Privacy Policy of Fitatu Application

  1. The Personal Data Controller for Fitatu mobile application and web domain, hereinafter referred to collectively as the Application, shall be Fitatu Sp. z o.o., with its registered office at ul. Wyspiańskiego 10/4, 60-749 Poznań, entered into the Register of Entrepreneurs kept by the District Court for Poznań - Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register, under KRS No. (National Court Register No.): 0000635344, NIP No. (tax ID No.): 7792444235, REGON: 364839278.
  2. Respecting your rights as personal data owners (data subjects) and the applicable rule of law, including, in particular, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, the Personal Data Protection Act of 10th May 2018 (Journal of Laws of 2018, item 1000, hereinafter referred to as the Act) and other relevant provisions on the protection of personal data, we undertake to maintain the security and confidentiality of personal data received from you. All our employees have been appropriately trained in regard to the processing of personal data, and our company, acting as the Personal Data Controller, has implemented adequate safeguards, as well as technical and organizational measures to ensure the highest level of security of your personal data. We have implemented policies and procedures on the protection of personal data in accordance with GDPR, through which we are able to ensure the legality and integrity of data processing, as well as the enforceability of any rights to which you, data subjects, are entitled. In addition, where necessary, we cooperate with the supervisory authority on the territory of the Republic of Poland, i.e. with the President of the Personal Data Protection Office (hereinafter referred to as PPDPO).
  3. In our Application, we collect the following personal data:
    1. E-mail address - may be processed when you as users of the Application (including customers or potential clients) will provide it to us in the case of contact via e-mail, registration form, order form or contact form available in our Application; via e-mail we send you confirmation of the conclusion of the Agreement, a creation of an account or a placed order, we contact you in the event of such need connected with the functioning of our Application, we also respond to questions related to our offer; if you consent to the transfer of marketing content and you have been the subscriber of our newsletter, we will also send you commercial information
    2. Date of birth - may be processed in order to confirm that you are at least 16 years old, as well as to adjust the services provided to your needs and to prepare the most advantageous offer
    3. Health and physical activity data (height, weight, sex, trainings performed) - may be processed in order to adjust the services provided to your needs and prepare the most advantageous offer
    4. First name and surname (optionally – if they arise from the e-mail address or from your username) – may be processed when, as users of our Application (including customers or potential customers), you provide them to us via e-mail, registration form, order form, contact form available in the Application, in order to make use of our offer
    5. IP address of the device or browser ID – information resulting from general rules of Internet connection, such as IP address (and other information contained in system logs) are used for technical and statistical purposes, including, in particular, to collect general demographic information (e.g. the region from which the connection originates),
    6. The shared data from your Facebook account - if you log in through your account on Facebook
    7. Language you use
    8. Any other data may be collected as part of conducting specific cases or may be provided by you as users of our Application (including customers or potential clients) via e-mail, contact form available in the Application.
  4. Providing the data indicated in the preceding point is necessary in the cases specified therein, including in particular:
    1. In order to benefit from the services available in our Application, including for the purpose of implementing the agreement concluded between you and the Controller, as well as adjusting, analysing and improving services, and ensuring security of their provision,
    2. In order to perform the services ordered by you in the Application,
    3. In order to answer your questions and to enable contact via e-mail and a contact form available in the Application,
    4. for the purpose of voluntary registration (creation of an account ) in our Application - in such situation we keep the data provided by you in order to facilitate a future use of services available as part of our Application until the moment of de-registration (removal of the account),
    5. for the purpose of providing a newsletter service (subscription) - if you want to be informed about interesting events and commercial offers, you may be a subscriber of our newsletter; you can enter the subscription on a voluntary basis and you can resign from it at any time.
  5. Our application uses Cookies technology in order to adjust its operation to your individual needs. Therefore, you can consent to have the data and information you submit stored, so that it will be possible for you to use them the next time you visit our Application, without the need to re-enter them. The owners of other websites shall not have access to such data and information. However, if you do not consent for personalizing the Application, we recommend disabling cookies in your web browser's options.
  6. Each of you, being a user of our Application, can choose whether and to what extent you want to benefit from our services and share your information and data, within the scope set forth in this Privacy Policy.
