on various third-party platforms, such as Google Play or the Apple App Store (app stores). You can download and install the MATS app on your mobile device from these app stores. You therefore need an account with the app store from which you wish to download the app.
1.2. Personal data processed
During the download process, the following information in particular is transferred to the respective operator of the app store from which you download the MATS app:
-
the email address, user name, and customer number of the account used to download the app;
-
the individual device ID of your user device;
-
payment information;
-
the time of download
-
1.3. Data protection responsibility
We have no influence on the collection and processing of the aforementioned data relating to you; this is carried out exclusively by the app store you have selected. Accordingly, we are not responsible for this collection and processing; responsibility for this lies solely with the operator of the app store.
2. Technical operation of the MATS app
2.1. Explanation
In order for you to use the MATS app on your device, it is necessary for technical reasons that we process certain personal data relating to you.
2.2. Personal data processed
a) Log files
Every time a request is sent to our web server, a log file is automatically created. This file contains information about the device you used to send the request and other details related to the request, such as the date and time of the request.
The log file for a request consists in particular of the following data, which also constitutes personal data:
-
IP address of the requesting device;
If you do not provide the above data, you will not be able to use the MATS app or will only be able to use it to a limited extent.
b) Device information
We also collect data about your mobile device, such as device ID, device type, device-specific settings, and your settings in the MATS app.
If you do not provide the above data, you will not be able to use the MATS app or will only be able to use it to a limited extent.
c) Session ID
We also use transient cookies/session cookies to operate the MATS app. Explanations of the terms and their function can be found in section I. 9. of the general section (I.) of this privacy policy. We use these cookies to store your login details, as otherwise the MATS app would not be able to function. This is also the only way we can store your profile settings in the MATS app and enable you to make purchases via your user profile.
2.3. Processing purposes and legal bases
a) Technical operation of the MATS app
For the technical operation of the MATS app, a connection between your device on which the MATS app is installed and our servers is required. Otherwise, the MATS app cannot be used technically via your device. Furthermore, the MATS app can only be displayed properly on your mobile device if we have the relevant device information, log files from your mobile device, and the session ID.
The legal basis for processing is Art. 6 (1) (b) GDPR (performance of a contract), as the processing serves to fulfill our obligations under the General Terms and Conditions of Use with you, and Art. 6 (1) (f) GDPR (overriding legitimate interest). Our legitimate interest lies in ensuring that the MATS app is functional for use.
b) Error analysis and technical security
We process log files for error analysis and to ensure the stability and security of the connection to our app. The log files enable us to determine, for example, whether the app is being delivered to you correctly, whether there are any slowdowns in the connection, particularly due to high server load, or whether there are any other connection problems. The log files also enable us to detect possible cyber attacks on our systems more quickly and effectively.
The legal basis for this is Art. 6 (1) (f) GDPR (overriding legitimate interest). Our legitimate interest here lies in ensuring the functionality and security of the MATS app.
c) Cookies
The legal basis for placing and reading session cookies on your device is Section 25 (2) No. 2 TTDSG, as this is absolutely necessary to enable you to use our MATS app (technical cookies). Explanations of the terms and their function can be found in Section I. 9. of the general section (I.) of this privacy policy.
2.4. Storage period
For the purpose of operating the MATS app on your device, we store your personal data from the log files until the data is delivered to our servers upon request, but no longer than until the end of the session.
For the purpose of ensuring technical security, we store your personal data from the log files in our systems for 7 days from the time of collection.
Transient/session cookies are deleted when a user ends their session, i.e., when they log out of their user profile.
3. Registration and management of a user profile
3.1. Explanation
In order to use the MATS app, you must register with a user profile after downloading and installing it on your device.
3.2. Personal data processed
a) Necessary profile data
To register and use a user profile, you must provide the following personal data relating to you:
Failure to provide the above data will result in you being unable to use the MATS app.
b) Optional profile data
The provision of the data described below is not mandatory for registration and further use of the MATS app and can be provided voluntarily by you for your user profile:
Failure to provide the above data will not affect the functionality of the MATS app and will not have any adverse effects.
