Data protection

PRIVACY POLICY

DEFINITIONS

  1. Administrator - NED Business z o.o. with its registered office in Gdańsk, ul. Al. Grunwaldzka No. 56, Local 113, 80-241 Gdańsk, entered in the Register of Entrepreneurs maintained by the District Court of Gdańsk, 7. Commercial Section of the National Court Register, number KRS 0000905074, NIP 9571134247, REGON 389149500, registered capital PLN 80,000.00, fully paid up.
  2. Personal data – any information about a natural person who is identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, internet identifier and information collected using cookies and other similar technologies.
  3. Policy - this Privacy Policy.
  4. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27. April 2016 on the protection of natural persons with regard to the processing of personal data, on the free movement of data and on the repeal of Directive 95/46/EC.
  5. Website - a website operated by the Administrator at www.fitness.nedbusiness.com.
  6. User - any natural person visiting the Website or using one or more of the services or features described in the Policy.

DATA PROCESSING

  1. In connection with the User's use of the Website, the Administrator collects data necessary for the provision of individual services offered, as well as information about the User's activities on the Website. The detailed rules and purposes of the processing of personal data collected by the user during the use of the website are described below.
  2. Personal data of all persons using the website (including IP address or other identifiers and information collected via cookies or similar technologies) who are not registered users (i.e. H. Persons who do not have a profile on the site) are processed by the Administrator:
  3. for the electronic provision of services within the scope of providing content collected on the website to users, providing offers from other providers, forwarding contact forms - the legal basis for processing is the necessity of processing for the performance of a contract (Article 6 paragraph 1 (b) of the GDPR );
  4. to process purchases made without registering on the website - the legal basis for processing is the necessity of processing for the performance of a contract (Article 6 (1) (b) GDPR);
  5. to process complaints - then the legal basis for processing is the necessity of processing for the performance of a contract (Article 6 (1) (b) GDPR);
  6. for analytical and statistical purposes - then the legal basis for processing is the legitimate interest of the controller (Art. 6 para. 1 point f GDPR), which consists in conducting analyzes of user activity, as well as their preferences, in order to improve the functionalities and provided services ;
  7. for the possible assertion and pursuit of claims or their defense - the legal basis for the processing is the legitimate interest of the person responsible (Art. 6 Para. 1 Item f DSGVO), which consists in the protection of his rights;
  8. for marketing purposes of the Administrator and other entities, in particular in connection with the presentation of advertising - the rules for processing personal data for marketing purposes are described in the "MARKETING" section.
  9. The user's activity on the website, including his personal data, is recorded in system logs (a special computer program for storing a chronological record with information about events and activities related to the IT system used for the provision of services by the administrator becomes). Information collected in the logs processed in connection with the provision of services. The administrator also processes them for technical purposes, in particular the data may be temporarily stored and processed to ensure the security and operability of IT systems, z and attacks. .

REGISTRATION ON THE SITE

  1. Individuals who register on the site are asked to provide the information necessary to create and maintain an account. In order to facilitate the service, the user can provide additional data, thereby consenting to their processing. This data can be deleted at any time. The provision of data marked as mandatory is necessary for the establishment and operation of an account. Otherwise an account cannot be created. Providing further data is voluntary.
  2. Personal data are processed:
  3. to provide services in connection with the management and maintenance of an account on the website - the legal basis for processing is the necessity of processing for the performance of a contract (Article 6 (1) (b) GDPR), as well as in the context of optional data - the legal basis for processing is consent (Article 6 (1) (a) GDPR);
  4. for analytical and statistical purposes - the legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR), which consists in conducting analyzes of user activity on the website and use of the account, as well as their Preferences to improve the functionalities used;
  5. for the possible assertion and pursuit of claims or their defense - the legal basis for the processing is the legitimate interest of the person responsible (Art. 6 Para. 1 Item f DSGVO), which consists in the protection of his rights.
  6. for marketing purposes of the Administrator and other companies, in particular sellers - the rules for processing personal data for marketing purposes are described in the "MARKETING" section.
  7. If the user leaves personal data of other people (including name, address, telephone number or e-mail address) on the website, he may only do so if it does not violate applicable law and personal rights of these people.

