Thank you for visiting our website and our mobile application available at http://worksmile.com/en (the “Website”).
The website offers three basic functionalities:
- an innovative gamification platform addressed to the following groups: owners of companies, associations, public entities and other organizations and their users (“Worksmile”). Worksmile allows introducing sports and a healthy lifestyle into users’ everyday lives. Worksmile’s mission is to integrate and motivate users to lead an active lifestyle by building a community in a given company or organization, organizing sporting events based on healthy competition and setting a common goal, all in an atmosphere of fun.
- it is a tool that allows managing specific non-wage benefits for employees / co-workers on the principles set out in the Regulations (“Benefits”).
- payment services in the form of a payment account for the use of non-wage benefits for employees / associates.
- 1. Fitqbe Sp. z o.o. with headquarters in Warsaw (‘we’, ‘the Company’) attaches particular importance to respecting the privacy of Users visiting the Website at www.worksmile.com and with the use of Application. The data collected in the logs is used only for the purposes of administering the Website. Servers automatically save data such as the page request sent by the User, date and time of request and response, device data (e.g. hardware model), browser type, browser language, type of operating system. Most logs (server logs) are not associated with any specific User. All Users’ data obtained through the Services is intended for our use.
2.PERSONAL DATA PROCESSING
2.1.1. Subject to the provisions of this Policy, the Service Provider is the administrator of personal data processed on the Website, i.e. Fitqbe sp. z o.o. with headquarters in Warsaw, Al. Jana Pawła II 61 lok. 241, 01-031 Warsaw, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Department of the National Court Register under KRS number: 0000605281; share capital: PLN 16.500,00, TAX ID.: 5272761750, REGON: 363874982, email address: email@example.com.
2.1.2 A Data Protection Inspector has been appointed in the Company, whom you can contact at the following e-mail address: firstname.lastname@example.org.
2.1.3. All personal data from you is collected in different ways, depending on the services provided:
a) information provided voluntarily by the User – we ask Users using registration and contact forms to provide personal data;
b) information obtained while using the Website (within this terms, the Service Provider is the administrator of Users’ personal data) – may include:
- IP address – each computer connected to the Internet is assigned a unique number, i.e. the IP address; on its basis, you can e.g. identify the country from which a given User connects to the network. When using the Website, additional information may be downloaded, in particular: the IP address assigned to the Customer’s computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type. These logs are only used to analyse possible technical problems when registering, logging in and using the Website;
- geolocation data – if the User enables the geolocation function, the User’s activity routes will be recorded; if the User wishes, these routes will be visible to other users;
- information on the scope of non-wage benefits, benefits purchased by the User – in the case of using Benefits;
- text files (“Cookies”) sent to the User’s computer when visiting the Website. Cookies store data required by the website for proper operation, including identification of the currently logged in User. The User’s personal data may be displayed in the content of websites when visiting an account on the Website;
c) data provided by the Administrator (within this terms, the Service Provider is an entity that processes Users’ personal data), such as: name, business email address, employer’s company, department, position, budget made available by the Administrator for non-wage benefits, pay ranges, employment form, income threshold, information on the use of non-wage benefits – in the event of a contract for the use of Benefits between the Administrator and the Service Provider.
d) data provided by the User to Partners in connection with the purchase of Benefits on the Website, such as: name, surname, bank account number, payment card number, home/delivery address – if the User purchases Benefits on the Website;
e)data identifying the User, such as: name, surname, e-mail address, PESEL (ID) number or date and place of birth, citizenship, payment account number, ID document number – in the case of concluding a payment service agreement between the Administrator and the User.
The data comes directly from the User or in the cases specified above from the Administrator (i.e. the employer who concluded the contract with the Service Provider) or from the Partner (for the purposes of intermediation in the transaction of acquiring the Benefit or claims related thereto).
2.1.4. The User undertakes the following:
a) not to break the security of Website services;
b) not to modify or interfere in any way with the source code of the Website’s software;
c) not to interfere with the databases available through the Website;
d) not to modify the Website’s services, trademarks, descriptions and other data and objects of intellectual property rights contained on the Website for any purpose;
e) use the Services offered by the Company in a manner consistent with the provisions of the law in force in Poland, the provisions of the Regulations, as well as with the customs adopted in a given scope;
f) not to provide or transfer content prohibited by applicable law;
g) use the Services offered by the Company in a proper manner, with respect for their personal rights (including the right to privacy) and all their rights;
h) use the Services offered by the Company in a way that does not interfere with the functioning of the Website, in particular through the use of specific software or devices;
i) not to take any actions aimed at bypassing security or disrupting the stability and functionality of authorized servers or the Website’s software;
j) use all functionalities on the Website only for the purposes of own use; their use in other areas is permissible only on the basis of the express consent of the authorized person;
k) not to post statements having the character of advertising or commercial nature, offensive, vulgar, violating good morals or good image of the Company or the Website;
l) Not to copy the files attached on the Website and place them outside the Website.
