The controller of the Personal Data of the Service available at
www.fitatu.com and the
corresponding mobile application, hereinafter jointly referred to as the “Service”,
is Fitatu Sp. z o.o. with the seat at ul. Stanisława Wyspiańskiego 10/5, Poznań 60-749, entered
in the Business Register of the National Court Register kept by the District Court in Poznań for
Poznań-Nowe Miasto i Wilda, VIII Department for Commercial Matters of the National Court Register,
with KRS number 0000635344, NIP 7792444235, REGON 364839278, hereinafter referred to as
the Personal Data Controller. Email contact:
email@example.com or by mail to the
company address stated above.
The Controller has appointed a Personal Data Protection Inspector, who is Jakub Szajdziński of ENSIS
Kancelaria Prawna Cioczek & Wspólnicy Sp. K, email address of the inspector:
Any enquiries, requests, complaints relating to the processing of personal data by the Personal Data
Controller, hereinafter referred to as Notifications, should be addressed to the following email
address stated in the preceding paragraph or in writing to the Controller's address stated above.
The content of the Notification shall clearly state:
the data of the person(s) referred to in the Notification,
the event that gives rise to the Notification,
the presentation of the claims and the legal basis for those claims,
the statement of the expected way to handle the matter.
We collect the following personal data in our Service:
name and surname: may be processed when you, as a user of our Service (including
contractors or potential contractors), provide it to us via email, the registration contact
form or the Account data form available in our Service, as well as when you provide it to
us via mail or when contacting us by phone, in order to make use of the offer of our Service,
health data (height, weight, sex, allergies, chronic diseases, dietary preferences):
may be processed in order to provide or customise the services to your needs and to prepare
the best offer, providing height, weight (including current or target weight), and sex is
necessary to create an Account in our Service,
user name: data processed in connection with the creation and maintenance of the
individual User Account. The provision of such data is necessary to complete the creation
of an Account in our Service,
phone number: may be processed when you contact us by phone and also when you provide
it to us via email or the contact form. The phone number is processed to enable us to contact
you regarding the processing of a particular order or to answer any other question you may have,
address of residence (including country) / mailing address: we process this data
in order to correctly dispatch the ordered Products, its provision is necessary in case of
making purchases in our Service,
email address: may be processed when, as users of our Service (including customers
or potential customers), you provide it to us in the event of contact via email, contact
form, registration form or order form available in our Service, as well as by mail or phone.
By means of email address, we answer questions related to our offer and we also pass on
information related to the performance of the concluded contract. In addition, if you have
agreed to the transmission of marketing content and have become a subscriber to our
newsletter, we will also send you commercial and marketing information several times a month,
IP address of the device: information resulting from general internet connection rules,
such as IP address (and other information in system logs), is used for technical and
statistical purposes, including, in particular, the collection of general demographic
information (eg about the region from which the connection is made),
other data may be also collected as part of the handling of specific cases or may be
provided by you as a user of our Service via email, the contact form available in the Service,
the comments section available in the Service, mail, or when contacting us by phone.
Each person, as a user of our Service, has the opportunity to choose whether and to what extent
to use our services and share his/her information and data, to the extent set out in the contents
We process your personal data for the purposes of:
ordering the services offered by us in connection with the Service (Article 6(1)(b) RODO):
in this respect, the personal data provided will cease to be processed once the specific
transaction has been completed,
the conclusion and performance of contracts in connection with the services we offer
(Article 6(1)(b) RODO): in this respect, personal data will cease to be processed once
the relevant contract has been completed,
keeping an individual user account (Article 6(1)(b) RODO): in this respect, personal
data will cease to be processed when the user deletes the account,
carrying out the (subscription) newsletter service and sending marketing content
(Art. 6(1)(a) RODO): in this regard, the personal data provided will be deleted on the
withdrawal of consent and unsubscribing from the newsletter list,
complying with legal obligations incumbent on the Personal Data Controller, in particular
record-keeping, issuing invoices, etc (Article 6(1)(c) RODO): in this respect, the
personal data will be deleted once certain legal obligations have been fulfilled,
ongoing communication related to the operation of the Service (Article 6(1)(f) RODO, ie
legitimate interest of the Personal Data Controller): in this regard, your personal data
will cease to be processed when the relevant question(s) is/are answered,
establishing, asserting or defending against claims (Article 6(1)(f) RODO, ie legitimate
interest of the Personal Data Controller): in this respect, personal data will be deleted
when the relevant claims expire, but as a general rule after the expiry of the 3-year
limitation period for claims,
the express consent of the data subject for the performance of the contract and the provision
of services (Art. 9(2)(a) RODO): with regard to the processing of health data (special
categories of personal data) referred to in point 3(b) of this Policy, as well as with regard
to the profiling referred to in point 12, with regard to the profiling of health data:
in this respect, personal data will cease to be processed upon withdrawal of consent or
deletion of the Account.
The source of the Personal Data processed by the Controller is you, ie the data subjects.
