Privacy Policy

 

Personal Data Processing Policy of Fitvise s.r.o.

 

I. Introductory Provisions

a) These Principles of Personal Data Processing (hereinafter referred to as the “Principles”) constitute a general document providing essential information about the purpose, scope, and methods of processing personal data of data subjects, as well as about the rights of data subjects in relation to such processing and the means of exercising those rights.

b) The processing of personal data is carried out in accordance with the applicable legislation, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (the General Data Protection Regulation, hereinafter the “GDPR”). For users based in the United Kingdom, the processing of personal data is governed by the applicable UK GDPR and the Privacy and Electronic Communications Regulations (PECR).

 

II. Personal Data Controller

a) The Controller of personal data is Fitvise s.r.o., Company ID: 17628946, with its registered office at Emy Destinové 411, 252 25 Jinočany, registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, File 374178 (hereinafter referred to as the “Controller”). The Controller is also the operator of the Fitvise mobile application and the website located at www.fitvise.cz.

b) The Controller determines the purposes and means of processing personal data and performs such processing.

c) The protection of personal data of Fitvise application users is a priority for the Controller. For this reason, the Controller hereby informs Fitvise users about what data is collected, processed, and for what purposes it is used.

d) If necessary, data subjects may contact the Controller by phone at +420 777 775 277 or by e-mail at info@fitvise.cz

e) The Controller declares that it complies with all legal obligations required by applicable legislation, and that all personal data voluntarily provided by the data subject will be processed only on the basis of a valid legal ground, namely legitimate interest, performance of contractual obligations, fulfillment of legal duties, or consent given.

f) Furthermore, the Controller declares that, in accordance with Article 13 of the GDPR, it fulfills its information obligation prior to the commencement of personal data processing.

g) The Controller undertakes to enable data subjects to exercise their rights under the GDPR and related legislation and to provide full cooperation in doing so.

 

III. Personal Data

a) The Controller stores and processes the following personal data of individual users, if voluntarily provided by the user in connection with the use of the Fitvise application:

    1. First and last name
    2. Postal address
    3. E-mail address
    4. Telephone number
    5. Age
    6. Gender
    7. Photo
    8. Sensitive health-related data in particular weight, body measurements (such as height, body fat percentage, waist and hip circumference, etc.), and photos shared within the Fitvise application. These data constitute a special category of personal data pursuant to Article 9 of the GDPR.

b) The Controller also stores and processes the following personal data of legal entities, if voluntarily provided in connection with the use of the Fitvise application:

    1. Business name
    2. Registered office address
    3. Mailing or delivery address
    4. Company identification number
    5. Name and surname of the authorized contact person, including their telephone number and e-mail address

c) The Controller processes only such personal data as have been voluntarily provided by the user during the use or registration of the Fitvise application, during email communication, or in person.

d) In accordance with applicable legislation, personal data shall be retained only for the period necessary to fulfill the purposes for which they were collected, and for a maximum period of 10 years, unless a shorter or longer retention period is required by law. After this period, the data will be securely deleted or anonymized.

 

IV. Purpose of Processing Personal Data and Legal Basis

a) When processing personal data, the Controller ensures that the rights of data subjects are not infringed and that their privacy is protected against unauthorized interference.

b) Personal data are processed for the following purposes:

    1. Provision of services through the Fitvise application – in particular, to enable personal fitness trainers to manage their clients, track their progress and records, schedule training sessions, and create nutrition and training plans; and to enable individual users to record data on their weight, body fat percentage, and body measurements, to view their training and nutrition plans from their trainers, to sign up for lessons, and to access other related features.
    2. Marketing purposes – sending newsletters and marketing communications to users who have granted their consent.
    3. Protection of the Controller’s legitimate interests – including the exercise of the Controller’s rights towards data subjects, the enforcement of claims, and the sending of service-related messages or notifications.
    4. The legal basis for the processing of sensitive data referred to in Section III.a.10 is the explicit consent of the user, which is granted via a special checkbox when such data are first entered in the application.
      The Controller processes this sensitive data solely for the purposes of:

4.1. providing personalized services within the Fitvise application (e.g. tracking progress, creating training and nutrition plans, recording sessions, etc.),

4.2. the potential evaluation and presentation of the user’s progress within the application.
The user is informed that the consent granted cannot be withdrawn retroactively with respect to data already stored that are inseparably linked to the user’s account within the application.