PLACING ORDERS

  1. Placing an order (purchase of goods) by the website user involves the processing of his personal data. Providing the data marked as mandatory is necessary for the acceptance and processing of the order, otherwise its execution will be prevented. Providing further data is optional.
  2. Personal data are processed:
  3. to fulfill the order placed - the legal basis for processing is the necessity of processing to fulfill the contract (Article 6 (1) (b) GDPR); in the context of optional data, the legal basis for processing is consent (Article 6 (1) (a) GDPR);
  4. to fulfill the legal obligations of the administrator, which result in particular from tax and accounting regulations - the legal basis for processing is the legal obligation (Article 6 (1) (c) GDPR);
  5. for analytical and statistical purposes - the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) GDPR), which consists in conducting analyzes of users' activities on the website, as well as their purchasing preferences, in order to improve the functionalities used;
  6. for the possible assertion and pursuit of claims or their defense - the legal basis for the processing is the legitimate interest of the person responsible (Art. 6 Para. 1 Item f DSGVO), which consists in the protection of his rights;
  7. for purposes related to the satisfaction survey, in particular by sending a message to the e-mail address asking for an opinion (review) or filling out a satisfaction survey - the legal basis for processing is the legitimate interest of the Administrator (Article 6 ( 1) (f) of the GDPR), which consists in maintaining a high quality of service and a high level of customer satisfaction with the products and services offered.

CONTACT FORMS

  1. The administrator provides the opportunity to contact him via electronic contact forms. The use of the form requires the provision of personal data necessary for contacting the user and responding to the request. The user can also provide other data to facilitate contact or processing of the request. Providing the data marked as mandatory is required for the acceptance and processing of the request, otherwise processing is not possible. Providing further data is voluntary.
  2. Personal data are processed:
  3. to identify the sender and to process his request via the form provided - the legal basis for processing is the necessity of processing to fulfill the service contract (Article 6 (1) (b) GDPR);
  4. for analytical and statistical purposes - the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) GDPR), which is to keep statistics on users' requests through the website in order to improve its functionality ;
  5. for purposes related to the satisfaction survey, in particular by sending to the e-mail address with a request to fill out a satisfaction survey - the legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR), which consists in maintaining a high quality of service and a high level of customer satisfaction with the products and services offered.

MARKETING

  1. The administrator processes users' personal data in order to conduct marketing activities, which may include:
  2. displaying marketing content to the user that is not tailored to their preferences;
  3. Displaying marketing content to the user according to their interests;
  4. Sending email notifications of interesting offers or content, which in some cases may contain commercial information;
  5. Carrying out other types of activities related to the direct marketing of goods (sending commercial information by electronic means and telemarketing activities).
  6. In order to carry out marketing activities, the administrator uses profiling in some cases. This means that, thanks to automatic data processing, the administrator evaluates selected factors relating to natural persons in order to analyze their behavior or make a forecast for the future.
  7. If the user has consented to receiving marketing information via email, SMS and other electronic means of communication, the user's personal data will be processed for the purpose of sending this information. The basis for data processing is the legitimate interest of the administrator in sending marketing information within the framework of the user's consent. The user has the right to object to the processing of data for the purpose of direct marketing, including profiling. For this purpose, the data is stored for the duration of the legitimate interest of the Administrator, unless the user objects to receiving marketing information.

ADVERTISING

  1. The administrator processes users' personal data for marketing purposes related to sending users contextual advertising (i.e. advertising that does not match the user's preferences). The processing of personal data then takes place in connection with the implementation of the legitimate interest of the Administrator (Art. 6 para. 1 item. f DSGVO).
  2. The administrator processes personal data of users, including personal data collected through cookies and other similar technologies, for marketing purposes related to targeted behavioral advertising to users (i.e. H. advertising tailored to the user's preferences). The processing of personal data then also includes the creation of user profiles. The use of personal data collected using this technology for marketing purposes, in particular for the promotion of third-party services and goods, is carried out on the basis of the legitimate interest of the administrator and only provided that the user has consented to the use of cookies. Consent to the use of cookies can be declared by configuring the browser accordingly and revoked at any time, in particular by deleting the cookie history and deactivating cookies in the browser settings.
  3. This consent can be revoked at any time.

