Table of Contents:
§ 1 General Information
§ 2 Co-administrators of personal data
§ 3 Data collection and the purpose of their processing
§ 4 Categories of personal data
§ 5 Recipients of personal data
§ 6 Archiving of personal data
§ 7 Accessing and updating personal data, complaints
§ 8 Processing of personal data in an automated manner
§1 General Information
- All capitalized terms and words (eg Application, User, etc.) should be understood in accordance with the Application Regulations.
§2 Co-administrators of personal data
- The co-administrators of your personal data are Dawid Markiel, who runs a business under the name of Dawid Markiel, ul. Zabrodzka 40 apt. 2, 52-336 Wrocław, NIP: 8871626847, REGON: 366513121 and Marcin Kawalec, conducting business activity under the name of Marcin Kawalec, ul. Zabrodzka 40 apt. 2, 52-336 Wrocław, NIP: 8951920543, REGON: 366509071, running a business in the form of a civil partnership Inpeak Dawid Markiel Marcin Kawalec S.C. NIP: 8992809630 REGON: 366510542, ul. Zabrodzka 40 apt. 2, 52-336 Wrocław (hereinafter referred to as: the Administrator).
- In all matters related to the protection of personal data, please contact the address given above or via e-mail: firstname.lastname@example.org.
- You can also send a request to the address given above to provide information about what data we have about you and for what purposes we process it.
- The administrator informs that he stores correspondence for statistical purposes and to improve the assistance system in the field of GDPR, as well as in the field of complaint settlements. Addresses and data collected in this way will not be used for communication or purposes other than the implementation of the application, in particular they will not be used for marketing purposes and transferred to third parties.
- In the event of contact with the Administrator in order to perform specific activities (e.g. submitting a complaint, sending a query regarding the Application), the Administrator may again request the person to provide data, including personal data, e.g. in the form of name, surname, address of residence, e-mail address, in order to confirm its identity and enable return contact in a given case and perform the requested action. Providing this data is not obligatory, but it may be necessary to perform activities or obtain information that is of interest to a given person.
- If you have given additional consent to the use of cookie technology, our trusted partners may also be the administrators of data obtained on the basis of your Internet activity.
§3 Data collection and the purpose of their processing
- We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC , (hereinafter: GDPR) and other currently applicable, at the time of processing certain data, the provisions of the law on the protection of personal data.
- In accordance with the content of the aforementioned legal acts, personal data shall be considered information about an identified or identifiable an individual (hereinafter: “Personal Data”). An identifiable an individual is a person who can be directly or indirectly identified, in particular on the basis of an identifier such as name and surname, identification number, location data, internet identifier or one or more specific physical, physiological, genetic, mental factors, the economic, cultural or social identity of an individual.
- We ensure that the data obtained from you is confidential, secure and processed only when it is necessary. We process data in accordance with the law, in a fair and transparent manner for the person concerned. We process only such data and only with such content that is necessary due to the legitimate purpose, i.e. the reason for processing. Personal data is collected with due diligence and properly protected against access by unauthorized persons. We use appropriate and adequate security measures to protect personal data against accidental loss and unauthorized access, use, alteration or disclosure. We store personal data in a way that allows the identification of the data subject for a period not longer than it is necessary for the purposes for which the data is processed.
- The Administrator obtains information about Users personal data in the following way:
- by registering a User Account;
- by voluntarily subscribing to the newsletter service;
- by voluntarily entered information in the contact form or in an e-mail;
- by sending a complaint, application, inquiry or letter of a different nature;
- by voluntarily entered information in an e-mail sent in connection with the desire to establish cooperation;
- by using the Application;
- by supplementing the data in the User Account in the Application;
- through cookies, pixels or similar internet technologies.
- Please be advised that the purpose and scope of the data processed by the Administrator results from the consent of the Website Visitor / Application User or the provisions of the law, and in selected cases is further specified as a result of actions taken by these persons on the website or within other communication channels.
- Providing personal data is voluntary, but necessary in order to use certain website functionalities (eg registering a User Account, subscribing to the newsletter or using contact forms).
