PRIVACY POLICY
This Privacy Policy was drawn up based on the legal provisions in force, in particular the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, hereinafter referred to as “GDPR”.
Liftone highly respects your privacy. Therefore, in order to use the app Facegroovin’ we extract and process data only to the extent necessary to ensure proper and safe use of the app, maintain its reliability and development, so that it could be even better. Data are processed in a mobile and central app only to the extent necessary for its proper operation, whilst data are not transmitted to other entities without your consent, except as described below. In particular, we don’t register and don’t extract from a mobile device any picture from the device camera. Data are processed on servers located in Poland, in data centers secured in accordance with the applicable data protection standards, and data can be accessed only by persons we have authorized. For the purposes of analyzing the app use and development, we use anonymized data. Data transmission all the way from the device to our infrastructure is encrypted in accordance with the current data transmission security requirements. However, we don’t have any influence on security of the device on which you are using Facegroovin’. In order to prevent data from being stolen from a mobile device, remember about its proper configuration, especially the protection against unauthorized access, the settings of access to camera and microphone, and about not installing apps from unknown or unreliable sources and avoiding the use of unknown internet connections (e.g. public hot spots).
PERSONAL DATA
The controller of personal data is Liftone Sp. z o.o. having its registered office in Szczecin, address: Pelikana 23 apt. 6 (71-698 Szczecin), entered into the Register of Entrepreneurs maintained by the District Court in Szczecin-Centrum in Szczecin, XIII Commercial Division of the National Court Register under the number KRS 0000814242, NIP 8513243539, the share capital of which amounts to PLN 5,000.00, e-mail: help@facegroovin.com, hereinafter referred to as: the “Controller”).
The Controller collects the personal data of:
- hereinafter referred to collectively as „Users”.
In order to enable the use of Facegroovin’, the app (mobile app and Facegroovin’ server) processes the following personal data: first name, address, age, skin type, the area of the body being exercised, preferences relating to the target and selection of exercises and music, the subscribed workout plans, time, frequency and intensity of using the app, the use of specific exercises, music and videos, chats with trainers and their contents, linkage with the Google, Apple, Facebook, Spotify, Instagram accounts. If you initiate communication with a trainer using the chat integrated with the app, the content of any such communication will be processed. These data are gathered in the local app and in the central app located on our servers. Profiling will be carried out on the basis of statistics from use of particular elements of the app in order to suggest sets of exercises tailored to you.
The local app also uses access to the mobile device camera, however this access is used only to enable the function of virtual mirror, which makes it possible to observe your own face during workout. This picture is not transmitted outside the mobile device and is not saved anywhere.
For the purposes of analyzing how the app is used, developing and adjusting it to the needs, we also extract statistical, anonymized data, not interlinked with any specific person, such as the number of displays of particular sessions, the number of views of individual programs, the phrases searched, statistics of purchased subscriptions, statistics of the time of using the app and other statistical data mentioned below in the description of particular analytical plug-ins.
To provide the possibility to purchase the app, pay for the subscribed workout plans and gift cards, to log in, use music, sign up for newsletter, chat and push messages, to follow on Instagram, as well as to ensure smooth operation and development of the app, certain personal data are made available to our partners providing the said services:
In the case of ordering a visit to our beauty salon, Liftone Sp. z o.o. is the controller of the data entrusted within the framework of making a booking, while Booksy International Sp. z o.o. is the processor. You can find detailed information about the processing of personal data by Booksy here: https://booksy.com/pl-pl/p/privacy and the terms of use of the application can be found here: https://booksy.com/pl-pl/p/terms.
In case of purchase of access to the app via Google Play or Appstore by concluding an agreement for the provision of services by electronic means with the Controller, the user provides first name, e-mail address or data interlinked with Facebook, Google or Apple app.
Data provided by the user in connection with the conclusion of an agreement for the provision of services by electronic means with the Controller, are processed for the purpose of the performance of the agreement - ensuring a possibility to use the app and the services provided with the use of the app (Article 6 Par. 1 (b) GDPR) and billing for the services provided (Article 6 Par. 1 (c) GDPR).
