Body Buddy
Privacy Notice

Version: 1.0

Effective Date: May 24, 2024

  1. 1. Introduction

The Services are operated by the company indicated in the Contact Details section below (“we”, “us”). The Services include the Website available at https://www.bodybuddy.com.ua, the Content, and the Social Media Accounts. Capitalised terms used in this Privacy Notice have the meaning provided in the Body Buddy Terms of Service.

In this Privacy Notice, we explain which types of personal data we hold on you, how we collect and process such data, how long we keep it, and other relevant information about your personal data being processed in connection with your access to and use of the Services. 

Personal data, personal information, or personal identifiable information means any information directly or indirectly identifies you as an individual. In this Privacy Notice we use “personal data”, “personal information”, and “personal identifiable information” as synonyms.

We process your personal data in accordance with this Privacy Notice and we endeavour to comply with the applicable data protection legislation, which includes the General Data Protection Regulation, also known as the GDPR.

If you have any questions regarding processing of your personal data, do not hesitate to contact us via the contact details provided below.

  1. 2. Contact Details

Name: Hallwil OÜ

Address: Estonia, 1015, Harju county, Tallinn, 50-201 Vesivärava Street.

Email: hello@bodybuddy.com.ua

  1. 3. What Data We Collect

When you access and use the Services, we may collect and process the following groups of personal data:

Purchase Data:

If you complete a purchase order via the Website, you provide us with your name and email address. You will also provide certain payment data to the payment processor, however we receive and process only the payment confirmation.

Contact Data:

If you contact us, you may provide us with the following data: (a) name, (b) email address, and (c) any additional data that you choose to provide to us or that we request you to provide to us with.

Social Media Data:

When you interact with our Social Media Accounts, you may provide us with and we may collect the following data: (a) your Social Media profile data (this may include user name, photo, etc.), (b) messages, comments, and other communications sent by you to us, and (c) other data that you choose to provide to us or that we request you to provide to us with.

In addition, the respective Social Media may provide us with certain information on the audience of our Social Media Accounts, such as (a) visits, (b) range of contributions, (c) information about countries and cities where our visitors come from, (d) statistics about the gender ratios of visitors, and (e) other statistical information. Such information is statistical and anonymised. Therefore, we are not able to make any conclusions about any individual user, as well as access to any individual user profiles relying solely on such information.

Technical Data:

When you access the Website, it automatically collects the following data to establish and maintain proper connection and operation: (a) Internet protocol (IP) address, (b) browser details, (c) device details, and (d) operating system.

Automatically-Collected Data:

When you access and browse the Website, (a) Google and (b) Meta may automatically collect your data via cookies. Please see below for more details about Google and Meta cookies.

Google:

When you access and use the Website, certain data may be collected automatically via solutions provided by Google, such as Google Analytics More information regarding Google solutions is available here.

The information gathered by Google includes the following: (i) Internet Protocol (IP) address, (ii) the type of device used, (iii) the device operating system, and (iv) the browser used. After collecting the personal data, Google creates reports about the use of the Website, which contain the aggregated information where we do not see any data pertaining to a particular person. In other words, we cannot identify you from the other users. For better understanding, IP address means an “online address” of a device, which may help to identify your approximate location (e.g, country, city or region, ZIP code). The IP addresses are expressed as a set of numbers, for example: 194.150.2.33. Please note that according to Google’s documentation, the IP address is anonymised (masked), so neither we nor Google can identify the IP address and precise location of a particular visitor. Google gathers the information by means of placing cookies. Cookies are a feature of the software that allows web servers to recognise the device used to access the Website. A cookie is a small text file that the Website saves on your device when you visit thereof. They allow the Website to remember your actions and preferences over a period of time to improve the Website.

In addition to the above, by using the tools provided by Google, we collect certain information regarding the use of the Website, for instance, when you clicked a certain button or made some input. This information is also aggregated and we cannot identify your actions from the actions of other users. 

Google solutions are operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and its affiliates including Google LLC, 1600, Amphitheatre Parkway, Mountain View, CA, 94043, USA.

To our knowledge, the data collected via Google solutions is not anonymised (with the exception of the IP address) and will be transmitted to, processed and stored by Google in the United States. You can learn more about how Google processes personal data in Google’s privacy policy. Note that competent US state authorities may have access to the personal data collected via Google solutions.

