The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the "Information on the Controller" section of this privacy policy.
How do we collect your data?
On the one hand, your data is collected when you provide it to us. This can be, for example, data that you enter into a registration form, as well as images and body measurements that you upload to use the "Virtual Try-On" feature.
Other data is collected automatically by our IT systems or after you have given your consent when you visit the website. This is primarily technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Part of the data is collected to ensure the error-free provision of the website. Other data (especially images and measurements) is used to provide the contractually agreed services (generation of images using AI). In addition, data may be used to analyze your user behavior, provided you have consented to this.
What rights do you have regarding your data?
You have the right to receive information free of charge at any time about the origin, recipients, and purpose of your stored personal data. You also have the right to request the rectification or erasure of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. Furthermore, under certain circumstances, you have the right to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.
This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host's servers. This may include, but is not limited to, IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website access, and other data generated via a website. In particular, the image files you upload ("avatars" and "outfits"), as well as the generated results, are stored on cloud storage services.
The host is used for the purpose of fulfilling our contract with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of a secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR).
Our host will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.
We use the following host:
Google Cloud Platform
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Data transfer to the USA:
We would like to point out that Google operates servers in the USA. The data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission and the "Data Privacy Framework" (DPF), provided the company is certified.
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
The controller responsible for data processing on this website is:
Jannik NetthöfelEmail: service@fit-check.me
Legal Notice (Impressum): Imprint
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses, or similar).
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing ceases to apply. If you assert a legitimate request for erasure or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons cease to apply.
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The lawfulness of the data processing carried out before the revocation remains unaffected by the revocation.
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedies.
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a standard, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Our internet pages use so-called "cookies" and local storage technologies (Local Storage). Cookies are small text files and do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device.
Use of JWT (JSON Web Token):
For authentication and to maintain your login status, we use cookies that contain an encrypted token (JWT). This is technically necessary to enable your access to protected areas (e.g., "Wardrobe," "Profile").
Local Storage:
We use your browser's local storage to save user settings such as the selected color scheme ("Theme") or accent colors.
The storage of this data is based on Art. 6(1)(f) GDPR (legitimate interest in the error-free and optimized provision of services) and Sec. 25(2) TTDSG (technically necessary storage).
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
This data is not merged with other data sources. The collection of this data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be collected.
You can register on this website to use additional functions (e.g., saving "avatars," creating a "wardrobe," using the "Magic Mirror"). We use the data entered for this purpose (in particular your email address and an encrypted password) only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.
For important changes, for example in the scope of the offer or in the case of technically necessary changes, we will use the email address provided during registration to inform you in this way.
The processing of the data entered during registration is carried out for the purpose of implementing the user relationship established by the registration and, if applicable, for the initiation of further contracts (Art. 6(1)(b) GDPR).
The collected data will be stored as long as you are registered on this website and will subsequently be deleted. Statutory retention periods remain unaffected.
A key component of our service is the "Virtual Try-On" feature, which is enabled by artificial intelligence (AI). For this, we process special categories of data.
To use the service, you upload images of people ("avatars") and items of clothing. These images are stored on the servers of our cloud provider (Google Cloud Platform).
Type of data:
Legal basis:
The processing is based on Art. 6(1)(b) GDPR (performance of a contract), as the service cannot be provided without this data. Insofar as biometric characteristics that allow the unique identification of a natural person could be recognized in the images, the processing is based on your explicit consent pursuant to Art. 9(2)(a) GDPR, which you grant through active use and upload.
You have the option to provide specific body measurements (e.g., height, chest, waist, hips, etc.) in your profile or when creating an avatar. This data serves to improve the accuracy of the fit of the AI generation. Providing this data is voluntary.
The images and clothing you upload are transmitted to an AI service to generate the resulting image (the person wearing the clothing item). For this, we use services from Google (Google Gemini / Vertex AI).
The following steps are performed:
The generated images ("Creations") are stored in your user account ("Lookbook").
By default, your uploaded avatars and generated results are "private" and only visible to you. However, you have the option to set results or clothing items to "public."
Note: If you set content to "public," it can be seen by other users of the platform in the "Explore" section. You can revoke this setting at any time.
Some functions of our website are subject to a fee and require the use of "Tokens" (virtual currency units within the app). For the processing of payments (purchase of tokens or conclusion of subscriptions), we use external payment service providers.
We use the payment service provider Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, Netherlands (hereinafter "Mollie").
When you make a payment, your payment data (e.g., name, payment amount, bank account details, credit card number) is transmitted to Mollie.
Legal basis:
The transmission of your data to Mollie is based on Art. 6(1)(b) GDPR (contract processing) and on our legitimate interest in secure and efficient payment processing (Art. 6(1)(f) GDPR).
Mollie's privacy policy can be found here: https://www.mollie.com/privacy
This site uses services like Google Fonts and Bootstrap, which are delivered via a Content Delivery Network (CDN) for fast and uniform presentation. When you access a page, your browser connects to the CDN provider's servers, which involves transmitting your IP address. This is based on our legitimate interest (Art. 6(1)(f) GDPR) in an appealing and efficient presentation of our services.
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of the data processing, and, if applicable, a right to rectification or erasure of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.
In your user profile, you also have the option to delete your account yourself. In this process, your personal data (email, password, tokens) will be deleted or anonymized so that it can no longer be linked to a person.
You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases:
If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
IF THE DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21(2) GDPR).
We use technical and organizational security measures to protect your data managed by us against manipulation, loss, destruction, and against access by unauthorized persons. Our security measures are continuously improved in line with technological developments.
Your password is not stored in plain text in our database, but exclusively as a cryptographic hash value (using "bcrypt"). This makes it practically impossible for attackers to recover your original password, even in the event of a database breach.
Access to your user account as well as to sensitive areas such as the "Wardrobe" and "Profile" is protected by authentication tokens (JWT), which automatically expire after a certain period of time.
To protect your data and our servers from attacks (such as brute-force attacks on the login), we use technical limitations ("rate limiting") that limit the number of requests from an IP address within a certain period of time.
We use your email address to send you technically necessary messages that are required for the use of your account. These include:
Legal basis:
These emails are sent to fulfill the user agreement (Art. 6(1)(b) GDPR) and to ensure the security of your account (Art. 6(1)(f) GDPR).
Due to the further development of our website and offers on it, or due to changed legal or official requirements, it may become necessary to change this privacy policy. The current privacy policy can be accessed and printed by you at any time on the website under "Privacy Policy".