Privacy Policy

The administrator of personal data is:

EON 46 Joint – stock company, Stanisław Taczka street 24, 61-819 Poznan, National Court Register: 0000810511, tax number: 7831803136, National Business Registry Number: 383714263, share capital: 500.000 zlotys paid in full.

II. If you have any questions or concerns regarding the processing of personal data using the App, please contact the DPO:

Email address: iod@eon46.com
III. Terms used in the Privacy Policy

All terms used in this Privacy Policy have the same meaning as the terms indicated in §2 of the Regulations of the “Rephysio” App.

IV. Personal data processing:

1) The scope of processed personal data
The following Users’ personal data are processed in the App:
– Name
– E-mail adress
– User’s phone number
– Data saved in the form of server logs in the scope indicated in point XIII of the Privacy Policy
– The service of sending User’s correspondence in Chat, consisting only of enabling the sending of messages and saving them on the User’s device, without simultaneous saving by the App.
– User’s payment identifier

2) Collecting personal data

Users’ personal data is collected by the Administrator of personal data when the User registers in the App.

3) The purposes of personal data processing

– Allowing Users to use the App and provide digital content as part of the purchased subscription,
– Providing Users with electronic services as part of the App functionality,
– Provide Users with a chat consultation with a physiotherapist, as referred to in § 6 of the Regulations,
– Create registers and records in conjunction with the obligations arising from the GDPR,
– Administer the operation of the App correctly,
– For analytical and statistical purposes – to improve the operation of the App and its individual modules

4) Legal grounds for processing personal data

a) Performance of the contract for the provision of electronic services or pre-contractual activities undertaken at the request of the data subject – Article 6 sec. 1 letter. b GDPR.
b) Fulfilling legal obligations incumbent on the Administrator of personal data (in the scope of keeping registers and documentation arising from the provisions of generally applicable law, tax obligations) – Article 6 sec. 1 letter c GDPR.
c) The justified interest of the Personal Data Administrator in:
– Conducting analyzes and statistics to improve the operation of the App,
– Administering the operation of the App,
– Preventing Users from using the App contrary to its intended purpose,
– Creating records and registers related to the processing of personal data in accordance with the principles arising from the GDPR,
Ie. processing based on Article 6 sec. 1 letter f GDPR.

V. Data processing that does not require identification

The App allows users to exchange messages in a chat with a physiotherapist. The content of the message may contain information constituting personal data. The administrator of personal data regarding the operation of the App does not store messages sent in Chat, but only allows them to be sent and saved on the User’s device. Thus, the Personal Data Administrator cannot identify people whose data is transmitted via the Chat function in the App, and does not store this information.

VI. Recipients of the personal data

1. Recipients of the personal data processed in the App can be:
a) Entities providing services to the Personal Data Administrator – in the field of hosting or similar services provided to the Personal Data Administrator,
b) Entities providing legal and accounting services to the Administrator of personal data,
c) Entities providing consultancy services with a physiotherapist based on a separate agreement with the Personal Data Administrator.
2. If such an obligation arises from the provisions of generally applicable law or the decision of the competent authority, as well as if the User makes such a request, the Personal Data Administrator may disclose the User’s personal data to the appropriate public authorities.

VII. Time of personal data storage

1. The personal data is stored for the following periods:
a) Data necessary for the provision of electronic services and performance of the contract for the provision of such services – for the time necessary to provide such service, but not longer than until the expiry of the limitation period for claims regarding the services rendered.
b) Data processed on the basis of the legitimate interest of the Personal Data Administrator – until an effective objection is made or the purpose of personal data processing is achieved, however, no longer than 5 years, counted from the end of the year in which the Personal Data Administrator began processing personal data.
c) Data processed for analytical and App administration purposes – until the data expire or become invalid.
2. If the User submits a request to exercise the right to be forgotten,, each application is considered individually
VIII. Transfer of personal data to third countries

