Table of contents
A. PRIVACY POLICY SUMMARY
A.1 Collection, Use, and Disclosure of Data
A.2 Privacy settings
A.3 Tracking
A.4 Communication
A.5 General
B. Privacy Policy
B.1 General Information
B.2 Which Data BeFaster.Fit Collects And How We Use It
B.2.1 Information You Provide Us
B.2.2 Automatically Collected Data
B.2.4 Data From Social Networks And Contacts
B.2.6 Technical Analysis Of Usage
B.3 How BeFaster.Fit Uses The Information And Data
B.3.1 Provision Of Our Services And Products
B.3.1.1 Recording And Analyzing Your Activities And Performance
B.3.1.2 Interaction With Other Users
B.3.1.4 Data Processing For Anti-Cheating
B.3.1.6 Communication With You
B.3.2 Provision And Use Of Ai Functions
B.4 Data Transfer – Only When It’s Absolutely Necessary
B.4.2 Publicly Viewable Information Outside The App
B.4.3 Publicly Viewable Information Inside The App
B.4.3.1 Why Some Users Need To See Certain Data About You
B.4.3.2 Which Data Will Be Visible To Other Users
B.4.3.3 How Other Users Can See And Find You
B.4.4 Affiliated Companies And Acquirers Of Our Company Or Our Assets
B.4.5 Cooperation With Law Enforcement And Regulatory Authorities (Including Courts)
B.4.6 Contractual Disputes And/Or Compliance With Laws
B.5 BeFaster.Fit Is Ad-Free
B.6 Information We Do Not Have Access To
B.6.1 No Access To Your Google Account Password
B.6.2 No Access To Your Hot Wallet Access Credentials
B.7 Your Data In Your Hand – Management And Rights
B.7.1 Adjusting Notification And Email Settings
B.7.2 Updating Account Information
B.7.3 Deleting Data And Accounts
B.7.4 How We Protect Information
B.7.5 Automated Decision-Making And Profiling
B.8 Protection Of Children’s Privacy
C. YOUR RIGHTS AND HOW TO EXERCISE THEM
C.1 Access To Your Data
C.2 Right To Rectification, Transfer, Restriction, And Deletion
C.2.1 Update, Rectify, Or Restrict Your Data
C.2.2 Right To Restrict Processing Under Article 18 GDPR
C.2.3 Delete Your Account Under Article 17 GDPR
C.3 Right To Object Under Article 21 GDPR
C.4 Right To Withdraw Consent Under Article 7 GDPR
C.5 Right To Complain
D. LEGAL BASES
D.1 Providing BeFaster.Fit Services And Features As Contractual Fulfillment
D.2 Data Collection With Your Consent Under Art. 9 GDPR
D.3 Promoting Legitimate Interests Under Art. 6 (1) (F) GDPR
D.4 Legal Obligations Concerning The Establishment, Exercise, Or Defense Of Legal Claims
D.5 Performing A Task In The Public Interest
E. FURTHER INFORMATION
E.1 Technical And Organizational Measures (TOM)
E.2 Procedure For Notifying Data Breaches
E.3 Storage Of Information And Retention Period
E.4 Users In The Usa
F. UPDATES TO THE PRIVACY POLICY
G. ANNEX
G.1 Annex 1 – Information For Residents Of Turkey According To The Turkish Personal Data Protection Law No. 6698 (“Tpdpl”)
G.1.1 Reminder Regarding The Controller
G.1.2 Information About The Data Protection Officer
G.1.3 Methods And Legal Bases For Data Collection
G.1.5 Contact Information Of The Local Data Protection Authority In Turkey
G.2 Annex 2 – Information About The Processing Of Personal Data Under The Korean Personal Information Protection Act (“Pipa”)
G.3 Annex 3 – Information On The Processing Of Personal Data Under The Brazilian General Data Protection Law (Lei Geral De Proteção De Dados, “Lgpd”)
G.3.2 Types Of Processing Activities We Conduct
G.3.4 Contact / Data Protection Officer
G.3.5 Responsibility For Data Processing
G.4 Annex 4 – Information On The Processing Of Personal Data Under The Data Privacy Act Of The Republic Of The Philippines Of 2012
G.5 Annex 5 – Information On The Processing Of Personal Data Under The Peruvian Data Protection Law (“Pdpl”)
BEFASTER.FIT Privacy Policy
Effective Date: October 4, 2024
Your privacy is very important to us. Before we dive into the details, here’s a quick summary of our key privacy practices at a glance. Simply click on the link to read the full section.
Read the full privacy policy here.
A. PRIVACY POLICY SUMMARY
A.1 Collection, Use, and Disclosure of Data
- Do we sell your personal information for monetary values? No
- Do we sell aggregated information for monetary values? No
- Do we share your personal information with third parties that are not service providers? Yes, with your consent
- Do we share your personal information for targeted advertising? No
- Do we use sensitive data categories such as health data? Yes, with your consent
- Do we provide additional privacy protections for minors (users under 18)? Yes
- Do we delete your personal information when you request the deletion of your account? Yes
- Do we retain your data after you request the deletion of your account? No
A.2 Privacy settings
- Do you have control over who sees your activities and content? Yes
- Do you have control over who sees your location-based activities? Yes
- Are the privacy settings for all your activities and profile set to public by default (set to “Everyone”)? No, only partially as a summary
- Can you download and delete your personal information? Yes
A.3 Tracking
- Do we track your device location when you are not using our app? No
- Do we track your device location while you use BeFaster.fit services? Yes, with your consent
- Do we use non-essential cookies? No
- Do we track your browsing activities on other websites? No
- Can we listen to you through your device microphone? No
A.4 Communication
- Do we inform you in advance if we make significant changes and updates to our privacy policy? Yes
- Do we send marketing communications to you? No
- Do we send you push notifications on mobile devices? Yes, with your consent
A.5 General
- Can U.S. citizens use BeFaster.fit? No
- Can individuals under 18 use BeFaster.fit? No, only BeFaster.fit Kids, once it is launched
- Can BeFaster.fit assist me in recovering my hot wallet credentials? No
B. Privacy Policy
We are always committed to providing you with the best possible service, and your privacy is very important to us at BeFaster.fit.
