Version: 1.0
Effective Date: May 24, 2024
The Services are operated by the company indicated in the Contact Details section below (“we”, “us”). The Services include the Website available at https://www.bodybuddy.com.ua, the Content, and the Social Media Accounts. Capitalised terms used in this Privacy Notice have the meaning provided in the Body Buddy Terms of Service.
In this Privacy Notice, we explain which types of personal data we hold on you, how we collect and process such data, how long we keep it, and other relevant information about your personal data being processed in connection with your access to and use of the Services.
Personal data, personal information, or personal identifiable information means any information directly or indirectly identifies you as an individual. In this Privacy Notice we use “personal data”, “personal information”, and “personal identifiable information” as synonyms.
We process your personal data in accordance with this Privacy Notice and we endeavour to comply with the applicable data protection legislation, which includes the General Data Protection Regulation, also known as the GDPR.
If you have any questions regarding processing of your personal data, do not hesitate to contact us via the contact details provided below.
Name: Hallwil OÜ
Address: Estonia, 1015, Harju county, Tallinn, 50-201 Vesivärava Street.
Email: hello@bodybuddy.com.ua
When you access and use the Services, we may collect and process the following groups of personal data:
If you complete a purchase order via the Website, you provide us with your name and email address. You will also provide certain payment data to the payment processor, however we receive and process only the payment confirmation.
If you contact us, you may provide us with the following data: (a) name, (b) email address, and (c) any additional data that you choose to provide to us or that we request you to provide to us with.
When you interact with our Social Media Accounts, you may provide us with and we may collect the following data: (a) your Social Media profile data (this may include user name, photo, etc.), (b) messages, comments, and other communications sent by you to us, and (c) other data that you choose to provide to us or that we request you to provide to us with.
In addition, the respective Social Media may provide us with certain information on the audience of our Social Media Accounts, such as (a) visits, (b) range of contributions, (c) information about countries and cities where our visitors come from, (d) statistics about the gender ratios of visitors, and (e) other statistical information. Such information is statistical and anonymised. Therefore, we are not able to make any conclusions about any individual user, as well as access to any individual user profiles relying solely on such information.
When you access the Website, it automatically collects the following data to establish and maintain proper connection and operation: (a) Internet protocol (IP) address, (b) browser details, (c) device details, and (d) operating system.
When you access and browse the Website, (a) Google and (b) Meta may automatically collect your data via cookies. Please see below for more details about Google and Meta cookies.
When you access and use the Website, certain data may be collected automatically via solutions provided by Google, such as Google Analytics More information regarding Google solutions is available here.
The information gathered by Google includes the following: (i) Internet Protocol (IP) address, (ii) the type of device used, (iii) the device operating system, and (iv) the browser used. After collecting the personal data, Google creates reports about the use of the Website, which contain the aggregated information where we do not see any data pertaining to a particular person. In other words, we cannot identify you from the other users. For better understanding, IP address means an “online address” of a device, which may help to identify your approximate location (e.g, country, city or region, ZIP code). The IP addresses are expressed as a set of numbers, for example: 194.150.2.33. Please note that according to Google’s documentation, the IP address is anonymised (masked), so neither we nor Google can identify the IP address and precise location of a particular visitor. Google gathers the information by means of placing cookies. Cookies are a feature of the software that allows web servers to recognise the device used to access the Website. A cookie is a small text file that the Website saves on your device when you visit thereof. They allow the Website to remember your actions and preferences over a period of time to improve the Website.
In addition to the above, by using the tools provided by Google, we collect certain information regarding the use of the Website, for instance, when you clicked a certain button or made some input. This information is also aggregated and we cannot identify your actions from the actions of other users.
Google solutions are operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and its affiliates including Google LLC, 1600, Amphitheatre Parkway, Mountain View, CA, 94043, USA.
To our knowledge, the data collected via Google solutions is not anonymised (with the exception of the IP address) and will be transmitted to, processed and stored by Google in the United States. You can learn more about how Google processes personal data in Google’s privacy policy. Note that competent US state authorities may have access to the personal data collected via Google solutions.
