Privacy Policy of Cresavo Service

§1 General Provisions

The Service Provider takes particular care to ensure the protection of the interests of data subjects, and in particular ensures that personal data are:

• processed lawfully, fairly and transparently,
• collected for specific, explicit and legitimate purposes,
• adequate, relevant and limited to what is necessary,
• accurate and kept up to date where necessary,
• kept for no longer than is necessary,
• processed in a manner that ensures appropriate security.

§2 Personal Data Administrator

The personal data administrator is Cresavo.

Contact with the Administrator is possible at the e-mail address: contact@cresavo.com.

§3 Data Categories

The Administrator processes the following User data:

• identification data (first name, last name, e-mail),
• account login data,
• billing and payment data (via Stripe),
• data regarding activity in the Service.

In the case of Clients whose data is entered by the User (Trainer), this may include: first name, last name, contact data, information about training and progress.

The User is obliged to have a legal basis for entering Client data (e.g., their consent). The Administrator is not responsible for the lack of such basis.

§4 Purposes and Legal Basis for Processing

Personal data is processed for the following purposes:

• account registration and management in the Service – Art. 6(1)(b) GDPR,
• provision of electronic services – Art. 6(1)(b) GDPR,
• payment processing (Stripe) – Art. 6(1)(b) and (f) GDPR,
• complaint handling and contact with the User – Art. 6(1)(b) and (c) GDPR,
• marketing and informational activities (newsletter, advertising) – Art. 6(1)(a) GDPR,
• ensuring Service security and pursuing claims – Art. 6(1)(f) GDPR.

§5 Data Recipients

Personal data may be transferred to entities cooperating with the Administrator to the extent necessary to provide services, in particular:

• payment operator Stripe,
• hosting provider,
• IT service providers,
• analytics and marketing tool providers (e.g., Google Analytics),
• entity managing cookie files – CookieYes.

Data may also be transferred to authorized state authorities to the extent required by law.

§6 Data Retention Period

User data will be stored for the period of using the Service and for the time of limitation of claims arising from the contract.

Data related to accounting documentation – for the period required by law.

Data processed on the basis of consent – until consent is withdrawn.

§7 Rights of Data Subjects

Each User has the right to:

• access to data,
• data rectification,
• data erasure,
• processing restriction,
• data portability,
• objection to processing,
• withdrawal of consent at any time (if processing is based on consent).

Requests regarding the exercise of rights can be submitted electronically to: contact@cresavo.com.

The data subject has the right to lodge a complaint with the President of the Personal Data Protection Office.

§8 Cookies

The Service uses cookies that are stored on the User's end device.

Cookies are used for:

• proper functioning of the Service,
• adapting content to User preferences,
• website traffic analysis,
• marketing activities.

Cookie management is carried out through the CookieYes tool – the User can change their cookie preferences at any time.

The User can also independently change cookie settings in their web browser.

§9 Security

The Administrator applies appropriate technical and organizational measures to ensure the protection of personal data against loss, destruction, unauthorized access or disclosure.

In particular, the following are used: transmission encryption (SSL), limited access to data and IT system security measures.

§10 Final Provisions

The Administrator reserves the right to change this Privacy Policy, about which Users will be informed through a message in the Service.

The current version of the Privacy Policy is effective from February 12, 2026.