The following privacy provisions:
- Clearly explain what data we collect and how we process it
- Give you more control over your data
- Outline all the details regarding your rights as a BeFaster.fit user.
B.1 General Information
B.1.1 Responsible Party
BeFaster.fit Limited, C 95624, 4. Vincenzo Dimech Road, Floriana FRN 1504, Malta (see imprint). We process your personal data as the responsible party when you use our “app” (see our app here) or website (together with the app, “products”) or otherwise interact with us.
B.1.2 Applicable Law
Your personal data will be processed in accordance with the locally applicable data protection laws, such as the EU General Data Protection Regulation (“GDPR”) or the Maltese Data Protection Act (Chapter 586), as far as applicable.
B.1.3 Content
This privacy policy (hereinafter referred to as the “Privacy Policy”) provides you with information about us, the manner, scope, and purpose of processing your personal data, such as its collection and use, and gives you insights into data processing related to the use of our products. Please note that the processing of personal data of business partners and applicants is not subject to this Privacy Policy.
B.1.4 Contact
Our general contact point for any questions, requests, and concerns regarding the processing of personal data is the email address: accountmanagement@befaster.fit . Additionally, you can also contact us at the postal address provided above, attention of the Data Protection Officer.
B.1.5 Data Protection Officer
Our Data Protection Officer is responsible for all questions regarding your data, its security, and its protection. Frank Schulze has been appointed as the Data Protection Officer by Board Resolution dated August 1, 2022. If you have questions regarding the processing and deletion of your personal data, you can contact him at any time at the email address accountmanagement@befaster.fit .
B.1.6 Language
This policy has been written in English. It is only available on the website in English but can be automatically translated by your web browser. In case a translated version contradicts the English version, the English version prevails.
B.2 Which Data BeFaster.Fit Collects And How We Use It
At BeFaster.fit, we place great importance on providing you with an optimal and personalized fitness experience. To achieve this, we collect and process various types of personal data. Below, you will learn what data we collect, how we use it, and which categories of information play a role.
B.2.1 Information You Provide Us
We collect a range of personal data directly from you when you use our product. This includes:
- Identity Data: This includes information that uniquely identifies you, such as your nickname, Google email address, and age. This data allows us to create and securely use a BeFaster.fit account.
- Contact Data: Information such as your email address is used to securely log you into and identify you within the product.
- Profile and Activity Data: This data includes your type of activity, date and time of the activity, your results, speed, and distance. This information helps us deliver the right BeFaster.fit experience to you.
B.2.2 Automatically Collected Data
In addition to the information you provide, we automatically collect certain technical data as soon as you use our services. This includes:
- Device Information: We collect information about the device you use to access BeFaster.fit, such as your IP address, device identifiers, and operating system. This data helps us ensure the stability and security of our services.
- Location Data: To provide you with accurate GPS activity tracking and route mapping, we collect your device’s location data. We only collect this data if you have consented to it in your device’s privacy settings. You can easily withdraw your consent at any time.
- Usage Data: This includes information on how you use our services, which pages you visit, which features you use, and how long you are active in the app. This helps us improve the app for you and others.
B.2.3 Fitness And Health Data
To provide you with a comprehensive fitness profile, we collect various health and activity data when you use our app. This includes:
- Activity Data: We capture data on your physical activities, such as steps, distance, and calories burned in conjunction with GPS locations. This information helps us enable fitness tracking for you and run internal security mechanisms to prevent cheating, ensuring fairness and security for all users of the app.
- Health Data: We collect certain health data, such as heart rate, step frequency, and weight. This data is considered sensitive personal data, and you must provide us with your consent for its collection. If you agree, we also collect sensitive data. This data allows us to give you personalized insights into your fitness and health. You can set limits on whether and to what extent we may process this information at any time.
For more information on the legal basis (Art. 6(1)(a) and Art. 9 GDPR), please refer to the section on legal bases.
B.2.4 Data From Social Networks And Contacts
You can currently create your BeFaster.fit account exclusively via a Google account login process, allowing us to obtain certain information from this platform, such as your name, email address, and profile picture. This data enables you to register and log in, thus allowing access to all BeFaster.fit services. The option to connect with other third-party providers and platforms will be expanded in the future.
B.2.5 Payment Data
If you utilize paid features or subscriptions, we collect payment information to securely process transactions. This includes data such as credit card information, which is processed through external, PCI-compliant payment providers. BeFaster.fit itself does not store complete credit card data.
B.2.6 Technical Analysis Of Usage
We use certain analytical methods to improve your user experience. These technologies collect information about your use of our platform, such as your preferences, visit times, and interaction with various content. This helps us make our app even better and more engaging by understanding, evaluating, and assessing user behavior.
B.2.7 Other Data
We may collect information about you from service providers or directly from you, for example, when we gather your feedback through surveys.
We may also gather information about you from other BeFaster.fit users, such as when they send you VPAID to your internal BeFaster.fit wallet or add your profile to their favorites.
B.3 How BeFaster.Fit Uses The Information And Data
Below, we thoroughly explain how we utilize the collected data and information.
B.3.1 Provision Of Our Services And Products
Your data is primarily used to fully utilize the BeFaster.fit app.
B.3.1.1 Recording And Analyzing Your Activities And Performance
We capture and analyze your sports activities, including general run sessions and challenge runs. The results obtained are used for statistical overviews that allow you to track your sports performance. They are also used to classify your fitness level and to set and fulfill your main quest. Furthermore, the results help us properly manage your progress and achievements within the quest system and the distribution of VPAID. Finally, your athletic performance is a key criterion for your leaderboard position.
B.3.1.2 Interaction With Other Users
We use personal information, particularly your name, profile picture, athlete ID, and content you wish to share (such as creating challenges), to enable you to compete against other users. This also includes the profile feature, where other users can view parts of your statistics to decide whether to accept you as a challenge opponent.
