Taking into consideration your right to personal data protection during the use of the website, including the training portal and the online store, as well as the mobile application operated by PelviFly Sp. z o.o., we have undertaken the legal, technical and organizational steps for best protection of the provided personal data.
This privacy and cookies policy (hereinafter: “Policy”) sets forth the rules of processing and protecting the personal data of users of the Pelvifly.com website available at Pelvifly.com domain, including the training portal, the online store, as well the web pages associated with pelvifly.com, i.e. pelvicoach.com, kegelninja.com (hereinafter: “Website”). The Policy sets out also the rules of using cookies in the above Website. The provisions of the Policy also apply to the mobile applications “PelviFly – Kegel Ninja exercises” and “PelviFly” – hereinafter referred to jointly as the “Application”. Before starting to use the Website and the Application, its users (hereinafter: “Users”) are obliged to become familiar with and accept the provisions of the Policy.
I. Personal data controller
The personal data controller of the users of the Website and the Application is Pelvifly Sp. z o.o.with its registered office in Warsaw, at ul. Postępu 15, 02-676 Warsaw, Poland, entered into the register of entrepreneurs of the National Court Register maintained by the District Court for the capital city of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under KRS number: 0000605721, NIP (tax identification number): 7010556300, REGON (statistical number): 363884963, share capital in the amount of PLN 200.000,00 (hereinafter: “Controller”). The Data Controller has appointed the Data Protection Officer. The Data Protection Officer is available at the e-mail address: email@example.com or by post at the Controller’s address: PelviFly sp. z o.o. ul. Postępu 15, 02-676 Warszawa, Poland.
II. Applicable regulations
GDPR – Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
Data Protection Act – Act of 10 May 2018 on the protection of personal data;
Telecommunications Law – Act of 16 July 2004 Telecommunications law;
Electronic Services Act – Act of 18 July 2002 on the provision of services by electronic means;
Accounting Act – Act of 29 September 2004 on accounting;
Civil Code – Act of 23 April 1964 Civil Code.
III. Data processing
- The Controller processes the Users’ personal data (hereinafter referred to as the: “Data”) in order to enter into, amend or terminate the legal relationship to provide services on the Website and in the Application.
- The Data processed by the Controller is provided by the User voluntarily at the time of registration on the Website or in the Application and upon commencing the use of the relevant service, including the online store and the training portal. The Controller shall use its best efforts in order to collect the Data necessary for the proper operation of the Website and the Application in a manner not burdensome for the Users. The Controller also makes sure that the Users provided only the Data in the scope necessary for the proper operation of all functionalities of the Website and the Application.
- The User provides the Data processed by the Controller on a voluntary basis, in particular during the registration in the Website or in the Application, upon the commencement to use the services or during using them. Failure to provide the Data required in the registration process makes registration impossible as well as use of the Website, the Application or some of their functionalities.
- The Controller processes the Data on the basis of the consent granted by the User during the registration, before beginning to use the particular services or on a statutory authorization to process the Data necessary to provide the services.
- The Controller ensures protection of Data against unauthorised access, unauthorised removal and processing in violation of the applicable regulations, in particular the GDPR. The Controller uses organisational and technical means for that purpose in accordance with the applicable standards. In any matters relating to personal data protection, the data subject can contact the Data Protection Officer at: firstname.lastname@example.org or by mail at the Controller’s address.
