Privacy policy (RODO)

1. Data Controller personal data
For your information, your personal data controller is FITNESS CLUB 24 Sp. z o.o. Komorowicka 110, 43-300 Bielsko-Biała; KRS: 0000285747, NIP: 5472076763, REGON: 240734176, represented by PETER JANAS – The Board Chairman, entered onto the Register of Entrepreneurs by the District Court in Bielsko-Biała 8th Departament, hereinafter „FITNESS CLUB 24”.

To learn more about the personal data protection process contact us at: iod@fitnessclub24.pl.

2. Personal data processing basics and purposes
To deliver services in accordance with the business activity, FITNESS CLUB 24 processes your personal data in a variety of purposes, however, always in accordance with the law. The given personal data will be processed in accordance with European Parliament and the Council Regulations (EU) 2016/679 dated 17th of April 2016 detailing the personal data processing of natural persons as well as free movement of such data and the repeal of Directive 2004/40/EC (General Data Protection Regulation) GDPR. Your personal data is obtained in the process aiming to conclude a contract, if you utter your consent. The detailed purposes of the personal data processing accompanied by specific legal references are as follows.

1) To assess the goods value, orders and their execution, as well as concluding a contract connected with the business activity profile, such personal data is processed as follows:

  • name and surname,
  • address (street, house/flat number, postcode, town, country),
  • telephone number,
  • email address,
  • company data and NIP number (when issuing invoices for a company),
  • bank account basic data to confirm a transfer,
  • ID number,
  • debit card number and other cards, as well as any credentials certifying payments and accounts, connected with the mobile payments,
  • preferences.

Legal basis for such processing is Art. 6 item 1(b) of GDPR directive that allows to process data, if processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
2) To handle the complaint such personal data is processed:

  • name and surname,
  • address (street, house/flat number, postcode, town, country),
  • telephone numer,
  • email address,
  • bank account number to refund the money if needed

Legal basis for such processing is Art. 6 item 1(b) of GDPR directive that allows to process data, if processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

3) To issue the VAT invoice and to fulfill obligations according to the tax law, such as: keeping the accountancy documents within 5 years, the following personal data is processed:

  • name and surname,
  • company name,
  • home address or registered office
  • NIP number.

Legal basis for such processing is Art. 6 item 1(c) of GDPR directive that allows to process data, if processing is necessary for compliance with a legal obligation to which the controller is subject.

4) To test Client satisfaction, to improve and modify our products, the following data is processed:

  • email address,
  • booking numer,
  • name and surname,
  • commentaries,
  • IP address

Legal basis for such processing is Art. 6 item 1(f) of GDPR directive that allows to process data, if processing is necessary for the purposes of the legitimate interests pursued by the controller (the Fitness Club 24 interest is to pursue clients opinion about the goods and service quality, to adapt them for the need and expectancies of the parties concerned, in particular).

5) To maintain security, to prevent deception, the following data is processed:

  • a face image obtained from surveillance cameras,
  • name and surname,
  • email address,
  • telephone number,
  • IP address.

Legal basis for such processing is Art. 6 item 1(f) of GDPR directive that allows to process data, if processing is necessary for the purposes of the legitimate interests pursued by the controller (the Fitness Club 24 interest is to maintain security for persons within the company premises). The surveillance recorded data is deleted maximum after 30 days from the day it was registered.

6) To record and keep files and data in accordance with the GDPR, including: clients records, who announced their objection in accordance with GDPR, the following data is processed:

  • name and surname,
  • email address

The GDPR directive imposes particular record obligations to indicate compliance and clearance. Once you object your personal data processing for marketing purposes, for instance, we need to know to whom not to use the direct marketing.

Legal basis for such processing is Art. 6 item 1(c) of GDPR directive that allows to process data, if processing is necessary for compliance with a legal obligation to which the controller is subject (the GDPR directives) as well as legal basis for such processing is Art. 6 item 1(f) of GDPR directive that allows to process data, if processing is necessary for the purposes of the legitimate interests pursued by the controller (the Fitness Club 24 interest is to keep records about persons that pursue their rights in accordance with the GDPR).

7) To establish, to assert or protect against claims, the following data is processed:

  • name and surname (if surname was given) or company name,
  • address of residence (if given),
  • NIP number (if given),
  • IP address,
  • order number.

Legal basis for such processing is Art. 6 item 1(f) of GDPR directive that allows to process data, if processing is necessary for the purposes of the legitimate interests pursued by the controller (the Fitness Club 24 interest is to keep personal data records of persons who consent to establish, assert or protect against claims including clients and a third party).

8) To analyse, which is the website statistics research and analysis owned by Fitness Club 24, the following data is processed:

  • date and time of the visit,
  • operational system type,
  • approximate location,
  • type of the browser used for internet website viewing,
  • time spent on the website,
  • IP address.

Legal basis for such processing is Art. 6 item 1(f) of GDPR directive that allows to process data, if processing is necessary for the purposes of the legitimate interests pursued by the controller (the Fitness Club 24 interest is to analyse the visitors activity on the website).

9) To use the cookies files on the website, the text information is processed. (Cookies files will be described in a separate paragraph).

Legal basis for such processing is Art. 6 item 1(a) of GDPR directive that allows to process data that subject has given consent to the processing (at the first website visit, the visitor will be required to consent to use the cookies files).

10) To control the website the following data is processed:

  • IP address,
  • server date and time,
  • internet browser information,
  • operational system information – such data is recorded automatically in so called server logs at every Fitness Club 24 website visit.

To control the website without server and the automatic record would not be possible.

Legal basis for such processing is Art. 6 item 1(f) of GDPR directive that allows to process data, if processing is necessary for the purposes of the legitimate interests pursued by the controller (the Fitness Club 24 interest is to control the website).

3. Cookies
At the Fitness Club 24 website, other entities alike, so called cookies files are used, they are pieces of information, placed on your computer, telephone, tablet or other end-user device. They may be used by our system, as well as third party systems that we use (like: Facebook, Google).