3.3. Processing purposes and legal bases
a) Registration, profile management, and contact
We use your necessary profile data as part of the registration process. You will receive a confirmation message from us at the email address you provided, which you can use to activate your profile.
We also process your necessary profile data as part of profile management and profile settings, e.g., in the event of a password recovery request, user authentication, or confirmation of a profile deletion or notification of a profile block.
We use your necessary profile data, in the form of your name and email address, to inform you of updates or changes to our terms of use or privacy policy.
We also use your name and email address in dangerous situations, for example to send you an alert or notification in accordance with Art. 34 (1) GDPR in the event of a cyber attack.
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. b GDPR (contract fulfillment) or Art. 6 para. 1 sentence 1 lit. f GDPR (overriding legitimate interest). Our legitimate interest lies in ensuring the proper use of the user profile and its security.
b) Verification of authorization and authentication
When you register with a user profile on the MATS app, we must verify that the email address you have provided belongs to you. To do this, we will send a confirmation message with a link to this email address, which you can use to activate your user profile and confirm ownership.
We also process the necessary profile data to check whether you are authorized to use the app in accordance with our General Terms of Use. For this purpose, we process your name, email address, and date of birth to ensure that you are of legal age at the time of registration, are not subject to any usage restrictions on our part, and are a real person. We will also verify the relevant information after registration if there are sufficient indications in individual cases that you are not authorized to use the service.
The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR (overriding legitimate interest). Our legitimate interest lies in being able to verify compliance with our Terms of Use.
c) Customization of the user profile
You can provide optional profile data to customize your user profile. This data is not required to use the MATS app, but serves only to improve the user's external presentation or to facilitate communication with other users.
The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR (performance of a contract).
3.4. Storage period
If you register with a user profile, we will store the profile data you provided during registration for the processing purposes described above until you change or delete it or delete your user profile altogether. You can find out how to do this in the following section, "Editing profile data and deleting the user profile."
If you have not activated your user profile within 24 hours of registering, the data you provided during the registration process will be deleted by us after this period has expired.
3.5. Editing profile data and deleting the user profile
You can add to, change, or delete your profile data at any time in your profile settings in the MATS app.
a) Profile settings via mobile device
If you use the MATS app on your mobile device, select the "More" category in the footer after starting and logging into the MATS app with your user profile. This will take you to an overview where you can select the "Profile" field under the "Profile settings" category. There you can edit your details in the designated fields. After editing, select the "Save" button to apply the changes you have made. Due to the requirement to verify the age of a user, the date of birth can only be changed, but cannot be deleted without replacement. The same applies to the user name, first name, and last name for the purpose of assigning the user profile and identifying the user.
If you want to change your email address or your individual password, select "Manage MATS account" in the profile settings and then select either the "Change email" or "Change password" option. However, the user profile must contain both an email address and a password at all times.
If you wish to delete your user profile, select the "Delete account" button in the "Manage MATS account" category after entering your password.
b) Profile settings via web browser
If you want to change your profile settings in your web browser, you must log in to the website at https://mats-web.mats.coach/ with your login details. You can then navigate to the "Profile settings" as described above via the "More" category in the left-hand sidebar of your web browser and change your settings as described above.
4. Planning sports activities and performance diagnostics
4.1. Explanation
a) Creation of training plans and training sessions
You can use the MATS app to plan your sporting activities in detail. You can create training plans in which you can define the training program and any targets for training sessions.
It is up to you as the user to decide whether and to what extent you wish to use this function and what personal data you wish to provide in the MATS app for this purpose. You can manage all information via a training dashboard in the MATS app or via the MATS platform.
If you provide us with information about the duration of a sporting activity and your subjective perception of exertion for a training session, we will use this information to calculate a value for a training session that will help you evaluate your performance (MATS SCORE).
b) Planning events and communicating with other users
You can also use the MATS app to plan sporting events, such as a running group, in which other users of the MATS app can also participate.
d) Importing activity records
You can upload data from recording devices such as smartwatches about your sporting activities, physical condition, and athletic performance (activity records) to the MATS app and display this data in a processed/analyzed form in diagrams and coordinate systems in the MATS app to get a quick overview of your own performance level.