2.2. PERSONAL DATA PROCESSING RANGE
2.2.1. The company processes the data indicated in item 2.1.3.b) above, data collected in connection with the use of the Website and the following data provided by the User as part of registration on the Website:
a) name (obligatory),
b) surname (obligatory),
c) gender (optional),
d) email address (obligatory),
e) telephone number (optional),
f) weight (optional),
g) height (optional)
h) date of birth (optional).
2.2.2 The company processes the data indicated in point 2.1.3.b) above, data collected in connection with the use of payment services and the following data provided by the User as part of concluding a payment service contract:
a) first name (mandatory),
b) surname (obligatory),
c) gender (optional),
d) e-mail address (mandatory),
e) telephone number (optional),
f) weight (optional),
g) height (optional),
h) date of birth (optional),
i) PEP status (holding a politically exposed position in the scope of anti-money laundering laws or being close to such a person).
2.2.3. In addition, we can process the photo you added in your User profile. You add the photo completely voluntarily and you can change or delete it at any time. The posted photo will be visible to other Website users; this photo will not be used for any other purpose.
- Providing the data marked in item 2.2.1 above as “obligatory”, data provided by the Administrator when using Benefits indicated in point 2.1.3.c) above is necessary to provide services on the Website.
Providing additional (optional) data is voluntary and may help to improve our services, but failure to do so does not block the service provision.
2.3. PERSONAL DATA PROCESSING GOALS
The personal data you provide will be processed for the following purposes:
a) in order for the Company to take necessary actions related to contract implementation, which is concluded by accepting the Website Regulations by the User or the terms and conditions of payment services, in particular the operation of the Website and providing functionality on the Website, send e-mails with information about the status of your activity on the Website and contact in case there are any problems on the Website. In this case, the basis for processing your data is the contract concluded with our company. Data provision is voluntary, but necessary to conclude and perform the contract.
b) to implement the Company’s legitimate interests, in particular:
- direct marketing of the Company’s own products or services;
- establish, investigate or defend claims arising from the Company’s business operations;
- ensure network and information security, in particular, preven attempts of unauthorized access to information;
- for administrative and statistical purposes,
- investigate complaints.
In this case, the basis for processing your data is the legitimate interest pursued by the Company. You have the right to object to the processing of your personal data if it is justified by a special situation. An objection may be made in any form;
c) to conduct marketing activities and provide commercial information, including, for example, receiving newsletters in the form of a Newsletter or Notifications, information about promotions, sales, events and competitions organized by the Company – based on your consent to the processing of personal data in the purpose we indicate. If additional consent is given, marketing messages addressed to you will be adapted to your needs and preferences (more on profiling in section 2.7 below). Expressing consent is always voluntary. The consent granted can be withdrawn at any time. The withdrawal of consent does not affect the lawfulness of earlier data processing. The consent may be granted or withdrawn in the Service Settings in the “Notifications” tab;
d) to fulfil the obligations arising from legal provisions, i.e. in particular, issuing and storage of invoices in connection with transactions made – the basis for data processing is then the necessity of their processing to meet the legal obligation incumbent on us.
In addition, the Users’ personal data provided to the Service Provider by the Administrator will be processed in order for the Service Provider to take the necessary actions related to the preparation and implementation of the contract with the Administrator, the conclusion of which takes place under separate arrangements between the Administrator and the Service Provider. In this case, the basis for the processing of your data is the contract concluded with the Administrator (who is your employer). Providing data is voluntary, but necessary for the conclusion and performance of the contract.
Moreover, the Users’ personal data provided to the Service Provider by the Partner will be processed by the Service Provider in order to pay for the Services purchased by the User on the Website from the Partner and to consider complaints related thereto.
2.4. PERSONAL DATA PROCESSING PERIOD
Your personal data will be processed for the following period:
a) if the User uses the Website – the data will be processed until the termination of the employment relationship/termination of cooperation between the Administrator and the User or until another moment provided for by the Administrator’s internal rules or agreed with the User. After this period, the data will only be archived for the period of limitation of claims or resulting from legal provisions;
b) if the basis for the processing of your data is a legitimate interest pursued by the Company, the data will be processed as long as it is necessary for the purposes for which it is processed or until the objection is effectively expressed;
c) if the basis for the processing of personal data is your consent, the data will be processed by us for the purposes specified in the consent until its withdrawal. After withdrawing your consent, your data will be processed to the extent necessary to assert or defend our claims and defend against claims, until the limitation period expires;
d) if the basis for data processing is the necessity of their processing to meet the legal obligation incumbent on us, the data will be processed as long as required by law.
