privacy policy

Thank you for your interest in our running app L2Y that is available for both Android and iOS. L2Y helps users build the habit of running by providing step by step instructions and training plans, personalized feedback, insights and giving recommendations how to make running fun, improving fitness and contributing to positive overall well being. Along the way, L2Y educates users about the underlying principles of running and the behaviour of the human body in order to understand the proposed training plans and do effective workouts.


This privacy policy informs you about the collection and processing of personal data required to provide the app functionality as outlined in the Terms of Service. Personal data includes e.g. email address, age, location or heart rate data. 


1. Responsible party
Rubio & Ettrich Consulting GmbH, as data controller, is responsible for the processing of your personal data utilized by the L2Y app. In this privacy policy, “we”, “our” or “us” refer to:


Rubio & Ettrich Consulting GmbH
Brahmsstrasse 38
12203 Berlin
Germany


Telephone: +49 30 33 91 56 71
Email: info (at) dalarub.com


The controller's data protection officer is: Matthias Ettrich


2. Collection and processing of personal data
2.1. Registration
In order to use the L2Y app, you need to download the app from Google’s PlayStore or Apple’s App store. After successful installation, you must complete the registration process within the app by providing a valid email address and a secure password as well as agreeing to our Terms of Service.


The actual registration process, meaning the creation of an identity, is provided by Google Firebase Authentication. While we actively only pass on email address and password, Google might collect additional information like your IP address. For more details, please have a look at Google’s privacy policy available at https://policies.google.com/privacy.


By completing the registration process, you enter into a contractual relationship with us. We process your personal data to provide you the L2Y app as specified in our Terms of Service. Thus, we process your personal data based on your contractual relationship with us ("contractual necessity", Art 6 (1) (b) GDPR).


2.2. Using the App
By using the app based on the contractual relationship (Art 6 (1) (b) GDPR), the following data might be collected and processed:

  • User name: the user name is used for the conversations with the artificial coach. The name can be freely chosen, there is no need to use the real name.

  • Conversations with the artificial coach might contain information about workouts or reflect the current fitness/health level in order to give meaningful feedback and recommendations on the training plan. You might also disclose personal information to the coach like your current well being.

  • Sex, year of birth, height, weight and resting heart rate are used as input parameters for different calculations to determine e.g. your personal training effort, fatigue or form.

  • Workout/activity data that is received from external sources such as Garmin or Strava after you have given explicit consent to import the data. To see which data exactly is exported from Garmin/Strava, please have a look at their respective data privacy policies (https://www.garmin.com/privacy/, https://www.strava.com/legal/privacy) and carefully read the consent page before acceptance.

    The L2Y app itself is not actively recording any data from or with the help of your device, e.g. location data.

    For the purpose of analysing an activity and subsequently creating a fitness profile for personalised coaching, we use the following data if available:

    • Distance

    • Heart rate

    • GPS location data including altitude

    • Time, speed and pace

    • Cadence

       

In order to provide you a good summary of the workout, we also visualize your running route on a map by utilising Google’s map service. However, only GPS data is transferred to Google from our backend servers, no personal data of yours or a link to you or your identity is transferred.

For further reference in this document we call the data listed in this section “coaching data”.

 

  • App usage data: in order to understand how our users interact with L2Y we collect app usage data including date and time when the app accesses our servers, the app version, operating system information and information relating to how the app functions (logging data). With this information we can further improve the quality of L2Y as well as further enhancing user experience and general functionality.


3. Data Retention
General personal data like year of birth, sex or height is retained until the termination of the contractual relationship. Coaching data is automatically deleted after 60 days or when the contract is terminated, whatever comes first.


Logging data is always being deleted after 60 days independent of the contractual state. 


Some of your data we might  retain for the establishment, exercise or defence of legal claims for 3 years after the termination of your contract with us (Art 6 (1) (f), GDPR).

 


4. Data Security
We implement appropriate technical and organisational measures to protect the confidentiality and integrity of your personal data, meaning protecting your personal data against unauthorised, unlawful or accidental access, processing, loss, use and tampering. Those measures are subject to constant evaluation and enhancements.

 

5. Transfer of personal data outside EU/EEA
No coaching data is actively transferred to 3rd parties outside EU/EEA.

 

6. Transfer of personal data to supervisory authorities or courts
We may disclose personal data about you to others to comply with a valid legal order, court order, legal process or other legal obligation.

 

7. Children
We request children under the age of 16 to not provide any personal data to us. We’ll delete the data as soon as possible after we figure out its existence.

 

8. Your rights
You have the right, subject to the conditions set out in the General Data Protection Regulation (GDPR) to request from us access to and rectification or erasure of your personal data, data portability, restriction of processing of your personal data, the right to object to processing of your personal data, and the right to lodge a complaint with a supervisory authority.


We kindly ask you to address all inquiries regarding the processing of your personal data to our data protection officer along with a copy of an identity document to verify your identity.