Privacy Policy and Cookies for SOLO Workout application

Effective date: February 1, 2021

1. INTRODUCTION

1.1 This Privacy Policy and Cookies (hereinafter Policy) is an integral part of the Rules and Regulations of using SOLO Workout application. All terms herein and spelt with capital letters shall have the same meaning as defined therein. Additionally, Policy provides for the following terms which mean the following:

● Location Data – an approximate geographical position or, by User’s consent, exact geographical position of User while using Application.

1.2. This Policy relates to using Service. Under this Policy, the term “using” means using, gaining access to, installing , logging in, connecting, downloading, visiting or browsing Service. All Users and other persons who download, gain access to, use or subscribe to Service give their consent to this Policy.

1.3. It is requested that you carefully read this Policy as gaining access and using Service means that User read, understood and agrees to all terms and conditions hereof. If User wishes not to give consent to any part of Policy or Rules and Regulations, User should not gain access to or continue to use Service nor send us his Personal Data by any other means.

1.4. Policy shall not relate to information collected by:

● us offline or by any other means, also on any other website operated by HKM or any third party; or

● any third parties, also by means of any application or content (including advertisements) which may contain links to Service or be accessible from Service or by means thereof, also by means of any type of a wireless device. If you use our Service on a third party platform or connect a third party device, you shall be subject to the privacy policy or terms and conditions of use of such platform or device. We shall bear no liability for the privacy policy, terms and conditions of use or services provided by such platforms or devices and we recommend that you acquaint yourself with any applicable rules before using such platforms or devices.

1.5. Service is not dedicated to children younger than 16. By means of Service persons under 16 may not transmit any personal or other information. We shall not knowingly collect Personal Data from children under 16. If you are less than 16 years old, you should not use or provide any information by means of Service or register with it. If we learn we collected or received Personal Data from a child under 16 without verifying parents’ consent, we shall remove such information. If you think we may hold any information from or about a child under 16, we request that you write to us via rodo@heavykinematic.com.

1.6. We reserve the right to amend this Policy, which may result from the need to align with amendments to law provisions or applicable privacy standards or an extension of our offer. In view of the above, we shall notify of any material amendments to our Policy by:

● placing the amended Policy in Application or by means thereof; or

● notifying Users in advance of any material amendments to Policy, generally, if possible, via an e-mail message, and otherwise by means of Service (e.g. by placing a notification in Application). Further use o

2. Data Controller of Users’ Personal Data is: HEAVY KINEMATIC MACHINES sp. z o.o. with its registered seat in Komorowo, 64-200 Komorowo, municipality: Wolsztyn, county: wolsztyński, province: wielkopolskie, Poland (Tax Identification Number [NIP]: 9231712219, REGON No.: 367706684), entered in the National Court Register kept by the District Court Poznań Nowe Miasto and Wilda in Poznań, I Economic Division under number: 0000685412, email: rodo@heavykinematic.com. Therefore, an entity liable for Users’ Personal Data processing in Application is: Heavy Kinematic Machines sp. z o.o. – hereinafter HKM.

3. Personal Data Supervisor. In order to increase the security of Users’ Personal Data we appointed Personal Data Supervisor, who may be contacted via iod@heavykinematic.com.

4. Information for European Union residents and persons staying on the territory of the European Union. In order to ensure the compliance with the European General Regulation on Data Protection (RODO), this Privacy Policy provides for the legal basis, by virtue of which we process the Personal Data of Application Users who are EU residents or stay in the EU. Privacy Policy provides such Users with information required by RODO.

5. Disclosing Personal Data related to other countries and regions. You may find below how we disclose your Personal Data depending on your place of residence.

5.1. Residents of Australia

We take reasonable measures so that Users’ Personal Data are correct and current. If User resides in Australia, he may file for gaining access to and changing the Personal Data which we collected about him. In order to gain access to his Personal Data, User shall write to us to the following address: HEAVY KINEMATIC MACHINES sp. z o.o. with its registered seat in Komorowo 4, 64-200 Komorowo, Poland or via rodo@heavykinematic.com.

We may charge for such service and we shall react to reasoned requests as soon as possible, each time within the time limit provided for by law.

Should there be any complaints from Users related to the way their Personal Data are handled we request that such Users contact our Personal Data Supervisor or write to: HEAVY KINEMATIC MACHINES sp. z o.o. with its registered seat in Komorowo 4, 64-200 Komorowo, Poland or via rodo@heavykinematic.com and describe such complaint in detail. We respond to complaints as soon as possible, each time within the time limit provided for by law.

5.2. Residents of China

Should there be any inquiries, comments or doubts related to the way Users’ Personal Data are handled we request that such Users contact our Personal Data Supervisor or write to: HEAVY KINEMATIC MACHINES sp. z o.o. with its registered seat in Komorowo 4, 64-200 Komorowo, Poland or via rodo@heavykinematic.com. Generally, Personal Data collected in China are stored in China. However, we provide Services by means of resources and servers located around the whole world (including the European Union), which means that Users’ Personal Data may be transmitted to another country / region outside China or accessible in another country / region outside China. The law provisions and rules related to Data protection and privacy in such countries / regions may not ensure the same level of protection as in China. In such event, HEAVY KINEMATIC MACHINES shall still protect Users’ Personal Data in line with the requirements of the Chinese law (e.g. we shall obtain User’s consent to transmitting his Personal Data or identify such data before transmitting). User may decide on not providing HEAVY KINEMATIC MACHINES with his Personal Data. In such event, User may not use Service fully.

5.3. Residents of Hong Kong

HEAVY KINEMATIC MACHINES shall take reasonable measures so that Users’ Personal Data are correct and current. If User resides in Hong Kong, he may file for gaining access to and changing the Personal Data which we collected about him. In order to gain access to his Personal Data, User shall write to us to the following address: HEAVY KINEMATIC MACHINES sp. z o.o. with its registered seat in Komorowo 4, 64-200 Komorowo, Poland or via rodo@heavykinematic.com. We may charge for such service and we shall react to reasoned requests as soon as possible, each time within the time limit provided for by law.

