Privacy Policy

Last updated: January 1, 2025

This Privacy Policy describes how Pohyb Telo (referred to as "we", "us", "our") collects, uses, and shares your personal information when you visit or use our website at pohybtelo.live (the "Website"). We are committed to protecting your privacy and ensuring the security of your personal data. This policy applies to all users of the Website within the Slovak Republic (SK) and internationally, in compliance with the General Data Protection Regulation (GDPR) and applicable Slovak laws.

Please read this Privacy Policy carefully. By accessing or using the Website, you agree to the terms described herein. If you do not agree, please do not use our services.

1. Data Controller

The data controller responsible for your personal data is:

  • Entity name: Pohyb Telo s.r.o.
  • Registered address: Hlavná 123, 811 01 Bratislava, Slovak Republic
  • Email: privacy@pohybtelo.live
  • Phone: +421 2 123 4567

For any inquiries regarding your data, please contact us using the information above. We respond to all legitimate requests within 30 days.

2. Information We Collect

We collect information you provide directly to us, as well as information automatically collected when you use the Website. The categories of data include:

  • Personal identification data: Full name, email address, phone number, postal address (if provided).
  • Account data: Username, password (encrypted), profile preferences, and activity logs.
  • Payment data: Payment card details or bank account information when you purchase services. This data is processed by third-party payment processors and is not stored by us.
  • Usage data: IP address, browser type, operating system, referring URLs, pages visited, time spent, and interactions.
  • Cookies and tracking data: As described in Section 6.
  • Health-related data: If you voluntarily provide fitness goals, exercise preferences, or health conditions (e.g., for personal training), we treat this as sensitive data with explicit consent.

3. How We Use Your Information

We process your data for the following purposes based on legitimate interests, consent, or contractual necessity:

  • Service delivery: To provide, maintain, and improve the Website, including personal training sessions, fitness plans, and account management.
  • Communication: To respond to inquiries, send updates, news, offers (with consent), and administrative messages.
  • Payment processing: To process transactions and prevent fraud.
  • Analytics: To analyze usage trends, measure performance, and optimize user experience.
  • Compliance: To meet legal obligations, such as tax records or data breach notifications.
  • Marketing: With your explicit consent, to send promotional materials about our services.

4. Legal Basis for Processing

We rely on the following legal bases under GDPR:

  • Consent (Article 6(1)(a)): For cookies, health data, and marketing communications.
  • Contractual necessity (Article 6(1)(b)): For account creation and service provision.
  • Legal obligation (Article 6(1)(c)): For retaining records as required by Slovak law.
  • Legitimate interests (Article 6(1)(f)): For analytics, security, and fraud prevention.

5. Data Sharing and Disclosure

We may share your personal data with third parties only in the following circumstances:

  • Service providers: Hosting providers (e.g., AWS, located in EU), payment processors (e.g., Stripe), and analytics services (e.g., Google Analytics). All providers are bound by data processing agreements.
  • Legal authorities: When required by law, court order, or to protect our rights.
  • Business transfers: In case of merger, acquisition, or sale of assets, your data may be transferred to the new entity.
  • With your consent: For any other purpose you explicitly authorize.

We never sell your personal data to third parties.

6. Cookies and Tracking Technologies

Our Website uses cookies and similar technologies to enhance your experience. Cookies are small text files stored on your device.

We use the following types of cookies:

  • Essential cookies: Required for basic functionality (e.g., session management, security).
  • Preference cookies: Remember your settings (e.g., language, region).
  • Analytics cookies: Track user behavior to improve the Website (e.g., Google Analytics).
  • Marketing cookies: Deliver tailored ads (with consent).

You can manage cookies through your browser settings or our cookie consent tool. Disabling essential cookies may affect Website performance.

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined. The retention periods are:

  • Account data: Until you delete your account or after 12 months of inactivity.
  • Payment data: 10 years (for tax compliance).
  • Usage data: 24 months for analytics.
  • Cookies: As specified in our Cookie Policy.
  • Health-related data: Deleted after 6 months of inactivity unless renewed.

