PRIVACY POLICY FOR THE SERVICE AND MOBILE APPLICATION
www.fitatu.com – Fitatu Application

  1. The controller of the Personal Data of the Service available at www.fitatu.com and the corresponding mobile application, hereinafter jointly referred to as the “Service”, is Fitatu Sp. z o.o. with the seat at ul. Stanisława Wyspiańskiego 10/5, Poznań 60-749, entered in the Business Register of the National Court Register kept by the District Court in Poznań for Poznań-Nowe Miasto i Wilda, VIII Department for Commercial Matters of the National Court Register, with KRS number 0000635344, NIP 7792444235, REGON 364839278, hereinafter referred to as the Personal Data Controller. Email contact: iod@fitatu.com or by mail to the company address stated above.
  2. The Controller has appointed a Personal Data Protection Inspector, who is Jakub Szajdziński of ENSIS Kancelaria Prawna Cioczek & Wspólnicy Sp. K, email address of the inspector: iodo@ensiskancelaria.com. Any enquiries, requests, complaints relating to the processing of personal data by the Personal Data Controller, hereinafter referred to as Notifications, should be addressed to the following email address stated in the preceding paragraph or in writing to the Controller's address stated above. The content of the Notification shall clearly state:
    1. the data of the person(s) referred to in the Notification,
    2. the event that gives rise to the Notification,
    3. the presentation of the claims and the legal basis for those claims,
    4. the statement of the expected way to handle the matter.
  3. This Privacy Policy applies to the Service as both a website and a mobile application.
  4. We collect the following personal data in our Service:
    1. name and surname: may be processed when you, as a user of our Service (including contractors or potential contractors), provide it to us via email, the registration contact form or the Account data form available in our Service, as well as when you provide it to us via mail or when contacting us by phone, in order to make use of the offer of our Service,
    2. health data (height, weight, sex, allergies, chronic diseases, dietary preferences): may be processed in order to provide or customise the services to your needs and to prepare the best offer, providing height, weight (including current or target weight), and sex is necessary to create an Account in our Service,
    3. user name: data processed in connection with the creation and maintenance of the individual User Account. The provision of such data is necessary to complete the creation of an Account in our Service,
    4. phone number: may be processed when you contact us by phone and also when you provide it to us via email or the contact form. The phone number is processed to enable us to contact you regarding the processing of a particular order or to answer any other question you may have,
    5. address of residence (including country) / mailing address: we process this data in order to correctly dispatch the ordered Products, its provision is necessary in case of making purchases in our Service,
    6. email address: may be processed when, as users of our Service (including customers or potential customers), you provide it to us in the event of contact via email, contact form, registration form or order form available in our Service, as well as by mail or phone. By means of email address, we answer questions related to our offer and we also pass on information related to the performance of the concluded contract. In addition, if you have agreed to the transmission of marketing content and have become a subscriber to our newsletter, we will also send you commercial and marketing information several times a month,
    7. IP address of the device: information resulting from general internet connection rules, such as IP address (and other information in system logs), is used for technical and statistical purposes, including, in particular, the collection of general demographic information (eg about the region from which the connection is made),
    8. other data may be also collected as part of the handling of specific cases or may be provided by you as a user of our Service via email, the contact form available in the Service, the comments section available in the Service, mail, or when contacting us by phone.
  5. Each person, as a user of our Service, has the opportunity to choose whether and to what extent to use our services and share his/her information and data, to the extent set out in the contents of this Privacy Policy.
