1. General information
Benefit Systems SA with its registered office in Warsaw, Pl. Europejski 2, 00-844 Warszawa (“Benefit Systems”, “we”) takes personal data protection very seriously. We exercise due diligence to ensure that your personal data are processed in accordance with the applicable provisions of both Polish and European Union law, including the Regulation (EU) of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“the GDPR”).
This document sets forth the legal basis for the processing, collection and use of your personal data and the measures taken in this regard, and its purpose is also to inform you of your rights in relation to our processing of your personal data. Benefit Systems uses your personal data for the purposes set forth in this document or for any other purpose indicated at the time when you provide them.
2. What is the importance of personal data security for Benefit Systems?
Benefit Systems takes security of the data we hold very seriously. We have implemented the relevant policies and procedures, conduct training courses in data protection and regularly check the security models in place in terms of their adequacy for securing the data we process.
3. What are personal data?
Personal data mean any information relating to an identified or identifiable natural person (e.g. first name and surname, e-mail address, card number, IP address). Benefit Systems processes personal data for various purposes. Depending on the purpose, different legal bases for personal data processing, collection methods and storage periods may apply.
4. What is data processing?
Data processing includes all activities or operations which are performed on your personal data (e.g. collection, storage, erasure or analysis).
We strive to be transparent about the basis for, and the method of, processing your personal data.
It is our policy to collect only the personal data necessary for the purposes specified and to request such data from you only when absolutely necessary.
5. Who is the controller of your personal data?
The controller of your personal data is Benefit Systems.
6. What does this mean?
This means that Benefit Systems makes decisions about the purposes and methods of processing your personal data, i.e. the manner in which they will be used.
7. How to contact us to obtain more information about the processing of your personal data?
You can contact us as follows:
or by writing to our Data Protection Officer at iod@benefitsystems.pl
8. How are your personal data processed?
The manner in which your personal data are processed depends on the relationship you have with Benefit Systems. Below, you will find information concerning the processing of personal data of the following categories of persons:
The above list of categories is not exhaustive. If you do not belong to any of the groups listed above and would like additional information about the processing of your personal data, please contact us. You will find contact details in Section 7 above.
9. If you are…
9.1. A MultiSport Card user
How have your data been collected?
We have received them from your employer who provided us with your data, or directly from you via various channels of communication including: through the MultiSport Programme application form submitted to us via your employer, through the online platform on which cards can be ordered, and through the User Zone (in the case of sports card users).
What is the purpose and legal basis of the processing of your personal data?
We process your data because:
We also process your data for tax and accounting purposes, since this is required by applicable laws.
If you have given separate consent for this, we process your personal data for the following purposes:
For how long are your personal data processed?
Depending on the purpose and basis, we store your data during the periods indicated below:
Who do we transfer your personal data to?
Your data may be transferred to the following entities: authorised employees and associates, Partners (sports and recreation facilities), the Client (your employer), entities which print your card, providers of additional services available under the MultiSport Programme, entities which service and maintain IT systems and terminals, entities which support electronic payment services, entities which provide services related to handling Users and supporting our marketing activities, entities which conduct audits. Your data may also be transferred to public authorities.
What rights do you have in connection with our processing of your data?
Your rights are described in detail in section 10 of this Policy.
Are your data transferred to countries outside the European Economic Area?
Your personal data are not transferred outside the European Economic Area (EEA). In some cases, your personal data may be transferred outside the EEA by the entity which has enabled you to use the Card. However, such transfer may only take place pursuant to GDPR provisions.
Are your personal data processed automatically (including by profiling), affecting your rights?
Based on your personal data, we conduct profiling, i.e. the automatic assessment of some of your personal characteristics. Profiling enables us to present you with customised offerings. Based on your profile, we are able to adjust our products to your expectations and preferences. In our profiling, we use data e.g. on the size of the entity which enables you to use the card, the size of the town or city in which you use the card, your use of sports facilities and the type of activities you engage in. In addition, we take statistical data related to the above information into account during profiling.