-
You can upload the activity records to the MATS app using a so-called "FIT file" (Flexible and Interoperable Data Transfer Protocol) from the third-party provider Garmin, which is also used as standard by many other third-party providers. FIT files contain data about physical activities that are generated in real time by a corresponding recording device. You can upload the FIT file via "More" and "Connections" in the user settings. An imported FIT file can then be deleted via the MATS app or MATS platform. To do this, navigate to the corresponding activity in the calendar and select the "Delete" button in the "three-dot menu" of the activity.
-
If you have an account with a third-party provider (Garmin Connect, Wahoo, Polar, or Strava), you can also import your activity records from there into the MATS app. To do this, select the "Connections" button in the user settings under "More." There you can select the appropriate third-party provider with which the MATS app should connect. You will then be redirected to the website of the corresponding provider. After entering your login details, you can import your activity records stored there into the MATS app. The user is redirected to a connection menu where they can use a slider to select which data should be synchronized with the MATS app (activity data only, health data only, or both). The user can change these settings themselves at any time and also remove the connection to the MATS app. The user can select which categories of data they want to import, in particular whether recorded health data should be transferred to the MATS app or not. A connection can also be removed again using the settings described above.
e) Performance diagnostics
Based on your activity records, you can also have us perform performance diagnostics as part of an in-app purchase and use the results of this analysis to create your own individual and optimal training plan.
4.2. Personal data processed
a) Data on physical condition (health data)
When planning your sporting activities, you can provide the following information about your general physical condition:
-
Weight, waist circumference, body fat percentage;
-
Amount of calories consumed and amount of fluid intake;
-
Menstrual cycle;
-
Emotional state (fatigue, stress, motivation);
-
Heart function (heart rate variability, resting heart rate, blood pressure);
-
Sleep duration and quality;
-
Presence of injury or illness (yes/no);
You can also enter additional information in a text field for notes.
b) Data on training sessions
As part of your planned training sessions, you can voluntarily enter information on the following points:
-
Sport (swimming, cycling, running, etc.);
-
Location and date;
-
Duration and distance;
-
Intensity (average heart rate and performance);
-
Sports equipment used (brand, model, date of purchase, etc.);
-
Information about nutrition (amount of fluids, proteins, and carbohydrates consumed) before, after, and during a training session;
c) Activity records
You can provide us with the following additional data about your previous physical activities by importing the relevant records into the MATS app:
-
Start time of an activity;
-
Type of sport and secondary sport;
-
Total duration of an activity;
-
Distance and elevation gain during the activity;
-
Start location of an activity;
-
Distance of time-based activities;
-
Distance to all-day movement;
-
Active and resting calories (health data);
-
Heart rate and heart rate variability (health data);
d) Location data
You can also provide us with the following data about your location:
There is no contractual or legal obligation to provide the personal data and health data specified above. Failure to provide this data may result in the evaluations of your activities being less meaningful to you, as relevant evaluation data will be missing. However, if you wish to have a performance diagnosis carried out by us, failure to provide this data ( ) may mean that we are unable to carry out the diagnosis or can only do so to a limited extent.
4.3. Processing purposes and legal basis
The legal basis for the processing of the personal data described above is Art. 6 para. 1 sentence 1 lit. b GDPR (performance of a contract), as the processing serves to provide the functions of the MATS app and thus to fulfill the user agreement.
The legal basis for the processing of your personal health data is your consent in accordance with Art. 6 (1) (a) GDPR in conjunction with Art. 9 (2) (a) GDPR.
You can also revoke your consent via the MATS app settings. For more details, please refer to Section II. 7. in the description of your right to revoke this privacy policy.
4.4 Health data (e.g., heart rate and sleep data) may also be processed in the context of planning sports activities and performance diagnostics. This data may be transmitted to Svexa for the purpose of providing AI-supported functions ("powered by Svexa").
4.5 By activating the AI functions in the app, the user expressly consents to their health data (e.g., heart rate and sleep data) being processed by MATS and transferred to Svexa for this purpose (Art. 9 (2) (a) GDPR). Consent can be revoked at any time via the settings in the app with effect for the future. Revocation only restricts the AI functionalities; the app remains usable otherwise.
