Thank you for visiting our web Site’s page available at http://bodychief.pl (hereinafter referred to as: "BodyChief Web Site" or “Internet-based Service” or "Web Site") or using our BodyChief application (hereinafter referred to as: "BodyChief application" or "Application"). BodyChief Web Site and BodyChief application are referred to collectively as "BodyChief". By means of BodyChief, it is possible to order the service of preparation and delivery of meals shown on the Web Site or in the Application as part of dietetic catering provided by the BodyChief owner (hereinafter referred to as: "Service" or "Diet").
TThis policy serves an informative purpose; thus, it is not a source of obligations for persons using BodyChief. The privacy policy contains mostly the principles of processing personal data by the BodyChief’s Data Controller, including the grounds, purposes and scope of the personal data processing and the rights of data subject, as well as information on the use of cookie files and analytical tools by BodyChief.
Please read the privacy policy,
BodyChief team
TABLE OF CONTENTS:
Purpose of the data processing | The legal basis of the processing and the period of the storage of data | The scope of the processed data |
The execution of the contract for the provision of the Service or of the Electronic Service or the taking of actions at the demand of the person to whom the data are related, before the conclusion of the above-mentioned contracts |
Article 6 paragraph 1 letter b) of the General Data Protection Regulation (execution of the contract) and article 9 paragraph 2 letter a) of the General Data Protection Regulation (consent - it is related to the processing of the data related to health) The data are stored during a period being indispensable for the execution, for the dissolution or for the expiry in another way of the concluded contract. |
The maximal scope: first name and surname, e-mail address, contact telephone number, password and the data related to the provision of possible Services: address of the Service (street, number of the house/ flat, postal ZIP, locality: town/ village), address of the deliveries on the weekend/ on public holidays, code to the entrance phone and in case of Clients who have provided these data - the data related to health (i.e. health data provided in order to take account of it during the performance of the Service: information on health troubles, including alimentary allergies and other diseases which require the elimination or limitation of consumption of specific products, and, in the case of data provided when using selected functionalities of the Bodychief Application, in order to enable the use of additional functionalities of the Bodychief Application using the above-mentioned data: date of birth, height, weight and physical activity information). In case of Recipients of services or of Clients who are not consumers, the Administrator may process in addition the business name of the company, the address of the conduct of the business/ of the registered office and the tax identification number (NIP) of the Recipient of the service or of the Client. The indicated scope is the maximal scope. |
Direct marketing |
Article 6 paragraph 1 letter f) of the General Data Protection Regulation (legally justified interest of the administrator) The data are kept during the period of the existence of the legally justified interest being realised by the Administrator, not longer, however, than during the prescription of claims in relation to the person to whom the data are related, on account of the business activity conducted by the Administrator. The prescription is defined by the provisions of law, in particular of the Civil Code (the basic term of prescription for claims connected with the conduct of business activity amounts to three years and for a contract of sale it amounts to two years). The Administrator may not process the data for the purpose of direct marketing in case of the expression of an effective objection in this respect by the person to whom the data are related. |
The maximal scope: first name and surname, address, e-mail address, contact telephone number and the history of the purchases made in the Internet-based Service/ on the Web Site so far. If the Administrator uses scripts and/or advertising pixels of external websites (such as Facebook, Google or TikTok) for marketing purposes directly, the Administrator may process the following data related to the device or person using BodyChief:
|
Marketing of the services and products of the Administrator |
Article 6 paragraph 1 letter a) of the General Data Protection Regulation (consent) The data are stored until the moment of the withdrawal of the consent by the person to whom the data are related, to the further processing of his/ her data for this purpose. |
