Privacy policy - GDPR

Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation; "GDPR"), Act No. 110/2019 Sb., on the processing of personal data (the so-called Adaptation Act), and Act No. 480/2004 Sb., on certain services in the information society.

  1. Personal data administrator/Operator (see point 1.6 of the GT&C)): Spiralista s.r.o., Identification No. 05376025, with its registered office at Karlova 933/7, Maloměřice, Brno, Postal Code 614 00, registered in the Commercial Register administered by the Regional Court in Brno, File C 94996, e-mail: info@spiralista.com.
  2. Categories of data processed:
    • • Identification and contact details relating to the Users (see point 1.13 of the GT&C) of the E-shop (see point 1.1 of the GT&C) and/or the Website (see point 1.14 of the GT&C):
      1. name, surname;
      2. telephone number, e-mail address;
      3. payment details;
      4. photograph;
      5. sex;
      6. age;
      7. weight;
      8. height;
      9. details relating to the part of the body and/or the health area that the User wants to focus on when using the Application;
      10. data resulting from the Purchase Agreement (see point 1.12 of the GT&C).
  3. Lawful basis for processing and purposes for processing:
    • conclusion and performance of the Purchase Agreement to which we are a party;
    • compliance with a legal obligation to which we are subject;
    • our predominantly legitimate interests which are mainly justified by:
      1. interest in establishing contractual cooperation;
      2. pre-contractual communication and any claims arising from pre-contractual liability;
      3. interest in future resumed negotiation on establishing contractual cooperation;
      4. for the purpose of our tax records and inspection;
      5. measures for the further development of our services;
      6. process optimization for the analysis of our needs;
      7. assertion of legal claims and defence in case of legal disputes;
      8. security verification;
      9. communication between the parties to the contract;
    • if the law requires the User's consent to processing, we will always request it in advance.
  4. To whom the data may be provided:
    • providers of IT services and/or information systems;
    • providers of external accounting services;
    • providers of legal services;
    • persons who, on the basis of authorization, ensure the performance of our contractual or legal obligations and the exercise of rights established by the Purchase Agreement or law, or with whom we otherwise cooperate in performing the subject matter of the Purchase Agreement or achieving the mission of the company (i.e. tax advisors, auditors, etc.);
    • government authorities or law enforcement authorities.
    We do not transfer personal data to third countries of international organizations.
  5. Time of personal data processing: We process personal data for the time necessary to fulfil the purpose for which the personal data were collected.
  6. Source from which the personal data originate: Personal data may come directly from the data subject whose personal data we process (i.e., the User), as well as from public registers and/or other sources (e.g. websites).
  7. Method of personal data processing: Personal data are processed in electronic form in an automated manner or in printed form in a non-automated manner. We do not perform systematic and/or extensive processing of personal data. We do not perform automated individual decision-making with legal or similar effects, including profiling, within Article 22 of the GDPR.
  8. Data subject's rights to protection of personal data:
    • right to be informed and right of access to personal data (Article 15 of the GDPR);
    • right to rectification, or right to have incomplete personal data completed (Article 16 of the GDPR);
    • right to erasure (Article 17 of the GDPR);
    • right to data portability to another data administrator (Article 20 of the GDPR);
    • right to restriction of processing personal data (Article 18 of the GDPR);
    • right to object to processing (Article 21 of the GDPR);
    • right to file a complaint with the Office for personal data protection (https://www.uoou.cz/) – applies to the Czech Republic;
    • right not to be the subject of automated individual decision-making with legal or similar effects, including profiling (Article 22 of the GDPR);
    • if the User has given us his or her consent, he or she may revoke it at any time, in writing at our address or by e-mail info@spiralista.com (in full or in part) – this does not affect the lawfulness of processing based on the consent given before it revocation.
  9. Voluntary provision of personal data: If the processing of personal data is based on the consent of the User, their provision is completely voluntary; therefore, if the User does not provide us with his or her personal data, he or she will not suffer any legal damage, but will not be able to use our services. Otherwise, the processing of personal data is possible only on the basis of a legal or contractual request (e.g., if personal data must be included in the Agreement).

Should the data subject have any questions related to the processing of personal data or an investigated security incident, he or she may contact the administrator by e-mail (see contact details in point 1 above).