PERSONAL DATA PROCESSING PRINCIPLES – INFORMATION FOR CLIENTS AND BUSINESS PARTNERS
Cookies and website processing policy
Information for customers on the use of fingerprint readers
Dear clients, business partners and visitors,
these principles inform you on how Form Factory Slovakia s.r.o. (hereinafter „Company“) collects, processes, uses and transmits your personal data (hereinafter “personal data processing”).
Personal data mean information relating to a certain person who can be identified based on this information or in connection with other information.
The most common examples of personal data processed by the Company within its everyday business activity are identification data of clients and business partners (natural persons), or representatives, employees, coworkers or members of statutory bodies of business partners (natural persons), information on your membership or a concluded contract, contact details (in particular residence address, email address and phone number) and also records of visitors of Company premises.
The controller of your personal data is Form Factory Slovakia s.r.o., IČO: 52386660, with the registered office at Ružová dolina 480/6, 821 08 Bratislava, incorporated in the companies register kept by OR OS Bratislava 1 under file No. 137901/B.
The Company defines in what manner and for what purpose your personal data will be processed. You can find the Company´s contact details in the chapter “Inquiries and Contacts” below.
The Company and other connected companies from the Form Factory group are collectively designated herein as “Form Factory Group”.
In the below table you will find what personal data, for what reason and for what purpose the Company processes in relation to clients, business partners and visitors.
a) Clients
Personal data (Categories and examples) |
Purpose of processing | Legal ground for processing |
Basic identification and contact data:
|
|
|
Data relating to contract with client:
|
|
|
Data relating to personal training:
|
|
|
Photography |
|
|
Security data:
|
|
|
Data for marketing purposes
|
|
|
Data about visits on our website:
|
|
|
b). Business partners
Personal data (Categories and examples) |
Purpose of processing | Legal ground for processing |
Basic identification and contact data:
|
|
|
Data for marketing purposes
|
|
|
c) Company visitors
Personal data
|
Purpose of processing | Legal ground for processing |
Security data:
|
|
|
The Company obtains personal data which are subsequently processed directly from its clients or from business partners, eventually from publicly available sources (such as OR or ARES) or from visitors staying in Company premises.
a) External service providers
The Company uses external service providers which ensure in particular bookkeeping, accounting, claims administration, marketing and promotion and IT. In order to be able to fulfill their duties the Company must give them certain personal data of clients, business partners and/or visitors to the external service providers.
External service providers are cleared by the Company and they provide sufficient guarantees regarding privacy and protection of personal data of clients, business partners and/or visitors. The Company concluded written contracts for processing personal data processing with all these providers which undertook (within these contracts) to protect personal data and maintain Company standards for protecting personal data.
b) Form Factory Group companies
The Company may share personal data within the Form Factory Group (more information on Form Factory Group members is available at www.formfactory.sk website). Each time the Company needs to share your personal data, it will do so only when it is necessary and it will share them only with selected employees from the Form Factory Group for fulfilling their work duties.
The Form Factory Group adopts suitable measures to ensure that these selected employees shall be bound by the obligation to maintain these personal data in confidentiality
c) Disclosure of personal data to third parties
in accordance with legal regulations concerning personal data protection, under certain circumstances the Company is obliged to share personal data of clients, business partners and/or visitors with third parties which are not the mentioned service providers or members of the Form Factory Group.
These third parties include in particular:
The Company does not transmit your personal data outside the European Economic Area.
In order to ensure confidentiality, integrity and availability of your personal data, the Company uses modern IT security systems. The Company maintains suitable technical and organizational security measures against illegal or unauthorized personal data processing and against accidental loss or damage of personal data.
The access to your personal data is provided only to persons who need them to fulfill their work duties and they are bound by legal or contractual confidentiality obligation.
The Company stores your personal data only for the period for which it needs them for the purpose for which they have been collected, eventually for the protection of Company´s justified interests or for the period for which consent with processing has been granted.
If the Company processes data based on your consent, it will do so for the period of 10 years after the consent with processing has been granted or until it is recalled.
You can asserts any of the below listed rights under the set conditions. These rights are given to you by legal regulations concerning personal data protection, in particular by the General Data Protection Regulation (GDPR):
We will react to your requests for assertion of rights within the statutory period, usually at the latest within 1 month following delivery of your request. If our reaction requires longer time in exceptional cases, we will inform you.