B.3.1.3 Sharing Your Results
If you wish to share your sports performance and BeFaster.fit successes with others, we support you in doing so. We provide your running results and success notifications in branded design. You can decide whether to post results with your running route on a map provided by Google Maps or with a photo without the running route. Please note that public posting on social media of specific running routes with locatable geographical information carries a certain risk, and you may want to refrain from doing so, especially if it involves the same running route regularly. Ultimately, it is up to you whether, what, and when you share, but we encourage you to be mindful of your personal data and social media usage. You can also post your performance or achievements with a live-captured photo or an image from your gallery. This option does not allow for third-party localization. To access this feature, you must grant us permission. Please note that we do not store your images or social media posts. The access you grant to your camera or gallery only applies at the time of sharing the social media post, and you can revoke this permission at any time.
B.3.1.4 Data Processing For Anti-Cheating
We utilize methods such as machine learning or artificial intelligence, including analytical systems, to detect cheating. As an essential component of the BeFaster.fit app, fairness is ensured through systems that analyze your athletic behavior, identify it, and detect and prevent anomalies. To operate these systems, we require various personal data, such as your step frequency, GPS data, and heart rate.
B.3.1.5 Your Referral Code
When you create your user profile, we provide you with a personal referral code that is permanently linked to your account and cannot be changed. You can find comprehensive information about this [here](https://befaster.fit/referral/). This referral code entitles you to a share of the revenue when other users sign up using your code and generate revenue from their activities. The code is visible in your profile and is stored by us for attribution purposes. Furthermore, the code is part of the brand corporate design and is visible on your social media posts and in your invitation messages to friends. This aspect is not editable and is a fixed component of the business model for acquiring new users.
B.3.1.6 Communication With You
We use your email address to contact you regarding our services, such as informing you about essential changes to our terms. For this processing purpose, we share personal data with processors, in this case, our messaging service providers and CRM providers.
B.3.1.7 Your Statistics
Your running activity and some of your results are an integral part of certain product features whose disclosure is necessary and cannot be hidden. This includes, in particular, your fitness level, which is displayed in the arch around your profile picture, and a summary of your performance, including your total kilometers run, the time taken, average speed, elevation gained, and your leaderboard league and division.
B.3.1.8 Customer Support
We process personal data to respond to your inquiries about our products and address questions and concerns that reach us through various communication channels. This includes responses to inquiries regarding data protection and app usage. Your requests to our customer service are analyzed to ensure we can continue providing you with valuable service in the future.
B.3.2 Provision And Use Of Ai Functions
In relation to our products and their functions that utilize machine learning or artificial intelligence, we use some personal data to improve the quality, reliability, and/or accuracy of our AI features and to maintain a smooth anti-cheating model. To achieve this, we create, develop, train, test, improve, and maintain AI and ML models operated by BeFaster.fit or our service providers. We use aggregated information free from identifiable features to train the AI functions, relate personal data mathematically, and ensure fairness as a fundamental principle of our services. With your privacy settings and sharing permissions, we may also use personal information such as health and location information for measuring your runs against anti-cheating standards.
B.3.3 Business Analyses
We need to know how we are performing as a company. This is in the interest of our shareholders, management, employees, partners, and users. We create data models for various analytical purposes and analyze how our products perform in different markets, which product features are popular, what has worked and what hasn’t regarding our marketing and advertising campaigns, our product designs and sales strategies, our website design, and the overall user experience to establish, implement, and evaluate our business strategy.
This includes, for example, analyzing data to understand how users navigate our website and use the app to improve our user experience design, ensuring that our app and website continue to provide you with enjoyment and encourage you to keep using or visiting them. For this purpose, we may collect personal data by using technologies such as cookies, pixels, and tags to capture device information. Whenever cookies are used, you will be informed about it through a cookie banner and must provide consent in the form of an opt-in in accordance with Art. 7 GDPR. For more information about the cookies we use, the personal data they collect, and how to disable them, please refer to our cookie policy.
The legal basis for these processing activities is our legitimate interest.
The data categories processed for this purpose include identity data, location data, purchase data, profile information, device information, browsing information, activity data, correspondence, and, in the future, preference data. For this processing purpose, we share personal data with processors, in this case, analysis service providers and cloud service providers.
B.4 Data Transfer – Only When It’s Absolutely Necessary
We guarantee that we will never sell your personal data or aggregated information to third parties. Your personal data will only be shared with third parties if it is necessary for the operation of our product and the provision of all services.
B.4.1 Service Providers
We may share your information with third parties that provide services for BeFaster.fit, such as support, improvement, marketing, and securing services, as well as processing payments or orders. These service providers only have access to information necessary to perform these limited functions on our behalf and to protect your information. We may also engage service providers to collect information about your usage of the services over time to support BeFaster.fit in monitoring and developing the product in the interest of users and operations.
B.4.2 Publicly Viewable Information Outside The App
The public visibility of your data outside the app can be divided into two categories:
- Social Media: Here you decide what you post and when you post it. Who can see this data depends on your privacy settings. If you choose to post, we refer to this provision.
- Public World Wide Web: Outside the BeFaster.fit app, no one has access to your data. None of your data appears anywhere outside the user circle of the app. They are neither searchable nor viewable through search engines.
B.4.3 Publicly Viewable Information Inside The App
In accordance with the data minimization principle of the GDPR, we not only collect the minimum amount of data from you as a user but also limit the amount of data that can be viewed. The extent of full access to your profile, achievements, results, statistics, and accomplishments is subject to your privacy and data protection settings, which will be added after the completion of the beta test.
B.4.3.1 Why Some Users Need To See Certain Data About You
As BeFaster.fit is a competitive sports app, it is unavoidable that some of your data is made accessible to other users in compressed form. The reason is that everyone must have the opportunity to make an informed decision about whether they want to compete against you. The public viewing of your data in compressed form is minimized and extends only so far as to allow other members, as potential competitors, to assess against whom they might compete and whether their fitness level can match yours. This data compression is an integral part of our service, ensuring not only security but also fairness and promoting the aspect of sports motivation.