  7. In accordance with the principles of data minimization, we process only those categories of personal data which are necessary to achieve the objectives referred to in paragraph 3 and 4 above.
  8. We process the personal data for the time necessary to achieve the objectives listed in paragraph 3 and 4 above. Personal data may be processed for a longer period if such right or obligation, imposed on us as the Controller, results from special provisions of law, from the legitimate interest of the Controller, referred to in point 10(c) below (i.e. for a period of limitation of claims or termination of relevant proceedings if they have been initiated during the limitation period) or when the service that we perform is continuous (e.g. newsletter subscription).
  9. The sources of personal data processed by the Personal Data Controller are the data subjects.
  10. The basis for the processing of your personal data is:
    1. Article 6(1)(b) of the GDPR, i.e. the necessity to perform the agreement to which you are a party, or to take action at your request prior to the conclusion of the agreement, or
    2. Article 6(1)(c) of the GDPR, i.e. the necessity to fulfil legal obligations imposed on the Controller, or
    3. Article 6(1)(f) of the GDPR, i.e. the legitimate interest of the Controller, i.e. establishing, investigating or defending claims until such time as they are statute-barred or until the completion of relevant proceedings if they have been initiated during that period, or
    4. Article 6(1)(a) of the GDPR, i.e. your consent to the processing of personal data for specific purposes, when other legal grounds for the processing of personal data do not apply – e.g. in the case of providing a newsletter service,
    5. Article 9(2)(a) of the GDPR, i.e. a clear consent of the data subject in order to perform the agreement and provide services – with regard to the processing of health data (specific categories of personal data) referred to in point 3(c).
  11. Personal data are not transferred by us to a third country or an international organisation within the meaning of the GDPR. If personal data are transferred to a third country or an international organisation, you will be informed in advance and the Controller will use the safeguards referred to in Chapter V of the GDPR.
  12. We do not share any personal data with third parties without explicit consent obtained from the data subject. Personal data may be made available without the consent of data subjects only to the body governed by the public law, i.e. legal and public authorities (e.g. tax authorities, law enforcement authorities, and other entities authorized by generally applicable provisions of law).
  13. If in our application you will have access to a button “Like” or any other link to Facebook, in the scope of IP data or the Internet browser ID, the above data are processed on a controllership basis with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. In the case of a transfer of personal data to third countries, this takes place on the terms set out in point 11.
  14. Personal data may be transferred to other entities for processing purposes, that process them on behalf of our company as the Personal Data Controller. In such cases, we, as the Personal Data Controller, conclude an agreement on outsourcing of personal data processing with such entities. The processing entity processes the entrusted personal data, but only to the extent and for the purposes indicated in the agreement referred to in the preceding sentence. Without entrusting your personal data for processing purposes, we could not provide the services within the Application. As the Personal Data Controller, we entrust personal data for processing purposes to following entities:
    1. entities providing hosting services for the website on which our Application operates,
    2. entities providing on our behalf other services that are necessary for the day-to-day operation of the Application.
  15. Personal data may be subject to profiling within the meaning of GDPR, depending on the content of the agreement or the scope of the services provided. If the profiling was to take place, then the basis for its implementation is Article 22(2)(a) of the GDPR, i.e. the necessity to conclude and perform the agreement between our company and the State related to the provision of services, and in the scope exceeding the necessity to conclude and perform the agreement – Article 22(2)(c) of the GDPR, i.e. your explicit consent, taking into account the provision of Article 22(3) of the GDPR. If the profiling was related to specific categories of personal data (data concerning health), only Article 9(2)(a) in conjunction with Article 22(4) of the GDPR, i.e. your explicit consent to the processing of data for the purpose of performing the contract, is the basis for profiling.
