Privacy Policy

Personal Data Administrator

The Administrator of your personal data, i.e., the entity deciding on the purposes and methods of processing this data, is Emanuela, conducting business activity under the name Body Sanctuary, address: Minervaplein 48 F, 3054SK R-dam, KVK: 86007904.

Contact with the Personal Data Administrator

Contact with the Personal Data Administrator regarding the processing of personal data is possible via email by sending a message to: I don’t have an email yet, so I don’t remember.

Processing of Personal Data

Your personal data is processed when:

  • you use my services,

  • you visit the website: www.strona.com, including its subpages,

  • you participate in training, competitions, and promotional actions organized by me,

  • you participate in market research organized by me. In this case, the personal data provided by you for research will be used only with your consent. This data may be used to collect information for testing, researching, analyzing, and developing products, which will allow for the improvement and increase of the security and protection of my services, and the development of new features and products,

  • there is a need to use your data for conducting legal disputes, official proceedings, or matters related to compliance with legal regulations; in such a case, some of your personal data will be processed, in particular: name, surname, date of birth, data regarding the use of my services; in the case of claims arising from the way you use my services, other data necessary to prove the existence of the claim, including the extent of the damage suffered, may also be processed,

  • the Newsletter sending service is implemented, if you have given prior consent,

  • marketing information from me or my business partners is sent, if you have given prior consent,

  • you contact me via email or in any other way.

Provision of Personal Data

Providing your personal data is voluntary, but necessary for the implementation and proper provision of services by me, particularly in the case of concluding a contract with me. Your data is also necessary when there is a need to perform tasks specified by legal regulations, as mentioned below.

Processed Personal Data

Only data that is necessary for the realization of the purpose for which it was collected is processed. In particular, data such as the following may be processed:

  • Your name and surname, contact details, and payment details – when you use my services or participate in events organized by me; when you conclude a contract for the provision of services;

  • Your name and surname, phone number, email address, and in some cases also your bank account number, if you have won a cash prize – when you participate in a competition organized by me;

  • Your name, surname, and email address – when you have consented to receive the Newsletter and marketing information;

  • Your name and surname, your company name, your residential address or your company’s registered office address, your PESEL number or your company’s NIP number – when a sales document is issued for you;

  • Your name and surname, phone number, or email address – when I contact you electronically or using terminal devices and automatic calling systems, after you have given prior consent;

  • Other data necessary for registration and logging into the User Account – when you use my electronic services.

Purposes of Processing Personal Data

Your personal data is processed for the purpose of taking action at your request (e.g., responding to an inquiry or request), for the purpose necessary to conclude and perform a contract or provide a service, including handling any complaints, grievances, or pursuing claims arising from concluded contracts.

The processing of some of your personal data is also necessary to fulfill obligations resulting from legal regulations, particularly concerning: the obligation to store certain data for a specific period, collecting certain information to verify and identify the user, or transferring data to authorized authorities or entities, resulting from, among others:

  • The Accounting Act of September 29, 1994,

  • The Act on Tax on Goods and Services of March 11, 2004,

  • The Act on Counteracting Money Laundering and Terrorism Financing of November 16, 2000.

If your data is processed for a purpose other than that for which it was collected, you will be informed and asked for appropriate consent if such consent is required under applicable law.

Cookies

To a limited extent, your personal data may be collected automatically via cookies located on my websites.

Cookies are small text files saved on the user’s computer or other mobile device while using websites. These files serve, among other things, to use various functions provided on a given website or to confirm that a given user has seen specific content from that website. Among cookies, we can distinguish those necessary for the operation of the service:

  • user input cookies (session identifier) for the duration of the session,

  • authentication cookies used for services requiring authentication for the duration of the session,

  • security cookies, e.g., used to detect authentication abuse,

  • session cookies for multimedia players, e.g., flash player cookies, for the duration of the session,

  • persistent cookies for user interface customization for the duration of the session or slightly longer,

  • cookies used to monitor website traffic, i.e., data analytics, including Google Analytics cookies (these are files used by Google to analyze how the User uses the Service, to create statistics and reports on the functioning of the Service). Google does not use the collected data to identify the User nor does it combine this information to enable identification.

By using my websites, you consent to the placement of the cookies described above on your computer or other device. However, it is possible to control and manage installed cookies. Please remember that deleting or blocking cookies may affect how you use the websites, and some areas may become inaccessible.

The Personal Data Administrator reserves that after rejecting cookies, some functions offered by the Services may not work correctly, and in some cases, this may result in the complete inability to use the selected product.

Legal Basis for Processing Personal Data

Your personal data is processed in accordance with applicable law, in particular with the provisions of the GDPR regarding personal data.

The legal basis for processing your data is:

  • your expressed consent, or

  • processing your application or request, or

  • concluding and performing a contract, or

  • realizing the legally justified interests of the Personal Data Administrator, or

  • the Personal Data Administrator fulfilling obligations arising from applicable law.

Personal Data Processing Period

For individual cases, the data processing period is as follows:

  • if your data is processed based on a contract, processing will last for the duration of the contract and the statute of limitations period for any claims arising from it,

  • if you have given consent for data processing for a specific purpose, your personal data will be processed until you withdraw this consent,

  • in the case of the legitimate interest of the Personal Data Administrator, the processing period of your data lasts until that interest ceases, e.g., the statute of limitations for civil law claims, or until you object to further such processing, if such an objection is available under the law,

  • data processed to fulfill obligations of the Personal Data Administrator arising from applicable law will be processed for as long as required by those provisions.

Recipients of Personal Data

The recipients of the data are persons authorized by the Personal Data Administrator to use the data within the scope of performing their official duties, to whom the Personal Data Administrator commissions the performance of such activities.

