Artikel wurde hinzugefügt

Profitieren Sie von 20 % Rabatt!arrow_drop_up

Datenschutzrichtlinie

Pumpshot Privacy Policy

PUMPSHOT

Privacy Policy

Last updated: July 16, 2026

PLEASE READ THE PRIVACY POLICY CAREFULLY BEFORE USING PUMPSHOT

This Privacy Policy explains how Pumpshot GmbH ("we," "us," "our") collects, uses, stores, and protects personal data when you use the PUMPSHOT mobile application (the "App"), available on iOS. This Policy is written to comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the Austrian Data Protection Act (Datenschutzgesetz, "DSG"). By using the App, you acknowledge that you have read and understood this Privacy Policy.

Data Controller

The data controller responsible for the processing of your personal data described in this Privacy Policy is:
Pumpshot GmbH
Represented by: Fabian Flotzinger (Managing Director / Geschäftsführer)
Address: Sallet 6, 4762 Sankt Willibald,
Email: office@pumpshot.at
Phone: +43 650 3903663
Website: https://pumpshotenergy.com/
For any questions regarding this Privacy Policy or your personal data, please contact us at the email address above.

Scope and Availability

The App is currently available exclusively within the European Union (EU). It is offered on the iOS platform only. You must be at least 13 years old to create an account and use the App. The App is not directed at children, and we do not knowingly collect personal data from anyone under 13. If we become aware that a user under 13 has provided us with personal data, we will take steps to delete such information and terminate the associated account.

What Personal Data we collect

Account and Profile Data

When you register and use the App, we collect:
- Name
- Username
- Email
- Passwort
- Profile picture
- Date of birth
- Gender
- Weight
- Height
- Preferred language
- Profile bio/description
- Favorite exercises

Health and Fitness Data

As a fitness tracking application, we process data that may qualify as health data within the meaning of Art. 9 GDPR, including:
- Weight and height
- Training/workout plans
- Workouts and completed exercises
- Repetitions and sets
- Training history

Because this constitutes special category personal data, we only process it on the basis of your explicit consent (Art. 9(2)(a) GDPR), which you provide when creating your account and entering this data. You may withdraw this consent at any time by deleting your account, which will result in permanent deletion of this data.

Device Permissions

The App requests the following device permissions:
- Camera - to allow you to take a photo for your profile picture.
- Photo Library - to allow you to select an existing photo for your profile picture.

These permissions are only used for the stated purpose and only when you actively choose to update your profile picture.

Password Handling

Your password is not stored in readable or reversible form in our database (Firebase Firestore). Authentication and password storage are handled directly by Firebase Authentication, which stores passwords using industry-standard hashing methods. Passwords cannot be retrieved or viewed by us; you may reset your password via the standard password-reset flow if forgotten.

Social Features

The App allows you to:
- Add other users as friends
- View other users' public profiles
- Upload a profile picture
- Set a username and a biography

Information you choose to make visible on your profile (username, profile picture, bio) may be seen by other users of the App.

Automatically Collected / Analytics Data

We use Google Analytics, that may collect device identifiers, usage pattern, app interactions and diagnostic data.
We do not use cookies, as the App is a native mobile application and does not use browser-based tracking technologies.
We do not send push notifications and do not collect any data for that purpose.

Data we do not collect

We do not use any advertising services, do not display advertising, do not offer in-app purchases or subscriptions (the App is free of charge), and do not use any artificial intelligence or automated decision-making systems that produce legal or similarly significant effects on you.

Purposes of Processing and Legal Basis

Account creation and authentication

Data Involved: Name, username, email, password, login provider data
Legal Basis (GDPR): Art. 6(1)(b) — performance of a contract

Providing core fitness-tracking functionality

Data Involved: Weight, height, workouts, training history, reps, sets
Legal Basis (GDPR): Art. 9(2)(a) — explicit consent (special category data)

Social features (friends, public profile)

Data Involved: Username, profile picture, bio
Legal Basis (GDPR): Art. 6(1)(a) — consent (via your active choice to use these features)

App analytics and improvement

Data Involved: Usage data, device data, diagnostics
Legal Basis (GDPR): Art. 6(1)(f) — legitimate interest in understanding and improving the App

Responding to your enquiries

Data Involved: Email, message content
Legal Basis (GDPR): Art. 6(1)(b)/(f)

Complying with legal obligations

Data Involved: Account and transaction records as required by law
Legal Basis (GDPR): Art. 6(1)(c)

Providing account and profile data is necessary to create an account and use the App; without it, we cannot provide the service. Providing health/fitness data is optional in the sense that it is tied to your consent, but is necessary for the App's core functionality (workout tracking) to work as intended.

