Privacy and data protection terms

Effective date: January 25, 2024

The privacy and data protection terms were originally composed in German language. This is the English translation. In case of a mistakenly difference by translation the German Datenschutzerklärung is the prioritized document.

Our principles

Tredict sees the protection of your data as one of the main features of our application and service. We explicitly have:

No tracking scripts and no tracking cookies
No scripts that analyze your user behavior
No advertising
No sale of your data
No marketing bombardment

We attach particular importance to data security and data protection.

Your data belongs to you and is only used by Tredict to provide the application functionality.

You have full control at all times and full access to all of your data that is stored with us. Your account can be canceled at any time and deleted without a trace.

Our business model your payment for a full access fee.

Specific data can only be made available to third parties if:

You make a payment to us
You connect Tredict to a push service of your activity sensor and devices
You have activated the map service
You have activated the weather service

You can find more about this in this data protection declaration.

If you have any questions about data protection, do not hesitate to contact us after reading the data protection declaration.

The legal basis for data protection can be found in the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and the EU General Data Protection Regulation (GDPR), which Tredict expressly follows.

Responsible person

Felix Gertz
Tredict
Fibigerstrasse 392
22419 Hamburg
Germany
Telefon: +49 40 28578495
Email: info@tredict.com

Data collection and storage of personal data

Account registration

When you register your Tredict account, the following data is recorded and saved:
Name, email address, password (encrypted), gender and year of birth

Body-related data, health data and equipment

Tredict offers you the possibility to create body-related data, such as weight, height, maximum heart rate and health data, like sleep and heart rate variability as well as disease progress. You can also create equipment and assign it to these activities. This data is only used to display and optimize your training planning.

Some health data such as weight, sleep or heart rate variability can be automatically transferred from your fitness tracker or watch manufacturer to Tredict if you have connected Tredict to the manufacturer's interface. The automatic transmission of these metrics can be specifically activated or deactivated in the service settings of Tredict.

Activity data

Tredict saves the data of your uploaded and created activities in order to generate training courses, fitness metrics and statistical evaluations for you.

The scope of this data depends on the configuration and the possibilities of your activity sensor and generally, but not necessarily, has the following data fields: Duration, distance, speed, altitude, heart rate, wattage, geo-coordinates, cadence, ground contact time, temperature and other fields. Please also inform yourself at the manufacturer of your activity sensor, which data is transmitted.

Sale of training plans

The following only applies to the purchase of a training plan if it is purchased from a training plan seller via PayPal using Tredict.

When purchasing a training plan via PayPal, the following data is stored for a reliable sales process: PayPal account number, PayPal email address, name on file with PayPal, country code provided to PayPal, invoice and invoice number of the training plan sold.

Training plan sellers must also enter all necessary business data. The scope of this data is shown in the input form.

Data aggregation

Tredict aggregates your provided data from activities and body data in order to create further values, such as efficiency values and fitness values. The goal is to improve your training planning and to be able to provide statistics and trend information.

General use

Tredict only uses your provided data to ensure the functionality of the application. Your data will not be passed on to third parties or withdrawn from the application context.

Cookies

Tredict saves a so-called session cookie when you register or log in to Tredict. This cookie is necessary to determine your login status and to know whether you are authorized to access the protected area of the Tredict application.

This cookie is a host-only cookie and can only be read by and through the Tredict website and therefore not used for tracking.

Tredict does not save any other cookies, not even from third parties. In particular, no tracking or analysis cookies are saved.

Deletion

Your account can be canceled at any time and deleted without a trace. To do this, go to the account settings. Your data stored at Tredict will be deleted immediately from the databases. It can take up to a month for the process to remove the data from all backups. As a rule, however, it takes 2 weeks.

Contact

When you contact Tredict, for example by email, your details will be saved for the purpose of processing the request and in the event that follow-up questions arise.

Integration of third-party services and content

OpenStreetMap

Tredict uses the map services from OpenStreetMap (OSM) and its derivatives. The provider is the Open Street Map Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom. When a request is made to OpenStreetMap, the coordinates of the requesting activity for which the map material is intended are transmitted indirectly. However, Openstreetmap generally does not save any user data. More information can be found at: https://openstreetmap.org/

You can deactivate the map service in the settings.

Visual Crossing

Tredict uses the Visual Crossing weather API for its weather data. The provider is Visual Crossing, 11654 Plaza America Drive, Suite 285, Reston, VA 20190, USA. When requesting Visual Crossing, the median coordinates and the time of the requesting activity are transmitted. Further information can be found in the data protection regulations: https://www.visualcrossing.com/privacy/

You can deactivate the weather service in the settings.

OpenWeather

Tredict uses the OpenWeatherMap weather API for its weather data. The provider is Openweather Ltd, 30 St Mary’s Axe, The City Of London, London, Greater London, EC3A 8BF, United Kingdom. When requesting OpenWeatherMap, the median coordinates and the time of the requesting activity are transmitted. Further information can be found in the data protection regulations: https://openweather.co.uk/privacy-policy

You can deactivate the weather service in the settings.

Paddle

The Paddle.com iFrame will only loads when you initiate a purchase in the account settings.

