Benefit Systems d.o.o. with the seat in Zagreb, Ožujska 2 (hereinafter: Benefit Systems, “us”, “we”) treats protection of personal data very seriously. We exercise all due care and diligence to ensure that your personal data are processed in accordance with the applicable regulations including the regulations of the EU. This document sets out the legal basis for data processing and the rules of collection and use of personal data, as well as the processing operations performed. It also intends to inform you about your rights in relation to your personal data processed by us. Benefit Systems uses your personal data for the purposes set out in this document or for any purpose indicated by us whenever we ask you to provide us with your personal data.
What does personal data security mean to us?
Benefit Systems takes the security of the data stored by us seriously. We have implemented appropriate policies and procedures. We conduct trainings with regard to data protection, their confidentiality and security. We conduct regular checks of the implemented security models in terms of their adequacy to the security of the data held by us.
Personal data - what does it mean?
Personal data means any information related to an identified or identifiable natural person (e.g. first and last name, electronic mail address, card number, IP address). Benefit Systems processes personal data for various purposes. The legal basis for data processing, collection and storage periods may be different depending on the purpose of these operations.
What is personal data processing?
Processing is any operation or set of operations which is performed on your personal data (such as its collection, storage, erasure or analysis).
We intend to maintain transparency with regard to the legal basis and the manner of processing of personal data.
According to our policy we only collect personal data when it is necessary for specific purposes and we ask clients to provide us with their personal data only when absolutely necessary.
Who is the Controller of your personal data?
In the case of agreements made with Benefit Systems, the data controller within the meaning of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
What does it mean?
It means that Beneft Systems determines the purposes and means of the processing of your personal data, that is how your personal data are going to be used.
How can you contact us to obtain more information on the processing of your personal data?
You can contact us:
How did we get your data?
We got them through different communication channels depending on the type of cooperation including:
- through a company that signed an agreement with us about its employees joining the Multisport programme. Your data were transmitted to us by your employer. If your card is for an accompanying person this means that we received your data through an employee of the company having an agreement signed with us. If your card is a Kids card then your data were given to us by your parent or a person who takes care of you,
- through a company that expressed its interest in the possibilities that joining the Multisport programme would give its employees. Your data were transmitted to us by your employer.
- you provided us with your data directly when joining the Multisport programme under separate agreements with third parties based on IT systems designed especially for this purpose or under an agreement to which you are a party yourself.
- as part of your participation (as a member of the Multisport programme) in the marketing activities of [abbreviated Company name] (e.g. contests or surveys) based on the legitimate interests of the controller or a consent expressed separately.
What is the purpose and the legal basis for processing of your data?
We process your data because:
We also process your data for tax and accounting purposes if it is required by the law.
In the case of a separate consent we process your personal data in order to:
Additionally, if you agree to this, we process your data:
How long do we store your personal data?
Depending on the purpose we store your data for a specified period of time:
Cookies, IP addresses and identification numbers of mobile devices
Who do we share your data with?
Benefit Systems may share your data with the following processors that make use of the data on our behalf as long as it conforms to the consent that you have granted or is based on the controller’s legitimate interest: Partners (sports and leisure facilities) that verify your identity at their centres by comparing it with the data printed on your Multisport card, Clients (if it is your employer or you have a civil-law contract with the client which entitles you to a Multisport card), companies printing the card, couriers, suppliers of additional services available in the Multisport programme, companies providing maintenance and support services of IT systems and terminals, entities supplying electronic payment services, companies providing services related to Users support and promoting our marketing activities.
Because we operate as one group your data are transmitted to:
- Benefit Systems International Sp. z o.o., Plac Europejski 2, 00-844 Warsaw, Poland
and may also be transmitted to:
- Benefit System S.A., Pl. Europejski 2, 00-844 Warsaw, Poland
We can share your personal data (to a limited extent) with entities that provide us with legal, consulting and audit services. In certain circumstances we can share your personal data with competent authorities for tax purposes and with entities and authorities competent for counteracting fraud and abuse.
