EN_polityka_prywatności MeShape

PRIVACY POLICY OF MESHAPE.APP


  1. GENERAL PROVISIONS

  2. LEGAL BASIS FOR DATA PROCESSING

  3. PURPOSE, BASIS, PERIOD, AND SCOPE OF DATA PROCESSING

  4. RECIPIENTS OF DATA IN THE APPLICATION

  5. PROFILING IN THE APPLICATION

  6. RIGHTS OF THE DATA SUBJECT

  7. COOKIES IN THE APPLICATION, OPERATIONAL DATA, AND ANALYTICS

  8. FINAL PROVISIONS


  1. GENERAL PROVISIONS

    1. The Privacy Policy of MeShape.app is informational in nature (it does not impose obligations on Users). The Privacy Policy primarily consists of rules regarding the processing of personal data by the Administrator, including the legal basis, purposes, and scope of personal data processing, the rights of data subjects, as well as information on the use of cookies and analytical tools in the application.

    2. The Administrator of personal data collected through the application is HEALTH TECHNOLOGIES SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, with its registered

      office in Białystok (registered office address: ul. Świętego Rocha 14A/48, 15-879 Białystok; delivery address: ul. Świętego Rocha 14A/48, 15-879 Białystok); entered into the Register of Entrepreneurs of the National Court Register under KRS number 0000576227; the registry court storing the company’s documentation is the District Court in Białystok, XII Commercial Division of the National Court Register; Tax Identification Number (NIP): 9662099568; National Business Registry Number (REGON): 362512946; email address: [email protected] – hereinafter referred to as the “Administrator” and simultaneously the Service Provider of the application.

    3. Personal data is processed by the Administrator in accordance with applicable legal regulations, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or “GDPR Regulation”. The official text of the GDPR Regulation is ava ila ble a t : h tt p: //e ur-lex.e uropa.e u/le gal-c on te n t/P L/TXT/? uri=CELEX%3A32016R0679.

    4. Using the application, including entering into contracts, is voluntary. Providing personal data by a User of the application is also voluntary, except in two situations:

      1. Entering into contracts with the Administrator – failure to provide the personal data necessary to conclude and perform a contract for the provision of an Electronic Service with the Administrator results in the inability to conclude such a contract. In this case, providing personal data is a contractual requirement, and if the data subject wishes to enter into a contract with the Administrator, they are obliged to provide the required data. The scope of data required to conclude a contract is specified in the application and in the application’s Terms and Conditions.

      2. Statutory obligations of the Administrator – providing personal data is a statutory requirement arising from generally applicable legal provisions imposing an obligation on the Administrator to process personal data (e.g., processing data for the purpose of maintaining tax or accounting records), and failure to provide it will prevent the Administrator from fulfilling these obligations.


    5. The Administrator exercises special care to protect the interests of individuals whose personal data it processes and, in particular, is responsible for and ensures that the data it collects is:

      1. Processed lawfully;

      2. Collected for specified, lawful purposes and not subjected to further processing incompatible with those purposes;

      3. Factually correct and adequate in relation to the purposes for which it is processed;

      4. Stored in a form that allows identification of data subjects for no longer than necessary to achieve the purpose of processing;

      5. Processed in a manner ensuring appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures.

    6. Taking into account the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity of infringement of the rights or freedoms of individuals, the Administrator implements appropriate technical and organizational measures to ensure that processing complies with this regulation and can demonstrate such compliance. These measures are reviewed and updated as necessary. The Administrator applies technical measures to prevent unauthorized persons from acquiring or modifying personal data transmitted electronically.

  2. LEGAL BASIS FOR DATA PROCESSING

  1. The Administrator is entitled to process personal data in cases where – and to the extent that – at least one of the following conditions is met:

    1. The data subject has given consent to the processing of their personal data for one or more specific purposes;

    2. Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract;

    3. Processing is necessary to comply with a legal obligation incumbent on the Administrator; or

    4. Processing is necessary for the purposes of legitimate interests pursued by the Administrator or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, particularly where the data subject is a child.

  2. The processing of personal data by the Administrator requires at least one of the bases specified above each time. The specific bases for processing the personal data of application Users by the Administrator are detailed in the next section of the Privacy Policy – in relation to the specific purpose of personal data processing by the Administrator.