The maximal scope: first name and surname, address (street, number of the house/ flat, postal ZIP, locality: town/ village), e-mail address, contact telephone number and the history of the purchases made in the Internet-based Service/ on the Web Site so far. If the Administrator uses scripts and/or advertising pixels of external websites (such as Facebook, Google or TikTok) for marketing purposes directly, the Administrator may process the following data related to the device or person using BodyChief:
|
Marketing of the services and products of the partners of the Administrator |
Article 6 paragraph 1 letter a) of the General Data Protection Regulation (consent) The data are stored until the moment of the withdrawal of the consent by the person to whom the data are related, to the further processing of his/ her data for this purpose. |
The maximal scope: first name and surname, address (street, number of the house/ flat, postal ZIP, locality: town/ village), e-mail address, contact telephone number and the history of the purchases made in the Internet-based Service/ on the Web Site so far. |
Keeping of the accounting books |
Article 6 paragraph 1 letter c) of the General Data Protection Regulation in connection with article 74 paragraph 2 of the Act of Parliament on accounting dated 30th January 2018 (Law gazette of 2018, item 395) The data are stored during the period required by the provisions of law, which impose (the obligation) on the Administrator to keep the accounting books (five years starting from the beginning of the years, which follows the financial year to which the data are related). |
The first name and the surname, the address of the residence/ of the conduct of business/ of the registered office (if it is different than the address of the delivery), business name of the company and the tax identification number (NIP) of the Recipient of the service or of the Client, number of the banking account (it is related to the situation when goods are returned). |
The establishment, enforcement and defence of claims, which may be filed by the Administrator or against the Administrator |
Article 6 paragraph 1 letter f) of the General Data Protection Regulation The data are kept during the period of the existence of the legally justified interest being realised by the Administrator, not longer, however, than during the prescription of claims in relation to the person to whom the data are related, on account of the business activity conducted by the Administrator. The prescription is defined by the provisions of law, in particular of the Civil Code (the basic term of prescription for claims connected with the conduct of business activity amounts to three years and for a contract of sale it amounts to two years). |
The maximal scope: first name and the surname, e-mail address, contact telephone number, password and the data related to the provision of possible Services: address of the Service (street, number of the house/ flat, postal ZIP, locality: town/ village), address of the deliveries on the weekend/ on public holidays, and in case of Clients who have provided these data - the data related to health (i.e. The information in health troubles, including alimentary allergies and other diseases which require the elimination or limitation of consumption of specific products), number of the banking account. In case of Recipients of services or of Clients who are not consumers, the Administrator may process in addition the business name of the company, the address of the conduct of the business/ of the registered office and the tax identification number (NIP) of the Recipient of the service or of the Client. The indicated scope is the maximal scope. |
Using the BodyChief Website and ensuring its proper functioning |
Article 6 paragraph 1 letter f) of the General Data Protection Regulation (legitimate interest of the administrator); processing is necessary for the purposes of the Administrator’s legitimate interests consisting in running and maintaining BodyChief. The data are kept during the period of the existence of the legally justified interest being realised by the Administrator, not longer, however, than during the prescription of claims in relation to the person to whom the data are related, on account of the business activity conducted by the Administrator. The prescription is defined by the provisions of law, in particular of the Civil Code (the basic term of prescription for claims connected with the conduct of business activity amounts to three years and for a contract of sale it amounts to two years). |
The maximal scope: IP number, location data, Website traffic source. The indicated scope is the maximal scope. |
Keeping statistics, doing research and analysing BodyChief Website traffic |
