Privacy Policy
Effective Date: 01.03.2025
Last Updated: 25.03.2025
Holi Collective GmbH ("we", "us", "our") is committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, and protect your personal data.
1. Who We Are
2. What Personal Data We Collect
- Identity Data: Name, email, date of birth, gender (if provided)
- Health & Performance Data: Metrics like VO₂ max, heart rate, activity logs
- Device & Usage Data: App activity, browser type, IP address
- Communication Data: Messages and support inquiries
Please note: Health & Performance Data is classified as special category data under Art. 9 GDPR and is only processed based on your explicit consent.
3. Why We Collect Your Data (Legal Basis)
| Purpose | Legal Basis |
|---|---|
| Personalized insights, training programs | Performance of a contract |
| Improve services and experience | Legitimate interests |
| Communicate with users | Consent or legitimate interests |
| Anonymized data for swarm intelligence | Legitimate interests (with safeguards) |
| Legal compliance | Legal obligation |
Where legitimate interests are used, we carefully assess and balance your fundamental rights and freedoms. For more details, you may request our Legitimate Interests Assessment (LIA).
4. Data Ownership and Usage
You retain full ownership of your personal data. We never sell your data, and we use it solely to improve your experience and outcomes via Holi Collective GmbH services.
5. Aggregated and Anonymized Data
We may use anonymized and aggregated data to generate health trends and improve Holi Collective GmbH's programs. This data cannot identify you.
6. Your GDPR Rights
- Access your data
- Rectify inaccurate or incomplete data
- Request deletion ("right to be forgotten")
- Restrict processing
- Data portability
- Object to certain processing
- Withdraw consent at any time
To exercise your rights, contact us at: privacy@goholi.de
7. Data Security
We use encrypted and secure systems to store and process your data. Access is limited to authorized personnel only.
8. Data Transfers
If we transfer your data outside the EU, appropriate safeguards will be used, such as standard contractual clauses or adequacy decisions.
In particular, we may use services based in the United States. In these cases, we implement EU Standard Contractual Clauses and additional technical and organizational measures to protect your data.
9. Data Retention
We retain your data as long as your account is active or as required by law. You can request data deletion at any time.
Inactive account data will be deleted after 24 months, unless legal obligations require longer retention.
10. Cookies and Tracking
We use cookies to enhance your experience. You can manage cookie preferences through our banner or your browser settings.
11. Contact
If you have questions or concerns, contact:
You can also contact your local Data Protection Authority to file a complaint.
Our services are not intended for individuals under the age of 16 without parental or guardian consent.
12. Third-Party Processors
We may use trusted third-party service providers to process your data (e.g., hosting, analytics, customer support). All processors are bound by data processing agreements and are only allowed to use your data according to our instructions and in compliance with the GDPR.