Privacy policy

As a user of Profession Fit, this Privacy Policy provides you with all the necessary information regarding how, to what extent, and for what purpose Profession Fit GmbH processes your personal data. In principle, we only process the personal data necessary for the use of the Profession Fit platform. The processing of personal data complies with the provisions of the EU General Data Protection Regulation (GDPR) and applicable national data protection laws.
To ensure the highest level of data security, we have implemented technical and organizational measures (TOMs), which are regularly reviewed and updated in accordance with the latest technological standards. 

Name and Contact Details of the Controller
The controller under the GDPR is:
Profession Fit GmbH
Heinrich-von-Brentano-Str. 12, 93077 Bad Abbach, Germany

Managing Director:
Jens Michael Otte
Commercial Register: Local Court of Landshut
Registration Number: HRB 10542  

External Data Protection Officer
Email: datenschutz@profession-fit.de
External Company: accuris AG – Consulting for Information Security & Data Protection
Georg-Muche-Str. 5, 80807 Munich, Germany
Website: https://www.accuris.de  

Purpose and Legal Basis for Data Processing 

We collect, store, and process personal data solely to provide the functionalities included in the Profession Fit platform in accordance with the GDPR. Processing is lawful when at least one of the following conditions applies: 

1. Consent (Art. 6(1)(a) GDPR):
   Processing is based on your informed consent, e.g., receiving newsletters or sharing data with third parties at your request. Consent can be withdrawn at any time with future effect.
2. Contractual Obligations (Art. 6(1)(b) GDPR):
   Data processing is required for pre-contractual steps or to fulfill obligations from an existing contract.
3. Legitimate Interests (Art. 6(1)(f) GDPR):
   Processing serves our legitimate interests, provided your rights and freedoms do not override these. Examples include legal claims, IT security, service improvement, and feature development.
4. Legal Requirements or Public Interest (Art. 6(1)(c) or (e) GDPR):
   Data processing is required by law or for tasks carried out in the public interest, such as compliance with retention obligations. 

Who Has Access to Your Personal Data?
We use data processors to support our services (e.g., data centers, IT partners), all of whom are contractually bound to GDPR compliance. If you are registered by your company administrator, your profile contains basic data (name, gender, employee ID), which is required for the platform to function. Users can edit personal data under “My Profile.” This data is encrypted and visible only to the user — not to administrators or third-party processors. 

Within Profession Fit GmbH, only authorized staff have access to your data. Public institutions will only receive data if legally required. 

Access Data (Server Log Files) 
Accessing our mobile app involves the automatic collection of certain technical data (server log files). These do not allow personal identification and include details such as the accessed file, time, browser version, OS, and IP address. This information helps us maintain and improve our services and may be reviewed in case of suspected misuse. 

Third-Party Content and Services
Our mobile app may include third-party content (e.g., Google Maps, podcasts, videos). These providers require your IP address to deliver their services and may store it for statistical purposes. We strive to use providers who limit data use to content delivery. Specific details are included in the third-party privacy statements. 

Optional Services and Data Access 
Web: 

• Moving App (cookies, optional)
• edudip video conferencing (optional)
• Spotify podcasts (optional)

Mobile App: 

• Google Firebase (push notifications, can be disabled)
• Moving App (cookies, optional)
• edudip video conferencing (optional)
• Spotify podcasts (optional)

Additional services provided by your employer will include their own data information. Please consult your company’s responsible contact. 

App Permissions (Android and iOS) 
To use the app’s full features, the following permissions are required: 

• Internet access: Communication with the Profession Fit server
• Prevent standby: To avoid screen shutdown during video playback
• Vibration: Haptic feedback for voice messages
• Camera & Microphone: Optional use for messenger, telemedicine, or profile photos
• Media storage access: Upload photos for messages or profile
• Fitness data access: To participate in Challenges (steps, distance)

Background features: 

• Push notifications
• Data updates (e.g., live Challenge standings)

Fitness Data in Challenges 
To participate in Profession Fit Challenges, the app accesses fitness data via Google Fit (Android) or Apple Health (iOS), such as steps or distance. Participation requires your explicit consent. Alternatively, manual data entry may be allowed. Data is encrypted, pseudonymized (via system-generated user ID), and used only during the Challenge. You may use a pseudonym if allowed by the Challenge setup. Data is deleted upon leaving a Challenge. 

Personalised content through artificial intelligence (AI)

We use an AI-based recommendation system on our platform so that we can provide you with the best possible individual support. This AI was developed by us and helps us to better customise content to your personal interests and goals.

Your decision counts

Use of the AI function is voluntary. You decide for yourself whether you want to activate it. If you agree, you can deactivate the function at any time. This is very easy to do in your profile settings. You will not suffer any disadvantages as a result.

What data is used?

Our AI only uses information that you provide to us voluntarily - for example from the onboarding questionnaire or from your usage behaviour (e.g. search queries or content clicked on). This data is used to show you suitable content and recommendations. In addition, our smart search function offers you AI-based content from the platform and matches your search input.

Your benefits

By using our AI, you receive suggestions that match your current life or health situation. This means you receive content that is really relevant to you more quickly.

Transparent and comprehensible

Whenever you interact with functions or content created with the help of our AI, we inform you directly in the context of use - for example with a note such as ‘AI-generated recommendation’. This means you always know when AI is being used.

Protection of your privacy

The data processed by our AI is treated confidentially and is not used to draw conclusions about you personally. Your data is only used in the AI analysis - no automated decision with legal consequences is made.

Your employer only receives anonymous evaluations

We create summarised, anonymous evaluations from the usage behaviour of all employees. These help your employer to develop suitable measures to promote health in the company. At no time is it possible to draw conclusions about you as an individual. It is only important to point out trends to your employer so that they can introduce targeted measures and have the opportunity to react to these trends.

Special Categories of Data: Video Consultations via edudip
For video appointments assigned by a therapist or doctor, personal and health-related data are processed lawfully (Art. 6(1)(b) or Art. 9(2)(a) GDPR). Sessions may be part of a therapy plan. Technically necessary cookies are used based on legitimate interest (Art. 6(1)(f) GDPR).
Further data (e.g., user ID, patient ID, therapy codes) may be processed for billing purposes. Data is stored according to legal retention requirements under the responsibility of the healthcare provider or employer. 

Technical Data Protection 
Your data is stored on secure servers in accordance with legal retention periods. Only authorized personnel have access. All employees are bound to confidentiality. Data is encrypted during transmission (e.g., TLS/SSL over HTTPS), and servers are protected by firewalls and antivirus systems. 

Error Monitoring (Sentry) 
We use Sentry for quality and stability monitoring. It collects technical data such as user ID, device ID, OS, app version, and server requests. All data is stored on servers located in Germany (Hetzner Online GmbH) and never transferred to third countries. 

Updates to the Privacy Policy 
We continuously improve Profession Fit. Please review this page regularly. If changes affect how your data is processed, we will inform you in this policy. If you disagree with changes, you may no longer be able to use certain services. 

Your Data Protection Rights 
You have the right to: 

• Access your data (Art. 15 GDPR)
• Rectify inaccurate data (Art. 16 GDPR)
• Erase your data (Art. 17 GDPR)
• Restrict processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Withdraw consent (Art. 7(3) GDPR)

To exercise these rights, contact: datenschutz@profession-fit.de 

You also have the right to lodge a complaint with the supervisory authority: Bavarian State Office for Data Protection Supervision Promenade 18, 91522 Ansbach, Germany Website: http://www.lda.bayern.de 

Last updated: July 2025