User’s consent to using and sharing Personal Data for marketing purposes: Use may decide on not providing HEAVY KINEMATIC MACHINES with his Personal Data. User may not, then, use Service fully. HEAVY KINEMATIC MACHINES may use User’s Personal Data in order to communicate with User in connection with the purchased or used HEAVY KINEMATIC MACHINES products or Services and notify of other products, discounts and services in which, in our opinion, User might be interested. We may also share Personal Data with our company group, advertising partner companies, commercial partners, sellers and suppliers who provide User with products and services for their own marketing purposes. Consent thereto may be granted by the means specified herein below.

How to give and withdraw consent: User may give consent in several ways including without limitation: (i) by selecting a checkbox to give consent to provide us with Personal Data by means of our services or a form (including the participation in discounts); or (ii) by checking a box to give consent to registering or creating an account with us. User may unsubscribe to marketing materials at any time free of charge.

5.4. Residents of Indonesia, Malaysia, the Philippines and Singapore

HEAVY KINEMATIC MACHINES shall take reasonable measures so that Users’ Personal Data are correct and current. If User resides in Indonesia, Malaysia, the Philippines or Singapore, he may file for gaining access to, changing or removing the Personal Data which we collected about him or object with respect thereto. In order to gain access to his Personal Data, User shall write to us to the following address: HEAVY KINEMATIC MACHINES sp. z o.o. with its registered seat in Komorowo 4, 64-200 Komorowo, Poland or via rodo@heavykinematic.com. Under the applicable law, we may charge for such service and we shall react to reasoned requests as soon as possible, each time within the time limit provided for by law. 5.5. Residents of Mexico Using services shall mean User giving consent to collecting, using and transmitting his Personal Data (pursuant to the law of Mexico) in order to process such data in the European Union as described herein. HEAVY KINEMATIC MACHINES shall take reasonable measures so that Users’ Personal Data are correct and current. If User resides in Mexico, he may file for gaining access to, changing or removing the Personal Data which we collected about him or object with respect thereto. In order to gain access to his Personal Data, User shall write to us to the following address: HEAVY KINEMATIC MACHINES sp. z o.o. with its registered seat in Komorowo 4, 64-200 Komorowo, Poland or via rodo@heavykinematic.com. Under the applicable law we may charge for such service and we shall react to reasoned requests as soon as possible, each time within the time limit provided for by law.

5.6. Residents of New Zealand

HEAVY KINEMATIC MACHINES shall take reasonable measures so that Users’ Personal Data are correct and current. If User resides in New Zealand, he may file for gaining access to, changing or removing the Personal Data which we collected about him or object with respect thereto. In order to gain access to his Personal Data, User shall write to us to the following address: HEAVY KINEMATIC MACHINES sp. z o.o. with its registered seat in Komorowo 4, 64-200 Komorowo, Poland or via rodo@heavykinematic.com. We may charge for such service and we shall react to reasoned requests as soon as possible, each time within the time limit provided for by law.

5.7. Residents of South Korea

HEAVY KINEMATIC MACHINES shall take reasonable measures so that Users’ Personal Data are correct and current. If User resides in South Korea, he may file for gaining access to, changing or removing the Personal Data which we collected about him or object with respect thereto. In order to gain access to his Personal Data, User shall write to us to the following address: HEAVY KINEMATIC MACHINES sp. z o.o. with its registered seat in Komorowo 4, 64-200 Komorowo, Poland or via rodo@heavykinematic.com. Under the applicable law, we may charge for such service and we shall react to reasoned requests as soon as possible, each time within the time limit provided for by law.

Under the applicable law of South Korea Personal Data shall be stored for the following time periods:

● Records related to contracts and agreements or their cancellation, and to payments and delivery of goods:

Reason for storage: The Consumers’ Protection in Electronic Trade Transactions Act etc.
Duration of data storage: five years

● Documentation of clients’ complaints or dispute settlement:

Grounds for storage: The Consumers’ Protection in Electronic Trade Transactions Act etc.
Duration of data storage: three years

● Data used for communication confirmation:

Reason for storage: The Protection in Communication Act
Duration of data storage: three months

● Records related to electronic financial transactions:

Reason for storage: The Electronic Financial Transactions Act
Duration of data storage: five years

● Method and procedure of Personal Data destruction: HEAVY KINEMATIC MACHINES shall store Users Personal Data: a) as long as it is required in order to provide User with Service and/or b) as long as it is required in order to comply with our legal obligations, settle disputes and enforce our contracts and agreements. Personal Data shall be destroyed when they are no longer required for the said purposes. The exact process and method of destruction are as follows: a) Personal Data printed on paper are shredded, burnt, pulped, powdered and reduced to ashes; or b) Personal Data stored in an electronic form are removed by means of the technology devised in order to prevent Personal Data retrieval.

5.8. Residents of Turkey Using e-trade services shall mean

User giving consent to collecting, using and transmitting User’s Personal Data collected by HEAVY KINEMATIC MACHINES as described herein.

Personal Data shared with HEAVY KINEMATIC MACHINES shall be protected by technical and organisational measures whose aim is to protect thereof from unauthorised access, theft and loss pursuant to sec. 12 of the Personal Data Protection Act no. 6698.

HEAVY KINEMATIC MACHINES shall take reasonable measures so that Users’ Personal Data are correct and current. User shall bear liability for the precision of the information provided to HEAVY KINEMATIC MACHINES and shall remember the above is important with respect to exercising his rights to Personal Data in line with the Personal Data Protection Act no. 6698 and other applicable law provisions. In order to update Personal Data, we request that User write to us to: HEAVY KINEMATIC MACHINES sp. z o.o. with its registered seat in Komorowo 4, 64-200 Komorowo, Poland or via rodo@heavykinematic.com.

If User resides in Turkey, he may file for gaining access to, changing or removing the Personal Data which we collected about him or object with respect thereto. In order to update Personal Data, User shall write to us to the following address: HEAVY KINEMATIC MACHINES sp. z o.o. with its registered seat in Komorowo 4, 64-200 Komorowo, Poland or via rodo@heavykinematic.com. Under the applicable law, we may charge for such service and we shall react to reasoned requests as soon as possible, each time within the time limit provided for by law.

If User’s Personal Data are no longer required to provide our services or comply with our legal obligations, settle disputes or enforce our contracts or agreements and/or the time for Personal Data storage lapsed pursuant to the applicable law, User’s Personal Data may be anonymised and still be used as such.

5.9. Residents of the United Arab Emirates

If User resides in the United Arab Emirates using our services means User giving consent that:

● User waives his right to privacy protection pursuant to the applicable law;

● HEAVY KINEMATIC MACHINES may disclose any information provided to us by User, including the information deemed private by User; and

● HEAVY KINEMATIC MACHINES shall bear no liability for any publication of the information provided to us by User, including the information which may be deemed private.

