Privacy Policy – Fitness Club 24

In accordance with Article 13(1-2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, GDPR), we hereby inform you that:

Data Controller

The administrator of your personal data is Fitness Club 24 Sp. z o.o., ul. Komorowicka 110, 43-300 Bielsko-Biała, Poland, VAT ID: PL5472076763, represented by the CEO Krzysztof Bończyk.

Data Protection Officer

To ensure lawful data processing, we have appointed a Data Protection Officer:
Ms. Edyta Krutak
 iod@krutak.com |  +48 884 900 074

Purposes and Legal Basis for Data Processing

We process your data for the following purposes:

  • Contact purposes – based on your consent (GDPR)
  • To prepare personalized offers for our services and products – based on your consent
  • To fulfill product orders, including related communication
  • Handling complaints – based on applicable legal regulations (e.g., consumer law)
  • Processing returns upon contract withdrawal – based on applicable legal regulations
  • Marketing purposes – including offers and cooperation proposals with partners – based on your consent
  • Archival purposes – for evidence, based on our legitimate interest
  • To establish, assert or defend against legal claims – based on legitimate interest
  • Analytical purposes – product optimization, client segmentation, financial analysis – based on legitimate interest
  • Direct marketing of our products and services – based on your consent
  • Sharing your contact details with business partners (e.g., Fitness Consulting Group Sp. z o.o.) – based on your consent

Data Retention

Your data will be stored for the following periods:

  • Up to 20 years in case of data related to contracts (for legal claim purposes)
  • Until the purpose of processing has been fulfilled
  • Until the withdrawal of consent, for consent-based data
  • Until objection, for direct marketing purposes or until the data becomes outdated

Data Recipients

Your personal data may be shared with:

  • Our partners (businesses we cooperate with to deliver joint services/products), public institutions (e.g., tax office, social insurance),
  • Our processors/subcontractors – including accounting, legal, IT, marketing, and debt collection services – under strict data protection agreements

CCTV Monitoring

Our premises are under 24/7 video surveillance for safety purposes – based on our legitimate interest.
Footage is kept for 30 days and is not shared unless required by law enforcement agencies.

Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Rectify incorrect or outdated data
  • Request deletion of your data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • File a complaint with the data protection authority

Data is processed lawfully and in accordance with your rights and freedoms. It is always based on one of the following legal grounds:

  • Your consent
  • Performance of a contract
  • Legal obligation
  • Legitimate interest of the administrator

Automated Decision-Making & Profiling

We use profiling tools to personalize content and advertisements based on your activity. This profiling does not produce legal effects or significantly affect your rights.
You may manage your consent for profiling at any time via browser settings, cookie preferences, or ad settings in platforms like Google or Facebook.

For more on cookies, visit our [Cookie Policy].

Data Transfers

We do not transfer your data to third countries (outside the EU/EEA).

Data Security

We have implemented necessary technical and organizational measures, including a Data Protection Impact Assessment, to ensure the security and confidentiality of your data.