Offline courses in Nitra (Slovakia) will be held in April 26' / May 26' More informations HERE.
Book your workout in Bratislava or Nitra quickly HERE .
PERSONAL DATA PROTECTION TERMS
IDENTIFICATION DATA AND CONTACT DATA OF THE CONTROLLER
Business name: Face Fitness s. r. o.
Registered office: Kupecká 1357/16 949 01 Nitra
Registration number: 54158630
Responsible person: Ing. Milan Žiak
Contact: In case of questions regarding the protection of personal data, you can contact us at the following contact details:
Tel: +421 911 670 011,
Email: INFO@WAAUI.COM.
We handle your personal data responsibly and therefore in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "GDPR") and Act No. 18/2018 Coll. on the protection of personal data and on amendments and supplements to certain acts (hereinafter referred to as the "Act"), makes available to you as the data subject (the natural person whose personal data is processed) on its website, in addition to its identification and contact details and the contact details of the responsible person, other necessary information.
In accordance with Article 24 of the GDPR and the provisions of Section 31 of the Act, we have adopted appropriate technical, organizational, personnel and security measures and guarantees, which take into account in particular:
the principles of personal data processing, which are lawfulness, fairness and transparency, limitation and compatibility of the purposes of personal data processing, further minimization of personal data, their pseudonymization and encryption, as well as integrity, confidentiality and availability;
the principles of necessity and proportionality (also applies to the scope and amount of personal data processed, the retention period and access to the personal data of the data subject) of personal data processing with regard to the purpose processing operation;
the nature, scope, context and purpose of the processing operation;
the resilience and recovery of personal data processing systems;
instructions to the controller's authorised persons;
taking measures to establish without delay whether a personal data breach has occurred and
promptly inform the supervisory authority and the responsible person;
taking measures to ensure the rectification or erasure of inaccurate data or the exercise of
other rights of the data subject;
risks of varying likelihood and severity for the rights and freedoms of natural persons (in particular
accidental or unlawful destruction of personal data, loss or alteration of personal data, misuse of personal data - unauthorised access or unauthorised disclosure, risk assessment with regard to the origin, nature, likelihood and severity of the risk in relation to the processing and to identify the best practices for mitigating the risk).
PURPOSE OF PROCESSING PERSONAL DATA, LEGAL BASIS FOR PROCESSING PERSONAL DATA, SCOPE OF PROCESSED PERSONAL DATA
We only collect from you the data that we absolutely need to provide a full-fledged service - i.e. when providing client support or presenting our services and products.
The purposes of processing personal data in individual process steps are:
When communicating with clients by phone, in person, or by electronic/paper mail, we process data pursuant to Art. 6, para. 1, letter f) of the GDPR Regulation - legitimate interest in order to respond to your inquiry/inquiry or question regarding the services provided and products supplied, when it is necessary to verify the relevance of the request or to make any subsequent contact with you as the data subject,
In the event of interest in our services, when placing an order by phone, in person, or by electronic/paper mail, we process data pursuant to Art. 6, para. 1, letter b) GDPR Regulation – where data processing is necessary to carry out the necessary measures according to your requirements as the customer before concluding and confirming the contractual relationship, i.e. during the pre-contractual relationship process,
After the contractual relationship between us and you as the data subject, the customer / client, during the necessary cooperative communication, when informing about changes in the status of the order, or when preparing and issuing a tax document (invoice), we process data pursuant to Art. 6, para. 1, letter b) GDPR Regulation – where data processing is necessary for the fulfillment of the contractual relationship, to which you as the data subject, the client, are a contracting party,
We process your personal data pursuant to Art. 6, para. 1, letter a) GDPR Regulation, or Section 13, para. 1, letter a) of the Act – the data subject has expressed consent to the processing of their personal data for one or more specific purposes:
List of processed personal data
Data necessary for registering clients for billing purposes:
Name, surname, title,
Residence, billing address, correspondence address,
Account number
Data necessary for registering concluded contracts, orders, accounting documents:
Name and surname, title
Date of birth
Personal identification number
E-mail address
Permanent residence address, or other correspondence address
Telephone number
ID card number
Data filled in based on consent:
Data on informed consent (health status, photo, ...)
LIST OF OUR INTERMEDIARY AND RECIPIENTS OF PERSONAL DATA
We process your data for our own purposes as the Controller. This means that we determine the purposes for which we collect your personal data, determine the means of processing and are responsible for their proper implementation.
When you visit our website, your data is also processed by another entity that is in the position of an intermediary or recipient:
- supplier of IT technologies and cloud services,
- supplier of services in the field of taxes and accounting.
TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANIZATION
There is no and is not intended.
PERIOD OF STORAGE OF PERSONAL DATA
Your personal data that we have processed or are processing pursuant to Art. 6 para. 1 letter b) of the GDPR Regulation - within the framework of fulfilling our obligations as a controller, s.r.o. towards customers and clients, we further process it in order to fulfill our legal obligations in the area of taxes and accounting, which arise from generally binding legal regulations (e.g. storing individual accounting records of your confirmed orders and invoicing for the purpose of delivering selected goods to your contact address pursuant to Act No. 431/2002 Coll. on Accounting, as amended, for cases of proving compliance with tax obligations pursuant to tax regulations Act No. 595/2003 Coll. on Income Tax, Act No. 563/2009 Coll. on Tax Administration, etc.), we must store it for the period specified by the relevant legal regulations. In any case, however, we follow the principle of minimizing the retention of personal data pursuant to Art. 5 para. 1 lit. e) GDPR and therefore your personal data that is not subject to archiving under special legal regulations will be deleted or anonymized.
Personal data processed pursuant to Art. 6, Para. 1, Letter a) GDPR – based on your consent to the processing of personal data, we process the data for a period of 3 years, or until you withdraw your consent.
Personal data processed pursuant to Art. 6, Para. 1, Letter f) GDPR – based on legitimate interest, which were obtained in response to your inquiry/inquiry or question regarding the services provided and products supplied, when it was necessary to verify the relevance of the request, or to make any subsequent contact with the client/data subject, after processing, were not subsequently forwarded to a pre-contractual or contractual relationship, are deleted immediately.
As the Controller, we will ensure the deletion of personal data without undue delay after: all contractual relationships between you and the Controller have been terminated; and/or
all your obligations towards the Controller have ceased; and/or
all your complaints and requests have been resolved; and/or
all other rights and obligations between you and the Controller have been settled; and/or
all processing purposes set out in legal regulations or processing purposes for which you have given us consent have been fulfilled, if the processing was carried out on the basis of the consent of the data subject; and/or
the period for which consent was granted has expired or the data subject has withdrawn his or her consent; and/or
the data subject's request for deletion of personal data has been granted and one of the reasons justifying the granting of this request has been met; and/or
a decisive legal event has occurred for the termination of the purpose of the processing and at the same time the
protective retention period defined with regard to the principle of minimization of the storage period
of personal data has also expired;
and at the same time the legitimate interest of the Operator no longer exists, all obligations of the Operator
set out in generally binding legal regulations that require the retention of the personal data of the data subject (in particular for the purposes of archiving, tax audit, etc.) have ceased to exist, or which would not be possible to fulfil without their retention.
We do not systematically process any accidentally obtained personal data for any purpose defined by us in any case. If possible, we inform the data subject to whom the accidentally obtained personal data belong about their accidental acquisition and, depending on the nature of the case, we will provide them with the necessary cooperation leading to the restoration of control over their personal data. Immediately after these necessary actions aimed at resolving the situation, we will immediately and securely destroy all accidentally obtained personal data.
If you are interested in further information about the specific retention period of your personal data, please contact us using the contact details provided on our website.
INSTRUCTION ON THE RIGHTS OF THE DATA SUBJECT
In accordance with Articles 13 – 21 of the GDPR (Articles 19-27 of the Personal Data Protection Act), you as a data subject have the following rights:
the right to request from the controller access to personal data concerning you and
confirmation as to whether personal data concerning you are being processed (Article 15 of the GDPR),
the right to have your incorrect or incomplete personal data rectified (Article 16 of the GDPR),
the right to have your personal data erased if the purpose of their processing has ceased or if any of the conditions of Article 17 of the GDPR are met,
the right to restrict the processing of personal data in cases pursuant to Article 18 of the GDPR,
the right to object to the processing of personal data in cases pursuant to Article 21 of the GDPR,
the right to data portability in cases pursuant to Article 20 of the GDPR,
the right to file a complaint with the supervisory authority - the Office for Personal Data Protection of the Slovak
Republic, with its registered office at: Hraničná 12, 820 07 Bratislava 27, Slovak Republic - the right to file a motion to initiate proceedings pursuant to Section 100 of the Act. More information can be found at: www.dataprotection.gov.sk.
You can exercise your rights with the operator using the contact details provided in the header of this document. For this purpose, you can use the Form for exercising the rights of the data subject, which is located at the facility. If you have any questions, do not hesitate to contact us.
AUTOMATED DECISION-MAKING INCLUDING PROFILING
When processing personal data for the given purpose, the operator does not use automated individual decision-making or profiling.