- Your personal data is obtained by the Administrator for the following purpose:
|Purpose of processing||Legal basis||A legitimate purpose, if any|
|Keeping statistics||art. 6 sec. 1 lit. f GDPR||Having information about the statistics of our activities, which allows us to improve our business activities.|
|Conducting marketing activities of own products and services without the use of electronic communication means||art. 6 sec. 1 lit. f GDPR||Conducting marketing activities promoting the conducted activity.|
|Conducting marketing activities of own products and services with the use of electronic communication means||art. 6 sec. 1 lit. f GDPR, but these activities due to other applicable regulations, in particular, the Telecommunications Law and the Act on the provision of electronic services, are carried out only on the basis of the consents (Article 6 (1) (a) of the GDPR).||Conducting marketing activities promoting the conducted activity with the use of e-mail addresses.
|Handling of notifications sent using the contact form, e-mail messages, complaints and other requests||art. 6 sec. 1 lit. a GDPR,||Providing answers to requests and inquiries sent using the contact form or in another form, including storing sensitive requests and answers provided to maintain the principle of accountability. Handling applications, answering consumer complaints. Pursuing claims, including from third parties, defense by them.|
|User Account Service||art. 6 sec. 1 lit. c GDPR
art. 6 sec. 1 lit. a GDPR,
|Conclusion and implementation of the Agreement for the Provision of Services by electronic means or taking action at the request of the future User before its conclusion.|
|Conclusion and implementation of the Agreement for the provision of paid services by electronic means as part of the Application||art. 6 sec. 1 lit. b GDPR,||Conclusion and performance of the Agreement or taking action at the request of the future User before its conclusion.|
|Collecting data for the purpose of implementing the Agreement for the provision of paid services by electronic means as part of the Application||art. 6 sec. 1 lit. b GDPR,||Proper implementation of the Administrator’s obligation, development of training plans.|
|Archiving of sales documents||Art. 6 sec. 1 lit. c GDPR||Fulfilling legal obligations resulting from regulations, e.g. tax and accounting, especially in the case of paid contracts.|
- E-mail contact. By contacting us via e-mail, including sending an inquiry via the contact form, you provide me with your e-mail address as the sender’s address. In addition, you can also include other personal data, such as name and surname, in the text of the message. Providing data is voluntary, but necessary to contact me.
In this case, your data is processed in order to contact you, and the basis for processing is art. 6 sec. 1 lit. a GDPR, i.e. your consent resulting from the willingness to contact. The legal basis for processing after the end of contact is the justified purpose of archiving correspondence for internal purposes (Article 6 (1) (c) of the GDPR).
The content of the correspondence may be archived and I am not able to clearly determine when it will be deleted. You have the right to request a history of your correspondence with me (if it was archived), as well as request its removal, unless its archiving is justified due to my overriding interests.
- Newsletter. If you want to subscribe to the newsletter, you must provide the required data in the form of your e-mail address. Providing data is voluntary, but necessary to use the newsletter service.
The data provided when subscribing to the newsletter is used to send the newsletter, in which we inform you about information about the Application, interesting promotions and news from the world of sports, The legal basis for their processing is your voluntary consent when subscribing to the newsletter.
In this case, your data is processed for the purpose of cyclical sending of the newsletter, and the basis for processing is art. 6 sec. 1 lit. a GDPR, i.e. your consent resulting from your willingness to receive the service.
The data will be processed for the duration of the newsletter, unless you unsubscribe earlier, which will permanently delete your data from the database. In addition, you can correct your data stored in the newsletter database at any time, as well as request their removal by resigning from receiving the newsletter. You also have the right to transfer the data contained in art. 20 GDPR.
The newsletter database is properly secured by the Administrator. The newsletter as a database is handled by an external entity. Emails may contain links to hidden images (the so-called tracking pixel), e.g. for the purpose of email opening statistics.
- User Account. By creating a User Account in our Application, you provide me with your e-mail address. It is voluntary, but necessary for the effective registration of a User Account.
In this case, your data is processed in order to maintain a User Account, and the basis for processing is art. 6 sec. 1 lit. a GDPR, i.e. your consent resulting from the will to establish it.
The data will be processed as long as you have a Customer Account, unless you ask for its removal in advance, which will delete your data from the database.