SOCIAL PORTALS

The Administrator processes the personal data of users who visit the Administrator's social media profiles (Facebook, YouTube, Instagram, Twitter, Google+, Pinterest, TikTok or similar). These data are processed only in connection with maintaining the profile, including informing users about the Administrator's activities and promoting various types of events, services and products, as well as communicating with users through the functions available on social media. The legal basis for the Administrator's processing of personal data for this purpose is its legitimate interest (Article 6(1)(f) GDPR), which consists in promoting its own brand and building and maintaining a brand-related community.

COOKIES

  1. Cookies are small text files that are installed on the device of the user visiting the website. Cookies collect information that makes the website easier to use - for example, by remembering the user's visits to the website and the activities performed by the user.
  2. The administrator uses the so-called service cookies primarily to provide the user with services provided electronically and to improve the quality of these services. Therefore, the Administrator and other entities that provide analytical and statistical services to him use cookies that store information or access information already stored on the user's telecommunications terminal equipment (computer, phone, tablet, etc.) are saved. Used for this purpose include:
  3. Cookies with user-supplied data for the duration of the session;
  4. Authentication cookies, used for services that require authentication for the duration of the session;
  5. Cookies to ensure security, e.g. to detect fraud in the field of authentication;
  6. Session cookies from multimedia players for the duration of the session;
  7. Persistent cookies used to personalize the user interface for the duration of the session or a little longer;
  8. Cookies used to remember the contents of the shopping cart for the duration of the session;
  9. Cookies used to monitor traffic on the website, d. H. Data analysis, including Google Analytics cookies (these are files used by the company Google to analyze how the user uses the website, to compile statistics and reports on the functioning of the website). Google does not use the data collected to identify the user and does not combine this information to enable identification. Detailed information on the scope and principles of data collection in connection with this service can be found at: https://www.google.com/intl/pl/policies/privacy/partners.

DURATION OF PROCESSING OF PERSONAL DATA

  1. The duration of data processing by the Administrator depends on the type of service provided and the purpose of processing. The data processing usually takes place for the duration of the service or Execution of the order, until the consent is revoked or until an effective objection to the data processing is made in cases where the legal basis for the data processing is the legitimate interest of the person responsible.
  2. The duration of the data processing may be extended if the processing is necessary for the establishment and assertion of claims or their defense, and thereafter only if and to the extent required by law. After the processing period has expired, the data will be irretrievably deleted.