If necessary, your personal data may be transferred for the purpose of performing my services, fulfilling my obligations, and properly complying with applicable law.

When performing some tasks (e.g., document destruction, data storage, accounting and payroll services, legal services, marketing services, IT services), I use the assistance of external entities. In such a case, I entrust personal data to subcontractors to achieve a specific purpose on my behalf (based on a Data Processing Agreement), while remaining the Administrator of your data and being responsible for its security.

In justified cases, your data will also be transferred to the relevant authorities.

Your data may only be transferred to:

  • persons authorized by me, my employees and associates who need access to this data for the proper performance of their duties,

  • entities processing data on my behalf for a strictly defined purpose (e.g., accounting office, law firm, IT company),

  • other data recipients (e.g., law enforcement agencies, banks – if they request information based on an appropriate legal basis in accordance with applicable law).

Other Cases of Sharing Personal Data

Your data is not shared with third parties or entities, except when:

  • you have given voluntary consent for such sharing. Previously given consent can be withdrawn by you at any time, in a similarly simple manner as it was given,

  • sharing is necessary for me to perform a contract or provide a service,

  • in special cases, your data may be shared with entities entitled to do so under generally applicable law (e.g., law enforcement agencies, an auditor for the purpose of auditing the financial statement).

Each request for access to your data is thoroughly investigated, and data is transferred only if the result of this analysis shows that there is a valid and effective legal basis for demanding the disclosure of your data to these entities.

Transfer of Personal Data Outside the European Union?

The obtained data may be transferred to other entities only when permitted by applicable law.

Some of my service providers may be located outside the European Economic Area (EEA). When transferring data outside the EEA, increased caution is exercised, and verification is carried out to ensure that the providers guarantee the protection of personal data in accordance with the legal requirements applicable within the EEA. In the case of transferring personal data to entities based in the United States, verification is carried out to ensure that the entity has joined the EU-US data protection program and is on the list of certified organizations maintained by the US Department of Commerce.

Method of Protecting Personal Data

The Personal Data Administrator makes every effort to ensure physical, technical, and organizational measures to protect personal data against accidental or intentional destruction, accidental loss, alteration, unauthorized disclosure, use, or access, in accordance with all applicable laws.

User Rights

In connection with the processing of your personal data, you have the following rights:

  • to information regarding the processing of your personal data; this is the so-called “information obligation” (according to Art. 12 and 13 GDPR),

  • to access the content of your personal data (according to Art. 15 GDPR),

  • to request rectification of your personal data (according to Art. 16 GDPR), i.e., correcting incorrect data and completing incomplete data,

  • to request restriction of the processing of your personal data (according to Art. 18 GDPR),

  • to request the transfer of your personal data to another Administrator (according to Art. 20 GDPR),

  • to object to data processing for reasons related to your particular situation (according to Art. 21(1) GDPR), with the proviso that this right is not absolute, meaning that despite the objection, your personal data may still be processed if it is demonstrated that there are compelling, legally justified grounds for processing that override your rights and freedoms, or grounds for establishing, pursuing, or defending claims,

  • to object to the processing of your personal data for direct marketing purposes, to the extent that the processing is related to such direct marketing. This objection does not require justification or conditions for effectiveness. In such a case, I will no longer be able to process your personal data for direct marketing purposes.

Withdrawal of consent does not affect the lawfulness of processing carried out based on consent before its withdrawal.

  • to request the deletion of your personal data (according to Art. 17 GDPR), this is the so-called “right to be forgotten”; you can exercise this right in particular when:

    • the Personal Data Administrator processes your personal data unlawfully,

    • you object to data processing for marketing purposes,

    • the data must be deleted for the Personal Data Administrator to comply with a legal obligation;

You can exercise the above rights by submitting an appropriate declaration to the Personal Data Administrator:

  • by email to: kontakt@facegym.pl

or

  • in writing – by traditional mail to the address:

Akademia Slow Aging Weronika Janecka, address: ul. Wysockiego 13, 05-822 Milanówek

annotation: personal data

  • to lodge a complaint with a supervisory authority, i.e., the President of the Personal Data Protection Office (formerly GIODO).

Privacy Policy Update

The Privacy Policy may be updated. If material changes are introduced, you will be informed by email. To the extent permitted by applicable law, the use of my services after such notification constitutes acceptance of the updates to this policy.

I encourage you to periodically review the content of this policy to obtain the latest information about my privacy practices. I also make previous versions of the privacy policy available for viewing.

The policy is regularly reviewed. The current version of the policy was adopted and is effective as of May 19, 2025.

Newsletter

If such an option is available on the website, the user can sign up for the newsletter. The personal data provided by the user to receive the newsletter includes: name, surname, email address or phone number, data regarding the conducted business activity being processed. The legal basis for data processing is consent (Art. 6(1)(a) GDPR). Such consent may be withdrawn at any time.

Links to Other Sites

The Site may contain links to other sites. If you click on a link to another site, you will be redirected to it. Please note that external entities are not operated by me, so you should review the privacy policy of the administrators of those sites. The Personal Data Administrator has no control over and assumes no responsibility for the content, privacy policies, or practices employed by third-party sites.

Legitimate Interest of the Personal Data Administrator

The Personal Data Administrator may process data as part of its legitimate interest (Art. 6(1)(f) GDPR), e.g., for the purpose of pursuing possible claims. Whenever the Administrator processes personal data on the basis of a legitimate interest, it tries to analyze and balance its interest and the potential impact on the data subject (both positive and negative) and that person’s rights under data protection laws.

Data Protection

The Personal Data Administrator uses all available physical, technical, and organizational measures to ensure proper protection of personal data, in particular, it secures them against destruction, accidental loss, disclosure to unauthorized persons, alteration, and verifies the scope of access. The Personal Data Administrator implements the rights of data subjects.