In addition, to take full advantage of the Application’s capabilities, you must also provide us with data that will allow us to prepare your training plan, and thus correctly fulfill the Agreement concluded with us. For this purpose, after logging in to the Application for the first time, we will ask you to provide your date of birth, body weight, maximum heart rate, gender, name and FTP.
You can rectify your data assigned to the User Account at any time, as well as request their removal. You can also delete your User Account at any time. You also have the right to transfer the data contained in art. 20 GDPR.
As part of creating a User Account, you can – but you do not have to – agree to subscribe to the newsletter service.
§4 Categories of personal data
- The personal data administrator may process the following categories of personal data:
- personal data provided in the form when registering the User Account, in particular: e-mail address;
- personal data provided in the Application form when completing the User’s data, in particular: name and surname, body weight, FTP, maximum heart rate, body weight, date of birth, gender;
- personal data provided for the purpose of using the newsletter, provided when using the contact form, sent via e-mail; whether provided when submitting complaints, complaints or requests, in particular: name and surname; e-mail address; contact telephone number; address [street, house number, apartment number, zip code, city, country], bank account number;
- other data, in particular obtained based on the User’s activity in the Application, including those obtained via the website www.aitrainer.eu or other communication channels with the User, using cookies and similar technologies.
§5 Recipients of personal data
- Your personal data may be processed by our partners and subcontractors, i.e. entities whose services we use to process data and provide services to you. To the best of our knowledge, all entities entrusted with the processing of personal data guarantee the application of appropriate measures for the protection and security of personal data required by law.
- Your personal data may be transferred by the Administrator:
- state authorities or other entities authorized under the provisions of law, in order to fulfill our obligations (Tax Office, Social Insurance Institution, PUODO, Police, prosecutor’s office, President of the Office of Competition and Consumer Protection – if they ask the Administrator for it);
- in addition, the Administrator’s partners may participate in the processing of personal data to a limited extent, in particular who technically help to efficiently run the Online Store (e.g. support us in sending e-mails, and in the case of advertising activities – also in marketing campaigns), service providers hosting or ICT services, carriers or intermediaries carrying out shipments of Orders, entities handling electronic payments or payment by credit card in the Online Store, companies that service the software, support the Administrator in marketing campaigns, as well as providers of legal and advisory services and external accounting;
- in addition, we may share fully anonymised data (such that cannot identify you) with entities with whom we cooperate.
- Our suppliers are based mainly in Poland or in other countries of the European Economic Area (EEA), and, for example, in the case of Google Analytics, they are based outside the EEA. Due to the judgment of the CJEU Schrems II (C-311/18), we have enabled the anonymization of your IP numbers – we do not transfer this data to the USA. The other data sent to Google does not have the characteristics of personal data, i.e. it is not possible to identify a specific natural person on its basis.
- To work properly, the application requires synchronization with the Strava application or the Garmin Connect application. The owner of the Strava app is Strava Inc. based in San Francisco, CA 94103 USA. As part of the synchronization of the Application with the above-mentioned entity, we provide information about the planned training and a series of planned training. Bearing in mind the fact that the Application may also be fully operational in the event of synchronization with the Garmin application, we point out that the personal data of people using this application are processed by Garmin 1200 E. 151st St. Olathe, KS 66062-3426 (Kansas City metro area) USA.
As a precautionary measure, we would like to point out that your data may be transferred to Strava, which, due to its seat, does not provide an adequate level of data protection as provided for in the provisions in force in Poland, including in particular the GDPR. In connection with the above, in accordance with Art. 49 sec. 1 point a) of the GDPR, we would like to inform you that we do not provide appropriate safeguards specified in art. 46 GDPR. Due to the inability to conclude standard contractual clauses with the data recipient and binding corporate rules, we would like to inform you that there is a risk of insufficient protection of your data.
Bearing in mind the above, we will ask you in the Application for additional consent to the transfer of personal data to an entity located in a third country, i.e. in the USA, which is necessary for the correct processing, because there is a potential risk that the data will be processed without the rigors resulting from GDPR.
§6 Archiving of personal data
- We store the data for the periods indicated below:
|Data related to the procedure of concluding a contract for the provision of paid services by electronic means||5 years|
|Data for marketing purposes||In the case of data processing on the basis of consent – until its withdrawal.