  6. We process your personal data for the purposes of:
    1. ordering the services offered by us in connection with the Service (Article 6(1)(b) RODO): in this respect, the personal data provided will cease to be processed once the specific transaction has been completed,
    2. the conclusion and performance of contracts in connection with the services we offer (Article 6(1)(b) RODO): in this respect, personal data will cease to be processed once the relevant contract has been completed,
    3. keeping an individual user account (Article 6(1)(b) RODO): in this respect, personal data will cease to be processed when the user deletes the account,
    4. carrying out the (subscription) newsletter service and sending marketing content (Art. 6(1)(a) RODO): in this regard, the personal data provided will be deleted on the withdrawal of consent and unsubscribing from the newsletter list,
    5. complying with legal obligations incumbent on the Personal Data Controller, in particular record-keeping, issuing invoices, etc (Article 6(1)(c) RODO): in this respect, the personal data will be deleted once certain legal obligations have been fulfilled,
    6. ongoing communication related to the operation of the Service (Article 6(1)(f) RODO, ie legitimate interest of the Personal Data Controller): in this regard, your personal data will cease to be processed when the relevant question(s) is/are answered,
    7. establishing, asserting or defending against claims (Article 6(1)(f) RODO, ie legitimate interest of the Personal Data Controller): in this respect, personal data will be deleted when the relevant claims expire, but as a general rule after the expiry of the 3-year limitation period for claims,
    8. the express consent of the data subject for the performance of the contract and the provision of services (Art. 9(2)(a) RODO): with regard to the processing of health data (special categories of personal data) referred to in point 3(b) of this Policy, as well as with regard to the profiling referred to in point 12, with regard to the profiling of health data: in this respect, personal data will cease to be processed upon withdrawal of consent or deletion of the Account.
  7. The source of the Personal Data processed by the Controller is you, ie the data subjects.
  8. If the “Like!” button or other social media links to the Controller's social media accounts are present, as well as in the extent to which logging in via external sites is made possible, there is a co-control relationship between the Controller of this Service and the controller of the external site. The co-control is limited only to the data in the scope necessary for operations related to the functioning of the respective button. The Controller is not responsible for the policies regarding the further processing of personal data of other entities and organisations or social network providers. Our Co-Controllers within this Service are:
    1. Meta Platforms Ireland Ltd. (Facebook, Instagram) with the seat at: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland,
    2. Google Ireland Ltd. (Google Workspace, Google Play, YouTube) with the seat at: Google Building Gordon House, 4 Barrow St, Grand Canal Dock, Dublin 4, D04 V4X7, Ireland,
    3. Apple Distribution International Ltd. (App Store, Apple ID) with the seat at: Hollyhill Industrial Estate, Hollyhill, Cork, Ireland,
    4. Tiktok Technology Ltd. (TikTok) with the seat at: 10 Earlsfort Terrace, Dublin, D02 T380, Ireland,
  9. The Controller uses tools from Google Ireland Ltd (Google WorkSpace, Google Ads, Google Analytics, YouTube) Meta Plafrorms Ireland ltd. (Facebook, Facebook Pixel, Instagram) and Tiktok Technology Ltd. (Tiktok) and Apple Distribution International Ltd. (App Store, Apple ID). As a general rule, the data processed through the use of these tools is processed on Irish servers. However, the provider of these tools may be obliged to transfer the data to third countries if such an obligation is imposed on it by law. If you have any questions regarding the transfer of personal data outside the European Economic Area, contact the Data Protection Officer stated in the preamble of the contract.
  10. We do not share any personal data with third parties without the express consent of the data subject. Data may be disclosed without the consent of the data subject only to entities authorised to process personal data under applicable law (eg law enforcement agencies, ZUS, or the Tax Office). The Controller shall make personal data of its customers available in particular to: payment operators, companies providing postal and courier services, and tax authorities.
  11. Personal data may be outsourced for processing to entities that process such data on our behalf as Personal Data Controller. If this is the case, we, as the Personal Data Controller, shall enter into a personal data processing outsourcing agreement with the processor. The processor shall process the outsourced personal data only for the needs of, to the extent, and for the purposes stated in the outsourcing agreement referred to in the preceding sentence. Without outsourcing your personal data to the Processor, we would not be able to carry out our activities within the Service or deliver to you shipments of ordered Products. As the Personal Data Controller, in particular, we outsource your personal data for processing to the following entities:
    1. providing hosting services for the website on which our online Service operates,
    2. providing accounting services,
    3. providing tools related to promotional campaigns and marketing,
    4. SEO companies,
    5. providing CRM tools,
    6. providing us with other services that are necessary for the day-to-day operation of the Service.