IV. Purposes of data processing
The Controller collects the Data for the following purposes:
- contact with the Users according to the User’s request pursuant to Article 6(1)(b) of the GDPR in conjunction with Article 172 of Telecommunications Law in conjunction with Article 10(2) of the Electronic Services Act;
- sending newsletters and other materials regarding the Controller’s products and services pursuant to art. Article 6(1)(f) of the GDPR (legitimate interest of the Controller, i.e. direct marketing) in conjunction with Article 172 of Telecommunications Law in conjunction with Article 10(2) of the Electronic Services Act. The User who subscribed to the newsletter may at any time unsubscribe from it;
- provision of services in regard to the pelvic floor exercises through the Website and the Application pursuant to Article 6(1)(b) in conjunction with Article 9(2)(a) of the GDPR, in particular the provision of health survey verification service and provision of training, depending on the selected training option;
- sale of products via online store in the Website and delivery of ordered products pursuant to Article 6(1)(b) of the GDPR;
- provision of access to the Website – in this regard, the Controller shall use the cookies referred to in point IX below;
- contact by e-mail, SMS message, notification in the chat in the Application and as a push function in the Application to remind of the upcoming training date pursuant to Article 6(1)(b) and (f) of the GDPR (legitimate interest of the Controller, which is the service care of the User);
- contact with the User by telephone or e-mail to clarify the issues related to the provision of services by the Controller pursuant to art. Article 6(1)(b) and (f) of the GDPR (legitimate interest of the Controller, which is the service care of the User);
- enforcing claims stemming from economic activity pursued on the basis of Article 6(1)(b) and (f) of the GDPR, as legitimate interest of the Controller, i.e. enforcing claims and defence of its rights;
- keeping accounting books by the Controller and complying with the tax laws, including for the purposes of issuing invoices for devices sold pursuant to Article 6(1)(c) of the GDPR in conjunction with Article 74(2) of the Act of 29 September 1994 on accounting;
- carrying out business analytics by the Controller in order to analyse the use of the Website and the Application by the Users, among others the popularity of particular services pursuant to Article 9(1)(f) GDPR, the legitimate interest of the Controller being the improvement of quality of rendered services.
V. Scope of processed Data
Users who wish to receive the newsletter from the Controller shall provide their e-mail address. The Controller can contact Users by e-mail or by phone if the Users provide their e-mail address and phone number and give their consent to contacting them by phone or e-mail.
By creating an account in the Website and in the Application, the User shall provide their name, phone number, address and e-mail address. The Controller collects the following data of users for the purpose of rendering the services connected with the Application and the device indicated on the Website: data necessary to identify the User and the data included in the survey concerning the condition of the pelvic floor muscles allowing to carry out exercises by the User pursuant to the purchased training package. Such Data include, in particular, information about the age, number of given births, information on the urination frequency. The Data provided in the survey can only be accessed by persons authorised by the Controller.
The provision of the Data to the Controller is voluntary, however necessary for providing services by the Controller and for sending information about the Controller’s products and services or for other contact from the Controller in the case of giving such consent.
VI. Data retention period
The Controller shall process the Data for the period of rendering the services to the User. The Data processed for the purpose of enforcing claims shall be kept for a claim prescription period resulting from the regulations of the Civil Code. The Controller shall process the personal data for accounting purposes and for tax reasons for 5 years counted from the end of the calendar year in which the tax obligation emerged. The remaining Data shall be kept for a period necessary for the Controller to carry out a particular activity, unless the regulations in force state otherwise. Processing of personal data for the purpose of sending a newsletter or other contact on the part of the Controller will take place until the User withdraws their consent to receive commercial information via e-mail or telephone. At the end of the above-mentioned periods, the User’s Data is deleted or anonymised.
VII. User’s rights
- The User has the right to access the contents of the Data and to rectify the contents of the Data. The User has the right to object to the processing of the Data.
- The Controller shall provide the User with the possibility of erasing the User’s Data in the event of withdrawal from or termination of the agreement with the Controller, as well as in other cases arising from the applicable law, subject to clause VII.3 below.
- The Controller may refuse to erase the Data if the User has not paid all amounts due to the Controller or has breached the Terms and Conditions of the Website, of the Application or the applicable law, where retaining such Data is required to clarify the circumstances and determine the User’s liability. The Controller may refuse to remove the Data if authorised or obliged to do so by the applicable law.