Data is securely deleted after retention expires.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS 1.2/1.3) and at rest (AES-256).
  • Regular security audits and penetration tests.
  • Access controls and staff training on data protection.
  • Secure hosting in data centers within the EU.

Despite these measures, no system is 100% secure. In case of a data breach, we will notify affected parties within 72 hours as required by law.

9. Your Rights Under GDPR

As a user in the Slovak Republic or EU, you have the following rights:

  • Right to access: Request a copy of your personal data.
  • Right to rectification: Correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): Request deletion of your data, subject to legal obligations.
  • Right to restrict processing: Limit how we use your data.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent: At any time, without affecting previous processing.
  • Right to lodge a complaint: With the Slovak Data Protection Authority (Úrad na ochranu osobných údajov), address: Hraničná 12, 820 07 Bratislava, email: dozor@pdp.gov.sk.

To exercise your rights, contact us at privacy@pohybtelo.live. We respond within 30 days.

10. International Data Transfers

We primarily store data within the European Economic Area (EEA). If we transfer data outside the EEA (e.g., to third-party providers), we ensure safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions under GDPR.

11. Children's Privacy

Our services are not directed at individuals under 16 years of age. We do not knowingly collect data from children. If you believe a child has provided us with data, please contact us, and we will delete it promptly.

12. Third-Party Links

The Website may contain links to external sites (e.g., social media, payment partners). We are not responsible for their privacy practices. We encourage you to review their policies before providing data.

13. Changes to This Privacy Policy

We may update this policy periodically. We will notify you via email or a prominent notice on the Website at least 14 days before changes take effect. The "Last updated" date at the top indicates the latest revision.

14. Governing Law

This Privacy Policy is governed by the laws of the Slovak Republic and the General Data Protection Regulation (EU) 2016/679. Any disputes shall be resolved in compliance with Slovak courts.

15. Contact Information

For questions, complaints, or data requests, please contact:

  • Data Protection Officer (DPO): Mgr. Anna Kováčová
  • Email: dpo@pohybtelo.live
  • Postal address: Hlavná 123, 811 01 Bratislava, Slovak Republic
  • Phone: +421 2 987 6543

We aim to resolve all inquiries within 30 days. If unsatisfied, you may contact the Slovak Data Protection Authority at the address above.

16. Specific Provisions for Slovakia (SK)

In accordance with Slovak Act No. 18/2018 on Personal Data Protection and amendment to other acts, we also note the following:

  • Consent for marketing is obtained via explicit opt-in mechanisms.
  • Health data is classified as special category data and processed only with explicit consent.
  • Data breach notifications are sent to the Slovak DPA within 72 hours.
  • You have the right to file a complaint directly with the DPA without prior contact.
  • Processing records are maintained as per Article 30 of GDPR.

17. Cookie Consent Management

When you first visit the Website, a cookie banner allows you to choose your preferences. You can adjust these via our Cookie Settings page at any time. Essential cookies are always active, while analytics and marketing cookies require your consent.

List of major cookies used:

  • PHPSESSID: Essential session cookie.
  • _ga: Google Analytics (persistent, 2 years).
  • _gid: Google Analytics (persistent, 24 hours).
  • cookie_consent: Stores your preference (1 year).

18. Automated Decision-Making

We do not use automated decision-making, including profiling, that significantly affects you. However, analytics tools may segment users for marketing purposes based on browsing behavior, but this does not produce legal effects.

19. How to File a Complaint

If you believe we have violated your data protection rights, please contact us first. Alternatively, you may lodge a complaint with the supervisory authority:

Úrad na ochranu osobných údajov Slovenskej republiky
Hraničná 12, 820 07 Bratislava, Slovak Republic
Email: dozor@pdp.gov.sk
Website: https://dataprotection.gov.sk

We value your trust and are committed to resolving any issues promptly.

20. Final Remarks

By using pohybtelo.live, you acknowledge that you have read and understood this Privacy Policy. We encourage you to review it periodically, as changes may occur. Thank you for trusting Pohyb Telo with your personal data.

This policy is available in Slovak and English. In case of discrepancy, the Slovak version prevails as per local law.