Cookies are small data files necessary for correct functioning of pages and we therefore place them in your computer just as the majority of websites. Cookies are text files that websites place in your computer or mobile device when you start using a website. For a certain period, the websites can remember actions and settings you made on those websites. Thanks to this you do not need to enter these data again when you re-visit the website and go through individual sections of the web.
We use cookies mainly for marketing purposes, collection of statistical data and web traffic analysis so we can continue to improve our website and perfect our services we offer. The information on how you use our web is thus shared with our partners in the field of advertising and analysis, namely Google. To see how Google hands cookies, read the following document at https://www.google.com/policies/technologies/cookies/.
If you want to use any of your rights in relation to processing of your personal data or if you have other inquiry or complaint regarding their processing, contact us, please, by mail, phone or email using the below listed contact details.
Form Factory Slovakia, s.r.o.
adress: Ružová dolina 480/6, 821 08 Bratislava
e-mail: osobneudaje@formfactory.sk
It is possible that the Company decides to amend or update these principles. The current version of the principles will always be available at Company´s website (www.formfactory.sk), in the Personal Data Protection section.
Please, keep in mind that we will never make any amendments with retroactive effects and we will never amend our principles that affect handling of data that were collected before the amendments.
Form Factory s. r. o. with registered office at Prievozska 14, Prague 3, IČO 52386660, registered in the commercial register maintained by the Municipal Court in Bratislava 1, section sro, insert 137901/B, issues this Cookie and Website Processing Policy.
If you visit our website that stores cookies, a small text file, i.e. a cookie, is created on your computer. Cookies are also stored in the web browser of mobile phones, tablets and other electronic devices.
On the basis of cookies, the given website “recognizes” you and can thus offer you the information you prefer and also ensure that we do not show you an advertisement that has already been displayed, or, for example, offer you to complete the information you filled in during previous visits to the website.
We use cookies to analyze website traffic through Google Analytics, Google Adwords, Facebook, Active Campaign, and HotJar services. These are analytics tools that help websites and apps understand how their visitors use them. Cookies can also be used to process statistical data on the use of websites without identifying a specific user.
In the event that you decide that you do not want cookies to be stored, it may happen that some parts of our website do not work as they should or they become slower.
Functional (necessary): these cookies are necessary for the functioning of our website and the correct display of its content. They allow you to use basic functions such as logging in as a registered user or pre-filling forms and remembering your preferences. Without these cookies, we cannot guarantee the full functionality of our website. These cookies do not store any personal data.
Static: these cookies are used to record and analyze visitor behavior on our website. Used to aggregate general information about website movement, browser type, or time spent on the website. Subsequently, the analysis allows us to improve the functions of our website and its overall appearance.
Information in aggregated form that we obtain using these cookies can then be combined with other personal data. This is, for example, information related to the service you purchased from us. We process this information in the form of aggregated analyzes that allow us to improve our services. In this way, you are not individualized as a user.
These cookies are paired with the device you use to connect to our website. In cases where you use multiple devices, it may therefore happen that the cookie bar requiring consent will be displayed multiple times.
Marketing: these cookies help us to offer you marketing offers that may be of interest to you. This is to prevent us, for example, from showing you ads from an area you are not interested in. The information obtained on the basis of these cookies relates to the specific device from which you visit our website.
Third-party cookies are created and used by service providers such as Google Analytics, Google Adwords, Facebook, HotJar, Sklik and ActiveCampaign. We use these cookies to, for example, measure traffic to our website and the number of views.
You can set cookies according to your choice. More information on how cookies work can be found here: https://www.allaboutcookies.org/.
You can delete all cookies stored on your device and you can also prevent their storage by changing the settings.
In exceptional cases, it may happen that the cookie is not saved correctly and then you may have problems logging into our web applications (e.g. nivy.formfactory.sk). Instructions for deleting all incorrectly entered cookies can be found below:
This is the processing of personal data if we are able to tell based on your visit to our website that it is your device.