With respect to the personal data collected via Google solutions, Google acts as our data processor. However, Google may use this personal data for any of its own purposes, such as profiling and cross-platform tracking. In this case, Google acts as an independent data controller. You can learn more about Google tools here.

Meta:

The Website uses the so-called Meta Pixel provided by Meta for the following purposes:

  1. Meta Custom Audiences. We use the Meta Pixel for the remarketing purposes to be able to contact you again within 180 days. This allows us to display interest-based advertisements (Meta Ads) to the Website visitors when they visit Meta products or other third-party websites also using the Meta Pixel tool. In this way, we pursue the interest in displaying advertisements that are of your interest in order to promote us and make the Website or its content more interesting for you.
  2. Meta conversion. We also use the Meta Pixel to ensure that our Meta Ads match the potential interest of users and are not irritating. With the Meta Pixel, we can track the effectiveness of the Meta Ads. This is necessary for statistical and market research purposes by seeing whether users were redirected to the Website after clicking on the Meta Ads.

Your browser automatically establishes a direct connection with the Meta server as soon as you have agreed to the use of the Meta Pixel cookies. Through the integration of the Meta Pixel, Meta receives the information that you used our Website or clicked on an advertisement from us. If you are registered with any of Meta products, Meta can assign the visit to your respective account.

The Meta Pixel tool is operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, and its affiliates, including Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA, USA.

The terms of the Meta Pixel data processing by Meta and us are established in the Data Processing Terms. The transfer of data to Meta is conducted pursuant to the European Data Transfer Addendum. Meta will transfer the data collected via the Meta Pixel to the United States of America, which jurisdiction does not ensure the same level of data protection as in the EEA, UK, or Switzerland. Therefore, the transfer is conducted on the basis of the Standard Contractual Clauses adopted by the European Commission, which are incorporated in the European Data Transfer Addendum.

Meta processes the data received from the Meta Pixel tool in accordance with their Meta Privacy Policy. Additional information regarding the Meta Pixel may be found in the Meta Pixel Help Center.

Meta are joint controllers (i.e. jointly responsible with us) for the following data processing activities in connection with the Meta Pixel:

  1. creation of individualised or suitable ads, as well as for their optimization;
  2. delivery of commercial and transaction-related messages.

The following data processing activities are not covered by the joint controllership:

  1. the process that takes place after the collection and transmission is within the sole responsibility of Meta;
  2. the preparation of reports and analyses in aggregated and anonymised form is carried out by Meta as a processor and we act as a data controller.

We have concluded a corresponding agreement with Meta for joint controllership. This agreement defines the respective responsibilities for fulfilling the obligation under the data protection legislation with regard to joint controllership. In particular, we have agreed with Meta that Meta can be used as a contact point for the exercise of your data protection rights regarding the data collected by the Meta Pixel tool.

  1. 4. How Do We Use Your Data

Your personal data is used as follows:

Purchase Data:

  1. The Purchase Data is used to process and perform the requested order and to assist you with any issues that may arise while using the Services. The legal basis for such processing is performance of contract with you.
  2. We also process the Purchase Data to comply with legal requirements, such as accounting rules and tax legislation. The legal basis for processing is a legal requirement.
  3. We may use your email address provided within the Purchase Data to send you the information regarding the Services that may be relevant to you. The legal basis for such processing is our legitimate interest. You may unsubscribe from such communications at any time by clicking the unsubscribe link in the footer of each email or by contacting us.

Contact Data:

  1. We use the Contact Data to communicate with you and to respond to your inquiry. The legal basis for processing depends on the context and nature of our communication.
  2. If you contact us to make a purchase via the Website, the legal basis for processing your personal information is to take steps at your request prior to entering into a contract and further to perform such a contract.
  3. If you contact us to resolve an issue with the Services, the legal basis for processing your personal information is performance of the contract with you.
  4. If you contact us with general inquiries about the Services, the legal basis for processing your personal information is our legitimate interest to respond to your inquiry.