All these entities are located in EEA (we do not transmit your data outside the EU).
What are your rights in relation to your data processed by us?
You have the following rights connected to processing of personal data which you can exercise at any time by contacting us:
Right of access to data
You have the right of access to data that we store as the Data Controller.
Right to demand rectification of your personal data
You can update the data that you provided us at any time. Depending on the purpose of processing changes can be made in accordance with the Terms and Conditions of the service you use or in a manner indicated above.
After we receive a notification from you that any personal data processed by us are no longer up to date, we will rectify the data based on the updated information provided that the change is possible.
Updating the data can take up to 48h which is related to the technical conditions of our systems.
Right of withdrawal of consents for processing of personal data
If your data are processed based on a consent you have the right to withdraw your consent at any time. In order to withdraw your consent to processing of personal data, please contact us in the manner provided above.
In order to cancel the subscription of the newsletter, please click on the resignation link sent in an email sent by us.
Right of objection to the processing of personal data. In which situations can you object to the processing of your personal data?
You have the right to object to the processing of your personal data whenever:
Right of restriction of processing
You have the right to restrict the processing of your personal data at any time, unless the processing is required by the law. In such case we will not continue to process your data or we restrict the processing until we are able to prove legitimate grounds for the processing or for the establishment, exercise or defence of our rights.
Right of data portability
You have the right to receive your data from us in a structured, commonly used and machine-readable format. You can also transmit your data to another data controller or request that we transmit it to another data controller. We will only be able to do it, however, if the data transfer is technically feasible and the other controller agrees to accept it.
Right of erasure of your personal data
You can submit to us a request to erase your data and have your data erased if your personal data are no longer necessary in relation to the purposes for which they were collected by us; where you have withdrawn your consent or object to the processing of personal data concerning you, or where your personal data are processed against the law. The data should then be erased.
In order to exercise the above rights, contact us in the manner described above.
Do we transmit your data outside the European Economic Area?
No. Your personal data will not be transmitted outside the European Economic Area (EEA).
Are your personal data processed automatically or subject to profiling in the manner affecting your rights?
Based on your personal data we conduct profiling which is an automatic evaluation of some personal aspects concerning you. We do the profiling in order to prepare our offer accurately. Based on your profile we will be able to adapt our product to your expectations and preferences. To perform the profiling we use data on e.g. the size of the company you work for, the size of the city where you use your card, the use of sports facilities and the type of activities. Also when profiling we take into account statistical data concerning the information.
We do not make automated decisions based on profiling of information concerning you.
Amendments to the present Policy
We are going to review and update the present document regularly in connection with the changes in the law and the efforts made by us to improve the level of security of your data and the quality of our service.
The last update of the present document took place on 24/05/2018.
You can contact us at any time
Please indicate the topic of your communication in the contact form to allow us a more effective service of your inquiry.
What are cookies and what do we use them for?
Cookies are text files that are saved via a web browser on your end device (computer, laptop, smartphone, etc.). When you visit our website, your browser sends this file and in this way it can be recognized each time you visit the website. Cookies are necessary to enable the user to navigate on our website.
What type of cookie files do we use?
Session cookie files (temporary)
Session cookie files are temporary files which are stored from the moment you log in to a website until you close your browser session or the browser itself. On our website we store a single session cookie which is used to encrypt user authorization information and is created when you enter the website and removed when you close the browser.
These are files from external websites which cooperate with our sites. Our websites use Google Analytics files to collect statistics about the website. These cookies are saved at the beginning of your visit on our platform. For more information, please read about the Google Analytics Cookie.
It is possible to disable installation of cookie files from Google Analytics on your device here [link].
Are cookies a threat?
Management of cookies
Cookies may only be used by us upon user's consent. You can disable or modify cookies preventing them from being saved on your end device by selecting the appropriate settings in your web browser. By default, web browser software allows saving files on the end device, thus allowing us to process the data stored in these files.
For more information on managing cookies settings, we recommend that you follow the instructions of your web browser producer.