FitConcept Ltd. (registered office: 1171 Budapest, Péceli út 156.) as data controller (hereinafter referred to as „Data Controller”) informs you that, pursuant to Legislative Decree 196/2003 („Data Protection Act”) and Regulation (EU) 679/2016 („GDPR”), your personal data will be processed in the following ways and for the following purposes:

1. Subject of the processing

The Data Controller processes non-sensitive personal data provided by you as a party providing products and services under a contract with the Data Controller (hereinafter „Data” or „Personal data”) (in particular, name, surname, company name, e-mail address, etc.) which you have provided to the Data Controller.  www.peakpilates.hu website (hereafter „Website”) and/or in case of a contact request sent to the Data Controller.

2. Purposes of data processing

We process your personal data for the following purposes:

A. without your prior authorisation for contractual purposes, in order to:

  • the management and maintenance of the Website;
  • handle contact requests from you;
  • prevent or detect fraudulent activities or harmful misuse of the Website;
  • the exercise of the Data Controller's rights, such as the right of defence before a court;

B. with your prior authorisation for direct marketing purposes, in order to:

  • informing you through regular letters, telephone calls, emails, newsletters or initiatives and commercial offers from the Data Controller. In addition, if you are already our Customer, we may send you commercial e-mails to the e-mail address you have provided to us regarding services and products of the Data Controller that you have already used. In each email sent, you will have the opportunity to unsubscribe from further emails by clicking on the link provided.

3. Method of data processing

Your data will be processed electronically through data collection, registration, organisation, storage, consultation, elaboration, modification, selection, data mining, comparison, use, interconnection, blocking, communication, erasure and destruction operations.

4. Data storage

The Data Controller shall process Personal Data for the period necessary to fulfil the purposes set out above, but for no longer than 2 years after the collection of the data.

5. Access to Data

Your Data may be accessed for the above purposes by:

  • employees of the Controller and/or employees of Group companies and/or collaborating partners as the person responsible for data processing and/or as internal Data Processors and/or system administrators;
  • third parties or other persons (e.g. IT service providers, service providers, credit institutions, professional firms, etc.) who perform outsourcing activities on behalf of the Data Controller and process the Data as internal Data Processors.

6. Disclosure

Your data may also be disclosed on request, without your prior consent, to supervisory authorities, police or judicial authorities which, in their capacity as independent Data Controllers, process the data for institutional purposes and/or in the course of investigations and audits in accordance with the law. In addition, your Data may be disclosed to third parties (e.g. partners, contractors, agents, etc.) who will process them as independent Data Controllers in order to carry out activities necessary for the above purposes.

7. Data transmission

Your data will not be transferred to countries outside the EU.

8. Nature of the information and consequences of refusal to reply

Provision of data is mandatory for contractual purposes: these Data are necessary for the Controller's services, and if you choose not to provide your Data, you will not be able to use the Controller's services.

The provision of data for marketing purposes is voluntary, and if you choose not to provide your Data, it will not affect the use of the Controller's services. You may therefore choose not to provide your Data, in which case you will not receive our commercial communications.

9. Rights of data subjects

The Controller informs you that as a data subject you have the right to:

  • receive confirmation and clear information about the existence or absence of Personal Data relating to you, even if you have not yet registered;
  • receive information and, if necessary, a copy of: a) the source and category of Personal Data; b) the method used, if the processing is carried out by electronic means; c) the purposes and means of the processing; d) information to identify the Controller and the Processors; e) the persons or categories of persons who may receive the Personal Data or who may have access to them, in particular if the recipient is a country outside the EU or an international organisation; (e) the duration of the storage of the Personal Data or, where this is not possible, the criteria for determining this duration; (f) the existence of automated decision-making processes and, if any, the method behind them and their relevance and consequences for the data subject; (g) the existence of appropriate safeguards in the event of transfers of Personal Data to a country or international organisation outside the EU;
  • receive without delay any updates, corrections or, if you are interested, integration of incomplete Data;
  • to obtain the erasure, anonymisation or blocking of: a) data processed unlawfully; b) data no longer necessary for the purposes for which the data were collected or for which they are further processed; c) where you withdraw your consent on which the processing is based and there is no other legal basis for the processing; d) where you do not consent to the processing and there is no legal basis overriding it; e) in accordance with legal obligations; f) data relating to children. The Data Controller may refuse to erase Data if the processing is necessary for: a) the exercise of the right to freedom of expression and information; b) in accordance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority; c) for reasons of public interest; d) for scientific or historical research or statistical purposes in the public interest; e) to lodge a legal complaint;
  • restrict the processing if: a) the accuracy of the Personal Data is questionable; b) the processing is unlawful and the data subject opposes the erasure of the Personal Data; c) the Data is requested for the purpose of lodging a legal complaint; d) the Data Controller's legal bases override those of the data subject are under review;
  • receive Personal Data about you in a structured, commonly used, machine-readable format and transfer it to another controller without hindrance from the controller to whom you have provided the Personal Data, if the processing is automated;
  • to refuse, in whole or in part: a) the processing of Personal Data relating to you on legitimate grounds, even if it is necessary for the purposes of the collection of the Data; b) the processing of Personal Data relating to you for the purposes of sending advertising material, direct marketing, market research or commercial communications, without the intervention of the operator, by automated calling system, e-mail and/or traditional marketing methods (telephone and/or paper mail).
  • submit a complaint to the competent supervisory body.

Where necessary, in the above cases, the Controller is obliged to communicate your exercise of rights to any third party to whom it has transferred the Personal Data, except in certain specific cases (e.g. where this proves impossible or would involve a disproportionate effort).

10. Ways of exercising rights

You can exercise your rights at any time:

  • by sending a registered letter to the address of the Data Controller: 1171 Budapest, Péceli út 156;
  • by sending an email to info@peakpilates.hu;
  • by calling +36 70 270 3703

11. Data Controller, Data Processor and persons responsible for data processing

The Data Controller:

  • FitConcept Ltd.