Privacy Policy describes the principles according to which we process information about you, including personal data and cookies (so-called cookies).

1. General information

1. This policy applies to the Service operating at the URL: fitness-energy.pl
2. The operator of the service and the data controller is: Fitness Extreme sp z o.o Bohaterów Westerplatte 11, 87-330 Jbłonowo Pomorskie
3. Contact email address of the operator: fitness.extreme@op.pl
4. The operator is the Data Controller of your personal data with respect to the data provided voluntarily in the Service.
5. The Service uses personal data for the following purposes:
   1. Running a newsletter
   2. Handling inquiries submitted via forms
   3. Fulfillment of ordered services
   4. Debt collection
   5. Presentation of offers or information
6. The Service collects information about users and their behaviour in the following ways:
   1. By voluntarily entered data in forms that are recorded in the Operator’s systems.
   2. By storing cookie files (so-called “cookies”) on end devices.

2. Selected data protection measures used by the Operator

1. Login areas and data entry fields are protected at the transmission layer (SSL certificate). Thus personal and login data entered on the site are encrypted on the user’s computer and can only be read on the destination server.
2. Personal data stored in the database are encrypted so that only the Operator holding the key can read them. This protects data in case of database theft from the server.
3. User passwords are stored in hashed form. The hashing function is one-way — it is not possible to reverse it, which is the modern standard for storing user passwords.
4. The Operator periodically changes its administrative passwords.
5. For data protection the Operator regularly performs backups.
6. An important element of data protection is the regular updating of all software used by the Operator to process personal data, which in particular means regular updates of software components.

3. Hosting

1. The Service is hosted (technically maintained) on servers of the operator: WEBTOM sp z o.o

1. In order to ensure technical reliability, the hosting company keeps server logs. The following may be recorded:
   1. resources identified by URL (addresses of requested resources – pages, files),
   2. time of request arrival,
   3. time of sending the response,
   4. name of the client station – identification performed by the HTTP protocol,
   5. information about errors that occurred during the HTTP transaction,
   6. URL of the page previously visited by the user (referer link) – if the transition to the Service came via a link,
   7. information about the user’s browser,
   8. information about the IP address,
   9. diagnostic information related to self-service ordering processes via registries on the site,
   10. information related to handling e-mail directed to the Operator and sent by the Operator.

4. Your rights and additional information on data usage

1. In certain situations the Administrator has the right to transfer your personal data to other recipients if it is necessary to perform a contract concluded with you or to fulfil obligations incumbent on the Administrator. This applies to the following groups of recipients:
   1. hosting company on the basis of entrustment
   2. postal operators
   3. law firms and debt collectors
   4. banks
   5. payment operators
   6. comment system operators
   7. chat solution operators
   8. authorized employees and collaborators who use the data to fulfil the site’s purpose
   9. companies providing marketing services for the Administrator
2. Your personal data processed by the Administrator are not retained longer than necessary to carry out related activities required by separate regulations (e.g. accounting). Marketing data will not be processed for longer than 3 years.
3. You have the right to request from the Administrator:
   1. access to your personal data,
   2. their rectification,
   3. deletion,
   4. restriction of processing,
   5. and data portability.
4. You have the right to object to the processing indicated in item 3.2 in relation to processing personal data for the purpose of pursuing the Administrator’s legitimate interests, including profiling, however the right to object cannot be exercised if there are overriding legitimate grounds for processing which prevail over your interests, rights and freedoms, in particular for establishing, pursuing or defending claims.
5. You may lodge a complaint against the Administrator’s actions with the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.
6. Providing personal data is voluntary but necessary to operate the Service.
7. Automated decision-making, including profiling, may be applied to you in order to provide services under the concluded contract and for the Administrator’s direct marketing.
8. Personal data are not transferred from third countries within the meaning of data protection regulations. This means that we do not send them outside the European Union.