You are requested not to use our Service if you wish not to give consent to any part of this Privacy Policy.

5.10. Residents of the United States

Privacy protection rights in California

Under 1798(83) of the California Civil Code residents of California may file requests and obtain a list related to Personal Data (if any) which we shared with external entities for direct marketing purposes of such entities in the previous calendar year, also names and addresses of such entities. Such request may be filed only once a year free of charge.

Under 1798(83) we shall not at present share any Personal Data with any external entities for their direct marketing purposes. If we decide to share User’s Personal Data with external entities for their direct marketing purposes, User may withdraw consent to such disclosure at any time by filing a request to our address: HEAVY KINEMATIC MACHINES sp. z o.o. with its registered seat in Komorowo 4, 64-200 Komorowo, Poland or via rodo@heavykinematic.com.

It is important to remember that such withdrawal shall not relate to the disclosure of Personal Data for purposes other than marketing or for purposes related to the support of our own marketing activities.

Furthermore, User who is less than 18 years old and resides in California may file a request for having the content he published in our Service removed. Such request may be filed at our address: HEAVY KINEMATIC MACHINES sp. z o.o. with its registered seat in Komorowo 4, 64-200 Komorowo, Poland or via rodo@heavykinematic.com. We request that User bear in mind that filing such application shall not guarantee a full data removal. We may, for example, retain such information in our internal documentation. In addition, an external entity which is not owned or controlled by us may copy the content published by User and place it elsewhere.

6. What categories of User Personal Data do we collect?

6.1. Identifying Information – including, without limitation, User’s name, email address, sex, profile photo, unique identification number, social media identifiers and information provided to us through User’s Facebook or Google account. We us it for User identification.

6.2. Contact Details – including, without limitation, User’s email address, social media identifier and other communication channels used by User to contact us in order to obtain further information. We use them to contact User for various reasons according to a purpose.

6.3. Location Data – including, without limitation, current logging in location (IP address) or other Location Data in connection with a telephone (e.g. through Wi-Fi or Bluetooth) which may contain clues as to the User’s place of stay. We use them to provide Service and indicate the location of fitness machines with SOLO sensors.

6.4. Information on Size – including, without limitation, height, weight, and chest and biceps size. We use it to provide Service and notify of any more effective ways of doing fitness exercise.

6.5. Information from Social Media – including, without limitation, information obtained through contacting us on different social media platforms such as Facebook, Instagram, Google etc., also public information from social media such as User’s social media identifiers, social media interactions and public posts, User’s “likes” and other reactions, User’s accounts in social media, User’s photos publicly available or the photos sent to us by User by naming us, and following our posts on social media through the use of such identifiers. We obtain such information from the network of social media (e.g. Facebook) directly or indirectly through independent entities with which we have contracts or agreements in place.

6.6. Information on Devices – including, without limitation, information on User’s devices used for the use of Service. It includes but is not limited to an IP address, date and time of logging into Application, duration of Application use, device identifier, features, type and version and operating system.

6.7. Information on Physical Activities – including, without limitation, data about fitness (e.g. workout start and finish time, type of activity or sport category), data from sensors (including the number of repeats and increased weight) and other data (e.g. Data of physical activity location such as the gym address and type of the machine used) related to Application. We use them to provide Service, ensure support in achieving better results and improve Users’ fitness workouts and determine optimal workout solutions for Users based on their patterns of physical activities.

6.8. Information on Preferences – including, without limitation, language preference, place of logging in, units (distance, weight), personal goals and motivation (e.g. a yearly goal in running, weight), information on a workout plan (e.g. commencement date, workout plan and associated circuit training) and opinions on Service. We use it to facilitate the use of Service by User

7. How do we collect Users’ Personal Data?

We collect Users’ Personal Data directly from Users or by means of automatic data collection technology. You will find more information on it below.

8. Collecting Personal Data directly from Users.

We process Personal Data provided by you as Service User by using Service, also while and when:

8.1. downloading Application: We collect Data related to:

● a country of installation;

● a telephone model;

● an operating system version;

● the installed application version; and

● the version to which application was updated.

8.2. activating Application without registering User Account:

Data, e.g. statistics for exercise, are recorded solely locally on the User’s mobile device he uses for Service. We receive information solely on:

● a telephone model;

● an operating system version;

● the installed application version;

● the version to which application was updated;

● anonymous data studying how and which functions User uses most frequently; and

● an approximate time of User’s use of application.

8.3. registering User Account:

By creating Account, User shall provide data required to create an account, such as an email address, name, sex, height and weight. Providing Data is voluntary but required to create Account. User may submit his further data by using editing options of User Account.

8.3.1. If User registers Account through Facebook or Google, by means of a login to such social media, we shall receive the following information:

● Facebook Inc. (1601 South California Avenue, Palo Alto, CA 94304, USA, “Facebook”): Name, email address and profile photo; and

● Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA, “Google”): Name, email address and profile photo.

You will find more information on Data processing in connection with logging into Service through Social Services in the rules and regulations and privacy policies of such Social Services:

● Google:https://support.google.com/accounts/answer/112802?co=GENIE.Platform%3DDesktop&hl= pl ,

● Facebook: https://www.facebook.com/help/296477730509390 .

8.4. interacting with Service:

8.4.1. by User entering Data to Service:

User may enter different types of personal data to Service including contact details, data related to his physical or workout parameters, fitness goals, height, weight, fitness level measurements and other similar data related to User’s physiological condition and physical activities (e.g. time of activity and number of repeats). We collect such data to provide Service and recommend a more effective way of doing fitness exercise.

8.4.2. when User uses Service with the use of sensors placed on a SOLO fitness exercise machine:

Data collected by SOLO sensors placed on fitness exercise machines relate to parameters of the activity done, e.g. increased weight, number of series and repeats, distance covered and speed. We collect such data to provide Service and recommend more effective ways of doing fitness exercise. Such data are collected by User’s consent given by activating sensors through Application. While using sensors, we may also collect specific information on the fitness machine used by User (including, without limitation, its series number, Bluetooth address, type of machine and battery status) and the mobile device on which Application is installed, including a telephone model and operating system version. In our system each machine is attributed to a specific gym, in view of which, for the purposes of Service provision, such machine may be connected to the location of a gym, and at the same time a place where User practised.

