FOR MOBILE APPLICATION AND WEBSITE BODYNETICS
1. GENERAL PROVISIONS
1.2. The data controller of the personal data collected through the Website and Mobile Application is Sportvestors sp. z o.o. (private limited liability company) with its registered office in Warsaw at the address: Migdałowa 4, 02-796 Warsaw, entered into the register of entrepreneurs kept by the District Court for the Capital City of Warsaw, the 13th Commercial Division of the National Court Register under the KRS No. (National Court Register No.): 709043, NIP No. (tax ID No.): 9512451779 and REGON No. (statistical ID No.): 368974814, having the share capital of PLN 10,700. Website address: www.bodynetics.com, hereinafter referred to as the "Data Controller", at the same time being the Service Provider of the Website, Mobile Application and the Seller.
1.3. The personal data of the User and the Customer shall be processed in accordance with Regulation (EU) 2016/679 of the European Union and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the “GDPR”, and the applicable provisions of domestic law, i.e., among others, the Act on Personal Data Protection and the Act on Providing Services by Electronic Means of 18 July 2002 (Journal of Laws of 2002 No. 144, item 1204, as amended).
1.4. The Data Controller shall exercise special care to protect the interests of data subjects and, in particular, warrants that the data collected by him are: processed in accordance with the law; collected for designated lawful purposes and not subjected to further processing inconsistent with the said purposes; substantively correct and adequate in relation to the purposes for which they are processed and stored in a form which enables the identification of data subjects for no longer than it is necessary for accomplishing the purpose of processing.
1.5. All words, expressions and acronyms appearing on this site and beginning with a capital letter (for example, the Seller/Service Provider, the Online Shop, an Electronic Service) shall be understood in accordance with their definition laid down in the Terms and Conditions for Mobile Application and Website BodyNetics available on the Website.
2. THE PURPOSE AND SCOPE OF DATA COLLECTION AND DATA RECIPIENTS
2.1. Each time the purpose, scope and recipients of data processed by the Data Controller result from the activities undertaken by the Service User or the Customer on the Website, in particular in the Online Shop and via Mobile Application. For example, if the Customer chooses personal collection instead of courier delivery while placing an Order, their personal data will be processed for the purpose of concluding and performing the Contract of Sale, but these data will not be shared with the carrier handling shipments on the Data Controller's order.
2.2. The purposes of processing personal data of the Service Users or Customers by the Data Controller::
- the conclusion and performance of a Contract of Sale or a contract for the provision of Electronic Services (Article 6(1)(b) of the GDPR).
- direct marketing of the Data Controller's own products or services (Article 6(1)(f) of the GDPR).
- handling complaints (Article 6(1)(b) of the GDPR).
2.3. Potential recipients of the personal data of the Customers of the Website/Mobile Application:
- In the case of the Service User, the Data Controller makes the collected data of the Service User available to the chosen provider of hosting services for the Internet Site;
- In the case of a Customer who uses delivery by post or courier delivery in the Online Shop, the Data Controller makes the collected personal data of the Customer available to the chosen carrier or intermediary handling shipments on the Data Controller's order.
- In the case of a Customer who uses electronic or card payment in the Online Shop, the Data Controller makes the collected personal data of the Customer available to the chosen entity processing the above payments in the Online Shop.
- In the case of a Customer who concludes a Contract of Sale or makes a Payment, the Data Controller makes the collected personal data of the Customer available to an accounting company with which the Data Controller has entered into a contract for the provision of accounting services.
2.4. The Data Controller shall be entitled to process the following personal data of the Service Users or Customers using the Website: full name, email address, contact telephone number, delivery address (street, house number, apartment number, postcode, locality, country), the address of residence/business activity/registered office (if different from the shipping address). When it comes to Users of Mobile Application, the Service Provider may record information about parameters, such as connection type, IP address for technical uses, connected with servers administration and to gather general, statistical demographic information (e.g. about the region the connections come from), as well as for security purposes.
2.5. The provision of personal data referred to in the preceding paragraph may be necessary for the conclusion and performance of a Contract of Sale or a contract for the provision of an Electronic Service in the Online Shop. Each time the scope of the data required for the contract to be concluded shall be previously specified on the site of the Online Shop and in the Terms and Conditions of Mobile Application and Website BodyNetics.