  16. In accordance with the provisions of the GDPR, any person whose personal data we process as the Personal Data Controller, has the right to:
    1. being notified about the processing of his or her personal data, referred to in Article 12 of the GDPR,
    2. access his or her personal data referred to in Article 15 of the GDPR,
    3. Correct, amend, update, rectify the personal data, referred to in Article 16 of the GDPR,
    4. delete the personal data (the right to be forgotten), referred to in Article 17 of the GDPR,
    5. limitations of processing, referred to in Article 18 of the GDPR,
    6. transfer the personal data, referred to in Article 20 of the GDPR,
    7. raise objections to the processing of personal data, as referred to in Article 21 of the GDPR,
    8. in the case of the legal basis referred to in point 10(d) above - the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal,
    9. not subject to profiling referred to in Article 22 in conjunction with Article 4(4) of the GDPR,
    10. file a complaint to a supervisory authority (i.e., to the President of the Personal Data Protection Office), as referred to in Article 77 of the GDPR, taking into account the principles of using and implementing these rights resulting from the provisions of the GDPR.
  17. If you wish to exercise your rights referred to in the preceding paragraph, please use the appropriate tabs in the Application that allow to remove your account and the data collected in our Application, or send a message to the following e-mail address or in written form to the address referred to in paragraph 18 below.
  18. As the Controller, we appointed the Data Protection Officer, which is Jakub Szajdziński. If you have any questions, requests, complaints regarding the processing of personal data by the Controller, hereinafter referred to as the Reports, please forward them to the following email address of the Data Protection Officer: [email protected] or submit them in written form at the address of the Personal Data Controller, i.e. ul. Wyspiańskiego 10/4, 60-749 Poznań.
  19. In the content of the Report you should clearly indicate:
    1. the data of the person or persons whom the Report concerns,
    2. event, which is the reason for submitting the Report,
    3. Present your request and the legal basis for the request,
    4. expected form of settlement.
  20. Each recognized security breach is documented, and if one of the situations referred to in the provisions of either GDPR or the Act occurs, data subjects and, if applicable, PUODO, shall be informed about such breach of the provisions on the protection of personal data.
  21. All capitalized words shall have the meanings assigned to them in the Regulations of our Application, unless otherwise stated in this Privacy Policy.
  22. The provisions of this Privacy Policy shall apply, to the extent possible, to all persons with whom we remain in legal relations and to whom we are also the Controller of their personal data, including in particular with regard to our clients, contractors, newsletter subscribers and participants of competitions or partner programs organised by us.
  23. In matters not regulated by this Privacy Policy, relevant provisions of generally applicable law, including in particular the provisions of the GDPR and the Act, shall apply. If the provisions our Privacy Policy do not comply with the provisions mentioned above, the latter provisions shall apply.

Cookies Policy and Fitatu Web Storage

  1. When using the Application, please consent for the use of cookies and Web Storage technology (as defined here ), in accordance with the Privacy Policy and regulations .
  2. Cookies, and Web Storage mean files saved and stored on your computer, tablet or phone, while you visit different pages on the Internet or you are using the application. A cookie or Web Storage usually contain the name of the website from which you came, "life expectancy" of the cookie (that is time of its existence), and randomly generated unique number used to identify your browser/application by means of which you connect to the Internet.
  3. Two types of cookies / Web Storage are in use - session cookies and persistent cookies. Session cookies remain on your device only while using the application. Persistent cookies remain on your device for as long as their life expectancy, or until you delete them (or uninstall an application).
  4. The Application uses the following types of cookies/Web Storage:
    1. those necessary to operate webpages - those necessary for the proper functioning of the Application, allowing you to navigate through it and benefit from its elements. For example, those cookies can remember your previous activity (e.g. the articles you have read), if you return to the same page during the same session.
    2. those necessary for improving the performance - those collecting the information and statistical data about the ways our visitors use the Application, and providing information about the areas that our clients visit, the time they spend on each of them, and the problems that they face, for example error messages or usage statistics. This allows us to improve the performance of the Application.
    3. those improving functionality - those memorizing user's settings and choices made (such as the user name, the user's region, personalized content settings), to provide the User with more personalized content and services.
  5. Cookies/Web Storage may be stored on your device while using the Application, and the information within the group of settings improving the functionality and containing anonymised statistics application may be entrusted to/received from the following trusted third parties:
    1. Google (the Android operating system)
    2. Google Analitycs (
    3. Apple (the iOS operating system)
    4. Google Fit (
    5. Apple HealthKit (
    6. Facebook (
    7. FitBit API (
    8. Google Cloud Platform (
    9. Garmin API (
  6. Restriction on the use of cookies/Web Storage may affect the Application's functionality, and even hinder the ability to use the Application.