Third-Party Services and Recipients of Data

We share personal data only with the following categories of recipients, each acting as our data processor or as an independent controller for their own login services:

Google (Firebase, Sign-in with Google, Google Analytics)

- Firebase Authentication — manages account credentials and login.
- Firebase Firestore — our primary database for app data.
- Firebase Storage — stores uploaded files such as profile pictures.
- Google Sign-In — optional login method, governed additionally by Google's own privacy policy when used.

Google Ireland Limited acts as our data processor for Firebase services under a Data Processing Agreement incorporating the EU Standard Contractual Clauses.

Apple (Sign-in with Appe)

If you choose to log in using "Sign in with Apple," Apple Inc. processes the relevant authentication data as an independent controller, governed by Apple's own privacy policy.

No other Third Parties

We do not sell personal data. We do not share personal data with advertisers, data brokers, or any party other than those listed above, except where required by law (e.g., in response to a lawful request from a public authority).

Where you Data is stored

Your data is stored using Firebase Firestore and Firebase Storage, both configured in the eur3 (Europe, multi-region) data location, meaning data at rest is stored within the European Union/European Economic Area.

International Data Transfers

Although data at rest is stored in the EU, our service providers (Google, Apple) are headquartered in the United States, and limited processing (e.g., for customer support, service operation, or troubleshooting) may involve access from outside the EEA. Where this occurs, we rely on the EU Standard Contractual Clauses (SCCs) and other safeguards recognized under Art. 46 GDPR to ensure your data receives an adequate level of protection equivalent to that guaranteed within the EU.

Data Retention

We retain personal data for as long as your account remains active, in line with Firebase's standard data retention configuration for our project. We do not currently apply a separate fixed retention period beyond this.
Upon account deletion: When you delete your account, all associated personal data is permanently deleted from our Firebase database and storage. This action is irreversible.

Your Rights under GDPR

As a data subject, you have the following rights regarding your personal data:
- Right of access (Art. 15) — to obtain confirmation of and access to your personal data.
- Right to rectification (Art. 16) — to have inaccurate data corrected.
- Right to erasure (Art. 17) — to request deletion of your data (see Section 9).
- Right to restriction of processing (Art. 18).
- Right to data portability (Art. 20) — to receive your data in a structured, machine-readable format.
- Right to object (Art. 21) — to object to processing based on legitimate interest.
- Right to withdraw consent (Art. 7(3)) — at any time, without affecting the lawfulness of processing before withdrawal.
- Right to lodge a complaint with a supervisory authority (Art. 77).

To exercise any of these rights, contact us at office@pumpshot.at.
Supervisory Authority: If you believe our processing of your data infringes the GDPR, you have the right to lodge a complaint with:
Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40-42,
1030 Vienna,
Austria Website: https://www.dsb.gv.at

(Note: this is the correct authority for data protection complaints. The Bezirkshauptmannschaft Schärding is your local trade/business licensing authority (Gewerbebehörde) and is not the competent body for GDPR complaints — it should instead be referenced in your Impressum for trade-law purposes.)

Account Deletion

You may delete your account at any time from within the App. Upon deletion:
- All personal data associated with your account is permanently removed from our Firebase database and storage.
- This includes profile data, health/fitness data, and social connections.
- This action CAN NOT be undone.

Data Security

We implement appropriate technical and organizational measures to protect your personal data, relying on Firebase's built-in security infrastructure, including encryption in transit and at rest, access controls, and secure authentication handling. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

Children's Privacy

The App requires users to be at least 13 years old. We do not knowingly collect data from children under this age. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at office@pumpshot.at so we can take appropriate action.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will indicate the date of the latest revision at the top of this document. We encourage you to review this Policy periodically.

Contact

If you have questions about this Privacy Policy or how your data is processed, please contact:
Pumpshot GmbH
Sallet 6,
4762 Sankt Willibald,
Email: office@pumpshot.at
Phone: +43 650 3903663

Widerrufsantrag einreichen

Füllen Sie das folgende Formular aus, um Ihren Widerrufsantrag einzureichen.