B.4.3.2 Which Data Will Be Visible To Other Users
Other app users can see your nickname, profile picture, whether or not you have a VIP package, your leaderboard position, your fitness level, and a summary of your athletic performance. The summary is exclusively an overview and refers to a specific time period. This summary includes:
- Total kilometers
- Total time
- Total altitude
- Average speed
- Total challenges completed
B.4.3.3 How Other Users Can See And Find You
Your profile can only be found within the app via a search function with your player ID.
Your profile is visible to other BeFaster.fit users:
- In the current leaderboard
- In the qualification list for the next event
- In the challenges if you participate in them
B.4.4 Affiliated Companies And Acquirers Of Our Company Or Our Assets
We may share your information with our subsidiaries if they exist; these are obligated to handle your personal information in accordance with their own privacy policies. If BeFaster.fit is involved in a merger, acquisition offer, insolvency, restructuring, liquidation, or other similar transactions, we may share or transfer your information in connection with such a transaction.
B.4.5 Cooperation With Law Enforcement And Regulatory Authorities (Including Courts)
If we are legally required to provide your personal data for reasons of national and public security, crime prevention, investigation and prosecution of offenses, anti-money laundering, conducting legal proceedings, protecting the rights and freedoms of others, and enforcing civil claims, we will provide the requested information as soon as we are sure that the request is legally justified. We may not be able to inform you about this if it violates the law.
The legal basis for these processing activities is our respective legal obligation, the necessity to protect vital interests of individuals, or the necessity in the public interest.
The categories of data processed for this purpose depend on the respective request/obligation and may include all categories of personal data that we process. In any case, we will limit the amount of personal data processed for this purpose to the minimum necessary.
B.4.6 Contractual Disputes And/Or Compliance With Laws
We must retain evidence in case of contractual disputes or to defend ourselves in case of investigations or disputes and complaints regarding compliance with data protection regulations, including the handling of data protection requests. In addition, we may need to process certain information that may also contain personal data to comply with legal retention periods.
The legal basis for these processing activities is our respective legal obligation or our legitimate interest.
The categories of data processed for this purpose depend on the respective obligation and situation and may include all categories of personal data that we process. In any case, we will limit the amount of personal data processed for this purpose to the minimum necessary.
For this processing purpose, we share personal data with authorities, including courts, with our legal counsel and tax advisors, and with processors, in this case, with cloud service providers and messaging service providers.
B.5 BeFaster.Fit Is Ad-Free
You will not receive any advertising from third parties forced upon you! You will not receive promotional emails. You won’t have to watch advertising videos, and you will not see any external advertisements in the app!
B.6 Information We Do Not Have Access To
Not all the information you have and use is accessed, reviewed, or stored by us. Please handle your access credentials carefully, as we cannot assist you with their recovery.
B.6.1 No Access To Your Google Account Password
We do not have access to your Google Account password. If you forget it, you cannot request recovery through BeFaster.fit. BeFaster.fit does not have a separate password for your account; it grants you access when you authenticate with Google.
B.6.2 No Access To Your Hot Wallet Access Credentials
To use BeFaster.fit properly, you need to link your BeFaster.fit account with a hot wallet, such as MetaMask, TrustWallet, or others. You can unlink and exchange this connection at any time. We establish the connection through an API interface and can mirror these hot wallets in the BeFaster.fit app. We do not have access to your access credentials, passwords, private keys, secret phrases, or mnemonic phrases. We do not see them and therefore do not store them. Please independently educate yourself on the proper storage and security of this critically important data, as losing it will result in a permanent loss of access to your hot wallet, and we cannot assist with recovery. If you permanently lose access to your hot wallet, it means the loss of your assets.
B.7 Your Data In Your Hand – Management And Rights
In this section, we inform you about the possibility of managing your data and what your rights are in the area of data protection law.
B.7.1 Adjusting Notification And Email Settings
One thing is clear: we will definitely not bombard you with marketing, especially not with marketing from third parties. However, we may ask for your opinions, criticism, and suggestions for improvement in the future. BeFaster.fit is for everyone and can therefore be co-developed by you as a user. We will notify you of new functions and features. If you do not wish to receive these notifications, you can adjust your data settings accordingly and turn off these messages.
B.7.2 Updating Account Information
You can correct, supplement, or update your profile or account information at any time by adjusting this information in your account settings. This allows you to rectify incorrect personal information in your account within the app. If there are any details you cannot correct through the app, please contact us at support@befaster.fit .
B.7.3 Deleting Data And Accounts
Under the account management menu, you can request the deletion of your account and all associated data. Account Management
A step-by-step guide can be found in the section regarding the exercise of your rights. To delete your account, please follow these instructions. Once you have submitted a request for account deletion, we will permanently and irrevocably delete your personal information from our systems, including backups. After deletion, your data, including your account, activities, and rankings, unclaimed rewards, and your BeFasterFriends, cannot be restored. The deletion of all personal information and system logs will occur within 30 days of receiving your request.
Please note that we have no control over content such as posts you have created on BeFaster.fit that you shared directly or publicly with others, or that others may have copied. In other words, content or information may still be available even if you have deleted your account or specific information from your own profile.
It is not possible to delete individual pieces of information. If you request deletion, everything will be removed.
B.7.4 How We Protect Information
BeFaster.fit takes measures to ensure that your information is secure and treated in accordance with the provisions of this privacy policy. We maintain administrative, technical, and physical security precautions appropriate to the sensitivity of your information, designed to protect against unauthorized use, disclosure, or access to personal information.
For the protection of your Google Account credentials, we refer you to Google’s security instructions.
B.7.5 Automated Decision-Making And Profiling
To ensure security and fairness in using the app, we utilize machine learning that analyzes and evaluates you and your sporting behavior to determine whether you are indeed you or whether your sporting performance was actually achieved by someone else, or whether you are attempting to cheat the app by using unauthorized means of transportation such as any kind of passenger transport, scooters, bicycles, skateboards, horses, rollerblades, etc. If our anti-cheating system detects an unauthorized anomaly, your sporting activity will be terminated, and you will be notified. In accordance with Article 22 of the GDPR, we inform you that we use biometric data, your sporting activities, geolocation data, and health data for profiling. The specifics of how and to what extent mathematical considerations are applied is part of our trade secret and cannot be detailed here while safeguarding our legitimate interests.