Article 6 paragraph 1 letter f) of the General Data Protection Regulation (legitimate interest of the administrator); processing is necessary for the purposes of the Administrator's legitimate interests consisting in keeping statistics and analysing traffic on the BodyChief Website in order to improve its functioning and increase the sales of the Services. The data are kept during the period of the existence of the legally justified interest being realised by the Administrator, not longer, however, than during the prescription of claims in relation to the person to whom the data are related, on account of the business activity conducted by the Administrator. The prescription is defined by the provisions of law, in particular of the Civil Code (the basic term of prescription for claims connected with the conduct of business activity amounts to three years and for a contract of sale it amounts to two years). |
The maximal scope: sources and methods of acquiring BodyChief Website visitors and their behaviour on the Website or in the Application, information on devices and web browsers used to visit the BodyChief Website, geographic data and demographic data (age, gender) and interests, device IP address, device screen size, device type (unique device identifiers), web browser information and the preferred language used to display the BodyChief Website. The indicated scope is the maximal scope. |
CCTV |
Article 6 paragraph 1 letter f) of the General Data Protection Regulation (legitimate interest of the administrator); processing is necessary to ensure the safety of people staying at the Administrator's premises, and property protection. Monitoring is carried out 24 hours a day and covers the area of the Administrator's seat and the adjacent area. CCTV recordings are stored during 30 days from the date of recording. CCTV monitoring is carried out with respect for the dignity and personal rights of the people concerned. Recorded materials will be used only in the above-mentioned purposes, and will be accessed only by persons authorized to the personal data processing and legal entities. Each of the authorized persons is obliged to maintain the secrecy resulting from these materials. In the case of the image recordings being evidence in legal proceedings or the Company learning that they may constitute evidence in proceedings, the time limit shall be extended until the proceedings are legally concluded. |
The scope: image, appearance and clothing special features. |
Recording telephone conversations in order to enable the Administrator to improve the quality of the Service |
Article 6 paragraph 1 letter a) of the General Data Protection Regulation. |
Scope: voice timbre, telephone number and data of the person registered by the recording device. |
Their supplier:
|
Their storage period on the device of the person visiting the Online Store website:
|
The purpose of their use:
|
Purposes of using Cookies in BodyChief | identification of Service Recipients as logged into BodyChief and showing that they are logged in (strictly necessary cookies) |
remembering Services added to the cart in order to place an Order (strictly necessary cookies) | |
remembering data from completed Order Forms, surveys or BodyChief login data (strictly necessary and/or functional/preferential cookies) | |
adapting the content of BodyChief to the individual preferences of the Service Recipient (e.g. colours, font size, page layout) and optimising the use of BodyChief (functional/preferential cookies) | |
keeping anonymous statistics showing how BodyChief is used (analytical and performance cookies) | |
displaying and rendering advertisements, limiting the number of advertisement displays and ignoring advertisements that the visitor of BodyChief does not want to see, measuring the effectiveness of advertisements, as well as personalising them, i.e. studying the behaviour of BodyChief visitors through anonymous analysis of their activities (e.g. repeated visits to specific pages, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their expected interests, also when they visit other websites in the advertising network of Google Ireland Ltd., Facebook and Instagram (Meta Platforms Ireland Ltd.), TikTok (TikTok Technology Limited), Twitter (Twitter International Company) and Pinterest (Pinterest Europe Limited) (marketing, advertising and social cookies) |
In the Chrome browser:
(1) in the address bar, click on the padlock icon on the left, (2) go to the "Cookies" tab. |
In the Firefox browser:
(1) in the address bar, click on the shield icon on the left, (2) go to the "Allowed" or "Blocked" tab, (3) click on the "Cross-site tracking cookies", "Social network trackers" or "Content from trackers” |
In the Internet Explorer browser:
(1) click on the "Tools" menu, (2) go to the "Internet Options" tab, (3) go to the "General" tab, (4) go to the "Settings" tab, (5) click on the "View Files" box. |
In the Opera browser:
(1) in the address bar, click on the padlock icon on the left, (2) go to the "Cookies" tab. |
In the Safari browser:
(1) click on the "Preferences" menu, (2) go to the "Privacy" tab, (3) click on the "Manage website data" field. |
Regardless of the browser, using the tools available, e.g. on the website:
https://www.cookiemetrix.com/ lub: https://www.cookie-checker.com/ |
INFORMATION CLAUSE ON THE PROCESSING OF PERSONAL DATA.pdf
Social Media Privacy Policy.pdf