8.5. User gives consent to Location Data collection:

“Location Data” mean an approximate location or, by User’s consent, exact location. We use such data to create User Account and provide Service, also to develop, enhance and improve our Service. We also use such data for internal purposes related to certain research, analyses, innovations, tests, monitoring, communication with User, risk management and administrative purposes. It is voluntary to provide Location Data, but User giving consent to sharing such data is required to activate Service.

8.6. User communicates with us or gives consent to receiving commercial or marketing information:

We collect Personal Data when User communicates with us or subscribes to receive commercial or marketing information by means of electronic mailbox, push notifications or text messages, also via the indicated email address or mobile phone number etc.

If User gives consent to receiving commercial or marketing information, we may use his Personal Data and other information to communicate with User in connection with Service, notify of our other products or services, and also for other marketing purposes. User may manage his preferences related to communication by registering and logging into his Account.

Service sends User PUSH notifications including, without limitation:

● workout reminders;

● current discounts at the gym where User practises; and

● notification of availability of the machine previously used by another user.

User may select the preferred PUSH notifications in Application.

For the purpose of sending PUSH notifications Application uses a unique device identifier, language version set up in the device and a system version and device model which are sent and stored on the server. To send PUSH notifications we use Firebase service, whose website and privacy policy are available at https://firebase.google.com/support/privacy?hl=pl.

User may deactivate PUSH notifications in his mobile device settings and unsubscribe to such notifications in Application settings. You will find more information on the processing of your Personal Data in connection with using Firebase herein below.

Irrespective of User’s preferences, we may send User notifications in connection with Service provision such as the amendments to Rules and Regulations or Policy, technical interruptions or other formal messages related to the Service used by User.

We may use User’s Personal Data in order to reply to his requests related to technical support, Internet services, information on products or any other type of communication initiated by User. We may also use User’s Personal Data in order to reply to his requests, inquiries and complaints.

8.7. User gains access to external entity products and services:

We may permit User to register with and pay for external entity products and services or cooperate in any other way with other website, mobile application or Internet location (hereinafter jointly “Parties to third entities”) by means of our Services, and we may collect Personal Data which User shares with Parties to external entities by means of our Service. In such event, we shall notify User of further details related to the way we use User’s Personal Data.

8.8. User connects to Service through social media:

User may activate, log into or register with our Service through different social media or social networks such as Facebook or Google (hereinafter “Social Networks”). When User connects to Service through his Social Network account, we may collect his Personal Data provided there by him. For example, if User logs into Service with the use of Authorising Data to Facebook, by his consent, we may download such Personal Data from his Facebook profile whose collection is in line with the Facebook Rules and Regulations, namely, e.g. his email address or profile photo. Such data are used to provide and improve Service (e.g. in order to facilitate the connection to Service). If User wishes not to provide us with such Data, he shall modify his privacy settings on his Social Network account or select other available manner of registration with/ logging into Service. You will find more information on processing Personal Data in connection with logging into Service through Social Networks in the rules and regulations of such Social Networks:

● Google: https://support.google.com/accounts/answer/112802?co=GENIE.Platform%3DDesktop&hl=pl and

● Facebook: https://www.facebook.com/help/296477730509390.

8.9. User uses cookies, device identifiers, or environmental Data or other tracking technologies:

We may collect certain Personal Data by means of cookies and other technologies including navigation signals, device identifiers, geolocalisation, HTML5 local storage, cookies, flash and IP addresses. You will find more information and options of control or resignation from certain manners of collecting or using Personal Data herein below.

8.10. we aggregate or centralise Data:

We aggregate and centralise Users’ Personal Data in order to analyse, innovate and provide Users with extended Service functions. Application uses Google Analytics for Firebase to anonymously collect statistics on the number of downloads and Application operation and Users’ behaviour in Application. The library provides the data including, without limitation, Statistical Data on the number of Application installations, Users’ retention, time spent in Application, errors occurred, versions of operating system used, Application versions, device models and Application functions used. You will find more information on the processing of your Personal Data in connection with using Goole Analytics for Firebase herein below.

8.11. we comply with legal requirements or obligations, we enforce the following right:

We may use User’s Personal Data in order to comply with the law, provisions, court orders or other legal obligations or in order to assist in pursuing, protecting and defending our rights and property, third party rights or safety, in order to enforce our Rules and Regulations, this Privacy Policy and agreements or contracts with third parties (e.g. to handle a complaint or exercise the right to contract out of Agreement).

8.12. User participates in our survey:

When User fills in our survey, we collect Personal Data contained in such survey form, the User’s IP address and a signature of the User’s browser as assistance in detecting spam.

9. Collecting Users’ Personal Data by means of automatic Data collection technology (including Cookies).

9.1. Firebase Cloud Messaging.

Firebase Cloud Messaging is a service of sending messages provided by Google, Inc. Firebase Cloud Messaging enables us to send messages and notifications to Service Users on platforms such as Android and iOS. Such messages may be sent to individual devices, groups of devices or specific Users’ subjects or segments. We use Firebase Cloud Messaging for the purposes including, without limitation: notifying of discounts at a certain gym (information provided by User’s consent), reminders of workouts, amendments to the Rules and Regulations and technical works. Firebase Cloud Messaging uses instance IDs to determine to which devices such messages are to be sent. The data processed through Firebase Cloud Messaging functions are generally anonymised. Anonymization enables a permanent removal of connections between Personal Data and the data subject. Firebase stores instance IDs for 180 days.

The provider of Firebase Cloud Messaging is Google, Inc. with its registered seat at 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, whose registered seat is in the United States and which applies technical infrastructure located therein. It may result in Users’ Personal Data transmission outside the European Economic Area. In such event, the recipient of Users’ Personal Data in the above third country shall be company Google LLC, which we entrusted with the processing of Users’ Personal Data as the processing entity in view of the fact that it provides us with Firebase Cloud Messaging service.

