Why a privacy policy?

Dear User!

The security of your personal data is important to us! For this reason, we continuously improve the level of protection and ensure that our conduct complies with GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC).

From this document you will find out what your personal data is and what we do with it. Some of the information contained herein is a clarification of the Terms and Conditions so the documents should be considered together, but if you still have doubts or additional questions, you can always contact us!

Who is the Data Controller of the personal data?

The administrator of your personal data is us, i.e. the eFitness Spółka Akcyjna with its registered office in Poznań, address ul. Grunwaldzka 186, 60-166 Poznań, whose records are kept by the District Court Poznań - Nowe Miasto and Wilda in Poznań, 8th Economic Division of the National Court Register, entered in the Register of Entrepreneurs, KRS 0000908260, NIP 7822482230, REGON 301209678 (hereinafter: Administrator or We).

How do I contact the Administrator?

You can contact us:

by post - to our registered office address: ul. Grunwaldzka 186, 60-166 Poznań;
by e-mail: to the e-mail address of our Data Protection Officer Filip Jeske: [email protected].

What data do we have and where did it come from?

We obtain your personal data in most cases directly from you when you register for an account or at a later stage - when you enter it in the relevant fields in the application. Sometimes we obtain your data from the cooperating club you attend, and if you use authentication provided by a third-party provider (e.g. an iCloud account or Google account) when registering for an account, we obtain your data from that provider.

The extent of the personal data we process about you varies and depends on the services you use, the club you go to, the data you provided when registering for an account, the services you use, the communication channel you use with us and the consents you have given.

We therefore indicate the categories of data that we may process:

identification data such as: Your name, date of birth, gender;
contact details such as e-mail address and telephone number;
address details: the home/correspondence address you have indicated;
financial data: such as your bank account number;
details of your club activities;
your health data;
data relating to the device on which you use our app;
other data you have provided and only to the extent that you have given your consent.

What is the purpose of our processing of your data and the legal basis for that processing?

Your personal data is processed by Us for the following purposes:

enabling you to use our services, in particular Our application, which is related to the performance of the contract for the provision of electronic services to you, and the basis for this action is Article 6(1)(b) of the GDPR;
handling and responding to any complaints, reports or claims made to Us, on the basis of Our legitimate interest, i.e. on the basis of Article 6(1)(f) of the GDPR;
the possible establishment, investigation, enforcement or defence of claims, the safeguarding of information in the event of a legal need to prove facts, on the basis of the legitimate interest of the Administrator, i.e. on the basis of Article 6(1)(f) of the GDPR;
preventing fraud and abuse - to ensure security in the services provided - pursuant to Article 6(1)(f) of the GDPR;
the marketing of Our products or services, i.e. the promotion of Our business on the basis of Our legitimate interest, i.e. Article 6(1)(f) of the GDPR;
direct marketing of Our or Our business partners' products or services, which may include sending commercial information by means of electronic communication, telecommunication terminal equipment and automatic calling systems - where you have given the appropriate consent, i.e. on the basis of Article 6(1)(a) of the GDPR;
statistics and to carry out analytical research, i.e. to better select services to meet your needs, to optimise service processes, to ensure IT security, to detect cases of unauthorised use of services, which is our legitimate interest as a basis for processing, i.e. Article 6(1)(f) of the GDPR;
complying with legal obligations imposed on Us by law, in particular to demonstrate the exercise of your rights, ensuring accountability, as well as the need to store data relating to possible settlements, on the basis of Article 6(1)(c) of the GDPR.

We do not plan to further process your personal data for purposes other than those indicated above. If this becomes necessary, we will inform you of the additional purposes and, if necessary, we will ask you in advance for your consent to use your personal data for the new purpose.

Who can we share your personal data with?

We may share your personal data with:

our business partners with whom we cooperate in connection with the operation of the application, including content providers, IT and software infrastructure providers, IT service providers related to the operation of the application;
our business partners, in particular suppliers of necessary services, including in particular entities providing legal, tax, accounting and advisory services at the request of the Administrator, entities carrying out postal or courier activities, in the event that it is necessary to send you correspondence other than by e-mail, other contractors of the Administrator, to the extent that it results from the performance of the concluded agreement, on the basis of concluded agreements on entrusting the processing of personal data.
entities or bodies entitled under the law to obtain your data from us or to process them, and entities to whom the transmission of the data will be necessary in order to protect the rights of the Administrator or of third parties, including for the purpose of asserting claims or protecting against them.