In the case of processing your personal data, we can only proceed with the processing if we have the corresponding legal title to do so according to the GDPR regulation. One of the legal titles is consent to the processing of personal data. As part of monitoring and evaluating activities, we are also entitled to process your personal data based on the administrator’s legitimate interest, i.e. for example offering you the best possible settings for specific services or support for your activities.
If you have given your consent to the processing of personal data, we also combine it with information about your activities on our website. This connection of data occurs after you log in to our website: nivy.formfactory.sk or fitness.formfactory.sk, by filling in and sending the order form or after accessing the website www.formfactory.sk or from the Moje Form Factory mobile application. The aim of this connection is to better recognize your preferences and interests and, based on this, to better adapt the offer of content that is shown to you.
You can object to the processing of personal data at any time against automated decision-making and profiling, or if the automated decision affects your rights and freedoms, you can ask us for an individual decision. See below for how you can withdraw your consent.
As part of our marketing services, our website uses third-party analytics tools primarily for the purpose of measuring website traffic, marketing campaigns, evaluating user behavior, tracking and logging mobile application errors.
Browsing data stored according to your cookie settings is not stored in our internal systems. We store the information that we associate with cookie data in accordance with the consent you have given us or for the duration of the contractual relationship between us and you. We retain the combined data from cookies and our systems for as long as is necessary for the purpose for which it was collected, but no longer than 6 months.
If we process your data based on your consent, you can change this consent at any time in the cookie settings.
In case of any questions or comments, you can contact us via the contact email osobneudaje@formfactory.sk
Detailed information on the processing of personal data and your rights under the GDPR can be found in the Personal Data Protection Policy here: www.formfactory.sk/en/privacy-policy
We may update this Policy from time to time and if we do, we will notify you here. This version of the Policy is effective from November 1, 2023.
You can change the cookie settings for this website in the “Cookie settings” item at the bottom of the page.
Dear clients,
we know how the processing of your fingerprints is a sensitive topic for you, which is why we have decided to issue this separate information on the use of fingerprint readers containing the necessary information about the way and purposes of processing your fingerprints and related data, their protection, including the reasons that we led to the introduction of fingerprint readers.
As members of our fitness clubs, you have entered into a membership agreement with the company Form Factory s.r.o. , with registered office at Prievozska 14, Bratislava 821 09, IČO 52386660, registered in the commercial register maintained by the Municipal Court in Bratislava 1 for sp. 137901/B, is part of the Form Factory Group.
The administrator of your personal data is always the one of the above-mentioned companies that operates the given fitness club in which fingerprint readers are used (hereinafter referred to as the ” Administrator “).
First of all, we would like to inform you why we decided to introduce fingerprint readers in our clubs.
Our clubs in the Czech Republic have approx. 20,000 members, to whom we issue the entrance cards necessary to enter the fitness club. Repeated checks have found that these access cards are being misused to a significant extent by both fitness club members and third parties.
Entry cards are further lent by members of fitness clubs to third parties, or are not returned by fitness club members, which leads to significant costs on our end.
As we are interested in our clubs being visited only by clients with whom we have properly concluded contracts, we have decided on a fingerprint entry control system.
Fingerprint identification and authentication of authorized fitness club members is the most effective measure to prevent fitness club member access cards from being misused by club members themselves or third parties.
The fingerprint scanning system also eliminates our cost losses on special one-time access cards issued to club members, which are not returned very often by fitness club members.
We also considered other possible ways to achieve the purpose of the processing. However, none of the possible solutions achieves the same effect or is not practically feasible, or financially viable with regard to additional personnel costs, which as a result would have negative effects on the price paid by members for enabling the use of fitness clubs.
No, the provision of your fingerprints for the creation and storage of a vector template on your entry card (or other personal RFID data carrier) is completely voluntary and subject to your prior written consent.
If, despite the obvious advantages of the new system, you decide not to give us such consent, or if you revoke it later, we will require you to present your photo ID to verify your identity every time you enter our fitness club.
The table below shows what personal data we process, for what reason and for what purpose.
Personal data | Purpose of processing | Legal basis of processing |
|
|
|
We get your fingerprints directly from you by placing your finger on the fingerprint reader. When scanning a fingerprint, the complete (biometric) fingerprint is not stored, but only a vector template is obtained, which is a reduction of the complete biometric data.