Social Media Data:

  1. We use the Social Media Data (1) to communicate with the visitors, participants, or subscribers of our Social Media Accounts, (2) to handle requests from visitors via the Social Media Accounts, (3) to obtain statistical information about the reach of our Social Media Accounts, or (4) to conduct customer surveys, marketing campaigns, market analyses, or other promotions and events.
  2. The legal basis for processing the Social Media Data depends on the nature and context of our data collection.
  3. If you contact us via a Social Media Account to make a purchase via the Website, the legal basis for processing your personal information is to take steps at your request prior to entering into a contract and further to perform such a contract.
  4. If you contact us via a Social Media Account to resolve an issue with the Services, the legal basis for processing your personal information is performance of the contract with you.
  5. Otherwise, the legal basis for processing your personal information is our legitimate interest.

Technical Data:

  1. We primarily use the Technical Data to ensure the proper operation of the Website. In this case the legal basis for processing the personal data is performance of the contract
  2. We may use the Technical Data to analyse the use or to enhance the user experience of the Website, the legal basis for processing is our legitimate interest.

Automatically-Collected Data:

  1. The Automatically-Collected Data helps us to analyse the use of the Website and provide a better user experience by improving the Website user flow and interface.
  2. We also use the Automatically-Collected Data to conduct a targeting advertising campaign towards the Website visitors.
  3. From the legal standpoint, we collect and process the Automatically-Collected Data on the basis of your consent. You may provide or withdraw your consent at any time on the Website or by using the functionality of your browser. Certain operators, such as Google or Facebook may allow you to manage your advertisement preferences. You can learn more at the following links: Google, Facebook.

  1. 5. How Long Do We Process Your Data

General Terms:

As a general rule, we keep personal data as long as it is necessary for the purposes it was collected. Particular timeframes are outlined below. We may process certain personal data longer than outlined below, if it is necessary (i) to meet our legal obligations under the applicable laws, (ii) in relation to anticipated or pending legal proceedings, or (iii) to protect our rights and legitimate interest or those of third parties.

Purchase Data:

  1. We process the Purchase Data for seven years following the end of the financial year when the respective purchase was made.
  2. If the purchase was not completed and payment was not made, the Purchase Data is stored for one year following the date when such Purchase Data was received.

Social Media Data:

  1. The data provided by you within our Social Media Accounts is processed until it is deleted by you or the respective Social Media, as it is impractical and unreasonable, as well as sometimes impossible, for us to erase all communication and comments that were provided by you.
  2. We do not establish a retention period for statistical and analytical data provided by the Social Media operators, as it is anonymous, aggregated and does not allow us to identify any particular person. If and to the extent we become able to identify any particular person, we will promptly update this Privacy Notice and establish a certain limitation period for processing such data.

Contact Data:

  1. The Contact Data is processed as long as we cooperate or communicate with you and for one year following the termination.
  2. We established such a retention period due to the statutes of limitation outlined in our Terms of Service.

Technical Data:

  1. Until the browsing session from your respective device expires.
  2. We need such data only as long as you have an active browsing session.
  3. We may store anonymised data permanently to analyse the use of the Services.

Automatically-Collected Data:

  1. The data collected by Google is stored for up to 2 years. You may find specific timelines here.
  2. The data collected by Meta is stored for up to 180 days after last interaction with the Meta Pixel via the Services.

  1. 6. How Do We Share Your Data

Data Sharing:

We are committed to safeguarding your privacy and do not engage in the sale or rental of your data. However, there are circumstances where we may share your personal data (a) as outlined in this Privacy Notice, (b) to comply with the applicable legislation, or (c) with your explicit consent. Such sharing is undertaken when reasonably necessary for the following purposes:

  1. Providing you access to the Services and fulfilling our obligations to you.
  2. Ensuring compliance with applicable laws and regulations.
  3. Pursuing our legitimate interests in maintaining, enhancing, and developing the Services.

When sharing any portion of your personal data with third parties, we undertake to employ appropriate legal, organisational, and technical measures to secure such transfers.

Recipients:

Your personal information may be shared with the following categories of recipients:

  1. Support, technical, marketing teams.
  2. Payment processing providers, such as Stripe, PayPal.
  3. Learning management systems, such as Kwiga.
  4. Analytical solution providers, such as Google, Meta.
  5. Email delivery service providers.
  6. Email verification service providers.
  7. Hosting service providers.
  8. Government authorities, upon their request or to comply with legal obligations.
  9. Other operator(s) of the Services.
  10. Another entity in the event of a sale or transfer of the Services or their components.
  11. Other third-party solutions integrated with the Services from time to time.

