Privacy Policy and Use of Cookies

General Information

This document outlines the principles of the Privacy Policy in relation to the services provided by Bartosz Tywusik – Personal Trainer (hereinafter referred to as "Trainer" or "Administrator"). The administrator of personal data is Bartosz Tywusik conducting unregistered business activity without a JDG number (Unified Identification Number of Economic Activity).

Terms used with a capital letter have the meaning assigned to them in the regulations of this Privacy Policy.

Personal data collected by the Administrator is processed in accordance with the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, p. 1), hereinafter referred to as GDPR.

The Administrator makes every effort to protect the privacy and information provided to him regarding potential and existing Clients. The Administrator carefully selects and applies appropriate technical measures, including both software and organizational measures, to ensure the protection of processed data, in particular securing data against disclosure to unauthorized persons, disclosure, loss, destruction, unauthorized modification, as well as against processing in violation of applicable legal provisions.

The recipients of services available through the Trainer's communication channels (in particular, the possibility of entering into a contract for the provision of training services) are not individuals under the age of 16. The personal data administrator does not intend to deliberately collect data concerning individuals under the age of 16.

Personal Data

Personal Data Administrator

The administrator of your personal data is:

Bartosz Tywusik – Personal TrainerBydgoszcz

Regarding your personal data, you can contact the Personal Data Administrator via:

  • email: kontakt@architektciala.pl

  • traditional mail: Bydgoszcz, Kruszwicka 1, 85-213

  • phone: 669 812 911

Purposes and Legal Bases for Processing Personal Data

The Personal Data Administrator processes your personal data for the following purposes and scope:

  • Acquisition of clients and communication regarding service offers– for the purpose of contacting you regarding training services, we process your first and last name, phone number, email address, and other information provided by you in contact forms, online forms, during phone calls, or through social media;

  • Taking action prior to entering into a contract at your request– including account setup or registration, we process the data provided in the registration form, such as email address, established password, first and last name, phone number, information regarding training goals;

  • Provision of training services– for the purpose of fulfilling the sales contract for training services, we process the personal data provided by you, such as first and last name, email address, phone number, address data, health information relevant to the safety of training, payment data;

  • Keeping a training history and monitoring progress– we process data regarding your training sessions, measurement results, progress photos (with your consent), training notes;

  • Marketing and promotional communication– for the purpose of marketing the Trainer's services, we process your personal data provided in the registration form, data regarding your activity, communication history, and in particular the history of phone calls, SMS/WhatsApp messages, emails. As part of remarketing, we use data about your activity to reach you with promotional messages via social media platforms and email;

  • Statistics and analysis– for the purpose of service usage statistics, facilitating service provision, and ensuring security, we process data regarding your activity, session schedules, duration of contacts, training preferences, location;

  • Establishing, pursuing, and enforcing claims– for the purpose of establishing, pursuing, and enforcing claims and defending against claims, we may process your personal data provided when entering into a contract or during communication and other data necessary to prove the existence of a claim or arising from a legal requirement;

  • Handling complaints, grievances, and requests– we process the personal data you provided in the contact form, complaints, grievances, and requests, data regarding the services provided that are the reason for the complaint or grievance.

  • Fulfillment of legal and tax obligations – we process data necessary to fulfill obligations arising from legal regulations, in particular tax, insurance, and accounting obligations;

  • Security and fraud protection – we process data to prevent, detect, and investigate suspicious or undisciplined behavior.

Categories of processed personal data

The data controller processes the following categories of personal data:

  • contact data (first name, last name, phone number, email address, residential address);

  • activity and communication data (call history, messages, training session data);

  • contract data (history of concluded contracts, session schedules, payment information);

  • health and measurement data (measurement results, progress photos – within the scope of expressed consent, information about health limitations);

  • data concerning complaints, grievances, and requests;

  • data related to marketing services;

  • technical data (IP number, device information, session data);

  • data concerning preferences and behaviors.

Voluntariness of providing personal data

Providing the required personal data (first name, last name, phone number) is voluntary and constitutes a condition for establishing contact and providing services by the Administrator. Failure to provide personal data will prevent cooperation.

Providing additional personal data (such as health data or photographs) is entirely voluntary and dependent on your explicit consent.

Data processing time

Personal data will be processed for the period necessary to fulfill contracts, services, marketing activities, and other services provided for the Client.

Personal data will be deleted or anonymized in the following cases:

  • when the data subject requests their deletion or withdraws consent;

  • when the data subject does not take action for more than 3 years (inactive contact) – subject to legal obligations;

  • upon receiving information that the stored data is outdated or inaccurate;

  • after the termination of the training services contract.

Storage periods for specific purposes:

  • First name, last name, and phone number for customer acquisition: stored for 2 years from the last contact, unless the person objects to the processing of data for marketing purposes;

  • Data concerning concluded contracts and transactions: stored for 5 years from the date of contract termination (due to tax and accounting requirements);

  • Data concerning complaints, grievances, and claims: stored for 3 years from the date of resolution;

  • Technical and analytical data: stored for a period corresponding to the life cycle of stored cookies or until their deletion.

Recipients of personal data

Your personal data may be transferred to the following categories of recipients:

  • state authorities (prosecutor's office, police, PUODO, President of UOKiK, ZUS, US) – if they request it from us based on legal regulations;

  • service providers with whom we cooperate to provide services (e.g., training management platforms, payment systems, electronic communication service providers), who act on our behalf or independently determine the purposes and means of processing;

  • social media (Instagram, Facebook, TikTok, YouTube) – for remarketing and promoting services;

  • business partners and collaborators – to the extent necessary to provide services;

  • other instructors/trainers or specialists – in the case of cooperation or recommendations at your request.

