All Collections
Data protection
Frequently Asked Questions about GDPR
Frequently Asked Questions about GDPR
Jan-Erik Isermann avatar
Written by Jan-Erik Isermann
Updated over a week ago

Data protection is an annoying but nevertheless very important topic. Here you will find answers to the most frequently asked questions about the new data protection regulation.

Does Fitogram comply with the GDPR?

We at Fitogram take data protection very seriously, of course. Let’s answer the most important question first: Yes, Fitogram does meet the requirements of the GDPR. 

The basic principles of the GDPR

Consent

For the processing of personal data, the consent of the person concerned must be obtained. This means that the consent of the person concerned must be obtained for data processing when registering for the newsletter, submitting the contact form and, under certain circumstances, when concluding a contract. At Fitogram, this is guaranteed by our improved registration process.

The right “to be forgotten”

At the request of a customer, all personal customer data that the studio has about the customer must be deleted. This means that the customer must be deleted from the customer database. This is particularly difficult if you have distributed your data across different systems, for example if you have saved a second Excel spreadsheet on your PC. Try to find out where your data is stored (e.g. with FitogramPro and in emails) and make sure that you can delete this data on request.  

Appointment of a Data Protection Officer

If you have more than 10 employees in your studio, you are obliged to appoint a data protection officer. At Fitogram this is Marcus Gallein - you can reach him at datasecurity@fitogram.pro.

What do I need to know about the GDPR as a site operator / studio owner?

If you have already fulfilled the requirements of the BDSG (German Data Protection Act), the changes are manageable. Here is a short checklist for your website:

Create and upload privacy policy

If you have not already done so, you should create a privacy policy. Here we recommend the e-recht24 online portal, for example.

Please make sure that you also include your web analytics tools (e.g. Google Analytics in your privacy policy).

If you use our online booking system, please proceed as follows:

  1. Under Section 1 (2) please add your name, your address, your email address. If you permanently employ more than 10 people, you must also appoint a data protection officer. In this case, please also include the name and email address of the data protection officer.

  2. Under Section 1 (3) please insert the link to your privacy policy.

  3. Please attach the entire document to your privacy statement.

Can I enter customers from my old database and send out invitations without the customers' prior consent?

Yes - you are acting here in your legitimate interest. The customers still have the option of not using us as a booking software afterwards. In the invitation, the customers must confirm the account and also accept the data protection regulations beforehand. This means that the clients still have the right to independently object to the use of Fitogram afterwards.

Do your customers have to accept Fitogram's privacy policy?

When your customers create an account with Fitogram, they must also accept our privacy policy. This is a legal requirements which we have to meet. When you add your customers to Fitogram (if they don't have a customer account), they only have to accept your privacy policy.

Encrypt website

The legislator requires appropriate technical measures to protect personal data. These should be “state of the art”. This means that you should use the "https:" standard. You can often request this via your web host.

Check contact form

If you use a contact form, you must also make sure that you obtain the customer's consent for data processing. Here it is also important that the customer actively agrees to the data protection declaration.


Agree to data processing agreements

If you share personal information - for example, with newsletter providers, payment service providers, web analytics providers, or other data processors, it is important that you have a contract with these partners. Our software will enable you to accept our data processing agreement in good time. If you want to read it now, you can find it here.

Where is your data stored?

Our data is stored on German servers (in Frankfurt). This enables us to comply with German data protection guidelines and, at the same time, provide faster access times.

What happens with a deletion request?

If one of your customers wants to be deleted from your system, you can do this directly via FitogramPro. If someone wants to delete their account with Fitogram, just forward this request to datasecurity@fitogram.pro.

To what extent must I inform my customers?

In principle, you only have to inform your customers about changes to the terms and conditions. As far as the data protection conditions are concerned, it is only important that you make a note of when they were last updated. Nevertheless, it is still a good idea to keep your customers informed about them.

What happens if a customer does not agree to the data processing?

In most cases, you may enter the customer in your software because you have a legitimate interest in the data processing according to Art. 6 Para. 1 Sentence 1. If they register via your online booking system or if you invite them, then they must agree to the data protection declaration. However, if someone wants to be deleted from your software at a later date, you must comply with this request.

How long is data stored?

In principle, we are obliged to store some data for 10 years. This is data that is relevant under commercial or tax law. With all other data, we limit the processing after 2 years.

Did this answer your question?