Body Space Spółka z ograniczoną odpowiedzialnością (Body Space Limited Liability Company) Registered office: Podleska 51, 43-190 Mikołów, Poland E-mail: [email protected] Website: https://bodyspace.eu Hereinafter referred to as the “Controller”, “we”, “us” or “our”.
We collect and process the following categories of personal data:
We collect personal data through the following methods: data you enter voluntarily in forms on our Website; cookies and similar tracking technologies stored on your device; third-party lead generation forms, including Facebook (Meta) Lead Ads.
We process your personal data only where we have a valid legal basis under Article 6(1) of the GDPR. Below we set out each processing purpose together with the applicable legal basis.
In order to carry out the purposes described in Section 3, we may share your personal data with the following categories of recipients:
We do not sell your personal data to any third party.
Your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA), specifically the United States of America. This concerns the following service providers:
Where we rely on Standard Contractual Clauses, we have conducted a Transfer Impact Assessment (TIA) to verify that the level of protection afforded to your data is essentially equivalent to that guaranteed within the EEA. You may request a copy of the applicable safeguards by contacting us at the address provided in Section 1.
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. The specific retention periods are as follows:
When personal data is no longer required, it is securely deleted or anonymised.
Under the GDPR, you have the following rights in relation to your personal data:
To exercise any of these rights, please contact us at: [email protected]. We will respond to your request within 30 days. In complex cases, this period may be extended by a further 60 days, of which we will inform you.
You also have the right to lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warsaw, Poland (https://uodo.gov.pl).
What Are Cookies
Cookie Consent
Categories of Cookies
Third-Party Cookies
Cookies may also be placed on your device by the following third parties:
For information on how these providers use cookies, please refer to their respective privacy policies.
Managing Cookies in Your Browser
We may use automated tools for the following limited purposes:
These activities are based on your consent and do not produce legal effects or similarly significant effects concerning you. You are not subject to decisions based solely on automated processing that would affect your legal rights. If you believe that automated processing has affected you in a significant manner, you have the right to request human intervention, express your point of view, and contest the decision by contacting us at [email protected]. Please note: as of 2 August 2026, the EU Artificial Intelligence Act imposes additional transparency requirements for AI-powered systems. Should we deploy any AI systems that interact with you (e.g. chatbots, automated e-mail personalisation), we will update this section accordingly and inform you prior to deployment.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the President of the Personal Data Protection Office within 72 hours and, where the risk is high, we will inform you without undue delay.
Our hosting provider (OVH) maintains server-level logs for technical reliability and security purposes. The following information may be recorded: requested resource URLs, request and response timestamps, client device identification (via the HTTP protocol), HTTP transaction errors, referring page URL, browser and device information, IP address, and diagnostic data related to services ordered through the Website.
Server logs are retained for up to 12 months and are used solely for Website administration and security purposes. The legal basis for this processing is our legitimate interest in ensuring the security and proper functioning of the Website (Art. 6(1)(f) GDPR).
Our Website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe that we have inadvertently collected data from a child, please contact us immediately at [email protected] and we will take steps to delete such data.
Given the nature and scale of our processing activities, we are not required to appoint a Data Protection Officer under Article 37 of the GDPR. For all privacy-related inquiries, please contact us directly at: [email protected].
We reserve the right to update this Privacy Policy to reflect changes in our processing activities, applicable law, or regulatory guidance. Any material changes will be communicated to you via e-mail (where we have your contact details) and/or by a prominent notice on the Website prior to the changes taking effect. We recommend reviewing this Privacy Policy periodically.
If you have any questions about this Privacy Policy or wish to exercise your data subject rights, please contact us at: [email protected]
This Privacy Policy is effective as of 2 May 2026 (last updated to reflect the addition of the Meta Conversions API and CRM-side storage of marketing identifiers).