 

V. Disclosure of Personal Data to Trainers

a) Within the Fitvise application, a user in the role of a client may be connected with a user in the role of a personal trainer. In such a case, the selected trainer is granted access to the client’s personal data to the extent necessary for the provision of training, nutrition, and related services through the Fitvise application.

b) The scope of data made available may include, in particular, the client’s name, surname, age, gender, contact details, body measurements, weight, health-related information, progress, and shared photos, solely for the purpose of providing services that form part of the functionality of the Fitvise application.

c) The Trainer is obliged to maintain confidentiality with respect to all personal data to which they gain access within the application and may not disclose or transfer such data to any third party. The Trainer may use the client’s personal data only within the Fitvise application and exclusively for the purpose of providing services to that client.

d) The Controller ensures that all trainer access to client data is secure and complies with the technical and organizational measures adopted for the protection of personal data pursuant to Part XII of this Policy.

e) The client is informed about the possibility of their data being shared with the trainer when establishing cooperation within the application and has the right to terminate such connection at any time. Upon termination, the trainer’s access to the client’s personal data is immediately revoked.

 

VI. Transfer of Personal Data to Third Parties

a) The Access to personal data is granted only to the Controller’s employees and cooperating entities who require such access to fulfil their work or contractual duties. To ensure certain operations and services that the Controller does not provide itself, the Controller uses the services and applications of processors such as Meta, Google, Instagram, Helios, providers of web, software, and hardware solutions for the Fitvise application, hosting providers, transport service providers, payment service providers, and other necessary service providers. In the future, the Controller may decide to engage other processors or applications to improve the quality of services provided and optimize business processes. The Controller undertakes to ensure that all cooperating entities comply with the legislative standards and principles of personal data protection in accordance with the GDPR. Users’ personal data are not transferred to third parties for the purpose of advertising. Any advertising displayed in the Fitvise application is provided exclusively by the Controller’s business partners, without the transfer or disclosure of users’ personal data to such partners.

b) In the future, the Controller may cooperate with additional business partners to expand the functionality of the application, in which case certain data necessary for the use of a specific function (e.g. default macronutrient settings within the nutrition menu) may be shared. Users will be notified in advance of any such functional expansion and will be given the opportunity to grant consent to such data transfer.

 

VII. Cookies

a) The Controller’s website operated at the above-mentioned web address uses cookies, which serve to improve the quality of the services provided and to ensure a more efficient and user-friendly experience. Cookies are small text files stored on the user’s device via their internet browser. Most cookies are temporary (“session”) cookies, which are automatically deleted once the visitor leaves the website. For users from the United Kingdom, consent to the use of cookies is governed by the UK GDPR and the Privacy and Electronic Communications Regulations (PECR).

 

VIII. Consent to Cookies and Google Analytics

a) The user has the option to grant consent to the use of non-essential cookies or similar technologies (such as device identifiers used by Google Analytics). Consent is obtained through a cookie banner or consent dialog displayed upon the user’s first visit to the website or the application, allowing the user to:

    1. grant consent to all cookies,
    2. refuse all cookies, or
    3. select only specific categories of cookies (e.g., analytical, marketing).

b) The use of Google Analytics and other analytical tools is carried out only with the user’s consent. The user may withdraw their consent at any time by adjusting their cookie settings in the application or in their internet browser.

 

IX. Use of Analytical Tools

a) The Controller declares that its website may use services provided by Google LLC (or Google Ireland Limited for users within the EU) for the purpose of collecting reports and statistics on visitor activity on the website. This enables the Controller to gain deeper insights into how the website is used and to improve its functionality and accessibility. If a website visitor does not wish for such data to be collected, they may prevent this by installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout.

b) The Fitvise mobile application also uses Google Analytics to analyze application usage and improve its performance. This tool collects anonymized data such as device type, operating system, anonymized IP address, time spent in the application, and user interaction with individual screens. This data is not used to identify specific individuals and is processed by Google Ireland Limited in accordance with its Privacy Policy. The processing is carried out on the basis of the legitimate interest of the Application Operator in improving its functionality and user experience.

