Introduction

We inform you as data subjects on the principles and procedures applicable to the processing of your personal data and on your rights related to the processing of this data, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/ES (General Data Protection Regulation; hereinafter the “GDPR”) and in accordance with Act No. 110/2019 Coll., on Processing of Personal Data, as amended (hereinafter the “PDPA”).

We protect your personal data with the highest security to prevent any unauthorized or accidental access to, destruction, loss, unauthorized transmissions, or unauthorized processing of your personal data. For this purpose, we comply with the relevant technical and organisational measures to ensure an appropriate level of security with respect to all possible risks. Persons who handle personal data are obliged to maintain confidentiality of the information obtained in connection with the processing of this data.

Controller

The Controller of your personal data is Next.Digital 2023 s.r.o., reg. No. 09980083, having its registered office at Na příkopě 859/22, Nové Město, 110 00 Praha 1, the Czech Republic, registered under file No. C 345745/MSPH, (hereinafter the “Controller”) who is responsible for discharging the obligations under the applicable data protection laws.

The data protection officer is not designated, the Controller is not an obliged person under the article 37 GDPR.

A. Data processing in relation with Application

Data subjects

The Controller processes personal data of the users of the NEXT WORKOUT application for fitness and workout programs (hereinafter the „Application “).

Purpose of the processing

The Controller processes personal data in particular for the purposes: providing services of the Controller, performing the contract (concluding of the contract, communication with user), complying with applicable laws and regulations (in particular accounting, issuing of tax documents) and for the proper functioning of the Application.

Lawfulness of processing

The Controller processes your personal data based on the respective legal grounds: performing the contract under the article 6/1/b) GDPR (in particular for concluding of the contract), complying with applicable laws and regulations under the article 6/1/c) GDPR (issuing of tax documents, processing of personal data in relation to data subjects’ requests), legitimate interests under the article 6/1/f) GDPR (in particular for the improvement of the services, the security of the personal data, the enforcement of the rights of the Controller), consent under the article 6/1/a) GDPR (in particular for commercial communications). Your consent will be archived for as long as your consent is given to the controller, or a period of 5 years after its withdrawal, in order to prove that the processing of personal data by the controller was lawful. The legal basis for such processing is legitimate interest under the article 6/1/f) GDPR.

Personal data

e-mail, name, nickname, gender, weight, language, information related to the selected exercise plan, information related to membership, type, model of device and operating system

Controlling your privacy settings in social media

The Controller informs you about the connection with social network in the Application. If you choose such a connection via the Application, the browser will establish a direct connection to the corresponding social network server and the social network provider will detect that the relevant page on the website has been visited. To prevent this, please log out of your social network accounts. Please remember that network providers set cookies unless you have disabled the acceptance and storage of cookies in your browser settings.

The Controller does not process special categories of personal data under the article 9 GDPR.

The Application is available via third-party platform: Apple App Store. Downloading may require prior registration for purposes related to installation, updates and evaluating the quality of the Application. The entity responsible for processing your personal data is the operator of the relevant app store. For further information regarding the processing of your data, please contact the operator of the relevant store.

B. Data processing in relation with website

Data subjects

The Controller processes personal data of the users of the website www.nextworkout.app.

Cookies

A cookie is a small text file that is downloaded and saved to your hard drive when you visit a website. Short-term, which are only temporary and remain stored in your browser only until you close the browser, and long-term, which remain stored in your device for much longer or until you delete them manually (time when the cookie is kept on your device depends on the settings of the cookie itself and your browser settings). Cookies allow the identification of devices and the storage of data about your web browser and its settings. Some cookies are necessary for the proper functioning of the website, other tracking cookies can also be used to collect analytical data about website traffic and user behaviour.

Necessary cookies are those that enable a website to function without them. Preference Cookies allow a website to remember data you typed for example your preferred language. Statistical cookies help the Controller to understand how you use the website. Marketing cookies display advertisements to you based on relevant topics that interest you.

It is possible to modify or check or withdraw your consent to processing via the cookie management system ("cookie bar"). Using the "settings symbol" in the footer link of the website, you can redisplay the cookie bar and modify your previous choice, even for a specific type of cookie or processing purpose, which is always described and explained in the cookie bar. Information about the using cookies see cookie bar.

The Controller processes your personal data for the purposes specified via cookie bar, based on the respective legal grounds which are: legitimate interest under the article 6/1/f) GDPR (for necessary cookies), consent under the article 6/1/a) GDPR (for other cookies). Your consent will be archived for as long as your consent is given to the controller and for a period of 5 years after its withdrawal, in order to prove that the processing of personal data by the controller was lawful. The legal basis for such processing is legitimate interest under the article 6/1/f) GDPR.

Controlling your privacy settings in social media

The Controller informs you about the connection with social network in website (via plugins). If you choose such a connection, the browser will establish a direct connection to the corresponding social network server and the social network provider will detect that the relevant page on the website has been visited. To prevent this, please log out of your social network accounts. Please remember that network providers set cookies unless you have disabled the acceptance and storage of cookies in your browser settings.

Processing personal data

The Controller processes your personal data for the purposes, based on the respective legal ground, in particular these categories of personal data: identification, authentication, address, electronic.