- In order to exercise their rights, the User shall contact the Controller at the e-mail address: email@example.com or send a letter by mail to the Controller’s address.
- The User can request a transfer of their Data to another Controller.
- The User has a right to bring a complaint to the regulatory authority supervising the compliance with the personal data protection regulations – President of the Personal Data Protection Office.
VIII. Entrusting and sharing of personal data
The recipients of the personal data of the Website or Application Users may be the relevant state authorities acting pursuant to the generally applicable laws. In addition, the personal data of Users may be provided to entities processing personal data on behalf of the Controller, inter alia, IT service providers, telephone communications service providers – whereby, such entities process data under the agreement with the Controller and only in accordance with the Controller’s instructions. Moreover, personal data will be processed by the Controller’s employees or contractors authorised in this respect. In particular, a specialist in the field of pelvic floor exercises cooperating with the Controller can have the access to the User’s Data in the Website and the Application, including the survey concerning the pelvic floor muscle condition, in order to render the services to the Users.
- Cookies are small text files saved on the IT equipment which the User uses during browsing the Website’s content in order to ensure the correctness of operation and optimum use of the Website’s functionality.
- The information collected when using cookies also allows to adjust using the Website to individual needs and preferences of the User, to maintain the User’s session on the Website after logging in and to develop general statistics concerning the use of the Website in order to improve the Website’s structure and content. The Data collected when using cookies is of a collective nature and is not used to individualise the User.
- The cookies used as part of the Website are divided into persistent and session cookies. Persistent cookies are stored on the end device of the User of the Website for a period of time specified in their own parameters or until deleted by the User. Session cookies are temporary files that are automatically deleted after the User logs out of the Website or closes the web browser.
- The Website uses the following cookies:
- essential – the files necessary for proper operation of the Website;
- functional – the files ensuring access to specific functionalities operating as part of the Website which, in the case of their deactivation, may be limited; they also allow to remember the settings selected by the User while using the Website;
- efficiency – cookies used to collect the information about the method in which the Users use the Website and to enhance their operation as well as to facilitate the use of the Website by the Users, without collecting the information enabling their identification;
- advertising – cookies used to test the interest of Website’s Users in advertisements displayed on it and collection of the Data in this scope which can be subsequently used for adapting the content of advertising materials to User preferences.
- Each User of the Website may manage the cookies through the appropriate configuration of the web browser settings. It is usually possible to change the settings of the web browser in the tab “options”, “Internet options” or similar, depending on the type of the used web browser.
- The User has also the possibility of disabling the option of accepting the cookies in the web browser. However, this operation may result in preventing the User from using the Website or its selected functions or hinder its use.
- The User of the Website may change the settings of the web browser with regard to handling of the cookies at any time.
- In the case of any Policy-related questions, please send them to the following address: firstname.lastname@example.org.
- For statistical purposes, the Website uses Google Analytics to collect and store data about the characteristics and activities of the Website’s visitors.
- Data obtained in connection with the use of analytics tools, such as Google Analytics, is anonymised and not intended to identify the User. The Controller will not merge, or permit any third party to do so, any Google Analytics data with the Users’ personal Data obtained in connection with their use of the Website or the services offered through it. The Controller also uses the services of Hotjar to analyse the traffic on the sites of the Website. It also uses Facebook pixels for analysis of traffic from the portal Facebook.com to websites of the Controller.
X. Final provisions
- The Controller has the right to process information characterising how the User uses the electronically provided service. The Controller is also in possession of the information contained in access logs, in particular the Users’ IP addresses collected during Internet connections, which may be used for technical and statistical purposes.
The Controller is not responsible for the privacy policies on sites other than the Website accessed by the User.
- This policy is available on the website pelvifly.com and, in paper form, at the Controller’s registered office.
- Any amendments to the Policy in connection with, for example, changes in the applicable law or development of the relevant technologies may be made in the same manner as amendments to the Website’s Terms and Conditions.