The Personal Data Controller for Fitatu mobile application and www.fitatu.com web
domain, hereinafter referred to collectively as the Application, shall be Fitatu Sp.
z o.o., with its registered office at ul. Wyspiańskiego 10/5, 60-749 Poznań, entered
into the Register of Entrepreneurs kept by the District Court for Poznań - Nowe
Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register,
under KRS No. (National Court Register No.): 0000635344, NIP No. (tax ID No.):
7792444235, REGON: 364839278.
Respecting your rights as personal data owners (data subjects) and the applicable
rule of law, including, in particular, the Regulation (EU) 2016/679 of the European
Parliament and of the Council of 27 April 2016 on the protection of natural persons
with regard to the processing of personal data and on the free movement of such
data, and repealing Directive 95/46/EC (General Data Protection Regulation),
hereinafter referred to as GDPR, the Personal Data Protection Act of 10th May
2018 (Journal of Laws of 2018, item 1000, hereinafter referred to as the Act)
and other relevant provisions on the protection of personal data, we undertake to
maintain the security and confidentiality of personal data received from you. All
our employees have been appropriately trained in regard to the processing of
personal data, and our company, acting as the Personal Data Controller, has
implemented adequate safeguards, as well as technical and organizational measures to
ensure the highest level of security of your personal data. We have implemented
policies and procedures on the protection of personal data in accordance with GDPR,
through which we are able to ensure the legality and integrity of data processing,
as well as the enforceability of any rights to which you, data subjects, are
entitled. In addition, where necessary, we cooperate with the supervisory authority
on the territory of the Republic of Poland, i.e. with the President of the Personal
Data Protection Office (hereinafter referred to as PPDPO).
In our Application, we collect the following personal data:
E-mail address - may be processed when you as users of the Application
(including customers or potential clients) will provide it to us in the case
of contact via e-mail, registration form, order form or contact form
available in our Application; via e-mail we send you confirmation of the
conclusion of the Agreement, a creation of an account or a placed order, we
contact you in the event of such need connected with the functioning of our
Application, we also respond to questions related to our offer; if you
consent to the transfer of marketing content and you have been the
subscriber of our newsletter, we will also send you commercial information
Date of birth - may be processed in order to confirm that you are at least
16 years old, as well as to adjust the services provided to your needs and
to prepare the most advantageous offer
Health and physical activity data (height, weight, sex, trainings performed)
- may be processed in order to adjust the services provided to your needs
and prepare the most advantageous offer
First name and surname (optionally – if they arise from the e-mail address
or from your username) – may be processed when, as users of our Application
(including customers or potential customers), you provide them to us via
e-mail, registration form, order form, contact form available in the
Application, in order to make use of our offer
IP address of the device or browser ID – information resulting from general
rules of Internet connection, such as IP address (and other information
contained in system logs) are used for technical and statistical purposes,
including, in particular, to collect general demographic information (e.g.
the region from which the connection originates),
The shared data from your Facebook account - if you log in through your
account on Facebook
Language you use
Any other data may be collected as part of conducting specific cases or may
be provided by you as users of our Application (including customers or
potential clients) via e-mail, contact form available in the Application.
Providing the data indicated in the preceding point is necessary in the cases
specified therein, including in particular:
In order to benefit from the services available in our Application,
including for the purpose of implementing the agreement concluded between
you and the Controller, as well as adjusting, analysing and improving
services, and ensuring security of their provision,
In order to perform the services ordered by you in the Application,
In order to answer your questions and to enable contact via e-mail and a
contact form available in the Application,
for the purpose of voluntary registration (creation of an account ) in our
Application - in such situation we keep the data provided by you in order to
facilitate a future use of services available as part of our Application
until the moment of de-registration (removal of the account),
for the purpose of providing a newsletter service (subscription) - if you
want to be informed about interesting events and commercial offers, you may
be a subscriber of our newsletter; you can enter the subscription on a
voluntary basis and you can resign from it at any time.
Our application uses Cookies technology in order to adjust its operation to your
individual needs. Therefore, you can consent to have the data and information you
submit stored, so that it will be possible for you to use them the next time you
visit our Application, without the need to re-enter them. The owners of other
websites shall not have access to such data and information. However, if you do not
consent for personalizing the Application, we recommend disabling cookies in your
web browser's options.
Each of you, being a user of our Application, can choose whether and to what extent
you want to benefit from our services and share your information and data, within
the scope set forth in this Privacy Policy.
In accordance with the principles of data minimization, we process only those
categories of personal data which are necessary to achieve the objectives referred
to in paragraph 3 and 4 above.