We ensure the proper security of Users’ Personal Data by virtue of standard data protection clauses approved of by the European Commission, by means of which we established basic Users’ Personal Data security guarantees. All Google services have advanced built-in security functions which continually protect Users’ Personal Data and allow for the detection and automatic blocking of any potential security hazards. Data are protected against unauthorised access, modification, disclosure and destruction. Activities in connection with the security include, without limitation: encryption ensuring Data privacy during their transmission; a number of security functions such as safe browsing, checking securities and two-stage verification of access to Data; and control over the procedures of collecting, storing and processing information, including physical security measures which prevent from unauthorised access to Google systems. Limitation of access to Personal Data is applied. Google representatives only may have such access in order to process Data. Any person having such access is obliged to maintain strict confidentiality and in the event of failure to perform such obligations may suffer consequences, including the termination of cooperation. Firebase Cloud Messaging is subject to information security management system ISO 27001.

You will find more information on Users’ Personal Data security in connection with using the Service in which we apply Firebase Cloud Messaging at: https://firebase.google.com/support/privacy?hl=pl.

You have, at any time, the right to obtain copies of your Personal Data transmitted to a third country, contractual clauses, an abridged description of security measures and each contract and agreement related to the sub-processing of Personal Data.

The legal grounds for the processing in connection with commercial or marketing information shall be sec. 6(1)(a) of RODO, i.e. User’s consent.

In other cases, the legal grounds for the processing shall be a legitimate interest realised by us consisting in contacting Users in connection with Service provision. A balance test is available on request. You have the right to object.

9.2. Google Analytics for Firebase (for mobile applications).

Google Analytics for Firebase is an analytical function. Application uses Google Analytics for Firebase to anonymously collect the statistics on the number of downloads and Application operation and Users’ behaviour in Application. The library provides the following data including, without limitation, Statistical Data on the number of Application installations, Users’ retention, time spent in Application, errors occurred, versions of operating system used, Application versions, device models and Application functions used.

Google Analytics for Firebase collects specific information which includes the following: the number of users and sessions, duration of session, operating system, device models, first activation, opening of Application, geographical position (country), Application updates and purchases in Application.

The provider of Google Analytics for Firebase is Google, Inc. with its registered seat at 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, whose registered seat is in the United States and which applies technical infrastructure located therein. It may result in Users’ Personal Data transmission outside the European Economic Area. In such event, the receiver of Users’ Personal Data in the above third country shall be company Google LLC, which we entrusted with the processing of Users’ Personal Data as the processing entity in view of the fact that it provides us with Google Analytics for Firebase.

We ensure proper security measures of Users’ Personal Data by virtue of standard data protection clauses approved of by the European Commission, by means of which we established basic Users’ Personal Data security guarantees. All Google services have advanced built-in security functions which continually protect Users’ Personal Data and allow for the detection and automatic blocking of any potential security hazards. Data are protected against unauthorised access, modification, disclosure and destruction. Activities in connection with the security include, without limitation: encryption ensuring Data privacy during their transmission; a number of security functions such as safe browsing, checking securities and two-stage verification of access to Data; and control over the procedures of collecting, storing and processing information, including physical security measures which prevent from unauthorised access to Google systems. Limitation of access to Personal Data is applied. Google representatives only may have such access in order to process Personal Data. Any person having such access is obliged to maintain strict confidentiality and in the event of failure to perform such obligations may suffer consequences, including the termination of cooperation. Google Analytics for Firebase is subject to information security management system ISO 27001.

You will find more information on Users’ Personal Data security in connection with using the Service in which we apply Google Analytics for Firebase at: https://firebase.google.com/terms/analytics.

The legal grounds for the processing shall be sec. 6(1)(f) of RODO, i.e. our legitimate interest consisting in analysing and constant increasing of the comfort of the Service usage; by means of statistics – facilitating Service and rendering it more interesting for Users. A balance test available on request. You have the right to object.

10. Legal grounds for the processing of Users’ Personal Data:

10.1. Users’ consent we request:

It is at all times voluntary for User to give consent. Consent may be given in several ways, e.g. by entering Data in Application, completing contact forms or surveys or sending correspondence. With respect to forms we will request Users’ consent to the processing of Personal Data, in order to, among others, provide them with electronic commercial and marketing information about us and our goods and services. Completing such form without checking the consent boxes shall mean that we will process the provided Data solely for the purpose to which such form was dedicated, e.g. a contact form – in order to give answers to the asked question. Checking consent boxes in such form shall mean that we will process Users’ Data for our marketing purposes and direct the commercial and marketing information of our company to them.

We may request that Users give consent to:

● Contacting by telephone through text messages, PUSH or email messages related to our other offers, products, discounts, events and services, also for other marketing or commercial purposes;

● collecting Personal Data while Users are using Service (such consent may be intercepted at the operating system level) – if User decides not to disclose such information, some Service functions might be unavailable or function improperly;

● using Personal Data for research purposes; and

● contacting in order to conduct market research.

In order to exercise the right to withdraw consent, User may use a contact email address available on our websites, i.e. rodo@heavykinematic.com. User may also write to us to: Heavy Kinematic Machines sp. z o.o., Komorowo 4, 64-200 Komorowo, Poland.

In addition, User may at any time unsubscribe to commercial or marketing information by means of an email, text message (also by phone) and push notifications, by doing the following respectively:

● clicking a link at the end of a marketing or commercial email,

● changing the settings of his mobile device with respect to push notifications, or

● changing parameters of the User Account settings.

10.2. the agreement made by and between us (which shall also include service provision by electronic means):

We will process User’s Personal Data when such processing is required to conclude or perform an agreement to which party User is or to take measures on User’s request prior to the conclusion of such agreement.

10.3. a legal obligation:

We, in some particular circumstances, need to process User’s Data due to the requirement to perform our legal obligations.

10.4. a legitimate interest realized by us or a third party:

We will process Users’ Data when such processing is required for purposes resulting from legitimate interests realised by us or third parties. We shall not, however, process Users’ Personal Data if it proves that Users’ interests or basic rights and freedoms override our interests and the said interests of any third parties. In each case where the legal basis for Users’ Data processing is our legitimate interest we conducted a balance test which is available on User’s request. In view of the above, we notify that by virtue of our legitimate interest we will process Users’ Data for the following purposes:

● Communication. Communicating with User in connection with Service, also providing important notifications of amendments to the Rules and Regulations or Policy, and responding to requests, inquiries and complaints. We may send strictly necessary messages, including emails, even if User unsubscribed to other emails or notifications from HKM. Such messages shall not require any consent.

● Surveys. Sending Users surveys in connection with Service provided they are of no commercial nature.

● Compliance with law and public security. The security and protection of our rights and property or third party rights or security.