We do not make any decision concerning you which would be based solely on automated processing, including profiling, of your information and which would produce legal effects concerning you or similarly affect you in a significant way.
9.2. A representative of an entity which is a party to an agreement concluded with Benefit Systems, e.g. of a Client, Partner:
What is the purpose and legal basis of the processing of your personal data?
Your personal data are processed:
For how long are your personal data processed?
Depending on the purpose, we store your data during the periods indicated below:
Who do we transfer your personal data to?
Entities which process personal data on our behalf: authorised employees and associates, entities which service and maintain IT systems, providers of additional services available as part of collaboration with us (e.g. sports and recreation, training, multimedia and technological services), entities which support our marketing activities, Benefit Systems subcontractors within the scope of agreement performance, including the printing of cards and their delivery to recipients. Recipients of your data may also include entities which conduct audits and public authorities.
Are your data transferred to countries outside the European Economic Area?
Your personal data are not transferred outside the European Economic Area (EEA).
What rights do you have in connection with our processing of your data?
Your rights are described in detail in section 10 of this Policy.
Are your personal data processed automatically (including by profiling), affecting your rights?
Your data will be processed automatically, i.e. using IT systems, but they will not be subject to profiling.
We do not make any decision concerning you which would be based solely on automated processing, including profiling, of your information and which would produce legal effects concerning you or similarly affect you in a significant way.
9.3. A person contacting us through our hotline or another dedicated contact channel
How have your data been collected?
We have received them directly from you via various channels of communication, including:
The provision of these data was not your obligation, but was necessary for us to handle your case.
What is the purpose and legal basis of the processing of your personal data?
We process your data for the following purposes:
For how long are your personal data processed?
Your data will be processed during the period in which the case submitted by you is handled, and after its handling has been completed, until the claims limitation period related to the case has expired.
Who do we transfer your personal data to?
Recipients of your personal data may include our employees and associates, entities which service and maintain IT systems, entities which conduct audits and public authorities.
Are your data transferred to countries outside the European Economic Area?
Your personal data are not transferred outside the European Economic Area (EEA).
What rights do you have in connection with our processing of your data?
Your rights are described in detail in section 10 of this Policy.
Are your personal data processed automatically (including by profiling), affecting your rights?
Your data will be processed automatically, i.e. using IT systems, but they will not be subject to profiling.
We do not make any decision concerning you which would be based solely on automated processing, including profiling, of your information and which would produce legal effects concerning you or similarly affect you in a significant way.
9.4. A job applicant:
Information concerning our processing of job applicants’ personal data is available at:
https://www.benefitsystems.pl/o-nas/kariera/obowiazek-informacyjny-dla-kandydata/
9.5. A visitor to our premises (video surveillance)
What data do we process and where have we obtained them from?
We process information about your image, which has been recorded as part of the operation of our video surveillance system.
Your data was collected by us directly from you when you visited our registered office in Building C of the Warsaw Spire complex at Plac Europejski 2, 00-844 Warsaw, floors 11–14.
What is the purpose and legal basis of the processing of your personal data?
Your personal data are processed in order to ensure the safety of the persons present at our premises as well as to protect our property and keep secret information whose disclosure could be harmful to us.
For how long are your personal data processed?
We process your personal data for 14 days from the recording date. This period may be extended if the recordings are used as evidence in legal proceedings. In this case, we will process them until the legal proceedings have been finally concluded.
Who do we transfer your personal data to?
Recipients of your personal data may include our authorised employees and associates, entities which service and maintain IT systems and public authorities.
Are your data transferred to countries outside the European Economic Area?
Your personal data are not transferred outside the European Economic Area (EEA).
What rights do you have in connection with our processing of your data?
Your rights are described in detail in section 10 of this Policy.
Are your personal data processed automatically (including by profiling), affecting your rights?
We do not make any decision concerning you which would be based solely on automated processing, including profiling, of your information and which would produce legal effects concerning you or similarly affect you in a significant way.