Data provided in connection with setting up an account in the Facegroovin’ app and while using it will be processed for the period of realization of the agreement for the provision of services by electronic means on the user’s device and in the app on the Facegroovin’ server, and subsequently for a period not longer than 6 months or until the expiration of the period of limitation for claims under the concluded agreement. The Controller will store the documentation with the user’s personal details relating to billings for use of the app for a period of 5 years counting from the end of the financial year in which the tax liability arose.
In case of use of the website, we process the data necessary for proper operation of the website www.facegrovin.com and the data related to inquiries sent to the server, which comprise IP address, server date and time, information about the operating system, the web browser, its version and language settings, the sites from which the customer was redirected, name of the requested web page or file. The data saved in server logs are not associated with any specific person and form only an auxiliary material serving for administration of the app and the server, and they are not disclosed to anyone except the persons authorized to administer the server. For the purposes of smooth operation of the website, its development, analysis of use of the website and adjusting its functionalities to user needs, the website uses cookies, analytical technologies and social media plug-ins, which will be discussed individually.
In case of contact with the Controller through the contact form, the user provides first name, email address and the inquiry content. Providing personal data is voluntary but necessary to make contact.
Data provided through the contact form are used for the purpose of contact with the user. The legal basis for the processing of such data is consent given by the user (Article 6 Par. 1 (a) GDPR) for contact by means of electronic communication in response to the initiated contact, and our legitimate interests (Article 6 Par. 1 (f) GDPR) in responding to inquiries relating to our services and products. Furthermore, depending on the purpose of contact, the basis may be taking actions towards conclusion of an agreement (Article 6 Par. 1 (b) GDPR). After the contact is ended, the legal basis for data processing is the legitimate interest of the Controller (Article 6 Par. 1 (f) GDPR) in the form of archiving of correspondence for the purposes of demonstrating its course in the future, in particular for the purposes of demonstrating the user’s consent for contact and the defense of any potential user’s claims. Data are stored for the time necessary to respond to inquiries, to keep records of correspondence, when this results from its character, and for the time necessary to ensure the defense of claims.
If the user wants to sign up for newsletter or notifications, the user provides his or her email address by checking the signup option box during registration and using the newsletter signup form. Providing personal data is voluntary but necessary to sign up for newsletter or notifications.
Data provided when signing up are used for the purpose of sending newsletters or notifications containing information and news about care and our new products and services. The legal basis for the processing of such data is our legitimate interest – (Article 6 Par. 1 (f) GDPR), which is the marketing of our own products and services.
Data provided when signing up will be processed for the time of functioning of the service, unless the user explicitly objects by unchecking the box for selection of the option to sign up for newsletter or notifications in the app, clicking on the “Resignation” link in the newsletter or by writing to the address help@facegroovin.com. Nevertheless, resigning from the receipt of newsletter or notifications doesn’t lead to data removal from the Controller’s database. User data will be still stored in the Controller’s system for the time of using the app and for the time necessary for defense of any possible claims relating to sending of newsletter or notifications, in particular for the purposes of demonstrating the consent given by the user, which constitutes the Controller’s legitimate interest (Article 6 Par. 1 (f) GDPR).
The Controller attaches to each newsletter a JavaScript pixel, i.e. a file the size of which is one pixel, which is extracted while opening the newsletter from the Controller’s server. Data acquired as part of this extraction are related to the browser used by newsletter recipient, the click ID that provides information about the email address of newsletter recipient and the IP address of the same. The information is used for the purpose of statistical research on whether newsletters are opened, when they are opened and which links are clicked on. The information can be in technical terms assigned to particular newsletter recipients. Nevertheless, the Controller warrants that he doesn’t observe single users. The Controller uses the analyses of afore-mentioned data only for the improvement of his own products and services through recognition of user habits and for the adjustment of the content to their needs. The legal basis for the processing of such data is the legitimate interest of the Controller (Article 6 Par. 1 (f) GDPR), which is the marketing of our own products and services.
When you book appointments with our beauty salon we process your: name, surname, email address, mobile phone.
The legal basis for the processing of such data is taking actions to order a service (Article 6 Par. 1 (b) GDPR). Data will be stored for the time necessary to perform the service, demonstrate its proper performance and for the time necessary to ensure the defense of claims.
