A formal note to begin – the website administrator is Piotr Skiba, operating under the business name “Fizjo4Health Piotr Skiba,” ul. Korkowa 99, 04-519 Warsaw, NIP: 952 221 03 85.

This privacy policy is structured in a question-and-answer format. This format was chosen to ensure clarity and readability of the information presented to you. Below you will find a table of contents corresponding to the questions addressed in the policy.

If you have any doubts related to the privacy policy, you can contact me at any time by sending a message to gabinet@fizjo4health.pl.

1: Who is the controller of your personal data?

The controller of your personal data is Piotr Skiba, operating under the business name “Fizjo4Health Piotr Skiba,” ul. Korkowa 99, 04-519 Warsaw, NIP: 952 221 03 85.

2: Who can you contact regarding the processing of your personal data?

In implementing data protection within my organization, a decision was made not to appoint a data protection officer, as this is not mandatory in my situation. For matters related to data protection and privacy in general, you may contact me via email at gabinet@fizjo4health.pl.

3: What information do I have about you?

Depending on the purpose, I may process the following information about you:

• Full name,
• PESEL number,
• Residential address,
• Email address,
  
• Phone number,
  
• Data from email correspondence,
  
• Bank account number,
  
• Image (profile photo),
  
• Content of comments/reviews posted on the website,
  
• IP address,
  
• Approximate location,
  
• Statistics related to received newsletters,
  
• Preferred email client,
  
• Interests in specific topics,
  

These data are described precisely for each processing purpose. Further details can be found later in this policy.

I also use tools that collect a variety of information related to your use of my website, such as:

• Information about your operating system and web browser,
• Pages viewed,
  
• Time spent on the site,
  
• Transitions between individual pages,
  
• Clicks on specific links,
  
• Source from which you entered the site,
  
• Your age range,
  
• Your gender,
  
• Your approximate location limited to the town or city.
  
• Your interests based on online activity.
  

These are collectively referred to in this privacy policy as „Anonymous Information”.

Anonymous Information in my view, anonymous information does not constitute personal data because it does not allow me to identify you and is not combined with your identifiable personal data. However, given strict interpretations by the Court of Justice of the European Union and differing legal opinions, I have chosen to include detailed explanations in this privacy policy in case anonymous information is considered personal data.

Since anonymous information is collected using third-party tools (detailed later in the policy), it is also processed by those tool providers in accordance with their terms and privacy policies. These providers may use the information to improve and manage their services, develop new features, measure ad effectiveness, protect against fraud and abuse, and personalize content and advertising.

4: Where do I get your personal data from?

In most cases, you provide it yourself when:

• Filling out a preliminary qualification form for a physiotherapy procedure,
• Signing up for the newsletter,
• Posting a comment or review,
  
• Contacting me by phone,
  
• Contacting me via email,
  
• Following or interacting with my social media profiles.
  

Additionally, some of your information may be collected automatically by the tools I use:

• The website system and newsletter platform collect your IP address,
• The newsletter system tracks your activity related to emails you receive (e.g., openings, link clicks),
  
• External tools using cookies collect anonymous information about your activity on the website.
  

5: Is your personal data safe?

Yes, I take the security of your personal data very seriously. I have analyzed the risks associated with each data processing activity and implemented appropriate safeguards and data protection measures. I continuously monitor the state of technical infrastructure, train staff, review procedures, and make necessary improvements. If you have any questions about your personal data, feel free to contact me at: gabinet@fizjo4health.pl.

6: For what purposes do I process your personal data?

There are several purposes. Below is a list of them, followed by a more detailed explanation. Each purpose includes the corresponding legal basis under GDPR:

• Newsletter management – Art. 6(1)(a) and Art. 6(1)(f) GDPR,
• Comment handling – Art. 6(1)(f) GDPR,
  
• Correspondence handling – Art. 6(1)(f) GDPR,
  
• Fulfillment of tax and accounting obligations – Art. 6(1)(c) GDPR,
  
• Archiving for the purpose of possible legal claims – Art. 6(1)(f) GDPR,
  
• Creating Facebook custom audiences – Art. 6(1)(f) GDPR,
  
• Social media management – Art. 6(1)(f) GDPR,
  
• Analytics and statistics using only Anonymous Information – Art. 6(1)(f) GDPR,
  
• Internal marketing using only Anonymous Information – Art. 6(1)(f) GDPR.
  