If you do not agree to the use of your data for anti-cheating profiling and ensuring comprehensive fairness, we ask you to refrain from using the app.
If you believe your sporting activity has been wrongfully challenged, we expressly request your cooperation in reporting this issue. This will help improve the system and avoid errors. We will conduct a manual review and adjust the system if it reacted incorrectly. You can report a misclassification within the app by going to your settings -> Report a Problem and following the instructions. Alternatively, you can simply send an email to support@befaster.fit . Please describe the circumstances as accurately as possible.
B.8 Protection Of Children’s Privacy
BeFaster.fit is not intended for individuals under 18 years of age and cannot be properly used by persons under 18 in financial matters, as it requires a hot wallet connection that can only be established by adults. If you are under 18 years old, you are not allowed to use the services. We encourage you to follow our social media and wait for the launch of BeFaster.fit Kids. BeFaster.fit Kids is specifically designed for individuals under 18 years of age and is subject to special factual and legal regulations. The processing of children’s data is carried out in accordance with the provisions of Article 8 of the GDPR, which excludes usage and also the approval of parents does not remedy the fact that children cannot use BeFaster.fit.
C. YOUR RIGHTS AND HOW TO EXERCISE THEM
There are extensive data protection laws that grant you various rights, particularly Articles 15 – 22 of the GDPR. These may vary depending on the jurisdiction (see special regulations in the annex).
C.1 Access To Your Data
You have the right to know what personal information we collect, use, share, or otherwise process, and to request access to it. You can access many of your information by logging into your account. If you need further access or would like to receive a summary of this data as an extract, please contact us at accountmanagement@befaster.fit .
C.2 Right To Rectification, Transfer, Restriction, And Deletion
You have the right to correct, transfer (Article 20 GDPR), restrict (Article 18 GDPR), or delete (Article 17 GDPR) personal information. You can request that we correct (rectify) your personal information on your behalf if it is incorrect, or restrict or delete it. Please note that these requests are subject to certain limitations; we may retain personal information within the legally permissible framework, for example, for tax or other retention purposes, to process transactions, and to facilitate customer inquiries, as well as for certain other business purposes described in this privacy policy.
C.2.1 Update, Rectify, Or Restrict Your Data
You can correct or restrict many of your information by logging into your BeFaster.fit account. You can edit your profile, correct, supplement, or update account information at any time. Please contact accountmanagement@befaster.fit if you need further assistance.
C.2.2 Right To Restrict Processing Under Article 18 GDPR
In the following cases, you have the right to request the restriction of the processing of your personal data from us:
- The personal data is no longer necessary for the purpose for which it was collected or processed.
- You have withdrawn your consent on which the processing is based, and there is no other legal basis for processing.
You have objected to the processing, and there are no overriding legitimate grounds for processing.
- The processing is unlawful.
- The personal data must be deleted to comply with a legal obligation under European Union law or the law of a member state to which BeFaster.fit is subject.
C.2.3 Delete Your Account Under Article 17 GDPR
If you want to delete your account, please follow these steps:
- Go to https://befaster.fit/account-management or to our website and click on Account Management in the footer.
- Click on Delete my Account.
- Fill out the requested form, naming the account that should be deleted.
- Confirm the registration.
- Open your Google emails.
- Check if you have received a verification email.
- Click on the verification link.
If you need help, please contact us at accountmanagement@befaster.fit . As a security measure, we will send you an email so you can confirm your deletion request, and we will delete your personal data only after this confirmation. Please note that data may still be stored on your mobile device even after your account has been deleted. Unless an exception applies, we will delete your personal information as soon as we receive and verify your deletion request, and instruct our service providers to delete your personal information as well. After verifying your deletion request, all your data will be deleted within 30 days. We emphasize here that all files will be permanently and irretrievably deleted. This includes all personal data, including your account, GPS data, system logs, activities, your ranking in leaderboards, unclaimed rewards, and your BeFasterFriends.
C.3 Right To Object Under Article 21 GDPR
If we process your information based on our legitimate interests or our contractual relationship, you can object to this processing under certain circumstances. In such cases, we will stop processing your information unless there are compelling legal grounds to continue processing or it is required for legal reasons.
C.4 Right To Withdraw Consent Under Article 7 GDPR
If we rely on your consent for certain processing operations (e.g., for the processing of health data or your GPS data), you have the right to withdraw this consent at any time by updating the permissions granted within the app. Please note that health-related data may still be displayed for past activities in accordance with the previously granted consent. We may continue to process your information after you have withdrawn your consent if there is a separate legal basis for doing so (for example, to comply with a court order) or if the withdrawal of your consent was limited to certain processing activities. If you withdraw your previously granted consent, it may be that you can no longer use some services of the app.
C.5 Right To Complain
You have the right to express concerns about our use of your information (without prejudice to any other rights you may have) and to contact us at support@befaster.fit regarding this. With respect to your right to complain, you may also report your concerns to the relevant local data protection authority.
D. LEGAL BASES
According to data protection laws, companies must have a legal basis for collecting, using, disclosing, and otherwise processing information about you. While some of your rights generally apply, certain rights depend on the legal bases we rely on for processing data. Below is an explanation of which legal bases apply to the collection and utilization of specific data, which are categorized into four main categories.
- Legal Basis: Our Mutual Contract : This basis refers to the necessity of fulfilling the agreements we have made with you (see the Terms of Use). This includes the processing of data necessary for providing the core functionalities of BeFaster.fit.
- Legal Basis: Your Consent (under Art. 9 GDPR): We ask for your consent to process certain data. You have the right to withdraw your consent at any time. This particularly relates to the processing of sensitive data, such as health data and geolocation, which is necessary for providing you with our services.
- Legal Basis: Our Legitimate Interest (under Art. 6(1)(f) GDPR): We process your data to safeguard our legitimate interests, such as ensuring fairness in the use of BeFaster.fit features, continually improving our services, and protecting our platform from abuse.
- Legal Basis: Legal Obligation : We process data to comply with legal obligations, such as cooperating with law enforcement authorities or protecting the data of minors. This processing may also be necessary for asserting or defending legal claims.