We process the personal data for the time necessary to achieve the objectives listed
in paragraph 3 and 4 above. Personal data may be processed for a longer period if
such right or obligation, imposed on us as the Controller, results from special
provisions of law, from the legitimate interest of the Controller, referred to in
point 10(c) below (i.e. for a period of limitation of claims or termination of
relevant proceedings if they have been initiated during the limitation period) or
when the service that we perform is continuous (e.g. newsletter subscription).
The sources of personal data processed by the Personal Data Controller are the data
subjects.
The basis for the processing of your personal data is:
Article 6(1)(b) of the GDPR, i.e. the necessity to perform the agreement to
which you are a party, or to take action at your request prior to the
conclusion of the agreement, or
Article 6(1)(c) of the GDPR, i.e. the necessity to fulfil legal obligations
imposed on the Controller, or
Article 6(1)(f) of the GDPR, i.e. the legitimate interest of the Controller,
i.e. establishing, investigating or defending claims until such time as they
are statute-barred or until the completion of relevant proceedings if they
have been initiated during that period, or
Article 6(1)(a) of the GDPR, i.e. your consent to the processing of personal
data for specific purposes, when other legal grounds for the processing of
personal data do not apply – e.g. in the case of providing a newsletter
service,
Article 9(2)(a) of the GDPR, i.e. a clear consent of the data subject in
order to perform the agreement and provide services – with regard to the
processing of health data (specific categories of personal data) referred to
in point 3(c).
Personal data are not transferred by us to a third country or an international
organisation within the meaning of the GDPR. If personal data are transferred to a
third country or an international organisation, you will be informed in advance and
the Controller will use the safeguards referred to in Chapter V of the GDPR.
We do not share any personal data with third parties without explicit consent
obtained from the data subject. Personal data may be made available without the
consent of data subjects only to the body governed by the public law, i.e. legal and
public authorities (e.g. tax authorities, law enforcement authorities, and other
entities authorized by generally applicable provisions of law).
If in our application you will have access to a button “Like” or any other link to
Facebook, in the scope of IP data or the Internet browser ID, the above data are
processed on a controllership basis with Facebook Ireland Ltd., 4 Grand Canal
Square, Grand Canal Harbour, Dublin 2 Ireland. In the case of a transfer of personal
data to third countries, this takes place on the terms set out in point 11.
Personal data may be transferred to other entities for processing purposes, that
process them on behalf of our company as the Personal Data Controller. In such
cases, we, as the Personal Data Controller, conclude an agreement on outsourcing of
personal data processing with such entities. The processing entity processes the
entrusted personal data, but only to the extent and for the purposes indicated in
the agreement referred to in the preceding sentence. Without entrusting your
personal data for processing purposes, we could not provide the services within the
Application. As the Personal Data Controller, we entrust personal data for
processing purposes to following entities:
entities providing hosting services for the website on which our Application
operates,
entities providing on our behalf other services that are necessary for the
day-to-day operation of the Application.
Personal data may be subject to profiling within the meaning of GDPR, depending on
the content of the agreement or the scope of the services provided. If the profiling
was to take place, then the basis for its implementation is Article 22(2)(a) of the
GDPR, i.e. the necessity to conclude and perform the agreement between our company
and the State related to the provision of services, and in the scope exceeding the
necessity to conclude and perform the agreement – Article 22(2)(c) of the GDPR, i.e.
your explicit consent, taking into account the provision of Article 22(3) of the
GDPR. If the profiling was related to specific categories of personal data (data
concerning health), only Article 9(2)(a) in conjunction with Article 22(4) of the
GDPR, i.e. your explicit consent to the processing of data for the purpose of
performing the contract, is the basis for profiling.
In accordance with the provisions of the GDPR, any person whose personal data we
process as the Personal Data Controller, has the right to:
being notified about the processing of his or her personal data, referred to
in Article 12 of the GDPR,
access his or her personal data referred to in Article 15 of the GDPR,
Correct, amend, update, rectify the personal data, referred to in Article 16
of the GDPR,
delete the personal data (the right to be forgotten), referred to in Article
17 of the GDPR,
limitations of processing, referred to in Article 18 of the GDPR,
transfer the personal data, referred to in Article 20 of the GDPR,
raise objections to the processing of personal data, as referred to in
Article 21 of the GDPR,
in the case of the legal basis referred to in point 10(d) above - the right
to withdraw consent at any time without affecting the lawfulness of
processing based on consent before its withdrawal,
not subject to profiling referred to in Article 22 in conjunction with
Article 4(4) of the GDPR,
file a complaint to a supervisory authority (i.e., to the President of the
Personal Data Protection Office), as referred to in Article 77 of the GDPR,
taking into account the principles of using and implementing these rights
resulting from the provisions of the GDPR.
If you wish to exercise your rights referred to in the preceding paragraph, please
use the appropriate tabs in the Application that allow to remove your account and
the data collected in our Application, or send a message to the following e-mail
address or in written form to the address referred to in paragraph 18 below.