Use of the app or of the website is connected with a transmission of technical data to the server on which the app is stored and with recording them in the server logs. Logs are recorded and stored on the server.
Logs contain among others: time of using the app or the website, the functions in use, customer station data, technical data of the connection, information about errors occurred during the performance of the service.
The above data are used only for the purposes of administration of the app or the website. The content of such data is not disclosed to anyone except the persons authorized to administer the app and the server.
The User’s data may be processed by subcontractors of the Controller, i.e. entities the Controller uses to process data and provide services for the benefit of the User, namely:
User data being processed in relation to the app will not be transferred outside the area of the European Union to third countries, and if this situation occurs they will be transferred only to areas where user’s rights are protected in accordance with the principles laid down in GDPR, mostly to processors providing technologies that support the app, who apply data protection mechanisms consistent with GDPR, including the approved standard contractual clauses.
Due to the use of Google service, including analytical apps, “pixel” tool of the social networking site Facebook and the Apple app, the User’s data may be transferred to the United States of America (USA) in relation to their storage on American servers.
The companies: Apple, Google and Facebook process the personal data entrusted by data exporters based on Standard contractual clauses approved by EC and thus guarantee an appropriately equivalent level of data protection, as required under the provisions of the European Union law.
Users have the following rights:
The scope of each of a/m rights and the situations in which they can be used is determined by the general binding legal regulations, in particular the GDPR.
To receive answers to questions concerning the protection of personal data or the exercise of a/m rights you may contact the Controller via the electronic mail address help@facegroovin.com.
If data are processed based on the User’s consent, the User has the right to withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.
The User has the right to lodge a complaint with the supervisory authority engaged with the protection of personal data, when he or she considers that the processing is in breach of the legal regulations and the controller fails to react properly to his or her requests. At the address: https://uodo.gov.pl/pl/83/155 the User may find information how to lodge a complaint with the President of the Office of Personal Data Protection.
COOKIES, SOCIAL NETWORKING TOOLS AND SERVER LOGS
More detailed information about cookies is available at the website ciasteczka.org.pl.
The website uses analytic cookies of the tool Google Analytics on the basis of the Controller’s legitimate interest (Article 6 Par. 1 (f) GDPR), which consists in making statistics and analyzing them for the purpose of its optimization.
A cookie of Google Analytics generates the following information concerning the use of that internet site: browser type/version, the operating system in use, URL address (of the website previously visited), IP address, time of sending an inquiry to the server.
Google Analytics automatically gathers information about use of the website. The Controller uses the function of user’s IP address anonymization before forwarding it (the so-called IP masking). Google Analytics anonymizes the address as soon as technically feasible, at the earliest stage of the data collection network. After the IP anonymization it’s no longer possible to interlink the IP address with the user.
Information generated in cookies is sent to the Google server in the USA and stored there. An anonymized IP address is not interlinked with other Google data. Such information is also provided to third parties, if required by law or if third parties process the data to order.
Google Analytics removes its statistical data after 24 months. Reports drawn up on the basis of Google Analytics contain no reference to person.
The user may find more information concerning data processing by Google Analytics at the address: https://support.google.com/analytics/answer/6004245
The User may disable the activity measured by Google Analytics by installing a website plug-in, which is available at the address: https://tools.google.com/dlpage/gaoptout
We are using the platform Google Search Console, a tool intended for checking of website status, its visibility and optimization. We perform actions in this scope basing on our legitimate interest in the form of optimization of our internet sites (Article 6 Par. 1 (f) GDPR). This lets us monitor a site, its status of indexing by Google search engine and optimize its visibility in the web. Thanks to this, we obtain information about state of the website, its positioning, we may troubleshoot for errors occurring on the website, browse statistics of indexing by Google crawlers, analyze internal and external links to the website, eliminate defective links, analyze visibility of the website according to various key words, number of views, number of clicks, to receive notifications in case of virus infection or errors on the website. GSC performs its activity using data not interlinked directly with specific user visiting the website.
For more information about the functioning of Google Search Console go to: link.
