To ensure compliance with the principles of lawfulness, fairness, and transparency in the processing of personal data of individuals using the services offered by Skarmed sp. z o.o. at Mokra Street 1, 05-830 Kajetany, this Privacy Policy has been adopted.

The Privacy Policy outlines the principles on which Skarmed sp. z o.o. collects and processes the personal data of its clients, as well as the rights of these clients concerning the processing of their personal data.

Personal Data Protection

Skarmed sp. z o.o. ul. Mokra 1, 05-830 Kajetany applies organizational, procedural, and technical measures to secure the processed data. The selection of these measures is based on risk analysis and assessment of the processing impacts.

Personal Data Protection Policy

The confidentiality of data and the protection of our Members’ privacy are a top priority for us. Therefore, to ensure the security of your data and in compliance with applicable laws, we have established a policy that outlines the principles for collecting, processing, and using personal data.

Personal Data Administrator

The administrator of your personal data is Skarmed sp. z o.o. ul. Mokra 1, 05-830 Kajetany .

Data Protection Officer

We have appointed a Data Protection Officer. This person is the point of contact for all matters regarding the processing of personal data and the exercise of rights related to data processing. You can contact the Data Protection Officer as follows:

• by post at the address: Skarmed sp. z o.o. ul. Mokra 1, 05-830 Kajetany
  by email: daneosobowe@medincusactive.pl

Personal data

The personal data provided by you are processed for the purpose of:

• providing you with the furnished room rental service
• providing you with recreational services and horseback riding
• organizing an event for you – musical and social events
• absolutely necessary to prevent fraud and ensure the security of networks and information
• selecting services according to the Administrator’s clients’ needs
• absolutely necessary to prevent fraud and ensure the security of networks and information
• optimizing sales or after-sales service processes
• as archival (evidentiary) to secure information in case of legal necessity to demonstrate specific facts (e.g., before a tax authority)
• potential establishment, investigation, or defense against claims
• customer satisfaction surveys and determining the quality of services provided by the Administrator
• settling accounts related to conducted business activities
• handling complaints if they are received
• archiving your data in accordance with legal regulations
• offering you products or services by the Administrator (direct marketing)
• ensuring the security of individuals and property (conducting visual surveillance)

The Administrator processes your personal data solely for specific, explicit, and legally justified purposes, and your personal data are not further processed in a manner that is incompatible with these purposes.

The possibility of processing your personal data for the purposes of pursuing the legitimate interests of the Administrator or a third party is provided for in Article 6(1)(f) of the GDPR.

PROTECTION OF PERSONAL DATA

Skarmed sp. z o.o. We implement organizational, procedural, and technical measures aimed at securing processed data. In our organization, measures are applied to ensure the best possible protection of personal data and the privacy of individuals concerned. The selection of these measures results from risk analysis and assessment of the processing impacts.

RETENTION PERIOD FOR PERSONAL DATA

Your personal data are stored by the Administrator for a period no longer than is necessary for the purposes for which the data are processed, including:

Your personal data obtained for the purpose of entering into and performing a contract, as well as pursuing the legitimate interests of the Administrator, will be stored for the duration of the contract, and after its expiry, for the period necessary for:

1. a) post-sales customer service (e.g., handling complaints) – until the expiration of your claims resulting from the contract
2. b) securing or pursuing claims available to the Administrator – until the expiration of the Administrator’s claims
3. c) fulfilling a legal obligation by the Administrator, whereby data processed for accounting and tax purposes will be processed for a period of 5 years from the end of the calendar year in which the tax obligation arose
4. Your personal data obtained by the Administrator for the purpose of direct marketing of Administrator’s products or services will be stored until you object to the processing of your personal data for this purpose, or withdraw your consent if the Administrator processed this data based on your consent for marketing purposes, or the Administrator determines that the personal data provided by you for this purpose have become outdated.
5. Your personal data obtained through video recordings from CCTV areas in fitness clubs (including your image captured in these recordings) – the recordings are permanently deleted from the Administrator’s personal data repositories after a certain period (depending on specific hardware configurations) through the process of overwriting the memory of the surveillance cameras with new recordings, unless their storage for a longer period is necessary to achieve the purpose for which they were recorded.

You have the following rights related to the processing of personal data:

1. the right to object to the processing of your data for marketing purposes
2. the right to object to the processing of your data based on our legitimate interests, on grounds relating to your particular situation
3. the right to withdraw consent
4. the right to access your personal data
5. the right to request correction of your personal data
6. the right to request the deletion of your personal data, but only if we are not legally obligated to process them
7. the right to request restriction of processing of your personal data,
8. the right to data portability, meaning the right to receive your personal data from us in a structured, commonly used, machine-readable format suitable for transmission to another controller. You can also request that we transmit your data directly to another controller if technically feasible.
9. the right to erasure (right to be forgotten)

The Administrator reminds that before fulfilling your rights, they have the right to identify you to ensure that you are who you claim to be. This is to prevent unauthorized disclosure of information about clients to unauthorized persons.

In the event of you making a request related to the exercise of the rights mentioned above, the Administrator will fulfill this request without undue delay, and no later than one month from the date of receiving your request, with the following caveat.