4.4. Storage period
Personal data will be stored for the specified purposes for as long as you provide us with the information or, in the case of processing of health data relating to you, until you revoke your consent.
You can delete your information at any time from the respective input fields or the respective training session from the training dashboard in the MATS app. In this case, we will also no longer store the corresponding information.
Personal data will be stored for the specified purposes for as long as you provide us with your activity records or, in the case of processing of health data relating to you, until you withdraw your consent. However, you can also delete your activity records from the MATS app. To do this, you must call up the respective activity and then select "Delete."
The storage of your personal data for the above purposes will end at the latest when your user profile is deleted.
5. Orders and transactions via the MATS app or MATS platform
5.1. Explanation
You can purchase services from us via the MATS app for a fee. Services that can be purchased by users include, in particular, the creation of performance diagnostics and premium access to the MATS app, which offers you additional functions. You can also purchase individualized training plans via the MATS platform.
If you wish to purchase services via the MATS app or the MATS platform, you must provide the personal data required to process your order in order to conclude the contract. The mandatory information required for this purpose is marked separately; further information is voluntary.
If you have a trainer profile on the MATS app, you can use it to upload training plans you have created for other users. We offer these training plans to other users in our own name via the MATS platform in return for payment, and you receive a share of the revenue for each sale. The execution and processing of this transaction is governed by our General Terms and Conditions for the MATS app and MATS platform.
5.2. Personal data processed
The following personal data relating to you may be processed in order to execute your order or transaction:
-
First and last name;
-
Address details;
-
Payment and order data;
-
Email address
We use the data in your user profile to create a multi-digit user ID that is permanently assigned to your user profile. This allows us to assign transactions and orders to your user profile. Data is only passed on to third parties in encrypted form and cannot be decrypted by the recipient.
If you do not provide us with your personal data, you will not be able to place orders via the MATS app or the MATS platform.
5.3. Processing purposes and legal bases
The legal basis for the processing of your personal data is Art. 6 (1) (b) GDPR (performance of a contract). We process your personal data for the purpose of fulfilling your order or transaction.
The legal basis for the processing of your name, address, and email address is also Art. 6 (1) (c) GDPR (compliance with legal obligations) in order to fulfill our legal (consumer) information obligations in electronic commerce and to provide you with the relevant information.
5.4. Storage period
We process your personal data for as long as is necessary to fulfill the order or transaction.
We are also required by commercial and tax law to store your address, payment, and order data for a period of ten years. However, after two years, we restrict processing, i.e., your data will only be used to comply with legal obligations. For more details on processing based on this, please refer to section III. 10 of this special section (III.) of this privacy policy.
6. Payment methods and payment service providers
6.1. Detailed explanation and information on data processing
When placing an order via the MATS app or MATS platform, you can select external payment service providers through which the payment process is to be handled.
If you select a payment service provider and do not provide the requested personal data, you may not be able to use the corresponding service provider and will have to select another payment method.
If we are obliged to pay you a fee in the event of a sale via your training profile, we will also use a payment service provider to transfer the corresponding fee to you. We use the payment service Stripe for this purpose (for more details, see letter c) below in this section).
The following payment service providers are available when placing an order with us:
a) Google Pay
If you select the payment method "Google Pay" from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment will be processed via the "Google Pay" application on your mobile device running at least Android 4.4 ("KitKat") and equipped with NFC functionality by debiting a payment card stored with Google Pay or a payment system verified there (e.g., PayPal). To authorize a payment via Google Pay in excess of €25, you must first unlock your mobile device using the verification method you have set up (e.g., facial recognition, password, fingerprint, or pattern).
For the purpose of payment processing, the information you provide during the ordering process will be passed on to Google along with the information about your order. Google will then transmit your payment information stored in Google Pay in the form of a unique transaction number to the originating website, which will be used to verify that the payment has been made. This transaction number does not contain any information about the actual payment details of your payment method stored in Google Pay, but is created as a one-time valid numeric token and transmitted. For all transactions via Google Pay, Google acts solely as an intermediary for the payment process. The transaction is carried out exclusively between the user and the originating website by debiting the payment method stored in Google Pay.