USER RIGHTS

  1. The data subjects have the following rights:
  2. The right to information about the processing of personal data – on the basis of this, the person who makes such a request, the administrator provides information about the processing of personal data, in particular about the purposes and legal basis for processing, the scope of the bodies concerned, to which personal data is disclosed and the planned date of deletion;
  3. The right to obtain a copy of the data – on this basis, the Administrator provides the requesting person with a copy of the processed data;
  4. The right to rectification - based on this, the Administrator eliminates any inconsistencies or errors in the processed personal data and supplements or updates them if they are incomplete or have changed;
  5. Right to erasure of data – On this basis, you can request the erasure of data whose processing is no longer necessary to achieve the purpose for which they were collected;
  6. The right to restriction of processing - on this basis, the Administrator will stop the processing of personal data, with the exception of those operations to which the data subject has consented and their storage in accordance with the applicable storage rules or until there are reasons for the restriction of data processing (eg. B. a decision of the supervisory authority is issued, which allows further data processing);
  7. The right to data portability - on this basis, insofar as the data is processed in connection with the concluded contract or consent, the administrator issues the data provided by the data subject in a computer-readable format. It is also possible to request the transfer of this data to another entity - provided that there are technical possibilities for this on the part of both the administrator and this other entity;
  8. Right to object to the processing of data for marketing purposes – the data subject may object to the processing of personal data for marketing purposes at any time without having to give a reason;
  9. The right to object to the processing of data for the purposes of the satisfaction survey – the data subject may object at any time to the processing of personal data for the purposes of the satisfaction survey, in particular the sending of e-mail communications requesting reviews or participation in one Satisfaction survey without justification required;
  10. The right to object to other purposes of data processing - the data subject may object to the processing of personal data at any time based on the legitimate interest of the administrator (eg. B. for analytical or statistical purposes or for reasons of property protection). . Any objection to this should be justified and subject to the Administrator's assessment;
  11. Right to revoke consent - if the data is processed on the basis of consent, the data subject has the right to revoke it at any time, which, however, does not affect the lawfulness of the processing carried out up to the revocation;
  12. Right of appeal - if it is established that the processing of personal data violates the provisions of the GDPR or other provisions on the protection of personal data, the data subject may file a complaint with the President of the Office for Personal Data Protection.
  13. A request to exercise the rights of data subjects can be submitted in writing to the following address: NED Business Sp. z o.o. with registered office in Gdańsk (postal code: 80-241), Al. Grunwaldzka No. 56, Local 113, by e-mail to the following address: best@nedbusiness.com.
  14. The request should state as precisely as possible what the request relates to, i. H. in particular: which right the applicant wishes to assert (e.g. B. the right to receive a copy of the data, the right to delete the data, etc.); Which processing process the request relates to (e.g. B. Use of a specific service, activity on a specific website, receipt of a newsletter containing commercial information to a specific e-mail address, etc.); the processing purposes to which the request relates (e.g. B. Marketing purposes, analysis purposes, etc.).
  15. If the administrator is unable to determine the content of the application or identify the applicant from the submitted application, he will ask the applicant for additional information.
  16. The response to the request will be made within one month of receipt. If an extension of this period is required, the Administrator will inform the applicant of the reasons for such an extension.
  17. The reply will be sent to the e-mail address from which the application was sent, in the case of postal applications by post to the address given by the applicant, unless the content of the letter indicates a request for delivery. Feedback to the e-mail -address (in this case please provide your e-mail address).

DATA RECEIVER

  1. In connection with the provision of services, personal data is transferred to external entities, including in particular suppliers responsible for the operation of IT systems, entities operating the Customer Support Center, entities such as banks and payment service providers, entities responsible for accounting -, legal, auditing and consulting services, couriers (in connection with the execution of orders), marketing agencies (in the field of marketing services) and companies affiliated with the Administrator, including companies in its capital group and business partners. In the event of a complaint, the user's data can be transmitted to the product distributor, manufacturer or guarantor, depending on the product that falls under the authorization. In the event of a purchase from an entity other than the Administrator, the User's data will be communicated to the Seller in order to conclude and execute the purchase contract;
  2. If the user's consent is obtained, their data may also be made available to other companies for their own purposes, including marketing purposes.
  3. The administrator reserves the right to provide selected information about the user on the basis of an appropriate legal basis and in accordance with the provisions of applicable law to the competent authorities or to third parties requesting this information.

DATA TRANSFER OUTSIDE THE EEA

  1. The level of protection of personal data outside the European Economic Area (EEA) differs from that provided for in European law. For this reason, the Administrator transfers personal data outside the EEA only when necessary and with an adequate level of protection, mainly through:
  2. Cooperation with bodies that process personal data in countries for which a corresponding decision has been issued by the European Commission;
  3. Use of European Commission Standard Contractual Clauses;
  4. application of binding corporate rules approved by the relevant regulatory authority;
  5. The administrator always informs about the intention to transfer personal data outside the EEA at the stage of their collection.

SECURITY OF PERSONAL DATA

  1. The administrator continuously carries out risk analysis to ensure that personal data is processed by him in a secure manner - in particular that only authorized persons have access to the data and only to the extent that this is permissible due to the tasks they perform. The administrator ensures that all operations involving personal data are recorded and carried out only by authorized employees and employees.
  2. The Administrator takes all necessary steps to ensure that its subcontractors and other collaborating entities always ensure the application of appropriate security measures when processing personal data at the Administrator's request.

CONTACT

Contact can be made in writing to the following address: NED Business Sp. z o.o. with registered office in Gdańsk (postal code: 80-241), Al. Grunwaldzka No. 56, Lokal 113, by e-mail to the following address: best@nedbusiness.com or by phone: (+48) 665 88 92 88 (fee as for a standard connection - according to the price list of the respective operator).