C. Data processing in relation with Commercial Communications

By concluding the contract, the Controller obtains from you electronic contact (e-mail address) for electronic communication for the purpose of sending commercial communications in connection with the activities and service provided by the Controller to you. The Controller processes your personal data for the purpose of commercial communications based on the legal ground, which is legitimate interest under the article 6/1/f) GDPR. The Controller will process in particular the e-mail, the date of obtaining the electronic contact, the date of revocation to use the electronic contact. You are entitled to revoke to use the electronic contact, see https://nextworkout.app/revoke-marketing-consent.

If you grant the consent for commercial communications, Controller may process personal data of data subjects primarily for the purpose of sending commercial communications or offers of Controller´s services. In particular, the Controller will process the e-mail address, the date of opt-in/ opt-out. The legal ground is the consent under the article 6/1/a) GDPR. You are entitled to withdraw the consent, see https://nextworkout.app/revoke-marketing-consent. Your consent will be archived for as long as your consent is given to the controller and for a period of 5 years after its withdrawal, in order to prove that the processing of personal data by the controller was lawful. The legal basis for such processing is legitimate interest under the article 6/1/f) GDPR.

Common provisions

Transfer of personal data to third countries

The Controller and the processors acting on the Controller's behalf process your personal data primarily in the European Union (EU), where unified data protection is guaranteed in each member state. Quite exceptionally, your personal data may be processed outside the EU, for example, in a computer system whose servers are located outside the EU, in particular the Amazon Web Services cloud service (processing policy available here).

Duration of processing

Your personal data is stored only for the duration of the contractual relationship and subsequently for a maximum of 5 years after the termination. Personal data processed for compliance with a legal obligation are processed for the period specified by the law. If it is necessary to use personal data for the protection of legitimate interests, the Controller shall process personal data for the period necessary to exercise these rights. The Controller processes personal data in the Application until the Application is deleted.

Source of the personal data being processed

The Controller obtains your personal data from you.

Manner and means of processing

The Controller processes your personal data by automated means (by Application, and Amazon Web Services cloud services).

Recipients of personal data

The Controller may, in certain circumstances, transfer your personal data to recipients (other controller, processor) and third parties.

The recipients to whom personal data are transferred are in particular courts, the Police of the, tax authorities, lawyers, notaries or other entities under the law. In addition, the Controller provides personal data to payment operators. These entities become controllers of such data at the moment the data is shared.

However, where public authorities require personal data in the framework of a particular inquiry, they are not considered to be recipients but third parties.

The Controller processes your personal data through its employees who need access to the personal data in order to perform their duties and who are obliged to maintain confidentiality of all facts and information of which they become aware in the course of their employment.

In addition, the processor's employees have access to your personal data, only to the extent necessary to carry out their work for the Controller. We enter into a written Data Processing Agreement with all our processors, establishing appropriate safeguards for the security of your personal data, in the case of the processor, Amazon Web Services cloud services.

Profiling and automated decision-making

The Controller does not apply automated decision-making, including profiling, that might affect your rights under the article 22 GDPR.

Rights of data subjects

• If the processing of personal data is based on your consent, you have the right to withdraw your consent at any time. In connection with the withdrawal of consent, the Controller informs you that the withdrawal of consent does not affect the lawfulness of the processing of personal data until its withdrawal, nor the processing of data for other legal reasons for which your consent is not required.
• You have the right to request access to your personal data and more detailed information about its processing.
• You have the right to have your inaccurate or incomplete personal data rectified.
• You have the right to receive your personal data in a commonly used and machine-readable format, allowing it to be transferred to another controller if we have obtained it on the basis of your consent or in connection with the conclusion and performance of a contract and it is processed by automated means.
• You have the right to object to the processing of some or all of your personal data.
• You have the right to ask us to delete your personal data if there is no other legal ground for the processing.
• You have the right to lodge a complaint with the Office for Personal Data Protection.
• You have the right not to be subject to automated individual decision making, including profiling.

Updates to the Policy

As the rules and conditions for the processing and protection of your personal data may change, in particular as a result of changes in legislation, or our terms, procedures and methods of processing and protecting your personal data may change, we will inform you of such changes by updating this Policy, unless such change requires contacting you directly.

This Policy was last updated on February 25th, 2024.

Exercise of the rights of data subjects

If you exercise your right pursuant to section 'Rights of data subjects' by presenting a request, the Controller is always obliged to handle such request of the data subject and is obliged to provide the information without undue delay after receipt of the request, in any case within one month from receipt of the request. In exceptional circumstances, this period may be extended by two months, of which the data subject must be informed by the Controller, including the reasons for such extension.

Address: Next.Digital 2023 s.r.o., Na Příkopě 859/22, Nové Město, 110 00 Praha 1, the Czech Republic
e-mail: hello@nextworkout.app

If you have reasonable suspicion that there has been a breach of law in connection with Personal Data protection, you have the right to lodge a complaint with the Office for Personal Data Protection, Pplk. Sochora 727/27, 170 00 Prague 7 – Holešovice, email: stiznosti@uoou.cz, use the form available on the website of the Office for Personal Data Protection https://uoou.gov.cz/verejnost/stiznost-na-spravce-nebo-zpracovatele.