2.5.1. If you use the Website and express your consent, you may receive the following Notifications from us:
a) competition invitations (Email notification each time you receive a competition invitation);
b) competition invitation reminder (Email notification if you do not respond to the competition invitation after 3 days);
c) reminder about the competition you are taking part in (Email notification if you do not add any activity to it after 3 days of joining the competition);
d) reminder about a starting competition (Email notification about the competition that will start the next day);
e) come back (Email notification if you have been inactive for more than 3 days);
f) weekly summary (weekly email notification summarizing your activity);
g) reminder notification (Email notification if someone mentions you in Worksmile);
h) event invitations (Email notification each time you receive a competition invitation);
i) reminder about a starting event (Email notification about the competition that will start the next day);
j) confirmation of exchange of points for products (after each exchange of points for a product from the store we will send you a confirmation email);
k) confirmation of exchange of points for money (after each exchange of points for money from the store we will send you a confirmation email);
l) confirmation of exchange of points for funds for the foundation (after each exchange of points for funds for the foundation we will send you a confirmation email); funds for the foundation are transferred by your employer;
m) E-mail notification about choosing you as the athlete of the month (after you earn the title of the athlete of the month we will send you an e-mail confirmation);
n) Administrator’s post (Email notification of a new Administrator’s post);
o) Worksmile’s post (Email notification of a new Worksmile’s post);
p) group invitations (Email notification each time you receive a competition invitation);
q) adding an article to a group (E-mail notification whenever an article is added to the group you belong to).
2.5.Your consent to receive Notifications from us will increase your satisfaction and satisfaction with using the Website. For each of the notifications indicated in item 5.1. you can give separate consent on your profile.
2.6.1. If you use Worksmile and express your consent, you can provide us or agree to share the following information with Worksmile for other users:
a) Your location of activity (Your location, maps and routes of your activities will be visible in Worksmile for you and your Employer as the administering Worksmile; if you want, you can also additionally share your activities on social media, for people who are not Worksmile users);
b) information about your current training – visible to other Worksmile users;
c) competition invitations (automatically accept competition invitations from Administrators or Users).
d) automatically accept competition invitations from Users.
2.6.2 If you use Benefits, information about the non-wage benefits used is made available to the Administrator who has concluded a contract for the use of Benefits, i.e. your employer. In this regard, we act as a processor under the relevant data processing agreement that connects us with the Administrator, which regulates the rules of processing your data by the Service Provider at the request of the Administrator (including registration of the User Account in the form of additional verification by the Administrator, as referred to in point 5.5.b) of the Regulations).
When you give us additional consent, your personal data collected in connection with activities within Worksmile may be subject to profiling that consists in analysing your activity in Worksmile (e.g. training, your location, competitions, events, groups, results), and then, based on this information, directing you personalized offers of Worksmile products or services or our partners with whom we work. If you voluntarily provide your date of birth and consent, the Company also directs offers specially tailored to your age. Profiling allows us to offer you products or services tailored to your needs and interests. The consent may be withdrawn at any time. The withdrawal of consent does not affect the lawfulness of earlier data processing. The current list of partners cooperating with us is available on the Website.
2.8. Data recipients
2.8.1. The recipients of personal data processed by the Company will be:
a) The administrator who is your employer who has concluded a contract with us to use the Website – Worksmile or Benefits, respectively;
b) entities processing data on behalf of the Company, supporting the service of the Website and IT systems;
c) other controllers processing your personal data on their own behalf, in particular, entities conducting postal or courier activities or Partners;
d) entities supporting electronic payment services,
e) state authorities authorized under the provisions of law, in particular in connection with the performance of their supervisory tasks or in the field of counteracting money laundering.
2.8.2. Your personal data will not be transferred to other recipients to a third country or international organizations.
2.8.3. Based on the information obtained as part of the Website, the Company may draw up collective statistical summaries that may be disclosed to third parties. However, such statements do not contain any data that identifies individual Users.
2.9. Users’ rights
2.9.1. In connection with the processing of personal data, the User has the right to:
a) request more detailed information on the use of personal data
b) request access to personal data and provide a copy of the data that has been provided to us;
c) receive personal data in a structured, commonly used machine-readable format that has been transferred and – if technically possible – request the transfer of such data to another administrator without obstacles, if its processing is based on consent or contract and in an automated manner;
d) request correction of any inaccuracies in the data we have;
e) request to delete any data for which we no longer have a legal basis;
f) object to a given processing based on a legitimate interest for reasons related to the User’s particular situation, including profiling, unless our processing grounds prevail over the User’s interests, rights and freedoms;
g) request that data processing is restricted, e.g. for the duration of the corequest that data processing is restricted, e.g. for the duration of the complaint;
h) withdraw the granted consent – if the consent is the basis for processing;
2.9.2 Statements regarding the implementation of the above rights and any comments should be send to the email address: email@example.com or to the Data Protection Officer at firstname.lastname@example.org Statements regarding the implementation of the above rights and any comments should be send to the email address: email@example.com or to the Data Protection Officer at firstname.lastname@example.org
2.9.3. If, despite our support, you believe that your personal data is being processed in breach of the applicable law, you have the right to file a complaint with the supervisory authority – the President of the Office for Personal Data Protection.thority – the President of the Office for Personal Data Protection.
3.1. We strive to protect the Website against unauthorized access by third parties. For this purpose, among others, firewall, server security devices, encryption devices and physical security measures are used. All data is encrypted on the path between the server and the User’s computer, including forms.
4. FINAL PROVISIONS
November 2021 version.