3. COOKIES AND OPERATING DATA
3.1 Cookies are text files with small text information sent by a server and stored on the side of a person visiting the Website (for example, on the hard disc of the computer, laptop or on the smartphone memory card, depending on the device used by the visitor to our Website). Detailed information about Cookies and the history of their creation can be found i.a. here: https://en.wikipedia.org/wiki/HTTP_cookie.
3.2. The Data Controller may process the data contained in Cookies at the time when the visitors are using the Website for the following purposes::
- identifying the Service Users as logged in to the Online Shop and showing that they are logged in;
- remembering the Products added to the cart for the purpose of placing an Order;
- storing the Online Shop login data or the data from the filled out Order Forms and surveys;
- adjusting the content of the Website to the Service User's individual preferences (e.g. regarding the colour, font size, page layout) and optimising the use of the pages of the Website;
- collecting anonymous statistics presenting the manner in which the Website is used.
3.5. Detailed information on adjusting Cookie settings and removing them on one's own in the most popular web browsers is available in the help section of a given web browser and on the following websites (just click on the relevant link):·
3.6. The Data Controller also processes anonymised operational data associated with the use of the Website (the IP address, domain) in order to generate statistics that will facilitate managing the Website. These are aggregate and anonymous data, i.e. they do not contain any features identifying the visitors to the Website. These data are not disclosed to any third parties.
4. THE BASIS FOR DATA PROCESSING
4.1. The provision of personal data by the Service User or Customer shall be voluntary. Nonetheless, failure to provide personal data indicated on the site of the Online Shop and in the Terms and Conditions of Website and Mobile Application BodyNetics which are necessary for the conclusion and performance of a Contract of Sale or a contract for the provision of an Electronic Service renders it impossible to conclude the said contracts.
4.2. The basis for the processing of personal data of the Service User or Customer is the necessity of performing the contract to which they are a party or of undertaking activities before the conclusion of the contract on the Service User's or Customer's demand. In the event of data processing for the purpose of direct marketing of the Data Controller's own products or services, the basis for this processing shall be: (1) the prior consent of the Service User or Customer, or (2) pursuing the Data Controller's legitimate interests.
5. THE RIGHT TO CONTROL, ACCESS THE CONTENT OF AND CORRECT ONE'S PERSONAL DATA AS WELL AS OTHER RIGHTS ARISING FROM THE GDPR
5.1. The Service User or Customer shall have the right to request from the Data Controller access to and rectification or erasure of personal data (the ‘right to be forgotten’ subject to the following paragraph) concerning the data subject or restriction of their processing or to object to processing as well as the right to data portability.
Service Provider may refuse to delete the personal data, if the User’s current behavior under the use of Mobile Application breached the provisions of the Regulations governing the provisions of services of Website and Mobile Application BodyNetics, by reason of the laws of country in which these terms are intended to be effective, or when keeping the data is necessary in order to clarify the relevant facts and to determine the liability of the User.
5.2. In the event of the Service User of Customer granting their consent for data processing, the said consent may be withdrawn at any time without affecting the lawfulness of the processing which was carried out based on the consent prior to its withdrawal.
5.3. For the purposes of exercising the abovementioned rights, the Data Controller may be contacted by sending to him an appropriate message in writing or via email to the Data Controllers address specified hereinabove.
5.4. The Service User or Customer shall have the right to submit a complaint to the supervisory authority, i.e. the President of the Polish Personal Data Protection Office (Urząd Ochrony Danych Osobowych)
6. THE DURATION OF THE PROCESSING OF PERSONAL DATA
The personal data of the Service User or Customer shall be processed for the duration necessary for the performance of their contract with the Data Controller, but not longer than within the time limits specified in the universally applicable provisions of law (tax settlements / possible claims being barred by statute of limitations).
7. FINAL PROVISIONS
7.2. The Data Controller shall apply technical and organisational measures to ensure the security of personal data processed appropriate to the threats and categories of the data being protected, and, in particular, protects the data against unauthorised access, against being taken by unauthorised persons, against processing in violation of the applicable legislation, as well as against their alteration, loss, damage or destruction.
7.3. The Data Controller makes the following relevant technical measures available to prevent unauthorised persons from obtaining and modifying personal data sent by electronic means:
- The protection of the filing system against unauthorised access.
- Access to the Account only upon entering the individual login and password.