  3. PURPOSE, BASIS, PERIOD, AND SCOPE OF DATA PROCESSING

    The purpose, basis, period, and scope, as well as the recipients of personal data processed by the Administrator, arise from the actions taken by a given User in the application. The Administrator may process personal data in the application for the following purposes, on the following bases, for the following periods, and within the following scope:


    Scope of Processed Data

    Purpose of Data Processing

    Legal Basis for Processing and Retention Period

    Name and surname; email address; residential address

    Performance of a sales contract and/or contract for the provision of an Electronic Service or taking steps at the request of the data subject prior to entering into such contracts

    Article 6(1)(b) GDPR (performance of a contract). Data is retained for the period necessary to perform, terminate, or otherwise expire the concluded contract.

    Email address

    Direct marketing

    Article 6(1)(f) GDPR (legitimate interest of the administrator). Data is retained for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims against the data subject arising from the Administrator’s business activities. The limitation period is determined by legal provisions, in particular the Civil Code (the basic limitation period for claims related to business activities is three years). The Administrator cannot process data for direct marketing purposes if the data subject has effectively objected to such processing.

    Name; email address

    Marketing

    Article 6(1)(a) GDPR (consent). Data is retained until the data subject withdraws consent for further processing for this purpose.

    Name and surname; residential address of the User or Client

    Maintaining accounting records

    Article 6(1)(c) GDPR in conjunction wi th Ar ti cl e 74(2) o f th e Accounting Act of January 30, 2018 (Journal of Laws of 2018, item 395). Data is retained for the period required by law mandating the Administrator to keep accounting records (5 years, starting from the beginning of the year following the financial year to which the data pertains).

    Name and surname; email address; residential address

    Es t ablishing , pursuing , or defending c l a ims that the Administrator may raise or that may be raised against the Administrator

    Article 6(1)(f) GDPR. Data is retained for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims against the data subject arising from the Administrator’s b u s i n e s s a c t i v i t i e s . T h e limitation period is determined by legal provisions, in particular the Civil Code (the basic limitation period for claims related to business activities is three years).

  4. RECIPIENTS OF DATA IN THE APPLICATION

  1. For the proper functioning of the application, the Administrator must use the services of external entities. The Administrator only engages processors that provide sufficient guarantees of implementing appropriate technical and organizational measures to ensure that processing complies with GDPR requirements and protects the rights of data subjects.

  2. Data transfer by the Administrator does not occur in every case or to all recipients or categories of recipients listed in the Privacy Policy – data is transferred only when necessary to achieve a specific processing purpose and only to the extent required to fulfill it.

  3. Personal data of application Users may be transferred to the following recipients or categories of recipients:

    1. Entities processing electronic or card payments – The Administrator shares the collected personal data of the Client with the selected entity handling such payments in the application at the Administrator’s request, to the extent necessary to process the payment made by the Client.

    2. Providers of accounting, legal, and advisory services supporting the Administrator with accounting, legal, or advisory assistance (in particular accounting firms, law firms, or debt collection agencies) – The Administrator shares the collected personal data of the User with the selected provider acting on its behalf only when and to the extent necessary to achieve the specific processing purpose consistent with this Privacy Policy.

  4. – On our pages, third parties place information in the form of cookies and other similar technologies on your end device (e.g., computer, smartphone) and access them. These are our trusted partners with whom we continuously cooperate to tailor advertisements on our and their sites to your needs and interests, as well as services provided by us and our trusted partners. Such a trusted partner includes entities from the Wirtualna Polska capital group. Detailed information on the processing of your data by Wirtualna Polska can be found in Wirtualna Polska’s privacy policy.


  5. PROFILING IN THE APPLICATION

    1. The GDPR imposes an obligation on the Administrator to inform about automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR, and – at least in these cases – to provide relevant information about the principles of such decision-making, as well as the significance and anticipated consequences of such processing for the data subject. With this in mind, the Administrator provides information regarding possible profiling in this section of the Privacy Policy.