As the Controller, we appointed the Data Protection Officer, which is Jakub
Szajdziński. If you have any questions, requests, complaints regarding the
processing of personal data by the Controller, hereinafter referred to as the
Reports, please forward them to the following email address of the Data
Protection Officer: [email protected] or submit them in written form at the
address of the Personal Data Controller, i.e. ul. Wyspiańskiego 10/5, 60-749 Poznań.
In the content of the Report you should clearly indicate:
the data of the person or persons whom the Report concerns,
event, which is the reason for submitting the Report,
Present your request and the legal basis for the request,
expected form of settlement.
Each recognized security breach is documented, and if one of the situations referred
to in the provisions of either GDPR or the Act occurs, data subjects and, if
applicable, PUODO, shall be informed about such breach of the provisions on the
protection of personal data.
All capitalized words shall have the meanings assigned to them in the Regulations of
our Application, unless otherwise stated in this Privacy Policy.
The provisions of this Privacy Policy shall apply, to the extent possible, to all
persons with whom we remain in legal relations and to whom we are also the
Controller of their personal data, including in particular with regard to our
clients, contractors, newsletter subscribers and participants of competitions or
partner programs organised by us.
In matters not regulated by this Privacy Policy, relevant provisions of generally
applicable law, including in particular the provisions of the GDPR and the Act,
shall apply. If the provisions our Privacy Policy do not comply with the provisions
mentioned above, the latter provisions shall apply.
When using the Application, please consent for the use of cookies and Web Storage
technology (as defined
here
), in accordance with the Privacy Policy and
regulations
.
Cookies, and Web Storage mean files saved and stored on your computer, tablet or
phone, while you visit different pages on the Internet or you are using the
application. A cookie or Web Storage usually contain the name of the website from
which you came, "life expectancy" of the cookie (that is time of its existence), and
randomly generated unique number used to identify your browser/application by means
of which you connect to the Internet.
Two types of cookies / Web Storage are in use - session cookies and persistent
cookies. Session cookies remain on your device only while using the application.
Persistent cookies remain on your device for as long as their life expectancy, or
until you delete them (or uninstall an application).
The Application uses the following types of cookies/Web Storage:
those necessary to operate webpages - those necessary for the proper
functioning of the Application, allowing you to navigate through it and
benefit from its elements. For example, those cookies can remember your
previous activity (e.g. the articles you have read), if you return to the
same page during the same session.
those necessary for improving the performance - those collecting the
information and statistical data about the ways our visitors use the
Application, and providing information about the areas that our clients
visit, the time they spend on each of them, and the problems that they face,
for example error messages or usage statistics. This allows us to improve
the performance of the Application.
those improving functionality - those memorizing user's settings and choices
made (such as the user name, the user's region, personalized content
settings), to provide the User with more personalized content and services.
Cookies/Web Storage may be stored on your device while using the Application, and
the information within the group of settings improving the functionality and
containing anonymised statistics application may be entrusted to/received from the
following trusted third parties:
Google (the Android operating system)
Google Analitycs (https://analytics.google.com/analytics/web/)
Apple (the iOS operating system)
Google Fit (https://www.google.com/fit/)
Apple HealthKit (https://developer.apple.com/healthkit/)
Facebook (www.facebook.com)
FitBit API (https://dev.fitbit.com/)
Google Cloud Platform (https://cloud.google.com)
Garmin API (https://developer.garmin.com/)
Restriction on the use of cookies/Web Storage may affect the Application's
functionality, and even hinder the ability to use the Application.
Fitatu uses Google Fit to offer additional information and features. You will only use Google Fit if you agree to sync your data with Google Fit. Without your consent, no data will be downloaded from Google Fit.
If you agree to synchronize your data, you will provide us with information about your
location (we collect location data to be able to calculate the steps taken, distance, duration of the activity and calories burned) even when the app is closed or not in use
physical activity:
- steps,
- calories burned,
- type of activity (e.g. running, cycling),
- activity distance,
- its duration.
We collect this data in order to calculate the daily caloric requirement (it will adjust depending on how active you were on the day) and to display in Fitatu information about completed user activities (history along with the number of calories burned).
We will not use this data for marketing and advertising purposes or share it with others.
You will be able to disconnect the download from Google Fit at any time. Simply go to "Settings" – "Connected applications" – "Google Fit" and uncheck your consent to download data.
Our website uses cookies for the proper operation of the website and for statistical and marketing purposes. Cookie settings can be changed in the web browser or by pressing the "More options" button below. Additional information on cookies can be found in the Terms and Conditions and Cookies Privacy Policy.
Manage preferences - purposes of cookie processing:
System configuration
Necessary for the proper functioning of the website