Rights of the data subject

Under GDPR, you have the right to:

  • Request access to your personal data (art. 15 GDPR)

  • Request correction of your personal data (art. 16 GDPR)

  • Request deletion of your personal data (art. 17 GDPR) – "right to be forgotten"

  • Request restriction of personal data processing (art. 18 GDPR)

  • Object to the processing of personal data (art. 21 GDPR)

  • Request transfer of personal data (art. 20 GDPR)

  • Withdraw consent to data processing – at any time

The data controller will provide you with information about actions taken in relation to your request without undue delay – and in any case within one month of receiving the request. If necessary, the one-month period may be extended by an additional two months due to the complex nature of the request or the number of requests.

Right of access to personal data (art. 15 GDPR)

You have the right to obtain information from the Administrator about whether your personal data is being processed. If the Administrator is processing your personal data, you have the right to access that data and obtain information about the purposes of processing, categories of processed data, recipients of data, the planned retention period, your rights under GDPR, and the right to lodge a complaint with a supervisory authority.

Requests can be sent to: [Administrator's email address]

Right to rectification of personal data (Article 16 GDPR)

If your personal data is inaccurate, you have the right to request the Administrator to promptly rectify your personal data or complete it.

Requests can be sent to: [Administrator's email address]

Right to erasure of personal data – "right to be forgotten" (Article 17 GDPR)

You have the right to request the Administrator to delete your personal data when:

  • Your personal data is no longer necessary for the purposes for which it was collected;

  • you have withdrawn your specific consent;

  • your personal data has been processed unlawfully;

  • you have objected to the processing of your data for direct marketing purposes;

  • your personal data is subject to a legal obligation to be erased.

Despite submitting a request for data deletion, the Administrator may continue to process your data for the purpose of establishing, pursuing, or defending claims – of which you will be informed.

Requests can be sent to: [Administrator's email address]

Right to restriction of processing personal data (Article 18 GDPR)

You have the right to request the restriction of processing your personal data when:

  • you contest the accuracy of your data;

  • the processing is unlawful, and instead of erasure, you request restriction;

  • your data is no longer needed, but is necessary for the establishment, pursuit, or defense of claims;

  • you have objected to the processing – until it is determined whether the legitimate interests of the Administrator override.

Requests can be sent to: [Administrator's email address]

Right to object to the processing of personal data (Article 21 GDPR)

You have the right to object at any time to the processing of your personal data, including profiling, in relation to:

  • processing for direct marketing purposes;

  • processing based on the legitimate interests of the Administrator.

In particular, if you do not wish to receive SMS messages, emails, phone calls, or other marketing communications, you should submit an objection.

Objections can be sent to: [Administrator's email address]

Right to request the transfer of personal data (Article 20 GDPR)

You have the right to receive your personal data from the Administrator in a structured, commonly used, machine-readable format and to transmit it to another administrator.

Requests can be sent to: [Administrator's email address]

Right to withdraw consent

You may withdraw your consent to the processing of your personal data at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Requests for withdrawal of consent can be sent to: [Administrator's email address]

Complaint to the supervisory authority

If you believe that the processing of your personal data violates GDPR, you have the right to lodge a complaint with the supervisory authority.

In Poland, the supervisory authority within the meaning of GDPR is:

The President of the Personal Data Protection Office (PUODO)ul. Śliska 22, 10-001 WarsawPhone: +48 22 531 03 00Email: kontakt@uodo.gov.plWebsite: www.uodo.gov.pl

Cookies

General information

In connection with the use of the website, mobile application, or other digital channels of the Trainer, cookies may be used, which are small text files that are stored on your end device. Their use aims to ensure the proper functioning of digital channels, content personalization, and analytics.

These files allow identifying the software you use and tailoring services individually to your needs.

Security

The cookies used are safe for your devices. It is not possible for viruses or other unwanted software to penetrate your devices through cookies.

Types of cookies

Session cookies:They are stored on your device and remain there until the session of the respective browser ends. The saved information is then permanently deleted. The session cookie mechanism does not allow for the retrieval of personal data or confidential information from your device.

Persistent cookies:They are stored on your device and remain there until they are deleted. Ending the session or turning off the device does not cause their removal. The persistent cookie mechanism does not allow for the retrieval of personal data or confidential information from your device.

Purposes of using Cookies

We use cookies for the following purposes:

  • configuration and personalization of digital channels;

  • analytics and monitoring of campaign effectiveness;

  • remarketing and displaying personalized ads;

  • ensuring security and protection against fraud;

  • analyzing user preferences and behaviors.

Managing Cookies

Using your web browser settings, you can change your cookie settings on your own at any time:

  • Blocking automatic handling of Cookies

  • Notifying you each time Cookies are placed on your device

  • Deleting previously saved Cookies

Detailed information is available in the settings of your software (web browser) or in the manufacturer's documentation.

Changes to the Privacy Policy

The administrator reserves the right to change this Privacy Policy. Changes will be published on the website or communicated via email. Continuing to use the services after changes means acceptance of the new Privacy Policy.

Contact

For matters regarding the processing of personal data, please contact:

Bartosz Tywusik – Personal TrainerEmail: kontakt@architektciala.pl Phone: 669 812 911 Address: Bydgoszcz, Kruszwicka 1, 85-213

Effective date: 08.11.2025 Last updated: 08.11.2025

The privacy policy has been developed in accordance with the requirements of Regulation (EU) 2016/679 (GDPR) and applicable Polish law.