Fitatu Application Privacy Policy

  1. The controller of the Personal Data in the Fitatu mobile application and the www.fitatu.com website domain, hereinafter collectively referred to as the Application, is Fitatu Sp. z o.o. with the seat at: ul. Wyspiańskiego 10/5, 60-749 Poznań, entered in the Register of Entrepreneurs kept by the District Court for Poznań – Nowe Miasto i Wilda in Poznań, VIII Economic Department of the National Court Register, under KRS number 0000635344, NIP 7792444235, REGON 364839278, hereinafter referred to as the Controller.
  2. Respecting your rights as personal data subjects (data subjects) and respecting the applicable legislation, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as RODO, the Act of 10 May 2018 on the protection of personal data (Dz.U. poz. 1000, hereinafter referred to as the Act) and other relevant data protection legislation, we undertake to maintain the security and confidentiality of the personal data obtained from you. All employees have been adequately trained in the processing of personal data and, as Personal Data Controller, we have implemented appropriate safeguards and technical and organisational measures to ensure the highest level of personal data protection. We have data protection procedures and policies in place that are compliant with RODO, through which we ensure the lawfulness and fairness of data processing, as well as the enforceability of any rights you have as a data subject. Additionally, if necessary, we cooperate with the supervisory authority in the Republic of Poland, i.e. the President of the Office for Personal Data Protection (PUODO).
  3. We collect the following personal data in our application:
    1. email address may be processed when, as users of the Application (including customers or potential customers), you provide it to us when we contact you via email, registration form, order form or contact form available on our Application; by means of an email address, we send you confirmation of the conclusion of an Agreement, the creation of an account or an order placed, we contact you if we need to do so in connection with the functioning of our Application, as well as answer questions related to our offer; if you have consented to the transmission of marketing content and you have become a subscriber to our newsletter, we will also send you commercial information;
    2. date of birth may be processed to confirm that you are at least 16 years of age, as well as to adapt the services provided to your needs and to prepare the most advantageous offer;
    3. fitness and physical activity data (height, weight, gender, workouts performed) may be processed in order to adapt the services provided to your needs and to prepare the most advantageous offer,
    4. first name and surname (in principle optional – when derived from your email address or from your username) may be processed when you, as users of our Application (including customers or potential customers), provide them to us via email, registration form, order form, contact form available on the Application, in order to make use of our offer;
    5. device IP address or browser identifier: information resulting from general Internet connection rules, such as the IP address (and other information contained in system logs), is used for technical and statistical purposes, including in particular the collection of general demographic information (e.g. about the region from which the connection is made);
    6. shared data from your Facebook account: if you log in via your Facebook account;
    7. the language you speak;
    8. possibly other data may be collected as part of the conduct of specific cases or may be provided by you as a user of our Application (including as a customer or potential customer) via email, the contact form available on the Application.
  4. The provision of the data indicated in the preceding paragraph is necessary in the cases specified therein, including in particular:
    1. for the use of the services offered on our Application, including the performance of the contract concluded between you and the Controller, as well as to tailor, analyse and improve the services and to ensure the security of their provision;
    2. in order to provide the services you have requested on the Application;
    3. in order to answer your questions and to enable you to contact us via email, the contact form available on the Application;
    4. for voluntary registration (creation of an account by you) on our Application – in this case we store the data you have provided to facilitate your future use of the services available on our Application until you unregister (delete your account); The Application uses Cookies technology, i.e. files that are used to automatically collect personal data from website users ("Cookies"). The information obtained in this way is stored on the computer or other mobile device of the User who uses it. For more information in this regard, see Cookies Policy.
  5. Each user of our Application can choose whether and to what extent to use our services and share information and data about himself/herself, in the scope set out in this Privacy Policy.
  6. In accordance with the principle of minimisation, we only process those categories of personal data which are necessary to achieve the purposes referred to in points 3 and 4 above.
  7. We process personal data for the period necessary to achieve the purposes listed in points 3 and 4 above. Personal data may be processed for a longer period where such a right or obligation, imposed on us as the Controller, arises from specific legal provisions, from the legitimate interest of the Controller referred to in point 10(c) below (i.e. for the period of the statute of limitations for claims or the completion of the relevant proceedings, if any within the period of the statute of limitations) or where the service we provide is continuous (e.g. newsletter subscription).
  8. The source of the Personal Data processed by the Controller is the data subjects.
  9. The legal basis for processing your personal data is:
    1. Article 6(1)(b) of RODO, i.e. the necessity for the performance of a contract to which you are party or to take steps at your request prior to entering into a contract, or
    2. Article 6(1)(c) of the DPA, i.e. the necessity to comply with legal obligations incumbent on the Controller, or
    3. Article 6(1)(f) of RODO, i.e. the legitimate interest of the Controller in the establishment, assertion or defence of claims until they have become time-barred, or until the conclusion of the relevant proceedings, if any, during that period, or
    4. Article 6(1)(a) of RODO, i.e. your consent to the processing of personal data for specific purposes where other legal grounds for processing personal data do not apply, e.g. in the case of the provision of a newsletter service,
    5. Article 9(2)(a) of RODO, i.e. the express consent of the data subject for the performance of a contract and the provision of services – in relation to the processing of health data (special categories of personal data) referred to in point 3(c).