If the matter is complex (e.g., due to the nature of your request or a large number of requests), the one-month period for fulfilling your request may be extended by an additional two months. The Administrator will inform you within the initial one-month period mentioned above about any such extension.

To exercise the above rights, please contact us or our Data Protection Officer.

You also have the right to lodge a complaint with the supervisory authority responsible for personal data protection, namely the President of the Office for Personal Data Protection (PUODO).

Information about the requirement/voluntary nature of providing personal data:

Providing your personal data for:

– performing the contract – is a prerequisite for entering into and fulfilling this agreement; if you do not provide your personal data to the Administrator for this purpose, they may refuse to enter into the contract with you.

– direct marketing conducted by sending you commercial information via electronic means of communication, contacting you using telecommunication end devices and automatic calling systems – is voluntary and requires your consent. Not giving your consent for the Administrator to process your personal data for this purpose will not affect the possibility of entering into a contract. However, the Administrator will not be able to send you marketing information through these communication channels, especially about new products and services, promotions, or loyalty programs.

Automatically collected data

During your visit to our website, data regarding your activity is automatically recorded, including your IP address, browser type, and operating system type. These data are used solely for administrative and statistical purposes.

Transmission of personal data and communication with our servers is encrypted using SSL (Secure Socket Layer) protocol. The servers where personal data are stored are owned by Skarmed sp. z o.o. and are protected against access by unauthorized persons.

Use of cookies

Our website may use the “cookies” mechanism to identify the user’s session when using our website. “Cookies” do not contain any personal data and ensure the correct operation of the application.

In order to block the transmission of this type of files, you should set your browser appropriately, bearing in mind that some website functions may not work.

Sharing data with third parties

Skarmed sp. z o.o. will transfer your personal data:

• entities processing data on behalf of the data controller,
• entities authorized by law,
• entities and individuals authorized by you.

Skarmed sp. z o.o. reserves the right to make changes to the privacy policy in the event of changes in Polish law or the implementation of new technological and IT solutions.

INFORMATION ABOUT COOKIES

1. The service does not automatically collect any information except for the information contained in cookies.
2. Cookies (often referred to as “cookies”) are computer data, particularly text files, that are stored on the end device of the Service User and are intended for using the Service’s websites. Cookies typically contain the website name they originate from, the duration of their storage on the end device, and a unique number.
3. The entity placing cookies on the end user’s device and accessing them is the operator of the Service. Skarmed sp. z o.o. Mokra 1 Street, 05-830 Kajetany Cookies are used for:

1. a) adapting the content of the Service’s websites to the User’s preferences and optimizing the use of the websites; in particular, these files allow recognizing the user’s device and displaying the website accordingly, tailored to their individual needs;
2. b) creating statistics that help understand how users interact with the Service’s websites, enabling improvement of their structure and content;
3. c) maintaining the user’s session on the Service (after logging in), so the user doesn’t have to re-enter their login and password on each page of the Service.

1. Within the Service, two main types of cookies are used: “session” cookies and “persistent” cookies. “Session” cookies are temporary files stored on the user’s end device until they log out, leave the website, or close the web browser software. “Persistent” cookies are stored on the user’s end device for a specified period in the cookie parameters or until they are deleted by the user.
2. Within the Service, the following types of cookies are used:

1. a) “essential” cookies, enabling the use of services available within the Service, e.g., authentication cookies used for services requiring authentication within the Service;
2. b) cookies used to ensure security, e.g., used for detecting abuses in authentication within the Service;
3. c) “performance” cookies, enabling the collection of information about how users interact with the Service’s websites.
4. d) “functional” cookies, allowing the Service to “remember” user-selected settings and personalize the user interface, e.g., chosen language or region, font size, website layout, etc.
5. e) “advertising” cookies, enabling the delivery of advertising content more tailored to the users’ interests.

1. In many cases, web browsing software (web browser) defaults to allowing the storage of cookies on the user’s end device. Users of the Service can change cookie settings at any time. These settings can be adjusted, for instance, to block automatic handling of cookies in the web browser’s settings or to receive notifications each time a cookie is placed on the user’s device. Detailed information on the possibilities and methods of handling cookies is available in the software settings (web browser).
2. The Service operator informs that restricting the use of cookies may affect some functionalities available on the Service’s websites.
3. Cookies placed on the end device of the Service User may also be used by advertisers and partners cooperating with the Service operator.
4. More information about cookies is available at http://en.wikipedia.org/wiki/HTTP_cookie or in the “Help” section of your web browser’s menu.

Managing cookies

1. If the User does not wish to receive cookies, they can change their browser settings.
2. To manage cookie settings, choose your internet browser or operating system from the list below and follow the instructions.

Browsers:

• Internet Explorer
• Google Chrome
• Firefox
• Opera
• Safari

Mobile devices:

• Android
• Safari (iOS)
• Windows Phone
• Blackberry

The Administrator may change and supplement the provisions of the Privacy Policy as needed due to changes in the conditions of processing your personal data (e.g., resulting from changes in applicable laws). Any changes or additions to the Privacy Policy will be communicated to you by posting relevant information on the Administrator’s main pages. In case of significant changes, you may also be separately notified by email, SMS, or other available direct communication channel specified by you.

This Privacy Policy does not limit or exclude the rights granted to you under the agreement and terms of service provided by the Administrator.