D.1 Providing BeFaster.Fit Services And Features As Contractual Fulfillment
As described in Section B, many core functions of BeFaster.fit cannot be provided and the terms of use cannot be implemented without processing data for the following purposes:
- Opening the account.
- Conducting running sessions in Free Run.
- Participating in challenges and interacting with others.
- Participating in quests.
- Participating in leaderboards.
- Managing and evaluating your sports performance.
- Providing and utilizing AI models and machine learning.
- Communicating with you as a user.
The legal basis for these processing activities is the necessity to fulfill our contract with you. This processing under this legal basis concerns the following data categories:
- Identifiers such as your username, user ID, IP address, email address, and other similar identifiers.
- Payment information via Google.
- Age provided by you.
- Commercial information such as proof of your VIP membership purchase.
- Information about internet or other electronic activities, such as session logs.
D.2 Data Collection With Your Consent Under Art. 9 GDPR
We ask for your consent to process your information for specific purposes, and you have the right to withdraw your consent at any time. Please note that withdrawing your consent does not affect the legality of processing based on consent before withdrawal. We ask for your consent to:
- Access your geolocation when recording GPS-based activities and to allow anti-cheating features.
- Record your activities.
- Collect or derive health data, which may include information derived from heart rate or other indicators. We use your health data to provide you with statistics and visualizations and to ensure that anti-cheating functions operate correctly.
- Collect and process information about third-party products and services, such as Google Fit, or devices and applications (e.g., running watches) you connect to BeFaster.fit.
- Access photos if you wish to post your performance or your BeFaster.fit achievements.
The legal basis for these processing activities is your consent to use the data. These are sensitive data that are partly necessary to provide our service, such as your geolocation data and the recording and processing of your biometric activity, as these are fundamental for categorization processes for various app services, which in turn are part of our mutual contract. This processing under this legal basis concerns the following data categories:
- Identifiers such as your nickname, user ID, IP address, email address, and other similar identifiers.
- Geolocation data, such as the physical location, direction, and speed of your recorded activity.
- Biometric information, such as movement data, as long as they contain identifying information.
- Electronic, visual, and similar information, such as photos.
- Health data, such as your heart rate.
D.3 Promoting Legitimate Interests Under Art. 6 (1) (F) GDPR
We process your data for our legitimate interests and those of other BeFaster.fit users. We implement appropriate security measures to protect your privacy, rights, and interests. We collect such data for the following purposes:
- To ensure fairness in using BeFaster.fit features and enable competitions among users.
- To individually customize the services and introduce new features. We may use your user ID, location data, and activity data when we inform you about new features.
- To maintain our business by measuring and continuously improving our services to provide our members and partners with innovative and tailored services.
- To secure and protect the services by using information to prevent or detect violations of our terms of use, fraud or abuse, and other harmful or illegal behavior. For this purpose, we may also share information with third parties, including law enforcement authorities.
- Your referral code will be included in all shares on social media to increase general brand awareness, ensure further company growth, and provide you with a monetary advantage as you help us with your shares.
The legal basis for these processing activities is our legitimate interest as per Art. 6 (1) (f) GDPR, which particularly concerns the maintenance and facilitation of the BeFaster.fit rules (see terms of use), which in turn is part of the mutual contract. Moreover, our legitimate interest lies in a structured and economically healthy continuation and expansion of the company, based on the analysis of generated and suitable user data. This processing under this legal basis concerns the following data categories:
- Identifiers such as your correct nickname, user ID, IP address, email address, referral code, and other similar identifiers.
- Payment information.
- The age you provided.
- Economic information, such as proof of your VIP membership purchase.
- Information about activities, such as session logs.
- Insights derived from the above information to create a profile reflecting your preferences, characteristics, behaviors, skills, and aptitudes, such as your personal performance.
D.4 Legal Obligations Concerning The Establishment, Exercise, Or Defense Of Legal Claims
We process data where we are legally required to do so, for example, when we respond to a valid and binding legal process from a law enforcement agency. We may also collect and process personal information, such as your date of birth, to comply with regulations requiring us to take additional protective measures for children.
Furthermore, we may need to assert, exercise, or defend civil or criminal claims related to actual or potential legal disputes, including to protect BeFaster.fit services, our property, or other legal rights, including those of our members or partners.
The following are some examples of laws from Malta and other EU Member States that require us to respond to inquiries regarding the processing of personal information:
- Regulatory Affairs: Compliance with legal obligations to cooperate with supervisory authorities, such as the Data Protection Commission, under the GDPR and the Data Protection Act (Chapter 586 of the Laws of Malta), as well as the relevant supervisory authorities under the Digital Services Act.
- Criminal Matters: Implementing requests from Maltese law enforcement agencies to transmit data in connection with an investigation (e.g., under the Criminal Code (Chapter 9 of the Laws of Malta) iVb Data Protection Act (Chapter 586 of the Laws of Malta) and Art. 10 GDPR, or taking measures to provide information to law enforcement authorities when necessary.
- Consumer Protection and Competition Matters: Fulfilling our obligations under consumer protection law, e.g., under the Consumer Affairs Act (Chapter 378 of the Laws of Malta) and the Malta Competition and Consumer Affairs Authority Act (Chapter 510 of the Laws of Malta), e.g., when the Maltese Competition and Consumer Protection Commission requests information, and to comply with our obligations under the Digital Services Act.
- Corporate and Tax Matters: Fulfilling our obligations under corporate law and tax laws, e.g., the Malta Companies Act (Chapter 386 of the Laws of Malta) and the Income Tax Act (Chapter 123 of the Laws of Malta).
- Information Security Issues: Implementing appropriate technical and organizational security measures, e.g., under the GDPR, particularly Art. 32 GDPR, and the Data Protection Act (Chapter 586 of the Laws of Malta).
The legal basis for these processing activities is legitimate interest and our legal obligation. This processing under this legal basis concerns the following data categories:
- Identifiers such as your nickname, user ID, IP address, email address, and other similar identifiers.
- Payment information.
- The age you provided.
- Commercial information such as proof of your VIP membership purchase.