Google reserves the right to collect, store, and evaluate certain transaction-specific information for each transaction made via Google Pay. This includes the date, time, and amount of the transaction, the merchant's location and description, a description of the goods or services purchased provided by the merchant, photos you have attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description of the reason for the transaction, and, if applicable, the offer associated with the transaction. Google is solely responsible for such data collection and processing.
The Google Pay Terms of Service can be found at:
Further information on data protection at Google Pay can be found at the following Internet address:
b) Apple Pay
If you choose the "Apple Pay" payment method from Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland ("Apple") during the ordering process, payment will be processed via the "Apple Pay" function on your device by debiting a payment card stored with "Apple Pay." Apple Pay uses security features built into your device's hardware and software to protect your transactions. To authorize a payment, you must enter a code you have previously set and verify your identity using the "Face ID" or "Touch ID" feature on your device.
For the purpose of payment processing, the information you provide during the ordering process, together with the information about your order, will be transmitted to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay for the purpose of executing the payment. Encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm that the payment was successful.
Apple stores anonymized transaction data, including the approximate purchase amount, approximate date and time, and whether the transaction was successful. anonymization completely prevents any personal identification. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.
When you use Apple Pay on your iPhone or Apple Watch to complete a purchase you made using Safari on your Mac, your Mac and the authorization device communicate over an encrypted channel on Apple servers. Apple does not process or store any of this information in a format that can be used to identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to Wallet & Apple Pay and disable Allow Payments on Mac.
For more information about Apple Pay privacy, visit the following website:
https://support.apple.com/de-de/HT203027
c) Stripe
If you choose a payment method via Stripe Payments Europe Ltd. 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland ("Stripe"), we will transmit the information you provide during the ordering process (name, address, account number, bank code, credit card number, invoice amount, currency, and transaction number). Your data will only be transferred for the purpose of processing payments with Stripe and only to the extent necessary for this purpose.
Further information on Stripe's data protection policy can be found at the following Internet address:
https://stripe.com/de/privacy#translation.
You can select the following payment methods via Stripe:
Google Pay
For more information, please refer to section 6.1 lit. a) above in this section.
Apple Pay
Further information can be found above in section 6.1 lit. b) of this section.
PayPal
If you choose the "PayPal" payment method from PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg ("PayPal") during the ordering process, your personal data will be automatically transferred to PayPal.
The personal data transmitted to PayPal usually includes your first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. Personal data related to the respective order is also necessary for the execution of the purchase contract.
Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no traditional account number. PayPal enables online payments to be made to third parties or payments to be received. PayPal also acts as a trustee and offers buyer protection services.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or, if offered, "purchase on account" via PayPal. PayPal uses the result of the credit check in relation to the statistical probability of default to decide whether to provide the respective payment method. The credit check may contain probability values (so-called score values). Insofar as score values are included in the result of the credit check, these are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, is included in the calculation of the score values.
For further information on data protection, including the credit agencies used, please refer to PayPal's privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Stripe Checkout, Stripe Link
If you choose the "Stripe Checkout" or "Stripe Link" payment method from Stripe during the ordering process, your personal data will be automatically transmitted to Stripe.
Depending on the payment method, different payment details will be collected during the payment process, all of which are visible in advance. In addition, your name, email address, billing and delivery address, shop, location, payment amount, date, and in some cases the products ordered, your phone number, and your transaction history will be collected. Form entries that were not submitted because you cleared a text field will also be collected. In addition, the provider of the payment network you use may process data that we cannot control (e.g., PayPal, MasterCard, Visa) and, depending on the payment method, credit agencies or other third parties may be used for fraud prevention. The provider of the payment network is the controller in this regard within the meaning of the GDPR.
6.2. Processing purposes and legal basis
The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. b GDPR (performance of a contract).
6.3. We process your personal data for as long as this is necessary to fulfill the order.
We are also required by commercial and tax law to store your address, payment, and order data for a period of ten years. However, after two years, we restrict processing, i.e., your data will only be used to comply with legal obligations.
6.4. Transfer to third countries
Your personal data is also processed by the service providers Stripe, Google, and Apple in the USA. For more information on the legal basis for the transfer of your personal data, please refer to section I. 7.3. in the general section (I.) of this privacy policy.