    2. The Administrator may use profiling in the application, primarily for purposes related to improving the application’s functionality by identifying and eliminating errors that may occur during Users’ activities within the application. However, the Administrator also reserves the right to use profiling for direct marketing purposes, but decisions based on it do not involve denying the possibility of using Electronic Services in the application. The effects of profiling in the application may include, for example, offering a discount to a specific person, sending them a discount code, reminding them of unfinished purchases, suggesting a Product that may match their interests or preferences, or offering better terms compared to the standard offer.

    3. Profiling involves the automatic analysis or prediction of a given person’s behavior on the application’s site, e.g., by analyzing their previous activity history within the application.

    4. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.


  6. RIGHTS OF THE DATA SUBJECT

    1. Right of access, rectification, restriction, erasure, or portability – The User has the right to request from the Administrator access to their personal data, its rectification, erasure, or restriction of processing, and has the right to object to processing, as well as the right to data portability. Detailed conditions for exercising these rights are set out in Articles 15-21 of the GDPR.

    2. Right to withdraw consent at any time – The User has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

    3. Right to lodge a complaint with a supervisory authority – The User has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.

    4. Right to object – The data subject has the right to object at any time – for reasons related to their particular situation – to the processing of their personal data based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the administrator), including profiling based on these provisions. In such a case, the Administrator may no longer process such personal data unless it demonstrates compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject, or grounds for establishing, pursuing, or defending claims.

    5. Right to object to direct marketing – If personal data is processed for direct marketing purposes, the User has the right to object at any time to the processing of their personal data for such marketing, including profiling, to the extent that the processing is related to such direct marketing.

    To exercise the rights outlined in this section of the Privacy Policy, you may contact the Administrator by sending an appropriate message in writing or by email to the Administrator’s address provided at the beginning of the Privacy Policy or by using the contact form available in the application.


  7. COOKIES IN THE APPLICATION, OPERATIONAL DATA, AND ANALYTICS

  1. Cookies are small text files sent by a server and stored on the device of the person visiting the application. Detailed information about cookies and their history can be found, among other places, here: http://en.wikipedia.org/wiki/HTTP_cookie.

  2. The Administrator may process data contained in cookies when visitors use the application for the following purposes:

    1. Identifying Users as logged into the application and indicating that they are logged in;

    2. Remembering data from completed Order Forms, surveys, or login details for the application;

    3. Customizing the application’s content to the User’s individual preferences (e.g., regarding colors, font size, page layout) and optimizing the use of the application’s pages;

    4. Conducting anonymous statistics on how the application is used;

    5. Remarketing, i.e., analyzing the behavioral characteristics of application visitors through anonymous analysis of their actions (e.g., repeated visits to specific pages, keywords, etc.) to create their profile and deliver advertisements tailored to their anticipated interests, including when they visit other websites in the advertising network of Facebook Ireland Ltd.

  3. By default, most web browsers available on the market accept cookies. Everyone can define the conditions for using cookies through their browser settings.

  4. The browser settings regarding cookies are significant in terms of consent to the use of cookies by us in the application – according to regulations, such consent may also be expressed through browser settings. If such consent is not given, the browser settings regarding cookies should be adjusted accordingly.

  5. Detailed information on changing cookie settings and deleting them in the most popular web browsers is available in the browser’s help section.

  6. The Administrator may use Google Analytics services in the application, provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). These services help the Administrator analyze traffic in the application. The collected data is processed within these services in an anonymized manner (so-called operational data that prevents identification of individuals) to generate statistics useful for administration. This data is aggregate and anonymous, i.e., it does not contain identifying features (personal data) of individuals visiting the application’s site. When using these services in the application, the Administrator collects data such as the sources and medium of acquiring visitors, their behavior on the application’s site, information about the devices and browsers they use to visit the site, IP and domain, geographic data, and demographic data (age, gender) and interests.

  7. It is possible for a person to easily block the sharing of information about their activity in the application with Google Analytics – for this purpose, they can install a browser add-on provided by Google Inc., available here: https://tools.google.com/ dlpage/gaoptout?hl=en.


  8. FINAL PROVISIONS

  1. The MeShape.app application may contain links to other websites. After navigating to other sites, the User should familiarize themselves with the privacy policy established there. This Privacy Policy applies only to the Administrator’s application.