- Information about internet or other electronic activities, such as session logs.
D.5 Performing A Task In The Public Interest
Where provided for by EU law or the law of an EU Member State, we may process your data to fulfill a task in the public interest. This may include protection against harm and research for social benefit. You have the right to object to the processing of your personal information and to request a corresponding restriction when we process information on this legal basis.
The legal basis for these processing activities is legitimate interest and our legal obligation. This processing under this legal basis concerns the following data categories:
- Identifiers such as your nickname, user ID, IP address, email address, and other similar identifiers.
- Payment information.
- The age you provided.
- Commercial information such as proof of your VIP membership purchase.
- Information about internet or other electronic activities, such as session logs.
E. FURTHER INFORMATION
E.1 Technical And Organizational Measures (TOM)
We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. In accordance with Art. 32 of the GDPR, we implement protection and TOM in the following ways:
- We offer the use of a secure server – we are using AWS Web Services.
- We employ encryption technologies to protect your personal data both during transmission and at rest. In particular, we use SSL/TLS encryption to ensure that all sensitive information is transmitted securely between you and our servers.
- Access to personal data is restricted to those employees who need this data to fulfill their tasks (‘Need-to-Know Principle’). Each access is protected by multi-factor authentication procedures, including password protection and two-factor authentication (2FA).
- We only collect and process the personal data necessary for the respective purpose, in accordance with the principle of data minimization, as per Art. 5 (1) lit. c of the GDPR.
- To ensure the availability of your data even in the event of hardware failures or other incidents, we create regular backups stored in secure data centers. These backups allow us to restore data in the event of a physical or technical incident.
- We regularly conduct security audits and penetration tests to identify and address potential vulnerabilities in our systems.
- To enhance security and prevent security incidents, we use a system for logging and monitoring access to personal data. This allows us to quickly detect unauthorized access and take appropriate countermeasures.
- All employees who work with personal data receive regular training on data protection, security, and the safe handling of IT systems to ensure that they understand and comply with applicable data protection regulations. This training occurs at least once a year and whenever updates or changes are made.
- We have implemented an incident management system that enables us to respond quickly in the event of data loss or a security incident. This includes a procedure for notifying affected individuals and authorities in accordance with legal requirements.
E.2 Procedure For Notifying Data Breaches
If a data breach occurs despite all security and precautionary measures, we will notify the relevant supervisory authority within 72 hours in accordance with Art. 33 of the GDPR. According to the internal security protocol, the report will be made by the management and the data protection officer in compliance with the formal requirements of the relevant supervisory authority. If the data breach also affects users, you will be promptly informed via email.
E.3 Storage Of Information And Retention Period
We store information as long as necessary to provide you and others with the services and to comply with legal obligations regarding the further retention of said information. Information about your account is generally retained until it is no longer needed to provide the services or until your account is deleted or becomes inactive. In making these decisions, we consider the scope, nature, and sensitivity of the personal information, the purposes for which the information is processed, whether we can achieve these purposes through other means, and the applicable legal provisions.
After you delete your account, it may take up to 30 days to remove all your personal information and system logs from our systems.
E.4 Users In The Usa
If you are a US citizen, you unfortunately cannot use BeFaster.fit. Once we expand into the US market, we will announce this through our social media channels. Please also refrain from attempting any technical solutions, hacks, or other means to obtain the app.
F. UPDATES TO THE PRIVACY POLICY
BeFaster.fit reserves the right to modify this Privacy Policy at any time. If we make changes to this privacy statement, we will post the revised privacy statement along with its effective date on this website. If we make changes that we deem to be material, we will provide prominent, advance notice. If you object to any changes to this Privacy Policy, you should stop using the Services and delete your account.
G. ANNEX
In some jurisdictions, there are special regulations to which we refer here.
G.1 Annex 1 – Information For Residents Of Turkey According To The Turkish Personal Data Protection Law No. 6698 (“Tpdpl”)
If you are a resident of Turkey, this section applies to you in addition to our Privacy Policy.
G.1.1 Reminder Regarding The Controller
We hereby state that there is no Turkish BeFaster.fit branch. Furthermore, we declare that BeFaster.fit Limited, 4 Vincenzo Dimech Road, Floriana FRN 1504, Malta, registered under number C 95624, is considered the controller under this Privacy Policy. BeFaster.fit Limited thus acts as the collector, gatherer, and processor of the data.
G.1.2 Information About The Data Protection Officer
Since the term “Data Protection Officer” is not defined in the TPDPL, it does not apply in Turkey. However, you can contact us via email at the accountmanagement@befaster.fit.
G.1.3 Methods And Legal Bases For Data Collection
We are only allowed to collect and further process your personal data if we have a legal basis for processing in accordance with Articles 5 and 6 of the TPDPL (including the necessity of processing personal data of the parties to a contract, provided that it is directly related to the establishment or fulfillment of the contract, and the necessity of processing personal data for the pursuit of the legitimate interests of the controller, provided that this processing does not violate the fundamental rights and freedoms of the data subject). We collect personal data, in accordance with the TPDPL, wholly or partially through automated means/methods that are part of the data collection system.
G.1.4 Your Rights
Except for the circumstances specified in Article 28 of the TPDPL titled “Exceptions,” you, as the data subject, have the following rights under Article 11 of the TPDPL when you contact BeFaster.fit:
- to learn whether your personal data is processed or not – this partially corresponds to the right of access, as described in the Privacy Policy, and can be enforced accordingly;
- if your personal data is processed, to obtain information about this processing – this partially corresponds to the right of access, as described in the Privacy Policy, and can be enforced accordingly;
- to learn the purpose of processing your personal data and whether they are used for the intended purposes – this partially corresponds to the right of access, as described in the Privacy Policy, and can be enforced accordingly;
- to know to whom your personal data is disclosed both domestically and abroad – this partially corresponds to the right of access, as described in the Privacy Policy, and can be enforced accordingly;
- to request the rectification of incomplete or inaccurate personal data – this corresponds to the right to rectification, as described in the Privacy Policy, and can be enforced accordingly;
- to request the deletion or destruction of your personal data in accordance with the provisions of the law and its regulations – this corresponds to the right to deletion, as described in the Privacy Policy, and can be enforced accordingly;
- to request notification of the operations carried out pursuant to the last two points – you will always receive this information when you have requested rectification or deletion;
- to object to the solely automated processing of your personal data that has adverse effects on you – this partially corresponds to the right to object, as described in the Privacy Policy, and can be enforced accordingly;
- to demand compensation for damages incurred due to the unlawful processing of your personal data.