We are using the tool Google Tag Manager provided by Google Ireland Limited. With the use of Google Tag Manager we control our advertising campaigns and your use of our sites. We perform actions in this scope basing on our legitimate interest in the form of marketing of own products and services and optimization of our internet sites (Article 6 Par. 1 (f) GDPR).
By the occasion of visits on our website, a Google cookie is automatically saved on your device, which file with the help of a pseudonymized ID and based on the sites you visit makes it possible to display interest-based advertisements, control their effectiveness and other actions relating to the control of your behavior on the website.
Further data processing takes place only when you authorized Google to connect the browsing history and use of the app with your account and to use information from your Google account to personalize the ads displayed on internet sites. If in this case during your visit on our website you are logged in to your Google account, Google will use your data together with Google Analytics data to create and define a list of target groups for remarketing purposes on various devices. For this purpose Google temporarily connects your personal data with Google Analytics data to create target groups.
You may deactivate the cookies used for remarketing in your Google account settings: https://adssettings.google.com. Furthermore, in cookies settings from the level of our website you may disable the use of cookies for remarketing purposes.
If you are interested in the details of data processing as part of Google Tag Manager, we encourage you to read Google privacy policy: https://policies.google.com/privacy.
On our website we are using Google Maps by Google Inc. Google Ireland Limited to specify our locations and make it easier to determine the route to our locations. When you are using Google Maps, your data are transmitted to Google and stored on Google servers.
Google maps is an internet map service provided by Google. Thanks to Google Maps you can search accurate locations of cities and addresses, monuments, accommodation facilities or businesses in the Internet with the use of a computer, tablet or app. If businesses are presented in Google My Business, apart from location you are provided with additional information about the business. In order to show the road to the target, map fragments of a given location can be integrated with the website using HTML code.
For Google Maps to be able to offer full services, your business must register and store data about you. They include the passwords entered, your IP address, as well as, depending on your device settings, approximate or accurate geographical coordinates. If you are using the route planning function, the initial address entered will be also saved. Data are stored within the Google Maps website. We have no influence on it, we may only inform you about it. Since we have integrated Google Maps with our website, Google places at least one cookie (name: NID) in your browser. That cookie stores data relating to user behavior. Google uses such data mostly to optimize its own services and provide personalized ads.
Google stores some data for a specified period of time. In case of other data, Google offers only an option of manual removal. The company anonymizes also information (such as advertising data) in server logs, removing part of IP address and information from cookies after 9 or 18 months.
Thanks to automatic removal of the data concerning location and activity, made available in 2019, information about location and activity in the web / app - depending on your decision - is stored for 3 or 18 months, and then erased. The said data can be manually erased from the history with the use of Google account. If you want to completely disable registration of your location, you must pause the session “Web & App Activity” on Google account. Click on the option Data and personalization and then click on the option Activity controls. Here you can turn activities on and off. You can also deactivate, remove or manage single cookies in your browser.
If you are interested in the details of data processing as part of Google Maps, we encourage you to read Google privacy policy: https://policies.google.com/privacy.
The website Facegroovin.com is using the so-called Facebook pixel on the basis of the Controller’s legitimate interest (Article 6 Par. 1 (f) GDPR), which consists in making statistics and analyzing them for the purpose of optimization of marketing activities and marketing of own products and services.
Facebook pixel in administered by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Facebook joined the program Privacy Shield and uses the approved standard contractual clauses and thus guarantees proper level of personal data protection, as required by the provisions of the European Union law.
Facebook pixel collects information whether the user of an internet site is registered in Facegroovin’ app.
In addition, with the pixel’s help, Facebook may designate visitors of an internet site as a target group of advertisements - the so-called “Facebook-Ads”. Facebook pixel is installed on the website, so that Facebook-Ads could be displayed only to the Facebook users who showed interest also in the Controller’s online offer or who are characterized by certain traits (e.g. interests in specific subjects or products, determined on the basis of visited internet sites), which the Controller send to Facebook – the so-called Custom Audiences. With the use of Facebook pixel the Controller wants to ensure that Facebook-Ads correspond to the potential interest of users.
Facebook pixel helps the Controller analyze efficiency of advertisements on Facebook for the purposes of statistical and market research, when he can see whether users after clicking on a Facebook ad were redirected to the Controller’s website - the so-called Conversion.