  10. We only transfer personal data to others if we are permitted to do so by law. Where this is the case, we provide for provisions and security mechanisms in the relevant contract we enter into with the third party in order to protect the data and to maintain our data protection, confidentiality and security standards. Contracts of this kind are called outsourcing agreements for the processing of personal data, and the Controller has control over how and to what extent the entity to which the Controller has entrusted the processing of certain categories of personal data processes these data. In relation to the above, we point out that the recipients of the personal data that the Controller processes as a personal data controller may be:
    1. the above entities processing personal data under contracts of outsourcing of personal data processing (so-called processors),
    2. service providers for:
      1. hosting,
      2. digital, including cloud services,
      3. access to communication software,
      4. the Controller's contractors and subcontractors providing software supply services, maintenance services for software or hardware used by the Controller and suppliers of products used by the Controller,
      5. debt collection companies (whereby we only pass on personal data to the extent that it is actually necessary for the purpose in question),
      6. auditors and chartered accountants, legal advisers, tax advisers,
      7. law enforcement authorities, regulators and other public administrations.
  11. In the latter two cases, however, we will only transmit data if and to the extent that this is actually necessary and required by mandatory legal provisions and in a manner consistent with such provisions.
  12. Our Partners are based in Poland or other countries in the European Economic Area (EEA). Some of the service providers to the Controller are based outside the European Economic Area (EEA). When transferring data outside the EEA, the Controller takes great care. It verifies that the supplies guarantee a high level of protection of personal data, in line with the legal requirements applicable within the EEA and the established line of case law, inter alia, the ruling of the Court of Justice of the European Union of 27 July 2020 Schrems II. The controller minimises the extent of data sent outside the EEA and, where SCCs (standard contractual clauses adopted by the European Commission) are used, verifies whether there is a risk of a personal data breach by entities outside the EEA. It examines, among other things, the data security process and whether the data provided could potentially be of interest to third countries.
  13. If the "Like!" button or other links to Facebook are in our Application, in terms of IP data or browser ID, the above data is processed in co-administration with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. In the event of transfer of personal data to third countries, this is done under the terms of point 11.
  14. Personal data may be subject to profiling within the meaning of the provisions of RODO depending on the content of the contract or the scope of the services provided. If profiling were to take place, then the basis for its exercise is Article 22(2)(a) of RODO, i.e. the necessity for the conclusion and performance of the contract between our company and you related to the provision of services, and to the extent beyond the necessity for the conclusion and performance of the contract, Article 22(2)(c) of RODO, i.e. your express consent, taking into account the provision of Article 22(3) of RODO. In the event that the profiling concerns special categories of personal data (health data), then the basis for profiling is exclusively Article 9(2)(a) in conjunction with Article 22(4) RODO, i.e. your express consent to the processing of data for the performance of the contract.
  15. In accordance with the provisions of the DPA, every person whose personal data we process as a Personal Data Controller has the right to:
    1. be informed of the processing of personal data, as referred to in Article 12 of RODO,
    2. access to their personal data as referred to in Article 15 of RODO,
    3. correct, complete, update, rectify personal data as referred to in Article 16 of RODO,
    4. erasure (right to be forgotten) as referred to in Article 17 of RODO,
    5. the restriction of processing referred to in Article 18 RODO,
    6. data portability as referred to in Article 20 RODO,
    7. object to the processing of personal data, as referred to in Article 21 of RODO,
    8. in the case of the legal basis referred to in point 10 above: to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal,
    9. not being subject to the profiling referred to in Article 22 in conjunction with Article 4(4) of RODO,
    10. lodge a complaint with the supervisory authority (i.e. the President of the Office for the Protection of Personal Data) referred to in Article 77 of RODO, taking into account the rules on the use and exercise of these rights under the provisions of RODO.
  16. If you wish to exercise your rights referred to in the preceding paragraph, please use the relevant tabs in the Application, which allow you to delete your account and the data stored in our Application, or send a message by email to the email address or in writing to the postal address referred to in point 18 below.
  17. As the Controller, we have appointed a Data Protection Supervisor: Jakub Szajdziński. Any enquiries, requests and complaints regarding the processing of personal data by the Controller, hereinafter referred to as Notifications, should be addressed to the following email address of the Data Protection Supervisor: iod@fitatu.com or in writing to the following address: ul. Wyspiańskiego 10/5, 60-749 Poznań.
  18. The content of the Notification must clearly indicate:
    1. the data of the person(s) concerned by the Notification,
    2. the event that gives rise to the Notification,
    3. the claims and the legal basis for those claims,
    4. the way in which the case is expected to be handled.
  19. Each identified security breach shall be documented and, in the event of one of the situations set out in the provisions of RODO or the Act, the data subjects and, if applicable, the PUODO shall be informed of such security breach.
  20. All capitalized words have the meaning given to them in Terms and Conditions of our Application, unless otherwise stated in this Privacy Policy.
  21. The provisions of this Privacy Policy apply, to the extent possible, mutatis mutandis to all persons with whom we have a legal relationship and to whom we are also the Controller of their personal data, including, in particular, our customers, contractors, newsletter subscribers and participants in competitions or partner programmes organised by us.
  22. In matters not governed by this Privacy Policy, the relevant provisions of generally applicable law, including in particular the provisions of RODO and the Act, shall apply accordingly. In the event of any inconsistency between the provisions of this Privacy Policy and the above provisions, these provisions shall prevail.