Payment transactions, e.g. a purchase of 12 months full access, are handled by the payment service provider Paddle.com: Paddle, 70 Wilson St, Finsbury, London EC2A 2DB, United Kingdom. The same acts as the seller's agent for Tredict. Paddle is the Merchant of Record. After a successful payment, Tredict stores only rudimentary data, namely payment date, amount and userid. Further payment information, such as an email address for order confirmation and a postal code for fraud prevention, are stored at the service provider Paddle.com in order to ensure correct payment processing. The Paddle privacy policy can be found here: https://paddle.com/privacy/

PayPal

PayPal is only loaded when you initiate the purchase of a training plan.

Payments for training plans are processed via the payment service provider PayPal.com: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg After a successful payment, Tredict stores only rudimentary data, namely the payment date, amount and user ID. Further payment information, such as an email address for order confirmation and a postcode to prevent fraud, is stored by the service provider Paypal.com in order to ensure correct payment processing. The Paypal privacy policy can be found here: https://www.paypal.com/us/legalhub/privacy-full

Postmark

Transactional email messages are sent via the email service provider Postmark. AC PM LLC, 1 N Dearborn Street, Suite 500, Chicago, IL 60602 Since normal email messages are per se unencrypted, Postmark also has access to the content of the message. The transmission of an email to Postmark is TLS encrypted. A Data Processing Addendum (DPA) in the sense of the GDPR is available to Tredict and Postmark. Postmark has a GDPR-compliant set of rules: https://postmarkapp.com/eu-privacy

Data center

Hetzner Online

Tredict's dedicated servers are leased from the data center service provider Hetzner Online GmbH, Gunzenhausen, Germany. Tredict uses the network- and hardware-related services of the service provider. The server locations are in Germany. The security of the data center is checked at regular intervals by TÜV Rheinland. A contract for order processing within the meaning of the GDPR is available to Tredict and Hetzner Online.

Netcup GmbH

Additional servers for better redundancy are rented from netcup GmbH, Karlsruhe, Germany. Tredict uses the network and hardware-related services of the service provider. The server location is in Austria. Tredict and Netcup have an order processing contract within the meaning of the GDPR.

Further information on data protection

Server log files

Tredict does not save server log files that contain user related data. Furthermore, no user related data is stored in error log files.

TLS encryption

For security reasons and to protect the transmission of confidential content, this website uses an encrypted TLS connection only.

AES encryption

All data processed by and through Tredict's systems is stored at file system level with AES256 encryption.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke your consent at any time by deleting your account. Furthermore, you can have your data corrected or changed at any time.

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, those affected have the right to lodge a complaint with Supervisory authority, in particular in the member state of their habitual residence, their place of work or the location of the alleged violation. The right to lodge a complaint exists without prejudice to anything else administrative or judicial remedies.

Right to data portability

You have the right to receive data that we have based on your consent or in the performance of a contract automated processing, to be able to download from the Tredict website at any time or to be sent by us in another technically feasible way.

Coaching agreement

Note: The following passages only belongs to you, if you would like to coach athletes over the Tredict platform. Otherwise they are ignorable.

Tredict provides the ability for a coach to manage their athlete’s training profile. This includes the ability to access the athlete's training profile and data and communicate with the athlete. Once an athlete account is associated with a coach, the coach can access personal and sensitive information about an athlete. Noting that an association requires acceptance by both the coach and athlete. It is important that you are aware of your privacy and security obligations to the athletes data. If you are accessing data related to a user who resides in the European Union, you may also be subject to the General Data Protection Regulation (GDPR).

As such, before you connect to an athlete's account, you agree to maintain and undertake certain privacy obligations and data usage restrictions.

By accessing athlete's data and using the Tredict coach access, you acknowledge that you have read, and agree to abide by this agreement.

You will have access to personal and sensitive user data. You have obligations regarding privacy and security of this data.
You will not share any user data without their express consent.
You will not transfer data into any another system, platform, application, or third party without the athlete's express consent.
You will not transfer any European Union athlete's data outside the European Union unless in compliance with the GDPR.
You are solely responsible for maintaining any relevant privacy of user data. Should an athlete allow you to transfer, copy or download any of their data you accept sole responsibility for maintaining the relevant privacy requirements so the the athlete can access, rectify and delete data held or controlled by you.
You will clearly inform users you have access to of your privacy policy.
You will honour any athlete's request to access, rectify or delete their personal data you may hold or control. This may include, but is not limited to, data you have downloaded or exported, screenshots, and emails.
You agree to ensuring that any data is encrypted and transmitted over a secure, encrypted channel (e.g., HTTPS). Where technically feasible, any Tredict athlete's data you hold at rest should also be encrypted.
You must notify Tredict of any security breach, involving athlete's data obtained via Tredict, within the meaning of the GDPR, within 24 hours any such security incident.
You agree to respect athlete's privacy. You may use and retain data only so long as necessary for the purpose you originally obtained it. It is essential that you do not disclose data or use it for, another user or any other third party without a lawful basis.

Now have fun doing sports! Do not hesitate to contact us if you have any questions, including the cooking of Spaghetti Bolognese.