10. Rights of the data subject:
You have the following rights in relation to our processing of your personal data:
In the case of data processing for direct marketing purposes, including profiling for such purposes, you may object at any time.
In order to exercise these rights, please contact us or our Data Protection Officer in one of the ways set forth in Section 7 of this Policy. Your request will be handled without undue delay and in any event within one month of its receipt. Should this period be extended, we will inform you of any such extension and the reasons for the delay.
11. Changes to this document
We will regularly review and update this document in connection with amendments to applicable laws and any new measures we may take to improve the security of your personal data.
This document was last updated on 10/06/2019.
12. Contact us
If you have additional questions concerning the scope of the Privacy Policy, you can submit them using the contact form available at https://www.benefitsystems.pl/formularz-dane-osobowe/
Please indicate the topic of your message in the contact form, which will enable us to handle your request more efficiently.
13. FitSport Polska sp. z o.o.
The rules contained in this policy shall also apply to FitSport Polska sp. z o.o. with its registered office in Warsaw, address: Plac Europejski 2, 00-844 Warszawa, entered in the Register of Entrepreneurs by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under No. KRS 0000422757, NIP [tax identification number]: 5252532584, REGON [statistical identification number]: 146231491, with a share capital of PLN 50,000.00, which is an active VAT taxpayer.
Websites and webpages of Benefit Systems SA with its registered office in Warsaw (“Benefit Systems”) may send and use cookies and other similar technologies. This Policy on cookies shall apply, without limitation, to the following websites (“Websites”): www.benefitsystems.pl, www.kartamultisport.pl, www.emultisport.pl, and possibly also to other Websites if these refer to its provisions.
Below you will find information about the cookies we use, the Local Storage technology, and also additional important information on how the Websites operate, including information on web push notifications.
What are cookies and what do we use them for?
Cookies are text files which are stored on your terminal equipment (computer, laptop, smartphone, etc.) via your browser. When you visit the Websites, your browser sends this file and this enables us to recognise it during each visit. Cookies are necessary to enable the user to navigate the Websites and use their resources. In addition, by collecting information on how users use the Websites, cookies ensure the proper operation of the Websites and improve their performance, allowing the required information to be found more quickly.
What types of cookies do we use?
Session cookies
Session cookies are temporary files which are stored from the moment you access the Website but only until you close your browsing session or until you close the browser itself.
Permanent cookies
These are cookies which make it easier to use the Websites, and they are stored for an extended period of time. The Websites store cookies with information about:
The www.kartamultisport.pl website additionally uses a cookie to store information about:
Third-party cookies
These are files which originate from external websites that cooperate with our Websites. Our Websites use certain files to collect statistical information on how you use them. These cookies are stored from the moment you visit our platform.
For this purpose, we use tools which help us understand the needs of users of our Websites:
Hotjar stores this information in a pseudonymised user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.
Advertising cookies
These files are responsible for displaying ads which are tailored to your preferences. Both our cookies and third-party cookies (e.g. from Google Adwords) are used to conduct marketing campaigns and remarketing campaigns that reach you with our marketing messages if you have visited our Websites before. These cookies remember that you have visited our Websites and also your activities on our Websites. The information collected in this manner is passed on to third-party suppliers.
Managing analytical cookies
You can opt out of the anonymous recording of your activities on websites in analytical cookies. The privacy policies of our service providers and information on how to opt out of their cookies can be found at the following addresses:
Are cookies dangerous?
No, since cookies are not computer programs and cannot be used as code. They do not spread viruses and each user can manage the cookies stored on his or her terminal device. Moreover, cookies only store data snippets which do not allow the user to be fully identified.
Managing cookies
We only use cookies with the user’s consent. You may at any time disable or modify the storage of cookies on your terminal device by changing the appropriate settings in your web browser. By default, the web browser allows files to be saved on your terminal device, and thus enables us to process the data stored in these files.
