Obligation to Inform

in accordance with art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC, I inform:

I. Contact information of the Controller: :

Name of the Controller Address Contact details
Perfect Gym Solutions S.A. ul. Klimczaka 1,
02-797 Warszawa
Telefon: +48 22 307 34 04
e-mail: contact@perfectgym.com

II. Contact information of the Data Protection Officer:

Name and surname of the Data Protection Officer Address Contact details
Radosław Aniszczyk ul. Klimczaka 1,
02-797 Warszawa
 e-mail: dpo@perfectgym.com

Under the above-mentioned address, you can contact the Data Protection Officer in matters related to the protection, collection, processing, modification and erasure of personal data.

III. Information on processed personal data:

Data processing activity Categories of personal data Legal basis for processing personal data Purpose and period of personal data storage Recipients of personal data Data transfer outside the EEA
Conclusion and performance of the contract Data of current and potential clients and contractors, including sole proprietorships and civil partnerships, as well as natural persons representing contractors (employees, management). Personal data are processed on the basis of:
art. 6.1. b) GDPR, ,
art. 6.1. c) GDPR,
art. 6.1. f) GDPR.
Personal data will be processed in order to take steps necessary to conclude and perform the contract. The data will be processed for the duration of the contract, and after its completion, for the duration of the legitimate interest of the Controller. Entities providing the Controller with programming services in the field of application and system development and maintenance, hardware and software service, as well as the Microsoft365 service provider and entities providing legal, consulting, auditing, insurance, debt collection and archiving services. The Controller does not plan to transfer data outside the EEA, but such transfer may be carried out by global cloud service providers, for example Microsoft as a provider of Microsoft 365, Azure Active Directory or MFA services.
Communication via contact forms Contact details of current and potential clients and contractors, including sole proprietorships and civil partnerships, as well as natural persons representing contractors (employees, management). Personal data are processed on the basis of:
art. 6.1. a) GDPR;
Personal data is processed for the purpose of communication and implementation of the matter to which the correspondence relate. The data will be processed for the duration of the communication or until the consent is withdrawn. The withdrawal of consent does not affect the lawfulness of the processing carried out prior to the withdrawal of the consent granted. Entities providing the Controller with programming services in the field of application and system development and maintenance, hardware and software service, as well as the Microsoft365 service provider and entities providing legal, consulting, auditing, insurance, debt collection and archiving services.
Recruitment process for job Personal data of job candidates in the recruitment process. Personal data are processed on the basis of:
Labour Code;
art. 6.1. a) GDPR;
art. 9. 2. a) GDPR - in the scope of consent to the processing of the image and data of a specific category.
Personal data are processed until the end of the recruitment process, and in the case of participants who have consented to the processing of data in future recruitments - up to 6 months from the date of consent. The withdrawal of consent does not affect the lawfulness of the processing carried out prior to the withdrawal of the consent granted. The data may be disclosed to entities with which the Controller has concluded an agreement for the provision of services providing technical and organizational solutions ensuring efficient management (in particular, ICT service providers), providers of legal, auditing and advisory services and supporting the Controller in the recruitment process and service providers enabling the Controller to publish recruitment ads.
Maintenance and development of the Perfect Gym system Personal data of the users of the Perfect Gym system. Personal data are processed on the basis of:
art. 6. 1. f) GDPR.
Personal data is processed in order to implement the subject of the contract linking the entity that allows you to use the Perfect Gym system (for example gym, fitness club, swimming pool) and the Perfect Gym system provider, as well as conducting statistical research and preparing analyzes using the data of Perfect Gym system users. Personal data will be processed for the period of using the Perfect Gym system (the possibility of extending this period in the event of claims between the parties) and for the period of archiving documents, in accordance with applicable regulations. Entities enabling you to use the Perfect Gym system (for example gym, fitness club, swimming pool), responsible for the correct operation of the system (maintenance and service of software and IT infrastructure) and providing services to the Controller, e.g. in the use of Microsoft365 and Google Analytics services.
Recording phone calls Recordings of conversations of Perfect Gym system users and persons contacting Perfect Gym Solutions S.A. Personal data are processed on the basis of:
art. 6. 1. a) GDPR;
art. 6. 1. f) GDPR
Personal data is processed in order to improve the quality provided by Perfect Gym Solutions S.A. services; conducting business relations. Recordings of calls are kept until consent is withdrawn or for the time needed to achieve the intended purposes, subject to legal and technical archiving, the obligation to store certain data or anonymize them. In the event that the recordings constitute or may constitute evidence in legal proceedings, until the proceedings are legally terminated. Entities responsible for the correct operation of the system (maintenance and service of software and IT infrastructure) and providing services to the Controller, for example legal, consulting and auditing, insurance, debt collection and archiving services. Recorded conversations may also be made available to entities authorized to obtain these personal data on the basis of generally applicable provisions of law.

IV. Definitions:

The Controller informs that:

1. Personal data/data - means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Recipient – means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing; third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

3. Processor – means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

4. Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

5. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC.

6. Data erasure – permanent destruction of personal data or such modification that will not allow the identification of the data subject.

7. Consent of the data subject – means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

V. Information on the rights of the data subject:

1. The person whose data is processed has the right to file a complaint related to the processing of his personal data by the Controller or the entity/organization whose personal data was transferred to:

Name of the supervisory authority Address Contact details
The President of the Personal Data Protection Office ul. Stawki 2
00-193 Warszawa
tel. 606 950 000, fax. 22 531 03 01
https://uodo.gov.pl/pl/p/kontakt

2. Information on the right to request information on the processed data:

  • a) the data subject has the right to submit a request for information on the processed data at any time.
  • b) the Controller shall provide information on action taken on a request under Articles 15 to 22 (the right to request from the Controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability) to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.
  • c) if the Controller does not take action on the request of the data subject, the Controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
  • d) where the Controller has reasonable doubts concerning the identity of the natural person making the request, the Controller may request the provision of additional information necessary to confirm the identity of the data subject.
  • e) the information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.


3. Information on the right to request the rectification of its data: The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. The data subject has the right to submit a request at any time to the Controller.

4. Information on the right to request the restriction of data processing: The data subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:

  • a) the accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data;
  • b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • c) the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • d) the data subject has objected to processing pending the verification whether the legitimate grounds of the Controller override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

5. Information on the right to object to data processing: The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims

6. The right to object to data processing will not affect the lawfulness of the processing, which was made on the basis of consent before its withdrawal.

7. Information on the "right to be forgotten": The data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • b) there is no legal basis for the processing;
  • c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing;
  • d) the personal data have been unlawfully processed;
  • e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
  • f) the personal data have been collected in relation to the offer of information society services.