6.5 Svexa Sweden AB (Wallingatan 12, 111 60 Stockholm, Sweden) and Silicon Valley Exercise Analytics Inc. (200 Continental Dr, Suite 401, Newark, DE 19713, USA) are also involved as recipients of certain data within the scope of the AI functions. These act as processors within the meaning of Art. 28 GDPR.
7. Use of analysis tools (Google Firebase/Google Analytics 4)
7.1. Explanation
We use the Google Firebase analysis tool for the MATS app and Google Analytics 4 (GA4) from the service provider Google Inc. on our MATS platform. When you use the MATS app or the MATS platform, certain data about your activities is stored and this information is used on our behalf by the service provider Google to evaluate your use of our services.
For your protection, we use the anonymization function ("IP masking"), which means that Google truncates IP addresses within the EU/EEA by removing the last octet of the IP address. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there (for more information on the purpose and scope of data collection, please visit https://policies.google.com/privacy?hl=de&gl=en).
7.2. Personal data processed
The following personal data is collected and processed when using the aforementioned services:
a) IP address and identification numbers (ID)
IP address of the requesting end device;
Instance IDs or user IDs: These are unique, randomly generated identification numbers that are used to track user behavior within the MATS app;
Advertising IDs (Android Advertising ID or IDFA on iOS): These are unique identifiers provided by the operating system of the end device and can be used to deliver personalized advertising to users.
b) User demographics and interests
Age
Gender
Interests based on user activities and profiles with the provider Google.
c) Device information
Device model;
Operating system version;
Screen resolution;
Identification of the mobile device, such as IMEI and MAC address, if activated by the user;
Preferred language setting;
Time zone.
d) App usage data
Interactions with the MATS app;
Screen views;
Duration of a session;
App crashes, errors, and exceptions;
In-app purchases and subscriptions.
e) Location data
General geographic location (country, region, or city) derived from the user's IP address. No precise location data, such as GPS coordinates, is collected.
f) Traffic data
Data on referral sources and campaigns to understand how users found the MATS app.
g) Additional usage data (cookies)
Google Analytics and Google Firebase use persistent cookies (explanation of this term can be found in section I. 9. of the general section (I.)), which are stored on your device and can be read by us. This enables us to recognize and count returning visitors and to find out how often our web pages have been accessed by different users. The following cookies may be used for this purpose:
Cookie Name | Zweck | Speicherdauer |
|---|---|---|
_gid | Dieses Cookie hilft uns zu zählen, wie viele Personen unsere Internetpräsentation besuchen, wenn Sie diese bereits besucht haben | 1 Jahr, 1 Monat, 4 Tage |
_gat | Dieses Cookie hilft uns, die Frequenz zu verwalten, in der Anfragen für das Anzeigen einer Seite gestellt waren. | 1 Jahr, 1 Monat, 4 Tage |
_ga | Dieses Cookie hilft uns zu zählen, wie viele Personen unsere Webseite besuchen, wenn Sie diese bereits besucht haben | 1 Jahr, 1 Monat, 4 Tage |
Furthermore, there is no contractual or legal obligation to provide the personal data specified in this section. If you do not provide this data, you will not experience any disadvantages when using the MATS app or the MATS platform.
7.3. Processing purposes and legal bases
a) Reach measurement and improvement of user experience
We use Google Analytics and Firebase to analyze and regularly improve the use of the MATS app and the MATS platform. The statistics obtained enable us to improve our offering and make it more interesting for you as a user.
The legal basis for processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
You can also revoke your consent via the MATS app settings. For more details, please refer to Section II. 7. in the description of your right to revoke this privacy policy.
b) Needs-based advertising
We also use the aforementioned analysis tools to deliver needs-based advertising to you within the MATS app and the MATS platform using the data collected.
The legal basis for processing is your consent in accordance with Art. 6 (1) (a) GDPR.
You can also revoke your consent via the MATS app settings. For more details, please refer to section II. 7. in the description of your right to revoke this privacy policy.
c) Cookies
The legal basis for the use of performance and marketing/targeting cookies (explanations of the term can be found in Section I. 9. of the general section (I.)) is your consent in accordance with Section 25 (1) sentence 2 TTDSG.