Facebook Inc. is an individual controller of the website user’s personal data, who processes the website user’s personal data regardless of the Controller’s purposes and legal basis for processing. Facebook Inc. will process the website user’s data depending on the Facebook terms read by that user and the consents given to Facebook.
The User may prevent his or her data from being gathered by Facebook pixel on the website by changing browser settings (see point 3 below).
On our internet sites we are using plug-ins and other social networking tools made available by social media sites such as Facebook or Instagram. The legal basis for use of plug-ins is Article 6 sec. 1 (f) GDPR.
There are Facebook icons on the website with links to service providers’ plug-ins. Clicking on them results in direct connection with servers of social networking site administrators (service providers). If you don’t click on the icons, the plug-ins are still inactive and as long as they are not clicked on they don’t transmit any data to providers of the sites.
The plug-in content is directly transmitted by a given service provider to your browser and is integrated with the website. Thanks to this integration, service providers receive information that your browser has displayed our website, even if you don’t have your profile on the site of a given service provider or you are not currently logged in. Such information (together with your IP address) is sent by your browser directly to a given service provider’s server (some servers are located in the USA) and stored there.
If you have logged in to one of the social networking sites, the service provider will be able to directly assign a visit on our website to your profile on a given social networking site.
If you are using a plug-in, e.g. by clicking on the button “Like” or “Share”, relevant information will be also sent directly to the server of a given service provider and will be saved there.
Furthermore, the information will be published in a given social networking site and will be visible for persons added as your contacts. The purpose and scope of data gathering and their further processing and use by service providers, as well as the possibility to contact and your rights in this regard and the possibility to make settings ensuring the protection of your privacy are described in privacy policies of particular service providers.
• Facebook – https://www.facebook.com/legal/FB_Work_Privacy,
• Instagram – https://pl-pl.facebook.com/help/instagram/196883487377501.
We don’t have any influence on the data being gathered and the data processing processes and we don’t know the full scope of data gathering, the purposes of processing and storage periods. We are not in the possession of information about the removal of data gathered by plug-in supplier. Plug-in supplier records the data collected in the form of user profile and uses them for advertising purposes and for the purposes of market research or optimization of his internet site in respect of user’s preferences.
Such analysis (comprising also the users not logged in to the service of plug-in supplier) is carried out to tailor ads to user interests and to inform other social networking site users about activities on our website. The user has the right to object to the creation of such user profiles, whereas in order to exercise this right he or she should contact the plug-in supplier.
Through the use of plug-ins we offer users a possibility to interact with social networking sites and with other users, which lets us improve our offer and make it more attractive for the user.
If you want social networking sites to assign the data collected during visits on our website directly to your profile on a given site, you must log out of that site before visiting our website. You can also completely disable loading of plug-ins on the website by using appropriate extensions for your browser, e.g. disabling scripts.
Links to third party sites can be used on our internet sites. Liftone Sp. z o.o. is not in control of any such site and is not liable for the processing of personal data there. Please read the privacy policies posted thereon before using any such site and before providing any personal data.
On our internet sites we are also using embedded content of other sites, e.g. Google Maps. Use of materials embedded on the website involves a transmission of data such as your IP, data of the device you are using, operating system, web browser, etc. to the websites of providers of such materials, same as use of any such website.
4. Server logs
Using the website is connected with a transmission of inquiries to the server on which the website is stored and with recording them in the server logs. Logs are recorded and stored on the server.
Logs contain: time of receipt of an inquiry, time of responding; name of customer’s station; information about errors that occurred during the realization of http transaction; URL address of the website visited by the user, when the website was entered through a link; information about user’s browser, its language and version, information about the operating system and its interface; IP address.
SAFEGUARDING YOUR PERSONAL DATA
We make every endeavor to ensure security of the processed personal details.
We are using, among others, the following measures to ensure data security:
CHANGES TO THE PRIVACY POLICY
This Privacy Policy can be changed, when the need or obligation to make changes results from the development of app functionalities, technological progress, amendments to relevant legal regulations or changes in the scope of data processing by the Controller.
This Privacy Policy was published on: 01 June 2021.