 

X. Transfer of Personal Data Outside the European Union

a) The Controller undertakes to ensure that all personal data processing is carried out within the European Union or in countries that provide an adequate level of personal data protection comparable to that guaranteed under EU law.

 

XI. Disclosure and Transfer of Personal Data without the Data Subject’s Consent

a) In cases stipulated by law, the Controller is authorized or obliged to disclose or transfer personal data to law enforcement authorities or other public authorities.

b) Furthermore, the Controller is entitled to process and use the personal data of the data subject without their consent in the following cases:

  1. Provision of products or services – where the Controller processes and uses personal data for the purpose of fulfilling a contract;
  2. Legitimate interest – where the processing and use of personal data is necessary to protect the Controller’s legitimate interests, in particular to ensure the security and functionality of the Fitvise Application.

c) However, personal data may be disclosed, made available, used, or processed only to the extent necessary for the fulfillment of the above purposes.

 

XII. Rights Related to the Processing of Personal Data and Methods of Exercising them

a) Data subjects are entitled to exercise the following rights under applicable legal regulations at any time in connection with the processing of their personal data:

  1. Right of access: The data subject has the right to obtain from the Controller confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to such data and to the information specified by the relevant legal regulations. Upon request, the Controller shall provide the data subject with a copy of the personal data being processed.
  2. Right to rectification, restriction or erasure: The data subject has the right to obtain from the Controller, without undue delay, the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by providing a supplementary statement. The data subject also has the right to obtain from the Controller the restriction or erasure of personal data concerning them without undue delay where one of the reasons provided for by the relevant legal regulations applies.
  3. Right to data portability: If personal data are processed based on the data subject’s consent or for the performance of a contract, and the processing is automated, the data subject has the right to receive the personal data they have provided to the Controller in a structured, commonly used, and machine-readable format.
  4. Right to object: The data subject has the right to object at any time to the processing of their personal data where such data are processed for the performance of a task carried out in the public interest, in the exercise of official authority, or for the purposes of the legitimate interests pursued by the Controller or a third party. The Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defence of legal claims.
  5. Right to lodge a complaint: The data subject has the right to lodge a complaint or file an initiative regarding a breach of obligations arising from legal regulations in connection with personal data processing with the Office for Personal Data Protection, which is responsible for supervising compliance with such obligations.
    For users in the United Kingdom, complaints may be filed with the Information Commissioner’s Office (ICO) at casework@ico.org.uk.
    If the data subject suspects a breach of the Controller’s obligations, the Controller recommends that the data subject first inform the Controller directly to enable the issue to be resolved promptly.
  6. Right to withdraw consent: The data subject has the right to withdraw the consent previously granted to the Controller for the processing of personal data at any time. To exercise any of the above rights, the data subject may contact the Controller in writing at its registered office address, by e-mail, or by telephone using the contact details provided above.In the case of repeated or manifestly unfounded requests, the Controller reserves the right to charge a reasonable administrative fee or to refuse to act on the request. The user may withdraw consent to the processing of sensitive data for future entries of new data; however, data already entered remain inseparably linked to the user’s account in the Application and cannot be deleted independently. This condition is clearly communicated to the user when consent is granted.

XIII. Security and Privacy

a) The Controller protects personal data to the maximum extent possible, in line with current scientific knowledge and technological advancements. The Controller implements all appropriate technical and organizational measures available at the time to prevent the misuse, loss, alteration, unauthorized access to, or destruction of personal data.

 

XIV. Confidentiality

a) The Controller guarantees that all its employees and any third parties involved in the processing of personal data are bound by a duty of confidentiality regarding personal data and the security measures implemented by the Controller to protect such data. This obligation of confidentiality shall continue to apply even after the termination of the respective contractual or employment relationship with the Controller.

 

XV. Final Provisions

These Privacy Policy Principles shall enter into force and take effect on 1 August 2023.

 

In Jinočany on 18 July 2023

Fitvise s. r. o. 

Ing. Karolína Kamenická – Managing director