Where is your data processed?

In most cases, we process your personal data in Poland; however, due to our cooperation with business partners, the software and IT infrastructure used, there may be situations in which your personal data is transferred outside of Poland and outside of the European Economic Area. In this regard, we point out that we take measures to ensure the security, integrity and inviolability of the personal data transferred by applying various protection mechanisms, in particular by implementing cooperation with such contractors based on the standard contractual clauses approved by a decision of the European Commission.

How long do we keep your personal data?

The duration of the processing of your personal data depends on the purpose for which the data is processed. This period is determined by the purpose and legal basis of their processing:

the period for which you have given your consent, if your consent has not been given for a predetermined period of time - until you withdraw it;
the period for which the services are provided to You by Us - until the termination of the contract for the provision of electronic services;
handling complaints, notifications - for 1 year after completion of the complaint, notification;
the expiry of the period prescribed by law for the retention of certain documentation or the fulfilment of legal obligations incumbent upon us;
the period which is necessary for the defence of Our rights or the rights of third parties, including for the assertion or protection of claims under generally applicable law, taking into account periods of limitation;
in the case of processing for marketing purposes, in the case of processing on the basis of a legitimate purpose, for the duration of the contract or until you object to such processing, whichever occurs first; and in the case of processing on the basis of consent, until you withdraw it;
For the purpose of accountability, i.e. proving compliance with the provisions on the processing of personal data, they will be stored for the period by which we are obligated to keep the data or documents containing them to document compliance with legal requirements and enable control of their compliance by public authorities.

After the latest of the aforementioned deadlines, your Personal Data will be permanently deleted by the Administrator.

Can I refuse to provide personal data?

Your provision of personal data is voluntary - you do not have to provide it. However, you must bear in mind that failing to provide them may lead to you not being able to use the application or some of its functionalities. Refusal to provide the data leads to preventing the fulfilment of the objectives of the other purposes indicated in this document.

Can I withdraw my consent to the processing of personal data?

You may exercise your right to withdraw your consent to the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of the consent given before its withdrawal. The effect of withdrawing your consent is that we will no longer be able to process your personal data for the purposes that required your consent and for which you agreed. Withdrawal of consent can be done by making a statement to this effect by email or written contact.

What rights do you have in relation to our processing of your personal data?

You have a number of rights in relation to the processing of your data, which are listed in detail below. Remember that you can use them using the contact methods indicated above:

Right to access your data and obtain a copy of it - the data subject has the right to obtain confirmation from the Controller as to whether their personal data is being processed and, if so, the right to be informed as to which of their personal data and for what purposes it is being processed and to obtain a copy of it.
Right to rectification (amendment) of one's personal data - the data subject has the right to request the Controller to rectify data concerning them that is inaccurate, as well as to supplement it.
Right to erasure of personal data - the data subject has the right to require the Administrator to erase the data concerning them, indicating the circumstances justifying this, e.g. the personal data are no longer necessary for the performance of the contract for which they were collected, or the data subject has withdrawn their consent to the processing and there are no other legal grounds for further processing, or the data are being processed unlawfully.
Right to restrict the processing of personal data - the data subject has the right to request the Controller to restrict the processing of data, e.g. when the Controller does not need certain data, there are no prerequisites for further processing, and the data subject requests that the data operation be stopped or the data not be deleted.
Right to object to processing - the data subject has the right to object at any time to the processing of their data on grounds relating to their particular situation - in cases where the processing occurs on the basis of a legitimate interest of the Controller, including profiling.
Right to data portability - the data subject has the right to receive, in a structured, commonly used machine-readable format, the personal data concerning them that they have provided to the Controller and have the right to send that personal data to another Controller.

If you have any doubts about the correctness of Our processing of your personal data, you also have the right to lodge a complaint with the supervisory authority, the President of the Data Protection Authority.

Are you subject to profiling or do we make automated decisions about you based on the personal data you provide to us?

Your personal data may be subject to automated processing by Us (including profiling). As a result of this process, certain decisions or other actions can be taken by Us. This process is designed to tailor our activities to your preferences.