  1. 7. Third-Party Platforms

General Information:

The Services have integrations with or contain links and social media plugins to third-party platforms, such as websites or applications. When you interact with such third-party platforms, you may provide the respective operators with certain personal information data about you. We do not have control over these third-party platforms and thus must not be held responsible for their privacy statements or practices. It is advisable that you review the privacy policy, notice, or statement of every platform you visit when leaving the Services.

Learning Management System:

We use Kwiga learning management system to provide you with access to the Content. Following your successful purchase of the access to the Content, we provide Kwiga with your email to automatically create your account with Kwiga. Kwiga is a third-party platform operated by an independent organisation. We are not responsible for Kwiga and we are not able to influence Kwiga’s data processing practices. Kwiga processes personal data in accordance with their Privacy Policy.

  1. 8. Your Rights

Mechanics:

You can exercise your data subjects' rights either through the available functionality on the Services or by contacting us directly. If you choose to contact us to exercise your data subjects’ rights, we may ask for specific information to verify your identity and ensure that you have the right to exercise these rights.

Rights:

According to the applicable legislation, you may have the following rights:

  1. Right to Access: You have the right to access your personal data. This enables you to inquire whether we process your personal data and, if so, request specific information about the processing activity. You may also request a copy of the personal data we hold about you to verify its lawfulness.
  2. Right to Rectification: You have the right to rectify any incomplete or inaccurate personal data we hold about you. We may need to verify the accuracy of the new data you provide.
  3. Right to Erasure (Right to be Forgotten): You have the right to request the deletion or removal of your personal data where there is no legitimate reason for us to continue processing it. However, please note that we may not always be able to comply with your request due to legal or technical reasons, which we will communicate to you if applicable.
  4. Right to Object to Processing: You have the right to object to the processing of your personal data if you believe it impacts your fundamental rights and freedoms. This includes objection to processing for direct marketing purposes. We may demonstrate compelling legitimate grounds for processing that override your rights and freedoms.
  5. Right to Restrict Processing: You have the right to request the restriction of processing of your personal data in certain circumstances, such as disputing its accuracy or objecting to processing while we verify overriding legitimate grounds.
  6. Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible. This right applies to automated information processed based on consent or contract.
  7. Right to Withdraw Consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. However, this will not affect the lawfulness of processing based on consent before its withdrawal.
  8. Right Not to be Subject to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing, including profiling, if these decisions have legal or similarly significant effects on you.
  9. Right to Opt-Out of Sale or Sharing of Your Personal Data: You have the right to opt-out of the sale or sharing of your personal information at any time. “Sale” typically refers to disclosing or making personal information available to a third party in exchange for valuable consideration, including monetary compensation. “Sharing” encompasses disclosing, making available, or otherwise communicating your personal information for cross-context behavioural advertising (targeted advertising).
  10. Right to Manage Your Marketing Preferences: If we send or intend to send marketing materials to you, you may request us to cease processing your data for such purposes.
  11. Right Not to be Subject to Discrimination: This right safeguards you against any discrimination for exercising your rights under the applicable legislation. We are prohibited from discriminating against you based on your personal data in any manner.
  12. Right to Lodge a Complaint: If you believe we have violated your rights under the applicable legislation, you have the right to lodge a complaint with the relevant supervisory authority. The appropriate authority depends on your location. However, we encourage you to contact us in the first place before lodging a complaint to a supervisory authority.

  1. 9. Children Data

The Services are intended for individuals who are 18 years old or older, or the age of majority determined by the country of your residence if it is higher than 18. We do not knowingly market to, solicit, process, collect, or use personal data of individuals under the specified age limit. If we become aware that a child has provided us with personal information, we will make commercially reasonable efforts to promptly delete such information from our systems. If you are a parent or legal guardian of a child and believe that we have collected personal information from your child, please contact us.

  1. 10. Changes To This Privacy Notice

We keep our Privacy Notice under regular review and may update it at any time. If we make any changes to this document, we will change the document version. If we make any substantial changes, we will notify you in advance.