1. This Privacy Policy of the RunForFun Online Store describes how personal data necessary for the provision of electronic services through the website available at runforfun.pl (hereinafter: the Service) is collected, processed, and stored.
2. The administrator of users' personal data in the Service is Monika Słomska, conducting business under the name RunForFun Academy Monika Słomska in Warsaw, ul. Bukowińska 24a/38 (02-703), based on entry into the Central Register and Information on Economic Activity, NIP 8121415885, REGON 141756295 (hereinafter: the Administrator).
3. The processing of personal data is carried out in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: the Polish GDPR).
4. Personal data collected by the Administrator shall be:
a. Processed in accordance with the law,
b. Used for clearly defined purposes, and shall not be subject to further processing incompatible with those purposes,
c. Substantively correct and adequate for the purposes for which they are processed,
d. Stored no longer than necessary to achieve the processing purpose.
In each of the cases listed below, providing data is voluntary but necessary to conclude and perform a contract or use other functionalities of the Service.
Using the Website
1. Personal data of Website users (including IP address and other identifiers or information collected through cookies or similar technologies) is processed by the Administrator for the purposes of:
a. Provision of electronic services, including providing content to users within the Service. This processing is necessary for the performance of the contract (Art. 6(1)(b) of the Polish GDPR).
b. Analytical and statistical purposes, to analyze user activity and preferences to improve functionality and services. This processing is necessary for the purposes of the legitimate interests pursued by the Administrator (Art. 6(1)(f) of the Polish GDPR).
c. Possible establishment, exercise, or defense of legal claims. This processing is necessary for the purposes of the legitimate interests pursued by the Administrator (Art. 6(1)(f) of the Polish GDPR).
2. User's activity on the Website, including their personal data, is recorded in system logs. System logs are a specialized computer program used to store a chronological record of information about events and actions related to the information system used to provide services by the Administrator. The information collected in logs is primarily processed for purposes related to service provision.
3. The Administrator processes data contained in system logs for technical, administrative, security, and management purposes of the information system, as well as for analytical and statistical purposes. This processing is necessary for the purposes of the legitimate interests pursued by the Administrator (Art. 6(1)(f) of the Polish GDPR).
Order placement
4. Placing an order and acquiring products by the Website user renders is necessary to process their personal data. Providing data marked as obligatory is essential for the acceptance and handling of the order; failure to provide such data results in the inability to fulfill the order. Providing other data is optional.
5. Personal data is processed for the following purposes:
a. Fulfillment of the placed order. This processing is necessary for the performance of a contract (Art. 6(1)(b) of the Polish GDPR).
b. Fulfillment of legal obligations imposed on the Administrator, particularly arising from tax regulations and accounting rules. This processing is necessary to fulfill legal obligations binding on the Administrator (Art. 6(1)(c) of the Polish GDPR);
c. Analytical and statistical purposes. This processing is necessary for the purposes of the legitimate interests pursued by the Administrator (Art. 6(1)(f) of the Polish GDPR), which involve analyzing user activity on the Service, as well as users' purchasing preferences, to enhance the applied functionalities;
d. Potential establishment and pursuit of claims or defense against claims. This processing is necessary for the purposes of the legitimate interests pursued by the Administrator (Art. 6(1)(f) of the Polish GDPR).
Newsletter
6. The Administrator may provide the newsletter service in accordance with the provisions specified in the Newsletter Regulations. The provision of the newsletter service applies to individuals who voluntarily provide their email address for this purpose. Providing data is necessary to deliver the newsletter service, and failure to provide them prevents the sending of the newsletter. Communication with the user under this service shall not involve profiling.
7. Personal data is processed for the following purposes:
a. Provision of the newsletter service. This processing is provides a necessary condition for the performance of a contract (Art. 6(1)(b) of the Polish GDPR).
b. Directing marketing content to the user as part of the newsletter service. This processing is necessary for the purposes of the legitimate interests pursued by the Administrator (Art. 6(1)(f) of the Polish GDPR) in connection with the expressed consent to receive the newsletter;
c. Analytical and statistical purposes, for the analysis of user activity and preferences to enhance functionalities and services provided. This processing is necessary for the purposes of the legitimate interests pursued by the Administrator (Art. 6(1)(f) of the Polish GDPR).
d. Potential establishment and pursuit of claims or defense against claims. This processing is necessary for the purposes of the legitimate interests pursued by the Administrator (Art. 6(1)(f) of the Polish GDPR).