7.4. Storage period
The storage period for your personal data is a maximum of 14 months.
7.5. Further data protection settings
In addition to revoking your consent (Section II. 7 of this privacy policy), you can prevent the collection of your personal data as follows:
-
You can prevent the storage of cookies by adjusting your browser software settings accordingly; however, we would like to point out that in this case you may not be able to use all functions of the MATS app to their full extent.
-
You can also prevent the collection of data generated by the cookie and related to your use of our app (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (https://tools.google.com/dlpage/gaoptout?hl=de).
7.6. Recipients or categories of recipients
The information generated by the cookies about your use of the MATS app and MATS platform is usually transferred to a Google Inc. server in the USA and stored there. General information on data processing, which according to Google also applies to Google Analytics, can be found in Google's privacy policy atwww.google.de/intl/de/policies/privacy/ .
We have also entered into a contract with Google for order processing in accordance with Art. 28 GDPR. Google will therefore only use all information for the specific purpose of evaluating the use of the MATS app and the MATS platform for us and compiling reports on website activity.
7.7. Transfer to third countries
Your personal data will also be processed by the service provider Google in the USA. For more information on the legal basis for the transfer of your personal data, please refer to section I. 7.3. in the general section (I.) of this privacy policy.
A transfer to third countries takes place in particular in connection with the use of Svexa's AI services. The transfer to the USA takes place exclusively on the basis of appropriate safeguards, in particular the EU standard contractual clauses (Art. 46 GDPR).
8. Feedback function and support
8.1. Explanation
You can provide feedback on the MATS app and our services via the feedback function in your user profile. This may include reporting errors (support), suggestions for improvement, or ratings. Depending on the content of your message, we will send you an email to the email address you provided.
8.2. Personal data processed
In the event of feedback, we collect and process your email address and the information you provide in your description. If you choose to include a screenshot of your feedback, we will also process the information displayed on it.
8.3. Processing purposes and legal bases
The legal basis for the processing of the personal data referred to above is Art. 6 (1) (b) GDPR (performance of a contract) if the feedback concerns the correction of errors in connection with the use of the MATS app. The processing serves to provide the functions of the MATS app and thus to fulfill the user agreement.
The legal basis for processing in connection with reviews or suggestions for improvement is Art. 6 (1) (f) GDPR (overriding legitimate interest). Our legitimate interest lies in optimizing and improving our app.
8.4. Storage period
For the purposes described above, we process your personal data in the event of an error message until the error has been rectified or, if necessary, a workaround has been found or we have informed you that the error cannot be rectified or you have informed us that you no longer require further support from us.
We process your personal data in the event of evaluations or suggestions for improvement for 3 days after receipt for evaluation.
8.5 AI-supported evaluations and analyses by Svexa are carried out exclusively for the purpose of training optimization. They have no legal effect or similar significant adverse effects on users. The results are to be understood as recommendations and do not replace medical advice.
9. Newsletter subscription
9.1. We offer the option of subscribing to a free newsletter, through which we send you information about our app. When you subscribe to the newsletter, the personal data specified below will be transmitted to us. Your consent will be obtained during the registration process for the processing of your data and reference will be made to this privacy policy. Your personal data will not be passed on to third parties in connection with the processing of data for the purpose of sending newsletters.
After you register, we will send you an email to the email address you provided, asking you to confirm that you wish to receive the newsletter. The purpose of this procedure is to verify your registration and, if necessary, to clarify any possible misuse of your personal data.
9.2. Personal data processed
When you register for our newsletter in the MATS app, we store the email address you provide.
In addition, we collect, store, and process the following "newsletter data":
-
the date and time you accessed our website;
-
the description of the type of web browser used,
-
the IP address of the requesting computer, which is shortened so that it can no longer be traced back to a person;
-
the date and time of registration and confirmation.
There is no contractual or legal obligation to provide the personal data specified above. However, if you do not provide us with this data, you will not be able to subscribe to our newsletter.
9.3. Processing purposes and legal bases
Your email address is processed for the purpose of sending you the newsletter. By subscribing to our newsletter, you consent to the processing of your personal data at . The legal basis for this is therefore your consent in accordance with Art. 6 (1) (a) GDPR.