Newsletter – Details

By signing up for the newsletter, you provide your name and email address. Providing this data is voluntary but necessary for subscription.

Additionally, the system used to manage the newsletter records your IP address at the time of signup, determines your approximate location, detects your email client, and tracks your behavior regarding sent emails. This includes whether you opened the message and clicked on links.

This data is processed to send you the newsletter, based on your consent (Art. 6(1)(a) GDPR). Data collected automatically (not directly provided by you) is processed based on my legitimate interest (Art. 6(1)(f) GDPR), namely, optimizing newsletter performance through analytics.

You may unsubscribe at any time via the link in each email or by contacting me directly.

Even after unsubscribing, your data will be retained for the purpose of identifying returning subscribers and defending against any claims, e.g. proving your consent was previously granted and later withdrawn (Art. 6(1)(f) GDPR).

You can also update your data at any time using the link in each newsletter or by contacting me.

Comments / Reviews – Details

When posting a comment, you must provide at least a username (which may contain personal data such as a name) and an email address. This information is voluntary but required to post a comment.

The comment system is provided by a third-party – Disqus, Inc. Use of this system is governed by Disqus' terms and privacy policy. You may post anonymously or as a registered Disqus user – your choice.

Your comment, along with any information made public through your Disqus settings, will be visible on the website. You may edit or delete your comment at any time.

The legal basis for processing your personal data in this case is my legitimate interest in operating the comment system (Art. 6(1)(f) GDPR).

Correspondence – Details

When you contact me by email, you naturally provide personal data such as your email address and name. This information is voluntary but necessary to engage in communication.

Your data is processed for the purpose of responding to your message based on legitimate interest (Art. 6(1)(f) GDPR).
After the conversation ends, data may still be processed for archiving, to establish facts in case of future legal claims (Art. 6(1)(f) GDPR).

Archived messages may be retained indefinitely unless you request their removal – unless legal interest dictates otherwise (e.g., defending against claims).

Archive – Details

Each data processing purpose outlined earlier includes specific retention periods. These are often related to the archiving of certain data in order to preserve evidence of business interactions, correspondence, legal claims, or service history. This is based on my legitimate interest under Article 6(1)(f) of the GDPR.

Custom Audiences – Details

Your email address, stored in the newsletter or shop database, may be sent to Facebook for the purpose of creating a custom advertising audience.Before sending, your email address is hashed. It is then matched against Facebook’s user base. Facebook uses the email only for audience matching, does not share it with third parties, and deletes it immediately after the matching process.Facebook has implemented procedures to ensure the confidentiality and security of both your email and the audience data.This use of your email address is based on my legitimate interest under Article 6(1)(f) GDPR. You can object to this use at any time by contacting me at gabinet@fizjo4health.pl.

Social Media – Details

If you follow or interact with my social media profiles, I naturally have access to your public profile information. I process this data only within the specific platform and only to manage my profile — under the legitimate interest clause (Art. 6(1)(f) GDPR).

Use of social media is subject to the terms and privacy policies of the respective platforms. These platforms act as independent service providers.

I encourage you to manage your privacy carefully on these platforms, particularly when it comes to what content you choose to make public.

Analytics – Details

I perform analytics using tools described later in this policy. These tools only access Anonymous Information.

As previously mentioned, this information does not allow me to identify you and is not combined with your personal data. However, given the strict interpretation of the law, these are treated with caution.

Processing is based on a legitimate interest — namely, analyzing user behavior to optimize the website. I cannot provide you access to these statistics, as they are not linked to any individual.

You can disable this tracking by managing cookie settings (link in the footer of the website).

Own Marketing – Details

I carry out marketing activities using external tools described later in this policy, relying only on Anonymous Information.

Again, this data cannot identify you and is not combined with your personal data. Still, I include full disclosure in this policy out of caution.

This processing is based on a legitimate interest — such as creating custom audiences or targeting ads for my own services and products.

You may object by disabling cookies used by third-party tools via the cookie settings link in the website footer.

7: How long will I store your personal data?

Retention periods are specified separately for each processing purpose (see relevant sections above). Most data is deleted after the expiration of limitation periods.

Medical documentation is stored for 20 years, as required by law.

8:  Who are the recipients of your personal data?