5. Information in forms

1. The Service collects information voluntarily provided by the user, including personal data, if they are provided.
2. The Service may record connection parameters (timestamp, IP address).
3. The Service, in some cases, may store information that facilitates linking form data with the e-mail address of the user filling in the form. In such a case the user’s e-mail address appears inside the URL of the page containing the form.
4. Data provided in the form are processed for the purpose resulting from the specific form’s function, e.g. to handle a service request or commercial contact, registration of services, etc. The context and description of the form always clearly indicate its purpose.

6. Administrator logs

1. Information about users’ behaviour on the site may be logged. These data are used to administer the Service.

7. Key marketing techniques

1. The Operator uses statistical analysis of site traffic via Google Analytics (Google Inc., USA). The Operator does not provide personal data to the service provider; only anonymized information is sent. The service relies on cookies on the user’s device. Regarding information about user preferences collected by Google’s advertising network, the user can view and edit cookie-based information via: https://www.google.com/ads/preferences/
2. The Operator uses remarketing techniques to tailor advertising messages to user behaviour on the site, which may create an impression that personal data are used to track the user; however, in practice no personal data are transmitted by the Operator to advertising operators. The technological condition for such actions is enabled cookie support.
3. The Operator uses the Facebook pixel. This technology causes that the Facebook service (Facebook Inc., USA) knows that a person registered there uses the Service. It is based on data for which Facebook itself is the controller; the Operator does not pass any additional personal data to Facebook. The service relies on cookies on the user’s device.
4. The Operator uses tools that examine user behaviour by creating heatmaps and recording behaviour on the site. This information is anonymized before being sent to the service provider so that it cannot be linked to a specific natural person. In particular, entered passwords and other personal data are not recorded.
5. The Operator uses solutions automating the Service’s actions in relation to users, e.g. sending an email to a user after visiting a specific subpage, if they have consented to receive commercial correspondence from the Operator.

8. Information about cookies

1. The Service uses cookies.
2. Cookies are information files, especially text files, stored on the end device of the Service User and intended for use on the Service’s web pages. Cookies usually contain the name of the website they come from, the time they are stored on the end device and a unique number.
3. The entity placing cookies on the Service User’s device and accessing them is the Operator of the Service.
4. Cookies are used for the following purposes:
   1. maintaining the user’s session (after logging in), so that the user does not have to re-enter login and password on each subpage of the Service;
   2. implementation of the purposes specified above in the “Key marketing techniques” section;
5. The Service uses two main types of cookies: “session” cookies and “persistent” cookies. Session cookies are temporary files stored on the user’s device until logout, leaving the website or turning off the software (browser). Persistent cookies are stored on the user’s device for the time specified in the cookie parameters or until they are deleted by the user.
6. Web browsers typically allow cookies by default. Service Users may change settings in this regard. The browser enables deleting cookies. It is also possible to automatically block cookies. Detailed information is available in the browser’s help or documentation.
7. Restricting the use of cookies may affect some functionalities available on the Service’s web pages.
8. Cookies placed on the user’s device may also be used by entities cooperating with the Operator, in particular: Google (Google Inc., USA), Facebook (Facebook Inc., USA), Twitter (Twitter Inc., USA).

9. Managing cookies – how to give and withdraw consent in practice?

1. If the user does not want to receive cookies, they can change browser settings. We warn that disabling cookies necessary for authentication, security, or keeping user preferences may make it difficult or, in extreme cases, impossible to use the website.
2. To manage cookie settings choose your browser from the list below and follow the instructions:
   • Edge
   • Internet Explorer
   • Chrome
   • Safari
   • Firefox
   • Opera

Mobile devices:

1. • Android
   • Safari (iOS)
   • Windows Phone

This privacy policy template was generated free of charge for informational purposes based on our knowledge, industry practices and legal regulations effective as of 2018-08-14. We recommend checking the template before using it on your website. The template is based on common website situations but may not reflect the full and exact specifics of your website. Read the generated document carefully and, if necessary, adapt it to your situation or seek legal advice. We accept no responsibility for the consequences of using this document, as only you can ensure that all information contained therein is accurate. Note also that the Privacy Policy, even if comprehensive, is only one element of your care for personal data and user privacy on the website.