Social media profiles
8. Personal data of users who visit the Administrator's profiles on social media platforms (such as Facebook, Instagram, Twitter) are processed by the Administrator in connection with managing these profiles. This processing aims to inform users about the Administrator's activities and promote various events, services, and products. Such processing is necessary for the purposes of the legitimate interests pursued by the Administrator (Art. 6(1)(f) of the Polish GDPR), which involve promoting the brand.
Opinions and Comments
9. The Administrator provides a feature for adding opinions and comments on the Service. Completing fields marked as required is voluntary, but not providing this information results in the impossibility of publishing the opinion or comment. Users have the freedom to determine the scope of personal data that is public to other users.
10. Personal data is processed for the following purposes:
a. Publishing opinions or comments within the available functions of the Service. This processing is necessary for the performance of a contract (Art. 6(1)(b) of the Polish GDPR).
b. Moderating opinions or comments, including spam elimination. This processing is necessary for the purposes of the legitimate interests pursued by the Administrator (in accordance with Art. 6(1)(f) of the Polish GDPR), involving the approval of comments added by users and their publication.
Sensitive Data
11. Within the framework the provision of services such as Online Consultations, the creation of Training Plans, and the conduct of Personal Training on behalf of the user (specified in detail in the Regulations of the RunForFun Online Store, available at [xx]), the Administrator shall process special categories of user's personal data ('Sensitive Data').
12. Sensitive Data includes the following categories of information:
a. user's gender,
b. user's age,
c. user's biometric data (height and weight),
d. data related to the user's physical activity,
e. data pertaining to the user's health, including information about chronic diseases, injuries, allergies,
f. data regarding medical recommendations related to the user's physical activity.
13. Sensitive Data shall be processed only to the extent necessary for the proper provision of services such as Online Consultations, the creation of Training Plans, and the conduct of Personal Training.
14. The processing of Sensitive Data is based on the explicit consent of the User for their processing - for purposes specified in the content of the consent statement (Art. 9(2)(a) of the Polish GDPR).
15. Providing Sensitive Data is voluntary; however, without providing this information, the Administrator shall be unable to perform services such as Online Consultations, the creation of Training Plans, and the conduct of Personal Training for the user.
1. Personal data shall be stored for the period necessary to achieve the purposes of processing, as well as for the time required to comply with applicable legal regulations, pursue, or defend against any potential claims. However, the storage period shall not exceed 3 years, calculated from the date of termination of the electronic services agreement.
2. Data processed based on provided consent shall be processed until its withdrawal, with the proviso that the withdrawal of consent does not affect the compliance of data processing that occurred before the withdrawal of consent.
1. Personal data, depending on the purpose of processing, may be disclosed to:
a. entities affiliated with the Administrator,
b. entities cooperating with the Administrator,
c. subcontractors, especially entities providing and servicing selected IT systems and solutions,
d. entities handling online payments,
e. entities providing courier and postal services,
f. law firms.
2. The level of protection for personal data outside the European Economic Area (EEA) differs from that guaranteed by European law. For this reason, the Administrator transfers personal data outside the EEA only when necessary, ensuring an adequate level of protection. Methods to achieve this goal include:
a. collaboration with entities processing personal data in countries for which the European Commission has issued a relevant decision regarding ensuring an adequate level of personal data protection;
b. application of standard contractual clauses issued by the European Commission;
c. implementation of binding corporate rules approved by the relevant supervisory authority.
3. At the stage of collecting personal data, the Administrator informs about the intention to transfer them outside the EEA.
1. The Administrator systematically conducts a risk analysis to ensure the secure processing of personal data. The priority is to ensure that only authorized individuals have access to the data, and only to the extent necessary to perform their duties. The Administrator ensures the logging of all operations on personal data exclusively by authorized employees and collaborators.
2. The Administrator takes all necessary steps to ensure that subcontractors and other cooperating entities also implement appropriate security measures when processing personal data under the work commissioned by the Administrator.
1. The Service User has the right to:
a. access the content of their personal data
b. rectify data
c. erase data
d. restrict the processing of data
e. transfer data
f. object to processing based on the legitimate interest of the administrator
g. withdraw consent at any time without affecting the lawfulness of processing based on that consent before its withdrawal
2. The User has the right to lodge a complaint with the President of the Polish Personal Data Protection Office if they believe that the processing infringes upon their rights and freedoms.
3. In the data processing process, the Administrator shall not make automated decisions, including profiling.
1. The Administrator reserves the right to make changes to this Privacy Policy while ensuring that the rights of users outlined in this document shall not be limited.
2. Users shall be notified of any changes to the Privacy Policy through a message available on the Service.