● Improvement and development. Developing, providing, enhancing and improving Service, also enabling the use of the full scope of Service functions. For internal purposes related to specified research, analyses, innovations, tests, monitoring, risk management and administrative purposes.

● Enforcing time limits and notices. In order to enforce our Rules and Regulations, this Policy and agreements and contract with external entities.

● Mergers or takeovers. In order to support the planned or actual reorganisation of our business activity in connection with financing, sale or other transaction involving a sale of, in whole or in part, our buisness activity or assets, also in order to enable due diligence required to take a decision on continuing such transaction.

User has the right to object to the processing of Data when:

● particular circumstances arise with respect to the User’s situation (which justify such objection), and we process User’s Data:*on the basis of our legitimate interest* or when we profile them; or

● at all times when we process User’s Data for direct marketing purposes.

11. What are the purposes of the processing of Users’ Personal Data?

11.1. For sharing our Service with Users to use, i.e. in order to conclude a Service Agreement with User as part of our business activity on the basis of User’s interest in Service and action undertaken with a view to concluding Service Agreement (also to verify access to Account, display User’s activities related to his fitness and physical activity, and display the progress of workouts and statistics).

11.2. For managing and facilitating our activity, also for analytical purposes which mean, in particular, the managing and facilitating of Service, improving of our offer, and the legal basis for such processing shall be our legitimate interest, also including, without limitation, monitoring, analysing and increasing the comfort of the Service usage, protecting and securing the integrity of Service, the quality of operation and functions, and research and development of Service. You have the right to object, and a balance test is available on request.

11.3. For contacting and interacting with User in order to respond to a message directed to us, which is simultaneously our legitimate interest. You have the right to object, and a balance test is available on request. (A balance test available on request). If such contact is for the purpose of the conclusion of an agreement, we will process Personal Data in order to take action with such view.

11.4. For settling disputes, handling complaints or claims which shall mean hearing complaints, legal claims or disputes with the participation of User or us, in such event, as the case may be, law provisions or our legitimate purpose may be the legal basis for the processing of Personal Data (in such event, you have the right to object, and a balance test is available on request).

11.5. For performing obligations binding us by law, e.g. tax law, in such event, the legal basis for the processing of Data shall be the fact that the processing is required to comply with the legal obligation binding us.

11.6. For direct marketing of our services consisting in contacting and providing commercial or marketing information about us and our products and services, which is our legitimate interest (by the time an objection is filed – a balance test is available on request), provided that using, for such purpose, means of electronic communication (e.g. emails, telephone, push notifications) arises by User’s consent (until the withdrawal thereof) and transmitting such information in a newsletter involves only such Users who subscribed thereto (until User unsubscribes or such newsletter ceases to be issued). You may withdraw consent to receiving marketing emails and push notifications by clicking a link at the end of a marketing email or changing the settings on your mobile device related to push notifications or changing your User Account settings.

12. Is it obligatory or voluntary to provide Data?

If Service Agreement is concluded and performed, we collect only such Data without which a given Service Agreement may not be performed. Failure to provide the Data required for the conclusion and performance of such Service Agreement shall render us incapable of the conclusion or performance thereof. The above shall also refer to the Personal Data which we are required to collect due to our legitimate obligation. It is voluntary to give consent to the processing of Personal Data. If User decides not to give consent which we request, we shall take no action to which such consent refers. User may withdraw consent at any time.

CAUTION! Withdrawing consent shall not, however, affect the compliance with the right to the processing of User’s Personal Data which we performed by virtue of User’s consent prior to the withdrawal thereof.

13. Will your Data be subject to automated decision making, including profiling?

No. Users’ Personal Data shall not be solely subject to automated processing, including profiling, which would result in legal effects against Users or affect them materially in any other similar way.

14. Information on Users’ rights related to the processing of Personal Data.

In connection with us processing Users’ Personal Data, Users have the following rights:

A. to access Data;

B. to correct Data;

C. to remove Data (“the right to be forgotten);

D. to restrict the processing;

E. to transmit Data;

F. to object;

G. to not be subject to automated decision making in individual cases, including profiling;

H. to withdraw consent; and

I. to file a complaint with a supervisory body.

A. The right to access Data enjoyed by the Data subject.

1. User has the right to be notified by us of the processing of User’s Data. If we do so, User has the right to access such Data and be notified of the following:

a) purposes of the processing,

b) categories of the Data collected,

c) a detailed list of current or future recipients of Data,

d) a planned time period of Data storage or criteria for determining such time period,

e) the rights enjoyed by User, i.e. the right to correct or remove Data, restrict or object to the processing and file a complaint with a supervisory body,

f) Data sources if Data come from a source other than the Data subject,

g) the automated decision making in place, including profiling, and the meaning and predicted consequences of such processing for the Data subject, and

h) appropriate security measures in connection with such transmission if Data are transmitted to a third country or international organisation.

2. We may provide User with a copy of his Personal Data kept by us. The first copy of such Data is free of charge. We may charge a fee for each subsequent copy in the amount resulting from administrative costs.

3. If User requests a copy by electronic means, we provide information by widely used electronic means via the email address from which such request was sent. User may request that a copy be provided by other means.

4. If we process large amounts of information related to User, we may first request that User indicate which exact information User bears in mind.

B. The right to correct Data.

1. User may demand that his Personal Data be corrected immediately if such Data are incorrect.

2. User may demand that his Personal Data be supplemented if such Data are incomplete.

3. We notify each recipient to whom Personal Data were disclosed of the correction of User’s Personal Data unless it proves infeasible or requires disproportionately large effort.

C. The right to remove Data (“the right to be forgotten”).

1. User has the right to demand his Personal Data be removed if:

a) we no longer require Personal Data for the purposes for which they were collected or processed otherwise,

b) User’s consent was the basis for the processing and User withdraws such consent (and we no longer have other legal basis for the processing of User’s Personal Data),

c) User objected to automated decision making in his individual cases, including profiling,

d) we processed Personal Data against the law,

e) we are obliged to remove Personal Data in order to comply with a legal obligation binding us, and

f) User’s Personal Data were collected in connection with us offering information society services directed at children.

2. If we published User’s Personal Data, we shall take measures in order to notify the entities with which we shared such Data of the User’s demand. Such measures will aim at removing all links to such Data and their copies. We shall take such measures to the extent allowed by technology and with the consideration of the costs of such measures.