If the “Like!” button or other social media links to the Controller's social media accounts are
present, as well as in the extent to which logging in via external sites is made possible, there
is a co-control relationship between the Controller of this Service and the controller of the
external site. The co-control is limited only to the data in the scope necessary for operations
related to the functioning of the respective button. The Controller is not responsible for
the policies regarding the further processing of personal data of other entities and organisations
or social network providers. Our Co-Controllers within this Service are:
Meta Platforms Ireland Ltd. (Facebook, Instagram) with the seat at: 4 Grand Canal
Square, Grand Canal Harbour, Dublin 2, Ireland,
Google Ireland Ltd. (Google Workspace, Google Play, YouTube) with the seat at:
Google Building Gordon House, 4 Barrow St, Grand Canal Dock, Dublin 4, D04 V4X7, Ireland,
Apple Distribution International Ltd. (App Store, Apple ID) with the seat at:
Hollyhill Industrial Estate, Hollyhill, Cork, Ireland,
Tiktok Technology Ltd. (TikTok) with the seat at: 10 Earlsfort Terrace, Dublin,
D02 T380, Ireland,
The Controller uses tools from Google Ireland Ltd (Google WorkSpace, Google Ads, Google Analytics,
YouTube) Meta Plafrorms Ireland ltd. (Facebook, Facebook Pixel, Instagram) and Tiktok Technology Ltd.
(Tiktok) and Apple Distribution International Ltd. (App Store, Apple ID). As a general rule, the
data processed through the use of these tools is processed on Irish servers. However, the provider
of these tools may be obliged to transfer the data to third countries if such an obligation is imposed
on it by law. If you have any questions regarding the transfer of personal data outside the European
Economic Area, contact the Data Protection Officer stated in the preamble of the contract.
We do not share any personal data with third parties without the express consent of the data subject.
Data may be disclosed without the consent of the data subject only to entities authorised to process
personal data under applicable law (eg law enforcement agencies, ZUS, or the Tax Office). The Controller
shall make personal data of its customers available in particular to: payment operators, companies
providing postal and courier services, and tax authorities.
Personal data may be outsourced for processing to entities that process such data on our behalf as
Personal Data Controller. If this is the case, we, as the Personal Data Controller, shall enter
into a personal data processing outsourcing agreement with the processor. The processor shall
process the outsourced personal data only for the needs of, to the extent, and for the purposes
stated in the outsourcing agreement referred to in the preceding sentence. Without outsourcing
your personal data to the Processor, we would not be able to carry out our activities within the
Service or deliver to you shipments of ordered Products. As the Personal Data Controller, in
particular, we outsource your personal data for processing to the following entities:
providing hosting services for the website on which our online Service operates,
providing accounting services,
providing tools related to promotional campaigns and marketing,
providing CRM tools,
providing us with other services that are necessary for the day-to-day operation of the Service.
Personal data may or will be subject to profiling within the meaning of RODO regulations depending
on the content of the contract or the scope of the services provided.
Profiling with regard to ordinary personal data has its basis in Article 22(1)(a) RODO, ie
the necessity for the conclusion and performance of a contract between the Controller and you
related to the provision of services, taking into account the provision of Article 22(3) RODO,
in the scope that goes beyond what is necessary for the conclusion and performance of the
contract, profiling takes place on the basis of Article 22(2)(c) RODO, ie your express consent,
taking into account the provision of Article 22(3) RODO,
where the profiling concerns your special categories of personal data (health data as stated
in point 3(b) of this Policy), the basis for profiling is exclusively Article 9(2)(a) read
with Article 22(4) RODO, ie your express consent to the processing of your data for the
performance of contracts. This consent is voluntary, but necessary in order to set up
an Account in our Service and to actually use the services we offer,
profiling that concerns your specific personal categories may also take place in connection
with the implementation of direct marketing. In this respect, the legal basis for profiling
in this respect is Article 9(2)(a) read with Article 22(4) RODO. This consent is fully
optional and is separate from the consent for direct marketing.
In accordance with the provisions of RODO, every person whose personal data we process as
a Personal Data Controller has the right to:
access their personal data as referred to in Article 15 RODO,
be informed of the processing of personal data, as referred to in Article 12 RODO,
correct, complete, update, rectify personal data as referred to in Article 16 RODO,
withdraw consent at any time, as referred to in Article 7(3) RODO,
erasure (right to be forgotten) as referred to in Article 17 RODO,
restrict the processing referred to in Article 18 RODO,
data portability as referred to in Article 20 RODO,
object to the processing of personal data, as referred to in Article 21 RODO,
in the case of a legal basis, in the form of consent: the right to withdraw consent at any
time without affecting the lawfulness of the processing carried out on the basis of consent
before its withdrawal,
not be subject to the proﬁling referred to in Article 22 read with Article 4(4) RODO,
lodge a complaint with the supervisory authority (ie the President of the Office for the
Protection of Personal Data, PL: PUODO) referred to in Article 77 RODO.
If you wish to exercise your rights referred to in the preceding paragraph, send a message by email
to the email address or in writing to the postal address as referred to in point 2 above.
Each identified security breach shall be documented and, in the event of one of the situations set
out in the provisions of RODO or of the act, the data subjects and, if applicable, the PUODO shall
be informed of such security breach.
The Cookies Policy is a separate document located
shall apply accordingly. In the event of any inconsistency between the provisions of this Privacy
Policy and the said regulations, these regulations shall prevail.
Fitatu uses the Google Fit service to offer additional information and features. The use of the
Google Fit service will only take place if you have consented to the synchronisation of your data
with the Google Fit service. Without your consent, no data will be downloaded from Google Fit.
If you agree to synchronise your data, you will share information with us about your
location (we use location to be able to calculate steps taken, distance, duration of
activity and calories burned),
type of activity (e.g. running, cycling),
distance of activity,
We take this data in order to calculate your daily calorie needs (it will adjust depending on how
active you were that day) and to display information in Fitatu about your completed activities
(history with the number of calories burned).
We will not use this data for marketing and advertising activities or share it with other parties.
You will be able to disconnect data downloads from Google Fit at any time. All you have to do is
go to "Settings" – "Related apps" – "Google Fit" and uncheck the permission to download data.