  12. Personal data may or will be subject to profiling within the meaning of RODO regulations depending on the content of the contract or the scope of the services provided.
    1. Profiling with regard to ordinary personal data has its basis in Article 22(1)(a) RODO, ie the necessity for the conclusion and performance of a contract between the Controller and you related to the provision of services, taking into account the provision of Article 22(3) RODO,
    2. in the scope that goes beyond what is necessary for the conclusion and performance of the contract, profiling takes place on the basis of Article 22(2)(c) RODO, ie your express consent, taking into account the provision of Article 22(3) RODO,
    3. where the profiling concerns your special categories of personal data (health data as stated in point 3(b) of this Policy), the basis for profiling is exclusively Article 9(2)(a) read with Article 22(4) RODO, ie your express consent to the processing of your data for the performance of contracts. This consent is voluntary, but necessary in order to set up an Account in our Service and to actually use the services we offer,
    4. profiling that concerns your specific personal categories may also take place in connection with the implementation of direct marketing. In this respect, the legal basis for profiling in this respect is Article 9(2)(a) read with Article 22(4) RODO. This consent is fully optional and is separate from the consent for direct marketing.
  13. In accordance with the provisions of RODO, every person whose personal data we process as a Personal Data Controller has the right to:
    1. access their personal data as referred to in Article 15 RODO,
    2. be informed of the processing of personal data, as referred to in Article 12 RODO,
    3. correct, complete, update, rectify personal data as referred to in Article 16 RODO,
    4. withdraw consent at any time, as referred to in Article 7(3) RODO,
    5. erasure (right to be forgotten) as referred to in Article 17 RODO,
    6. restrict the processing referred to in Article 18 RODO,
    7. data portability as referred to in Article 20 RODO,
    8. object to the processing of personal data, as referred to in Article 21 RODO,
    9. in the case of a legal basis, in the form of consent: the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal,
    10. not be subject to the profiling referred to in Article 22 read with Article 4(4) RODO,
    11. lodge a complaint with the supervisory authority (ie the President of the Office for the Protection of Personal Data, PL: PUODO) referred to in Article 77 RODO.
  14. If you wish to exercise your rights referred to in the preceding paragraph, send a message by email to the email address or in writing to the postal address as referred to in point 2 above.
  15. Each identified security breach shall be documented and, in the event of one of the situations set out in the provisions of RODO or of the act, the data subjects and, if applicable, the PUODO shall be informed of such security breach.
  16. The Cookies Policy is a separate document located here
  17. In matters not governed by this Privacy Policy, the relevant provisions of generally applicable law shall apply accordingly. In the event of any inconsistency between the provisions of this Privacy Policy and the said regulations, these regulations shall prevail.

Google Fit

  1. Fitatu uses the Google Fit service to offer additional information and features. The use of the Google Fit service will only take place if you have consented to the synchronisation of your data with the Google Fit service. Without your consent, no data will be downloaded from Google Fit.
  2. If you agree to synchronise your data, you will share information with us about your
    1. location (we use location to be able to calculate steps taken, distance, duration of activity and calories burned),
    2. physical activity:
      • steps taken,
      • calories burned,
      • type of activity (e.g. running, cycling),
      • distance of activity,
      • duration.
  3. We take this data in order to calculate your daily calorie needs (it will adjust depending on how active you were that day) and to display information in Fitatu about your completed activities (history with the number of calories burned).
  4. We will not use this data for marketing and advertising activities or share it with other parties.
  5. You will be able to disconnect data downloads from Google Fit at any time. All you have to do is go to "Settings" – "Related apps" – "Google Fit" and uncheck the permission to download data.