1. The app uses popular services and technologies, offered among others by Google, which – due to the headquarters in the United States of America – in the light of provisions of the GDPR is treated as a third country (outside the European Union).
2. The GDPR limits the possibility of transferring personal data to third countries, due to the fact that they may not guarantee an adequate level of protection of personal data of European Union citizens and due to the fact that European law regulations are not respected there. Each administrator of personal data is required to determine the legal basis for such transfer of personal data.
3. Each Administrator of personal data is required to determine the legal basis for such transfer of personal data.
4. The personal data administrator ensures that in connection with the use of services and technologies, personal data is only transferred to those entities from the United States that joined the Privacy Shield program, based on the European Commission implementing decision of July 12, 2016.
5. Entities participating in this program guarantee that they will comply with high standards in the field of personal data protection that are in force in the European Union, therefore the use of their services and offered technologies in the process of personal data processing is lawful. You can read more about Privacy Shield compliance with the GDPR on the European Commission website at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_pl
6. The administrator of personal data will provide the User with additional explanations regarding the transfer of personal data at any time.
7. In addition, the User has the right to obtain a copy of personal data transferred to a third country at any time.

IX. Rights of data subjects

The user who uses the App has the right to:
a) Access to personal data and receive a copy thereof,
b) Request rectification or supplementation of personal data,
c) Request the removal of personal data – if the User considers that there are no grounds for the Administrator of personal data to process his personal data and there are no grounds justifying further processing,
d) Restrict the processing of his personal data – the User may request that the Personal Data Administrator limit the processing of his personal data only to their storage or performing activities agreed upon with it, if the data is incorrect or processed without a legal basis, or the data subject does not want to delete them due to the need to save data for the determination, investigation or defense of claims or for the time of recognition of objection to the processing of personal data.
e) Object to the processing of personal data:
– Processing of personal data for direct marketing purposes: The User has the right to object to the processing of personal data for direct marketing purposes. The exercise of this right causes the Administrator of personal data to stop processing personal data.
– Opposition due to the special situation: the User has the right to object to the processing of his personal data on the basis of a legitimate interest for purposes other than direct marketing. The objection should then indicate what specific situation concerns the data subject who justifies the request to stop processing personal data. The administrator of personal data will cease processing personal data for these purposes, unless it demonstrates that the grounds for further processing are superior to the rights of the data subject or that these data are necessary to establish, assert or defend claims.
f) Transfer the data – the User has the right to receive in a structured, commonly used machine- readable format, personal data concerning him which have been forwarded to the Administrator on the basis of consent. The User may instruct the Administrator to send them directly to another entity.
The user can exercise his rights by sending an email to the address: iod@eon46.com

X. The opportunity to withdraw consent to the processing of personal data

If personal data are processed on the basis of the consent of the data subject, he has the right to withdraw his consent to the processing of personal data at any time. Withdrawal of consent to the processing of personal data does not reverse the lawfulness of the processing of personal data prior to the submission of the statement. You can exercise your rights by sending an email to: iod@eon46.com

XI. Right to lodge a complaint with a supervisory authority

The data subject who believes that his personal data is being processed unlawfully may lodge a complaint with the supervisory authority in this regard. The leading supervisory authority to which you can lodge a complaint regarding the processing of personal data is the Polish authority – the President of the Office for Personal Data Protection – Stawski street 2, 00-193 Warsaw

XII. The need to provide personal data

Providing personal data is voluntary, however – necessary if the User wants to use the App and take full advantage of its functionalities, including in particular creating a User account in it.

XIII. Processing of personal data in the form of cookies and server logs

1. The app does not use cookies.
2. Information about some of the events caused by users is saved as logging on the server. These data are used only for the proper administration of the App and to ensure efficient operation of the app and its functionalities.
3. The following information can be saved as server logs:
a) brand and model of the mobile device
b) hardware identifier
c) operating system type and version
d) login date and time
e) mobile device IP address
4. Logs of individual user activities can also be saved in the form of logins. In this case, the logs are available in tools designed to support individual app functionalities.
5. Data indicated in par. 2 above are not associated with specific users and are used only to properly administer the operation of the app or website.

XIV. Profiling and automated decision making

The App does not use mechanisms based on profiling and automated decision making for its operation.

XV. Final Provisions

1. To the extent not covered by this Privacy Policy, there apply personal data protection regulations.
2. You will be notified of any changes to this Privacy Policy by publishing the new Privacy Policy text in the app and on the website. The changes come into force on the date of publication of the new text of the Privacy Policy.
3. This Privacy Policy applies since …