Like most modern businesses, I use third-party service providers. Some of these services involve the processing of your data. These third parties include:

• Hosting provider (stores server data),
• Cloud provider (stores files with potential personal data),
  
• Mailing system provider (stores your newsletter subscription data),
  
• CRM system provider (stores your data for client service and archiving),
  
• Invoicing system provider (for issuing invoices),
  
• Accounting office (handles invoice data),
  
• National health system (P1 platform for treatment and archiving),
  
• Technical support service providers (when maintenance concerns areas containing personal data),
  
• Other subcontractors (if their role requires such access).
  

All of these entities process your data under appropriate data processing agreements and ensure adequate data protection.

In some situations, your data may be disclosed to legal counsel or attorneys bound by professional secrecy, if required for legal services. Your data may also be shared with tax offices as part of statutory tax and accounting obligations.

If required by law, your data may be disclosed to authorized public bodies such as the police, courts, or prosecutors.

Anonymous Information may be accessed by tool or plugin providers. These providers are independent data controllers and manage that data according to their own privacy policies — over which I have no influence.

9: Do I transfer your data to third countries or international organizations?

Yes, some processing activities may involve transferring your data to third countries.

This occurs when using tools that store data on servers located in third countries (e.g., the USA).

These providers ensure an adequate level of data protection through GDPR-compliant mechanisms, such as standard contractual clauses (SCCs). For example:

• MailChimp (Rocket Science Group LLC, Atlanta, GA, USA): stores your name, email, IP address, and statistics related to newsletter activity.

MailChimp uses appropriate legal mechanisms, including SCCs, to protect personal data.

Note: I also use external tools that collect Anonymous Information, which may be stored on servers around the world — especially in the United States.

10: Do I use profiling or automated decision-making?

No, I do not make decisions about you based solely on automated processing or profiling that would produce legal or similarly significant effects.However, I use tools that may adapt content (e.g., personalized ads or product suggestions) based on your interactions.

This is known as behavioral advertising.These tools work based only on Anonymous Information, and I emphasize again: I do not use such data to treat you differently as a customer.You can learn more about behavioral advertising and manage your preferences here.

11: What rights do you have regarding your personal data?

Under the GDPR, you may exercise the following rights:

• Right of access – to see what data I hold and receive a copy,
• Right to rectification – to correct inaccurate or incomplete data,
• Right to erasure – if the data is no longer necessary or unlawfully processed,
• Right to restrict processing – e.g., if you contest the data’s accuracy or object to its processing,
• Right to object – to processing based on legitimate interest (you must describe your specific situation)
  
• Right to data portability – to receive your data in a structured, commonly used format or transfer it to another controller,
• Right to withdraw consent – at any time, if data processing was based on your prior consent,
• Right to lodge a complaint – with a supervisory authority (e.g., the President of the Polish Personal Data Protection Office).

12: Do I use cookies and what are they?

Yes – like almost every website, mine uses cookies.

Cookies are small text files stored on your device (e.g., computer, tablet, smartphone) that can be read by my system (first-party cookies) or third-party systems (third-party cookies). Some are deleted after you close your browser (session cookies), while others remain to recognize your browser next time (persistent cookies).

You can learn more about cookies here.

13: What is the legal basis for using cookies?

I use cookies based on your consent, except where they are technically necessary for providing electronic services.

During your first visit, a cookie banner allows you to manage your preferences. Until you provide consent, non-essential cookies remain blocked.

Note: disabling cookies may affect the functionality of the website — e.g., social plugins and widgets may no longer work properly.

14: Can you disable cookies?

Yes. You can manage cookies through your browser settings — block all or selected cookies, remove saved ones, or use incognito mode.

There are also tools like Ghostery or antivirus software that give you more control over cookies.

Additionally, I offer direct cookie management via my site, where you can block any cookies you do not consent to.

15: For what purposes do I use my own cookies?

My cookies store your selected cookie preferences using the cookie consent management tool.

16: What third-party cookies are used?

The following third-party cookies are used on this website:

• Google Analytics,
• Google Ads,
• Facebook Custom Audiences,
• Facebook Connect and other social media plugins,
• YouTube.

Google Analytics - details

I use Google Analytics, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This tool is used based on my legitimate interest in creating statistics and analyzing them to optimize the website.

To use Google Analytics, a special tracking code has been implemented into the site’s code. The tracking code uses Google Analytics cookies.

You can block the Google Analytics tracking code at any time by installing the Google browser add-on.

Google Analytics automatically collects information about how you use the website. The collected data is usually transmitted to Google servers located around the world and stored there.