In the case of data processing on the basis of a legitimate purpose – until an objection is raised.
|Data provided using the contact form, e-mail.||For a period of 3 years in order to maintain the principle of accountability.|
|Personal data related to cookies and similar functions||Until these files are deleted using the website / browser / device settings (however, deleting files is not always the same as deleting Personal Data obtained through these files – then personal data will be deleted until an objection is raised).|
|Data provided during the complaint procedure and other procedures related to the User’s claims||5 years|
3. In each case, personal data will also be stored when legal regulations (eg accounting or tax regulations) oblige the Administrator to process them; we will store personal data longer in the event that the User has any claims against the Administrator, in order to pursue claims by the Administrator, or to assert or defend against claims of third parties, for the period of limitation specified by law, in particular the Civil Code
4. Depending on the scope of personal data and the purposes of their processing, they may therefore be stored for a different period. In each case, the longer period of storage of personal data is decisive.
§7 Accessing and updating personal data, complaints
- Pursuant to Art. 15 GDPR, you have the right to obtain information from the Personal Data Administrator as to whether your personal data is being processed.
- If the Administrator processes your personal data, then you have the right to:
- access to personal data;
- obtain information about the purposes of processing, categories of personal data processed, about the recipients or categories of recipients of this data, the planned period of storage of your data or the criteria for determining this period, about your rights under the GDPR and the right to lodge a complaint with the supervisory authority, the sources of these data, about automated decision-making, including profiling, and about the security measures used in connection with the transfer of these data outside the European Union;
- obtain a copy of your personal data.
- In addition, you can ask for the correction of personal data (Article 16 of the GDPR), the deletion of personal data (Article 17 of the GDPR), object to the processing of personal data (Article 21 of the GDPR) and, if technically feasible, ask for transferring the shared personal data to another organization (Article 20 of the GDPR).
- In connection with the right to be forgotten, the Administrator will update or delete your data, unless it has a legal obligation to keep it for the purposes of conducting business or complying with the law. In some cases, you have the right to request the restriction of the processing of your personal data (Article 18 of the GDPR). You can also contact the Administrator if there are any objections to the method of collecting, storing or using personal data.
- The administrator tries to consider all requests regarding the above-mentioned operations on personal data immediately, but not later than within 30 days from receiving the request. Due to the complex nature of the request, the Administrator has the right to consider your request within 30 days, of which he will inform in advance.
- The controller endeavors to resolve complaints definitively, but if you are still dissatisfied with the response received, you can lodge a complaint with the data protection supervisory authority of the local data protection authority. In Poland, the supervisory body within the meaning of the GDPR is the President of the Personal Data Protection Office, who replaced GIODO on May 25, 2018.
§8 Processing of personal data in an automated manner
- The selected cookies process your personal data. The processing of personal data from cookies or similar technologies in our Application is carried out for the purposes of ensuring the functioning of the Website on which the Application is located, adapting the content of the Website on which the Application is placed to the preferences of Visitors and the User, or for analytical purposes. Processing is based on our legitimate interest. The legal basis for the processing of personal data for advertising purposes and connecting with social media will be your additional consent, expressed by making a selection and checking the checkbox during the process of consenting to cookies.
- When a Visitor, a User enters the website www.aitrainer.eu, cookies are used to identify their browser or device – cookies collect various types of information, which, as a rule, do not constitute personal data. Some information, depending on their content and use, may, however, be associated with a specific person – assigning certain behaviors to a specific Visitor or User, e.g. by linking them to the data provided when registering the User in the Application, or a specific e-mail address – and thus be considered personal data.
- The website uses profiling. Thanks to the cookies used on the Website, it is possible for the Administrator to familiarize himself with the preferences of the Visitor – e.g. by analyzing how often he visits the Website and whether and what content he / she browses on it. The analysis of Internet behavior helps to better understand the habits and expectations of Users and Visitors and to adapt to their needs and interests. Thanks to this technology, it is possible to present Visitors / Users with advertisements tailored to their needs and interests, and to prepare better promotions and surprises for adult Visitors who have agreed to it.