G.1.5 Contact Information Of The Local Data Protection Authority In Turkey
Kişisel Verileri Koruma Kurumu, Nasuh Akar Mahallesi, 1407. Sok. No: 4,, 06520 Çankaya / Ankara
G.2 Annex 2 – Information About The Processing Of Personal Data Under The Korean Personal Information Protection Act (“Pipa”)
If you are a resident of the Republic of Korea, this section applies to you in addition to our Privacy Policy. According to the PIPA, we must delete all personal data, i.e., your user account, if you are inactive for more than 1 year. We consider you active if you log into our products, open them, or record or import an activity. The deletion of personal data at BeFaster.fit is done by completely removing the personal reference or by completely deleting the relevant data from all our systems.
Your Rights: In addition to the rights described under Your Rights Regarding Personal Data, you are entitled to demand compensation for damages incurred due to a violation of the PIPA by BeFaster.fit.
G.3 Annex 3 – Information On The Processing Of Personal Data Under The Brazilian General Data Protection Law (Lei Geral De Proteção De Dados, “Lgpd”)
Whenever personal data is processed to enable our app, website, or other services in Brazil, or if you are located in Brazil at the time your personal data is collected, the LGPD applies. Overall, the provisions of the LGPD are very similar to those of the GDPR. However, there are minor deviations and additions that are explained in this annex. Consequently, this annex serves as a supplement to the information in our Privacy Policy and applies where the LGPD is relevant.
G.3.1 Legal Bases
The LGPD recognizes the exercise of rights in judicial, administrative, or arbitration proceedings and the protection of credit as legitimate legal bases for data processing. Please note that we may also process your personal data in addition to the legal bases mentioned in the processing purpose and legal basis for data processing sections of the Privacy Policy, if necessary for the exercise of our rights in judicial, administrative, or arbitration proceedings involving you and us or for the protection of credit, as applicable.
G.3.2 Types Of Processing Activities We Conduct
For the purposes mentioned in the processing purpose and legal basis for data processing sections of the Privacy Policy, we perform all necessary processing activities. These include: collection, storage, sorting, querying, matching, displaying, extracting, and arranging. We may also access, view, and evaluate your personal data, for instance, to assess your success in a particular challenge, in connection with support services, or to ensure compliance with our terms of use. Furthermore, we may anonymize personal data and, upon your request, delete, block, or correct it.
G.3.3 Location Of Processing
Your personal data will be processed outside of Brazilian territory and therefore transmitted there. Since we do not have data centers or other data processing facilities in Brazil, this is necessary for all purposes described in the processing purpose and legal basis for data processing sections of the Privacy Policy.
G.3.4 Contact / Data Protection Officer
If you have any questions about data protection, the handling of your personal data, or your rights as a data subject, you can contact us at any time by sending an email to the address provided in the Privacy Policy or by writing to our mailing address. Our Data Protection Officer, Frank Schulze, and the team will attend to your inquiry.
G.3.5 Responsibility For Data Processing
BeFaster.fit is responsible for all processing activities conducted under our Privacy Policy. BeFaster.fit is also responsible when certain processing activities are carried out by contractors of BeFaster.fit on behalf of BeFaster.fit. These contractors are referred to as data processors and are contractually obligated to process your personal data strictly according to our instructions. They must ensure strict data security standards, may not share your data without our instruction, and are required to cease processing personal data immediately upon termination of the contract.
If you connect with the service of one of our partners and export personal data from our app to these services, the respective partner offering the service will be responsible for data processing from the point of export.
G.3.6 Your Rights
Regarding your data processed by BeFaster.fit under the LGPD, you have the following rights, which you can enforce as described in the Privacy Policy or as indicated below:
- Confirmation of the existence of processing – this partially corresponds to the right to information as described in the Privacy Policy and can be enforced accordingly;
- Access to personal data – this partially corresponds to the right to information as described in the Privacy Policy and can be enforced accordingly;
- Correction of incomplete, incorrect, or outdated personal data – this corresponds to the right to correction as described in the Privacy Policy and can be enforced accordingly;
- Anonymization, blocking, or deletion of unnecessary or excessive personal data or of personal data that has not been processed in accordance with the provisions of the LGPD;
- Portability of personal data to another service provider or product provider, upon express request, in accordance with the regulations of the national authority and maintaining business and operational secrets – this corresponds to the right to data portability as described in the Privacy Policy and can be enforced accordingly;
- Deletion of personal data that has been processed without any legal basis other than your consent;
- Information about public and private entities with which we have shared personal data;
- Information about the possibility of refusing consent to data processing and the consequences of such refusal;
- Withdrawal of consent for the processing of personal data.
Please note that the rights listed are not absolute rights. In individual cases, the exercise of these rights may conflict with the rights or obligations of BeFaster.fit or third parties.
G.4 Annex 4 – Information On The Processing Of Personal Data Under The Data Privacy Act Of The Republic Of The Philippines Of 2012
If you are a resident of the Republic of the Philippines, this section applies to you as a supplement to our Privacy Policy.
In addition to the rights described under Your Rights Regarding Personal Data, you are entitled to seek compensation for damages caused by the processing of inaccurate, incomplete, outdated, incorrect, unlawfully obtained data, or the unauthorized use of personal data by BeFaster.fit.
G.5 Annex 5 – Information On The Processing Of Personal Data Under The Peruvian Data Protection Law (“Pdpl”)
If you are a resident of Peru, please be aware that at the time of publishing this Privacy Policy, we do not have a valid registration with the Peruvian authority. Once we receive the registration code, we will publish it and announce this fact through our social media channels. Until this occurs, we kindly ask you as a Peruvian citizen to refrain from creating a BeFaster.fit account.