Since IP anonymization is activated, your IP address is shortened before being transferred to Google. Only in exceptional cases is the full IP address transmitted and shortened on Google’s servers. The anonymized IP address is not combined with other Google data.

Please note: I only have access to Anonymous Information via Google Analytics.

Google Analytics and Google Analytics 360 have obtained ISO 27001 certification — a globally recognized information security standard.

For more information about how Google uses data from websites and apps that use their services, see this page.

Google Ads - details

I use Google Ads (formerly AdWords), provided by Google LLC, for remarketing and targeted advertising. This is based on my legitimate interest in marketing my services.

When you visit my website, a Google remarketing cookie is placed on your device. This cookie tracks your activity on the site so that I can later display ads via the Google network tailored to your behavior.

For example, if you view a particular product, that action is logged, and I may later display a relevant ad while you browse other sites.

Note: I only use Anonymous Information with Google Ads.

Using Google Ads, I can define audience groups. Google decides when and how ads are shown to users. Further processing of your data happens only if you’ve given Google consent to combine your browsing history with your account for ad personalization.

You can manage your ad settings on Google here: https://adssettings.google.com

Facebook Custom Audiences – details

Using Facebook Ads, provided by Meta Platforms Inc., I utilize the Facebook Pixel for building Custom Audiences — targeted groups of users for personalized advertising. This is based on my legitimate interest in marketing.

The Facebook Pixel automatically collects information about your behavior on the site. This data is typically transferred to servers in the USA or other global locations.

The data collected by the Pixel is anonymous — it doesn’t allow me to identify you. Based on your activity (e.g., page views, newsletter sign-up, cart actions), you may be added to a Custom Audience, but I don’t see individual identities.

Facebook may combine this information with other data it holds about you. For more details, refer to Facebook’s Privacy Policy. You can manage your ad settings directly in your Facebook account: https://www.facebook.com/ads/settings

Facebook Connect and Other Social Plugins – Details

The website uses social plugins (e.g., Like buttons) from platforms such as Facebook, Instagram, LinkedIn, and Twitter.

When you visit a page containing such a plugin, your browser sends a request to load the plugin and may transmit data (e.g., your IP, browser, visited URL). If you're logged in to the respective platform, the visit can be linked directly to your profile.

Plugins may also collect information about you even if you're not logged in. You can block this using browser extensions (e.g., script blockers).

For more about how platforms use this data, see their privacy policies:

• Facebook,
• Instagram,
  
• LinkedIN.
  

YouTube – details

Some pages include YouTube videos, embedded using YouTube's privacy-enhanced mode, provided by Google LLC.

When you play a video, YouTube sets cookies and records the action. If you are logged into your Google account, the video view may be linked to your profile.

To avoid this, log out of Google before playing a video or use browser extensions to block scripts. For details, refer to:

• Terms of Service,
• Privacy Policy.
  

17: Do I track your behavior on my website?

Yes, I use tools such as Google Analytics, Google Ads, Hotjar, and Facebook Custom Audiences to collect information about your activity on my website. These tools are described in detail in the section on third-party cookies.

18: Do I show you targeted advertisements?

Yes. Through Facebook Ads and Google Ads, I may target ads based on criteria such as age, gender, interests, profession, or previous interactions with my site. These tools are also described earlier in the section on third-party cookies.

19: How can you manage your privacy?

You can manage your privacy in several ways. Here is a summary:

• Adjusting cookie settings in your browser,
  
• Using browser extensions like Ghostery,
  
• Using additional privacy software,
  
• Browsing in incognito/private mode,
  
• Managing behavioral advertising preferences via youronlinechoices.com,
  
• Using the cookie settings panel on my site,
  
• Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout,
  
• Google Ads Settings: https://adssettings.google.com/,
  
• Facebook Ads Settings: https://www.facebook.com/ads/settings,
  

20: What are server logs?

Every time you visit my website, requests are sent to the server, and these are stored in server logs.

Logs may include your IP address, the time and date of the request, browser type, and operating system. These logs:

• Are not associated with individual users,
  
• Are not used to identify you,
  
• Serve solely as support material for site administration,
  
• Are only accessible to authorized administrators.
  

21:  Is there anything else you should know?

As you can see, the topic of personal data, cookies, and privacy is complex. I’ve done my best to present the key points clearly. If you have questions or want to discuss your privacy, write to me at gabinet@fizjo4health.pl.