3. The User’s demand shall be performed immediately except that further processing is required to do the following acts and with respect to the following:

a) to exercise the right to freedom of speech and information,

b) to comply with our legal obligation,

c) in view of the public interest in the field of public health,

d) for archive purposes in the public interest, for the purposes of scientific or historical research or statistics provided it is feasible that the enforcement of the right to remove Data will prevent or grossly hinder the fulfilment of the purposes of such processing, and

e) to establish, pursue or defend any claims.

D. The right to restrict the processing.

1. User has the right to demand that the processing of his Personal Data be restricted if:

a) User questions the accuracy of his Personal Data (in such event, we will restrict the processing until the accuracy of the User’s Data kept by us is verified),

b) we process Data against the law, in spite of which User objects to removing Data and instead demands the Data use be restricted,

c) we no longer require User’s Data, however, User requires them in order to establish, pursue or defend any claims,

d) User objected to processing, by the time we establish whose rights, ours or User’s, override the actual processing.

2. If we restrict the processing, we may process User’s Personal Data (except the storage thereof):

● solely by User’s consent,

● in order to establish, pursue or defend claims,

● in order to protect the rights of any other natural or legal person, and

● due to important considerations of the public interest of the European Union or a member state.

3. We will notify User prior to the revocation of the processing restriction.

4. We notify each entity to which we disclosed User’s Personal Data of restricting the processing. We do so to the extent possible considering the effort we need to make.

E. The right to transmit Data.

Fulfilling User’s demands shall not release us from the obligation to exercise other rights enjoyed by User. If User stores the provided Personal Data in his own information technology system or otherwise, he shall be responsible for selecting appropriate measures to secure such Data.

1. User has the right to demand that his Personal Data be transmitted.

2. It means that User has the right to receive his Personal Data:

● in a structured widely used format, and

● in a machine-readable form.

3. The above applies, however, solely to such Personal Data which were provided to us by User.

4. User has the right to transmit such Personal Data to another controller without hindrance from us if:

a) we process such Data on the basis of consent or agreement, and

b) we process such Data in an automated way.

5. User has the right to demand that his Personal Data be transmitted by us directly to another controller. We shall fulfil such demand if it is technically feasible.

6. Exercising the right to transmit Personal Data shall not exclude User from filing a request for removing Personal Data.

7. The right to transmit Personal Data shall not apply to the processing which is required to perform a task in the public interest or with respect to exercising public authority entrusted to us.

F. The right to object.

The right relates to the processing done on the basis of our legitimate interest and automated processing consisting in making decisions in individual cases, including profiling and processing for direct marketing purposes.

1. User has the right to object when we process his Data:

a) in the public interest,

b) while exercising public authority,

c) on the basis of our legitimate interest, or

d) when they are subject to profiling

and when special circumstances arise which justify such objection.

● In such event, User may object at any time.

● When we receive such objection we will stop processing User’s Personal Data.

● We may further process Personal Data only if we demonstrate that there are important legitimate grounds for processing which override the User’s interests, rights and freedoms. Such Personal Data constitute the grounds for establishing, pursuing or defending claims.

2. User has the right to object also when his Personal Data are processed for direct marketing purposes.

● In such event, User may object at any time.

● When we receive such objection, we will stop processing User’s Personal Data for direct marketing purposes. We will perform such obligation without any additional exceptions. Therefore, there is no need for any particular situation to arise so that the User’s demand be fulfilled.

● You should remember that irrespective of such objection, User’s Personal Data may continue to be processed for other purposes.

3. User has the right to object also when we process User’s Personal Data for the purposes of scientific or historical research or statistics.

● In such event, User may object when a particular situation arises which would justify such objection.

● We will not realise the objection if the processing is required for our performance of a task in the public interest.

G. The right not to be subject to automated decision making in individual cases, including profiling.

User may object to such processing at any time.

Currently, we do not use the automated processing with respect to Users’ Personal Data which consists in making decisions in individual cases, including profiling.

1. User has the right not to be subject to a decision which is based solely on automated processing, including profiling and results in legal effects against User or materially affects User in any other similar way.

2. The right shall not apply to a situation when such processing:

a) is required to conclude or perform an agreement between us and User,

b) is permitted by law to which we are subject and such law provides for appropriate measures of the protection of the User’s rights, freedoms and legitimate interests, or

c) is based on User’s express consent.

3. If, while automated decision making User’s Personal Data are profiled by us, User has the right to object to such processing at any time for reasons related to the User’s particular situation.

4. If User objects, we will stop processing such Personal Data unless we demonstrate the existence of important legitimate grounds for the processing which override the User’s interests, rights and freedoms or we require such Data to establish, pursue or defend claims.

5. If while automated decision making User’s Personal Data are processed for direct marketing purposes, User has the right to object to the processing of his Personal Data for the said purposes including profiling at any time.

6. In the event of objecting to the processing for direct marketing purposes, we shall no longer process Personal Data for such purposes.

H. The right to withdraw consent.

The withdrawal of consent will not affect the compliance with the right to the processing done by us on the basis of the consent given prior to such withdrawal.

1. If we process User’s Personal Data on the basis of User’s consent, User has the right to withdraw such consent at any time.

2. It is essential to know that the withdrawal of consent shall not affect the compliance with the right to the processing done by us on the basis of the consent given prior to such withdrawal.

I. The right to file a complaint with a supervisory body.

User may file a complaint with a supervisory body both in Poland (to the President of the Personal Data Protection Office, info line: 606 950 000), and in the EU member state having jurisdiction over User’s usual place of stay, work or alleged breach.

1. If, in User’s opinion, we process his Personal Data against the law, User may file a complaint with a supervisory body. A supervisory body having jurisdiction over us is the President of the Personal Data Protection Office: www.uodo.gov.pl, info line: 606 950 000. A complaint may also be filed in a member state of User’s usual place of stay, work or the alleged breach.

15. Gaining access to, updating and correcting information.

15.1. If User wishes to inspect or change the information about his Account or information placed in Account, User may do so by logging into Service and visiting his Account.

15.2. User may also send us an email to rodo@heavykinematic@gmial.com to request access to, correction or removal of any Account Data or information from Account which User provided to us. We may not accept a request for changing such information if we believe that such change will violate any right or legal requirement or render the information incorrect.