You can also revoke your consent via the MATS app settings. For more details, please refer to Section II. 7. in the description of your right to revoke this privacy policy.
We require the remaining newsletter data for verification purposes, i.e. to check whether the email address provided is yours, and to combat misuse. The legal basis for this is our overriding legitimate interest pursuant to Art. 6 (1) (f) GDPR.
9.4. Storage period
We generally store your email address only until you unsubscribe from the newsletter. We store the remaining newsletter data until we receive a confirmation email from the email address you provided, but no later than 7 days after unsubscribing.
10. Statutory commercial and tax retention obligations
10.1. Explanation and purposes
As part of our business activities as a company, we are subject to statutory commercial and tax retention regulations as the responsible body, in particular in accordance with Section 257 (1) of the German Commercial Code (HGB) or Section 147 (1) of the German Fiscal Code (AO). We are therefore obliged to retain certain business documents, in particular business letters and commercial correspondence received and sent by us, as well as accounting documents. Business letters or commercial letters are all correspondence that serves to prepare, execute, or reverse transactions or commercial transactions. These can be, for example, orders placed by you, but also any payment requests or order confirmations that we send to you. Accounting documents include, in particular, both incoming and outgoing invoices.
As we are obliged to retain such documents, it may be necessary for us to process personal data relating to you in this context.
10.2. Personal data processed
For the purposes mentioned above, we may process the following personal data relating to you:
-
Name data;
-
Address and contact details;
-
Bank account details.
10.3. Legal basis
The legal basis for processing is Art. 6 (1) (c) GDPR (fulfillment of a legal obligation) in conjunction with Section 257 (1) of the German Commercial Code (HGB) and Section 147 (1) of the German Fiscal Code (AO).
10.4. Storage period
The storage period begins upon receipt or dispatch of the commercial or business letter or upon creation of the accounting document.
In the case of business and commercial letters, these will be stored by us in accordance with Section 214 (3) sentence 1 of the German Fiscal Code (AO) and Section 257 (4) of the German Commercial Code (HGB) for a period of 6 years after the end of the calendar year in which they were sent or received.
We store accounting documents in accordance with Section 147 (3) sentence 1 of the German Fiscal Code (AO) for a period of 10 years after the end of the calendar year in which they were created.
10.5. Recipients or categories of recipients
The categories of recipients of your personal data are the competent tax authorities.
11. Legal defense and enforcement
11.1. Explanation and purpose
Should legal disputes arise with you regarding any claims or legal violations in connection with the MATS app or MATS platform, it may also be necessary for us to process your personal data in order to be able to conduct any pre-trial proceedings, court proceedings, or other formal procedures for legal defense, in particular against unauthorized claims or enforcement of our own legitimate claims and rights. For example, such a requirement may arise in the submission of evidence (contracts, correspondence) containing your personal data.
11.2. Personal data processed
Depending on the subject matter of the respective proceedings, different personal data may be processed for the above-mentioned purposes. However, your name and contact details as well as account details are generally processed.
11.3. Legal basis
The legal basis for processing is Art. 6 (1) (f) GDPR (overriding legitimate interest). Our legitimate interest in processing your personal data lies in the assertion, exercise, or defense of legal claims.
11.4. Right to object
The processing in this case serves to assert, exercise, or defend legal claims in accordance with Art. 21 para. 1 sentence 2 var. 2 GDPR. These are compelling legitimate grounds, which is why there is no possibility to object to this processing of your personal data at .
11.5. Storage period
The storage period is 3 years and begins at the end of the year in which a contractual relationship between you and us was terminated. In the case of a transaction, this is the time of performance of the service, in the case of termination of the user agreement, the time of termination.
Furthermore, we will store your personal data in the event of a legal dispute between you and us for as long as this is necessary to achieve the purpose, i.e. until such time as an official or court decision becomes final or a proceeding is otherwise legally concluded. In the event of a titled claim, we will store your personal data until it is fulfilled or becomes obsolete for other reasons.
11.6. Recipients or categories of recipients
Categories of recipients may include state courts, private arbitration tribunals, or state authorities.