With respect to the personal data collected via Google solutions, Google acts as our data processor. However, Google may use this personal data for any of its own purposes, such as profiling and cross-platform tracking. In this case, Google acts as an independent data controller. You can learn more about Google tools here.
The Website uses the so-called Meta Pixel provided by Meta for the following purposes:
Your browser automatically establishes a direct connection with the Meta server as soon as you have agreed to the use of the Meta Pixel cookies. Through the integration of the Meta Pixel, Meta receives the information that you used our Website or clicked on an advertisement from us. If you are registered with any of Meta products, Meta can assign the visit to your respective account.
The Meta Pixel tool is operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, and its affiliates, including Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA, USA.
The terms of the Meta Pixel data processing by Meta and us are established in the Data Processing Terms. The transfer of data to Meta is conducted pursuant to the European Data Transfer Addendum. Meta will transfer the data collected via the Meta Pixel to the United States of America, which jurisdiction does not ensure the same level of data protection as in the EEA, UK, or Switzerland. Therefore, the transfer is conducted on the basis of the Standard Contractual Clauses adopted by the European Commission, which are incorporated in the European Data Transfer Addendum.
Meta processes the data received from the Meta Pixel tool in accordance with their Meta Privacy Policy. Additional information regarding the Meta Pixel may be found in the Meta Pixel Help Center.
Meta are joint controllers (i.e. jointly responsible with us) for the following data processing activities in connection with the Meta Pixel:
The following data processing activities are not covered by the joint controllership:
We have concluded a corresponding agreement with Meta for joint controllership. This agreement defines the respective responsibilities for fulfilling the obligation under the data protection legislation with regard to joint controllership. In particular, we have agreed with Meta that Meta can be used as a contact point for the exercise of your data protection rights regarding the data collected by the Meta Pixel tool.
Your personal data is used as follows:
As a general rule, we keep personal data as long as it is necessary for the purposes it was collected. Particular timeframes are outlined below. We may process certain personal data longer than outlined below, if it is necessary (i) to meet our legal obligations under the applicable laws, (ii) in relation to anticipated or pending legal proceedings, or (iii) to protect our rights and legitimate interest or those of third parties.
We are committed to safeguarding your privacy and do not engage in the sale or rental of your data. However, there are circumstances where we may share your personal data (a) as outlined in this Privacy Notice, (b) to comply with the applicable legislation, or (c) with your explicit consent. Such sharing is undertaken when reasonably necessary for the following purposes:
When sharing any portion of your personal data with third parties, we undertake to employ appropriate legal, organisational, and technical measures to secure such transfers.
Your personal information may be shared with the following categories of recipients:
The Services have integrations with or contain links and social media plugins to third-party platforms, such as websites or applications. When you interact with such third-party platforms, you may provide the respective operators with certain personal information data about you. We do not have control over these third-party platforms and thus must not be held responsible for their privacy statements or practices. It is advisable that you review the privacy policy, notice, or statement of every platform you visit when leaving the Services.
We use Kwiga learning management system to provide you with access to the Content. Following your successful purchase of the access to the Content, we provide Kwiga with your email to automatically create your account with Kwiga. Kwiga is a third-party platform operated by an independent organisation. We are not responsible for Kwiga and we are not able to influence Kwiga’s data processing practices. Kwiga processes personal data in accordance with their Privacy Policy.
You can exercise your data subjects' rights either through the available functionality on the Services or by contacting us directly. If you choose to contact us to exercise your data subjects’ rights, we may ask for specific information to verify your identity and ensure that you have the right to exercise these rights.
According to the applicable legislation, you may have the following rights:
The Services are intended for individuals who are 18 years old or older, or the age of majority determined by the country of your residence if it is higher than 18. We do not knowingly market to, solicit, process, collect, or use personal data of individuals under the specified age limit. If we become aware that a child has provided us with personal information, we will make commercially reasonable efforts to promptly delete such information from our systems. If you are a parent or legal guardian of a child and believe that we have collected personal information from your child, please contact us.
We keep our Privacy Notice under regular review and may update it at any time. If we make any changes to this document, we will change the document version. If we make any substantial changes, we will notify you in advance.