As cookies are also used to remember your cookie preferences, you should be aware of the consequences of changing the relevant settings, including without limitation:
For detailed information on how to manage cookie settings, we recommend that you follow the instructions for the web browser you are using:
For mobile devices:
Additional important information concerning Website operation:
Local Storage
The Websites also use a technology called Local Storage. Local Storage is a location where information is stored in your browser. In this location, we save the information about the MultiSport cards you have selected so that you do not have to re-select them when you visit next time.
We also store your searches in Local Storage so that when you re-enter them they will appear in prompts and thus your search will be faster.
Local Storage stores data indefinitely until you restore default settings or make manual changes to your browser cache. You will find the relevant instructions on the help page of the browser you are using.
Web push notifications (used only on the kartamultisport.pl website):
What are web push notifications?
Web push notifications are short messages which appear on your device’s screen.
For us, they are a marketing tool which supports our communication with you. For you, they are a source of information on our services, including news, facilities and seasonal activities, campaigns, competitions or events.
How can I turn them on?
We need your consent to send you web push notifications. When you visit www.kartamultisport.pl, we will ask you whether you want to receive notifications from us. We will also ask you to read the information presented here. If you are interested, click “Zgadzam się”/“I agree”, which will allow us to send you content which may interest you even after you have left our website.
What information about you (your personal data) do we have in connection with sending notifications?
If you have agreed to receive notifications, we have the following information:
The scope of data we hold does not allow us to identify you unambiguously. However, since in certain circumstances this information may be considered personal data, we process them pursuant to GDPR provisions.
What is the purpose and legal basis of the processing of your personal data?
The purpose of processing your personal data is to market our products and services. Since the services referred to above may be the result of our collaboration with our affiliates, the messages which we will send to you with your consent may include commercial and marketing information both from us and from our affiliates.
The legal basis is our legitimate interest and your consent.
How can I opt out of notifications?
You can withdraw your consent and thereby opt out of receiving notifications at any time. In order to do this, you just need to change the settings of your web browser. You can do this e.g. as follows:
Go to Browser settings > Advanced > Content settings > Notifications. In the browser address bar, the following address will be displayed: chrome://settings/content/notifications The list will include all websites on which you agreed to push notifications. If you want to unsubscribe, just select Remove from the menu.
Under Options > Privacy and security, there will be the Permissions > Notifications section. In the list, find the pages whose notifications you want to unsubscribe, and then select Block.
After entering Chrome, click More > Settings > Notifications to the right of the address bar. In the list, find the pages whose notifications you want to unsubscribe, and then untick them.
For how long are your personal data processed?
We process your data until you withdraw your consent to receive push notifications. Above, we describe the manner in which you can withdraw your consent.
Who do we transfer your data to?
Recipients of your data are our authorised employees and associates and also the entity which provides us with a platform for sending web push notifications.
Are your data transferred to countries outside the European Economic Area?
We do not transfer your data outside the European Economic Area.
Are your personal data processed automatically (including by profiling)?
Your data is processed automatically, including by profiling. Based on your profile, we are able to adjust our messages to your expectations and preferences. For example, you will receive messages about products you are interested in or about events which take place in your area. For profiling, we use information about your activities on our website as well as information about your location (if you provide it to us).
We do not make any decision concerning you which would be based solely on automated processing, including profiling, of your information and which would produce legal effects concerning you or similarly affect you in a significant way.
What rights do you have in connection with our processing of your data?
Your rights arising from our processing of your personal data are described in detail in Section 10 of the Privacy Policy.
Google Tag Manager
The website uses Google Tag Manager. This service enables the administration of website tags via an interface. Google Tool Manager only implements tags. This means that no cookies are set and no personal data are collected. Google Tool Manager activates other tags, which in turn may collect data as needed. However, Google Tool Manager does not gain access to these data. Any deactivation on the domain or cookie level remains in effect for all tracking tags if they are implemented in Google Tag Manager.
As the Website operator, Benefit Systems has implemented solutions required by the Directive on privacy and electronic communications (Directive of the European Parliament and of the Council), which covers the use of cookies, because it uses best practices to treat its customers fairly and openly.