Before storing the template on your entry card (or other personal RFID data carrier), it is processed by a mathematical operation into a numerical expression, from which it is subsequently impossible to reconstruct the original biometric data, i.e. your fingerprint. The fingerprint reader does not read the fingerprint of a particular person as a whole, but only selects some features from the finger image specific to that person and compares them with the reference pattern stored on your entry card (or other RFID data carrier). The fingerprint reader does not store the fingerprint, it only uploads it to your entry card (or other personal RFID data carrier).
The other personal data we process is obtained when you place your entry card to the fingerprint reader, which reads your personal card number and the date and time of entry and sends it to the eFitness Manager system, which pairs the given data with your person and other data, which we process about you, as stated in the Principles of personal data processing – Information for clients and business partners https://www.formfactory.sk/en/privacy-policy/ .
Fingerprints
Fingerprints or the stored vector fingerprint template will only be stored on the entrance card or other personal RFID data carrier of the fitness club member, neither we nor third parties will have access to the template. Thus, fingerprints will not and cannot be shared with anyone.
Other personal data
The time and date of entry will be generated directly by the entry device and stored in the eFitness system and associated with the member’s identification data stored in this system.
Personal data – the unique number of the personal RFID data carrier is stored in the eFitness system, just like the member’s identification data.
This data may be shared with external service providers, companies from the Form Factory Group or third parties, as detailed in the Personal Data Processing Policy – Information for clients and business partners https://www.formfactory.sk/en/privacy-policy/ .
We do not transfer your personal data outside the European Economic Area.
Personal data – fingerprints will only be stored on the entrance card or other personal RFID data carrier of the fitness club member, i.e. without access by the Administrator or any other person. Saving in the form of a vector template does not allow for the retrospective reconstruction of fingerprints or any other use of them.
The time and date of entry will be generated directly by the entry device and stored in the eFitness system and associated with the member’s identification data stored in this system.
Personal data – the unique number of the entry card or other personal RFID data carrier is stored in the eFitness Manager system, just like the member’s identification data.
The eFitness Manager system is secure and protected against access by third parties. Only selected employees of the Administrator have access to the eFitness system, for which a unique password and login name is created by the administrator in cooperation with the HR department of the Administrator. The password is changed at regular intervals. In case of termination of employment of an employee with access to the eFitness system, his access to the eFitness system is blocked.
Taking into account that it was likely that the type of processing we intended, especially when using new technologies, taking into account the nature, scope, context and purposes of the processing, would result in a high risk to the rights and freedoms of natural persons, we carried out even before the launch of the fingerprint scanning system, the so-called personal data protection impact assessment according to Article 35 of the General Regulation on Personal Data Protection ( GDPR ).
As part of the assessment, we assessed the necessity and adequacy of the given processing operations from the point of view of the purposes, we assessed the risks to the rights and freedoms of the data subjects and took measures to address these risks.
Based on the assessment of the impact on personal data protection, we have come to the conclusion that in the case of strict compliance with the set technical and organizational measures, the compliance of the fingerprint scanning system will be ensured, taking into account the nature, scope, context and purposes of processing and the identified risks for the rights and freedoms of data subjects fingerprints and related processing of personal data with the duties of the administrator determined, among other things, in Article 24 of the GDPR.
For your idea, we briefly summarize the measures that we have adopted and follow when processing personal data, and which we regularly evaluate and, where appropriate, modify:
We will keep your personal data only for as long as we need it for the purpose for which it was collected, or to protect our legitimate interests or for the period for which consent to processing has been granted.
Under the specified conditions, you can exercise all the rights listed below, which are granted to you by the legal regulations governing the protection of personal data, in particular the GDPR:
We will respond to your requests for the exercise of rights within the statutory period, usually no later than 1 month after receiving the request. If our response would require a longer time in exceptional cases, we will inform you about it.
If you wish to exercise any of your rights in connection with the processing of your personal data or have any other question or complaint regarding their processing, please contact us by mail, telephone or e-mail at the contacts listed below.
Form Factory s.r.o.
address: Prievozska 14, Bratislava 821 09
e-mail: osobneudaje@formfactory.sk
We may decide to change or update this policy. You will always have the current wording of the policy available on the www.formfactory.sk website in the Privacy section.
However, we assure you that there will be no retroactive changes.