16. How long will we process Users’ Personal Data?

16.1. We will process Users’ Personal Data for as long as it is required to provide Service.

16.2. If we process Personal Data in connection with the performance of Service Agreement between us, we store such Data for the duration of Service Agreement but no shorter than by the end of the limitation period with respect to any claims which may result therefrom.

16.3. If we process Personal Data in connection with our legitimate interest, we store them by the time such legitimate interest expires or you object to the processing thereof (read the information about the right to object). 1

6.4. If we process Personal Data in connection with our legal obligations, we store them for the time period provided for by the law which relates to the legal obligation with respect to which Data are processed.

16.5. Personal Data processed on the basis of consent shall be stored for 3 years from giving consent or by the time such consent is withdrawn whichever is the earlier.

16.6. If Personal Data are processed on more than one basis (Service Agreement performance, our legitimate purpose, legal obligation or consent), we shall discontinue to store them upon none of the said bases taking effect any longer.

16.7. In general, we shall be obliged to store Personal Data for as long as User uses Service. If User discontinues to use Service, all his Data kept by us will be removed except for:

● the Personal Data disclosed to the public by User; and

● the Personal Data required for our performance of contractual obligations or compliance with law requirements will not be removed but minimised to the extent necessary.

17. To whom do we disclose Users’ Personal Data collected by us in connection with Service?

17.1. We may share Users’ Data with the following categories of entities:

● subcontractors – entities we use when providing Service including data processing, with which we concluded an entrustment agreement with respect to data processing: e.g. providers of information technology and network infrastructure; and

● data controllers separate from us to whom data are disclosed upon their request, or by virtue of law provisions, e.g. offices, state authorities and state administration bodies.

A detailed list of data recipients is available on request.

17.2. We may also share Users’ Data in the following circumstances:

● if we are obliged to share Personal Data in order to establish, exercise or defend our rights, e.g. with law offices; or

● in the event of the restructuring, sale or title transfer of the enterprise (or any part thereof), e.g. in connection with a takeover or merger.

Each time we will share the narrowest possible scope of Data.

17.3. We may share User’s Personal Data with other entities upon his express request, e.g. with social networks or communicators. User may disclose his statistics collected in Application by means of Facebook or other online communicators which User uses on his mobile device. Caution: we have neither influence on nor knowledge of the scope and future use of Data by social networks or services offering online communicators and we may not assume any liability for using the Data disclosed in such way by the said entities. It is advisable User read the privacy policy of a particular social network or online communicator.

17.4. We may without any restrictions disclose overall anonymised information about Users and Services as described herein, and the information which does not identify any person.

18. Do we transfer Users’ Personal Data collected by us in connection with using Service outside the European Economic Area?

Personal Data processed by Service are placed in servers located in the European Economic Area with the exception of Personal Data collected automatically by the applied technology of Firebase Cloud Messaging and Google Analytics for Firebase. You will find the details here.

The provider of the said technologies is Google, Inc. with its registered seat at 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, whose registered seat is in the United States and which applies technical infrastructure located therein. It may result in Users’ Personal Data transmission outside the European Economic Area. In such event, the recipient of Users’ Personal Data in the above third country shall be company Google LLC, which we entrusted with the processing of Users’ Personal Data as the processing entity in view of the fact that it provides us with Google Analytics for Firebase.

We ensure proper security measures of Users’ Personal Data by virtue of standard data protection clauses approved of by the European Commission, by means of which we established basic Users’ Personal Data security guarantees. All Google services have advanced built-in security functions which continually protect Users’ Personal Data and allow for the detection and automatic blocking of any potential security hazards. Data are protected against unauthorised access, modification, disclosure and destruction. Activities in connection with the security include, without limitation: encryption ensuring Data privacy during their transmission; a number of security functions such as safe browsing, checking securities and two-stage verification of access to Data; and control over the procedures of collecting, storing and processing information, including physical security measures which prevent from unauthorised access to Google systems. Limitation of access to Personal Data is applied. Google representatives only may have such access in order to process Data. Any person having such access is obliged to maintain strict confidentiality and in the event of failure to perform such obligations may suffer consequences, including the termination of cooperation. Firebase Cloud Messaging is subject to information security management system ISO 27001.

You will find more information on Users’ Personal Data security in connection with using the Service in which we apply Google Analytics for Firebase at: https://firebase.google.com/terms/analytics.

19. Security of the Personal Data processed.

19.1. In order to protect Users’ Personal Data our Service uses the latest and reliable security measures including, without limitation: the encrypted phone memory and connection with Service servers, access keys of a limited expiry date, encrypted connection with a database, password protection also from our employees – only User knows the password to his Account, and protection from SQL injection attacks.

19.2. While processing Personal Data we use our best efforts to process such Data in a lawful, reliable, transparent and secure way.

19.3. The most important rules which we follow when processing Personal Data are as follows:

a) we collect Personal Data for expressly specified purposes and we do not process Personal Data in non-compliance therewith;

b) we collect Personal Data solely to the minimum extent which is required to fulfil the purposes for which they are collected, which means we do not collect Personal Data “in advance;”

c) we process Personal Data exclusively on the basis provided for in law provisions;

d) we care for the validity and accuracy of Personal Data and we immediately react to requests filed with us for the correction or validation thereof;

e) we restrict Personal Data storage solely to the period required to achieve the purposes for which they are collected unless circumstances arise which may extend the storage time thereof;

f) exercise the right to access, correct and remove Personal Data, and to withdraw consent to, object to and restrict the processing of Personal Data, transmit Personal Data, and not to be subject to a decision solely based on automated Personal Data processing, including profiling;

g) we protect Personal Data from unauthorised person access and from accidental or unlawful loss, damage or change thereof;

h) if Personal Data are shared with other entities, it is done in a safe way secured by a reasonable agreement for Personal Data entrustment in accordance with the applicable law;

i) we use technical and organisational measures to protect Personal Data from unlawful or unauthorised access or use and from accidental damage, loss or violation of integrity thereof; and

j) with respect to ensuring the security of the processed Personal Data we shall be obliged to include:

● the rule of confidentiality – we use our best efforts so that Personal Data are not accidentally disclosed to any unauthorised persons;

● the rule of integrity – we protect Data from any unauthorised modification thereof; and

● the rule of accessibility – we ensure access to Data by authorised persons if need be. Each co-worker of us who has access to Personal Data holds appropriate authorisation and is obliged to maintain confidentiality of the processed Personal Data