Do góry

Fitatu's Cookie and Web Storage Policy

  1. When using the Application, we ask for your consent to the use of cookies and Web Storage technology (as defined) in accordance with the Privacy Policy and the Terms and Conditions. The consent provided is voluntary and can be withdrawn at any time.
  2. Cookies and Web Storage are files that are saved and stored on your computer, tablet or phone when you visit various pages on the internet or use an application. A Cookie or Web Storage usually contains the name of the website from which it originated, the "lifespan" of the Cookie (i.e. the length of time it has existed), and a randomly generated unique number used to identify the browser/Application from which the connection is made. The Application may use two types of cookies/Web Storage – session cookies and persistent cookies. The former only remain on your device while you are using the Application. Permanent cookies remain on your device for as long as they have a set lifetime or until you delete them (or uninstall the Application). In this respect, the use of cookies is essential.
  3. To a further extent, cookies may not be essential, but they greatly facilitate the use of the website. They are used, among other things, to:
    1. remember the user's specific choices as to whether to display a certain message or to display it a certain number of times,
    2. monitor the User's activity on the website,
    3. collect anonymous, aggregate statistics to improve the functionality of the website.
  4. The Application uses the following types of cookies/Web Storage:
    1. Necessary for the operation of the pages – Necessary for the proper functioning of the Application, they allow you to navigate the Application and use its elements. For example, they may remember previous actions (e.g. open texts) when returning to a page in the same session.
    2. Improving performance – Collecting information and statistics about how visitors use the Application by providing information about the areas they visit, the time they spend on them and the problems they encounter, such as error messages or usage statistics. This allows us to improve the performance of the Application.
    3. Improving functionality – Remembering settings and choices (e.g. User name, region of the User, personalised content settings) to provide the User with more personalised content and services.
    4. Files for marketing purposes – we collect information about the usage history of the Application to provide relevant advertising content.
  5. When using the Application, cookies / Web Storage may be stored on your device and information from a group of settings improving functionality and containing anonymised statistical data of the Application may be transferred from/to trusted third parties:
    1. Google (Android operating system),
    2. Google Analitycs (analytics.google.com/analytics/web/)
    3. Apple (iOS operating system),
    4. Google Fit (www.google.com/fit/)
    5. Apple HealthKit (developer.apple.com/healthkit/)
    6. Facebook (www.facebook.com)
    7. FitBit API (https://dev.fitbit.com/)
    8. Google Cloud Platform (https://cloud.google.com)
    9. Garmin API (https://developer.garmin.com/)
    10. Huawei Health (https://developer.huawei.com/consumer/en/hms/huaweihealth/)
    11. Polar Flow (https://www.polar.com/accesslink-api/)
    12. Samsung Health (https://developer.samsung.com/health)
    13. Strava (https://developers.strava.com/)
  6. Restricting the use of cookies/Web Storage may affect the functionality and even the ability to use the Application.
  7. It should be emphasised that at no stage is the User obliged to accept Cookies. Through the Internet browser, it is possible to set up a configuration that prevents Cookies from being stored on the User's computer or other mobile device. It is also possible to delete existing Cookies. However, failure to accept Cookies may adversely affect the operation of the website and, in some cases, even prevent the use of certain functions.

Do góry

Google Fit

  1. Fitatu uses the Google Fit service to offer additional information and features. The use of the Google Fit service will only take place if you have consented to the synchronisation of your data with the Google Fit service. Without your consent, no data will be downloaded from Google Fit.
  2. If you agree to synchronise your data, you will share information with us about your
    1. location (we use location to be able to calculate steps taken, distance, duration of activity and calories burned),
    2. physical activity:
      • steps taken,
      • calories burned,
      • type of activity (e.g. running, cycling),
      • distance of activity,
      • duration.
  3. We take this data in order to calculate your daily calorie needs (it will adjust depending on how active you were that day) and to display information in Fitatu about your completed activities (history with the number of calories burned).
  4. We will not use this data for marketing and advertising activities or share it with other parties.
  5. You will be able to disconnect data downloads from Google Fit at any time. All you have to do is go to "Settings" – "Related apps" – "Google Fit" and uncheck the permission to download data.

Do góry