(hereinafter referred to as Club FbS)
(effective as of April 1, 2021)
1.The administrator of personal data collected via the website www.fitbystep.pl, website https://fitbystep-krakow.cms.efitness.com.pl , mobile application eFitness app, sheets in the club, by phone is Ewa Lisowska and Anna Lisowska doing business under the name Fit by Step s.c. business address and address for service ul.Królewska 1 , 30-045 Kraków , NIP : 677-23-05-501 , REGON : 120639491 , electronic mail address ( e-mail ): firstname.lastname@example.org , hereinafter referred to as "Administrator" and being at the same time Service Provider .
PURPOSE AND SCOPE OF DATA COLLECTION
1. Personal data shall be processed in order to provide services (hereinafter referred to as fitness services) running a gym, fitness classes, group activities, wellness and climbing wall, bookings, purchase of passes and entrance fees. The aforementioned activities can be performed outside of: www.fitbystep.pl website; direct marketing concerning own services; eFitness app; performed in traditional form (on paper); by phone, which is the so-called legitimate interest of the company. paragraph 1 points b),c) and f) of the Regulation of the European Parliament and of the Council ( EU ) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC ( RODO ) .
2.Upon separate consent, based on Article 6.1.a) of the RODO, data may also be processed for the purpose of sending commercial information by electronic means or making telephone calls for the purpose of direct marketing - respectively in connection with Article 10.2 of the Act of 18 July 2002 on the provision of services by electronic means or Article 172.1 of the Act of 16 July 2004 - Telecommunications Law, including directed as a result of profiling, if the user has given his consent.
3.Personal data processed for the purposes related to the provision of fitness services will be processed for the period necessary for the provision of services at FBS, after which the data subject to archiving will be stored for the period appropriate for the limitation of claims. Personal data processed for marketing purposes covered by the statement of consent will be processed until the consent is revoked.
4.If it is determined that the processing of personal data violates the provisions of the RODO, the data subject has the right to lodge a complaint with the Inspector General for Personal Data (after 25 May 2018 - the President of the Office for Personal Data Protection).
Providing personal data is voluntary, however, providing the marked personal data is a condition for the realization of fitness services, while the consequence of not providing the data will be the impossibility of realizing fitness services at the FbS Club.
Personal data will also be processed in an automated manner in the form of profiling, provided that the user consents to this on the basis of Article 6(1)(a) of the RODO. The consequence of profiling will be the assignment of a profile to a person for the purpose of making decisions concerning him or her or analysing or predicting his or her preferences, behaviour and attitudes.
The Administrator takes special care to ensure the security of Customers' data and it is extremely important to FbS Club. We never share personal information of our users - customers, for purposes other than providing our services. We will never sell or give access to Customer data to entities unrelated to FBS. To comply with data protection legislation, in order to protect the interests of data subjects, FbS Club ensures that the data it collects is:
a/ processed lawfully,
b/ collected for specified, legitimate purposes and not subjected to further processing incompatible with those purposes,
c/ substantively correct and adequate in relation to the purposes for which they are processed and stored in a form which makes it possible to identify the persons concerned, but no longer than is necessary to achieve the purpose of processing.
RIGHT OF CONTROL, ACCESS TO AND CORRECTION OF OWN DATA
1.The data subject has the right to access the content of his/her personal data and the right to rectification, erasure, restriction of processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the legality of the processing carried out on the basis of consent before its withdrawal.
2.In order to implement the improvements referred to in point 1, you can send a relevant email to: email@example.com
1.Administrator shall apply technical and organizational measures to ensure the protection of personal data processed appropriate to the risks and categories of data protected, and in particular to protect data from unauthorized access, acquisition by an unauthorized person, processing in violation of applicable laws, and the change, loss, damage or destruction.
The Service Provider provides appropriate technical measures to prevent acquisition and modification by unauthorized persons, personal data sent electronically.