1. The purpose of this Privacy Policy is to define in detail the principles of data processing as part of the activity conducted by the Administrator. The Privacy Policy describes both the rules for the processing of personal data and data related to the use of cookies.

  2. This Privacy Policy applies in all cases where the personal data of natural persons are processed by the Administrator

  3. Relying in particular on the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016. on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, hereinafter referred to as GDPR, the Administrator shall take all necessary security measures to protect the personal data being processed.

  4. Personal data shall be understood as any information relating to an identified or identifiable natural person to whom the data relates. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an IP number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  5. The Administrator of personal data is GT52 Sp. z o.o. with its registered office in Poznań (60-311) at ul. Grunwaldzka 52, NIP: 779-255-98-89, hereinafter referred to as the Administrator.

  6. The Administrator can be contacted at ul. Grunwaldzka 52 60-311 Poznań and by phone (+48 667 708 708; +48 607 785 785) and by e-mail (


  7. The Administratorprocesses data in accordance with the law, fairly and in a transparent manner for the data subject. The processing of personal data by the Administrator in a lawful manner means that the Administrator processes personal data only if there is a clear legal basis for doing so resulting directly from the GDPR (Article 6 or Article 9 of the GDPR) or other EU or national generally applicable laws.

  8. The Administrator collects data for specific, explicit and legitimate purposes and does not further process them in a manner incompatible with these purposes. In the event that the Administrator is deprived of the purpose of processing, it shall immediately permanently delete the data, unless the right to further processing results from generally applicable provisions of law. The Administrator periodically assesses the legitimacy of the processing of specific personal data, taking into account the validity of the purposes of their processing.

  9. The Administrator processes data in an adequate, appropriate and limited manner to what is necessary for the purposes for which they are processed. The Administrator strives to continuously minimize the personal data processed. To this end, the Administrator periodically evaluates the scope and types of personal data processed in order to determine the necessity of their processing or the possibility of their permanent deletion.

  10. The Administrator makes sure that the data processed by it is correct, and updates them if necessary and available.

  11. The Data Administrator shall store the data in a form that allows the identification of the data subject for no longer than it is necessary for the purposes for which the data are processed, taking into account the relevant provisions of law allowing the Administrator to process personal data for a specified period of time, in particular this applies to the period of storage of medical records, personal files, assertion of rights and the period of limitation of claims. In the event of the lapse of the time of storage of certain personal data, the Administrator, as a rule, is obliged to immediately permanently delete the personal data in question, unless separate provisions of law impose an obligation on the Administrator to archive the documentation containing personal data.

  12. The Administrator processes personal data for the following purposes:

    1. sale of products offered by the Administrator:

The Administrator provides services to natural persons in accordance with the subject of business activity. In connection with the provision of these services, an agreement is concluded between the Administrator and a natural person (client). The above is related to the necessity of processing the personal data of a natural person who is a party to the contract. The legal basis for the processing of personal data for this purpose is Art. Article 6(1) 1(b) of the GDPR, according to which the processing of data is lawful where the processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.

    1. making appointments and notifications/reminders about upcoming appointments (phone, SMS, e-mail):

In order to improve contact with customers, the Administrator has introduced a system supporting the scheduling of subsequent customer visits. The system also allows you to send notifications and reminders about upcoming visits. Notifications/reminders will be received by the customer who agrees to this form of use of their personal data (phone number and e-mail address). The legal basis for data processing in this case is your freely given consent, in accordance with Art. Article 6(1) 1(a) of the GDPR and Art. Article 10 of the Act on the Provision of Electronic Services and Art. Article 173 of the Telecommunications Law.

    1. marketing (promotions, vouchers, information about campaigns):

The Administrator undertakes numerous marketing and information activities concerning its own products and services, constituting a form of direct marketing. Marketing purposes are carried out using the telephone number provided by the customer or via the e-mail address. The applicable provisions of the GDPR allow the Administrator to process personal data in this way. At the same time, however, taking into account other applicable legal regulations, the sending of marketing materials by the Administrator depends on the customer’s consent to such use of his telephone number and e-mail address. With regard to the processing of personal data, the legal basis is the legitimate interest of the Administrator – marketing of its own products and services, regulated by Art. Article 6(1) Article 1(f) of the GDPR, which should be supplemented by Article 10 of the Act on the Provision of Electronic Services and Art. Article 173 of the Telecommunications Law.

    1. consideration of complaints, investigation and defence in the event of mutual claims:

The processing of personal data is necessary in the event that the customer submits a complaint to the Administrator regarding the products or services offered. This is additionally supplemented by the pursuit of mutual claims and assertion of rights in the course of possible court and out-of-court proceedings. The legal basis for data processing for the purpose described above is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR).

    1. fulfilling the legal obligation incumbent on the Administrator resulting from the provisions of tax and accounting law:

The Administrator is obliged to keep accounts in a manner consistent with the applicable law. In addition, it is subject to certain tax obligations. The above may entail the need to process customer data, in particular entrepreneurs for whom the Administrator issues VAT invoices. The legal basis for this is the legal obligation incumbent on the Administrator, regulated in Art. Article 6(1) 1(c) of the GDPR,

    1. Assessment of the client’s health:

The nature of the services provided by the Administrator may require that in certain circumstances, in order to provide the customer with an appropriate level of security, it will be necessary for the customer to provide certain data concerning his or her health. Refusal to provide this data may result in the Administrator’s refusal to provide a specific service. The data concerning the state of health is provided by the customer on the basis of voluntary consent, sanctioned by Art. Article 9(1) 2 lit. a GDPR.

    1. Diagnosing technical problems with the server, creating statistical analyses based on IP addresses:

Due to the fact that the website is run with the use of server infrastructure, the Administrator wants to examine network traffic in order to implement appropriate changes, e.g. in terms of bandwidth, avoiding DDoS attacks, developing the website in a user-friendly way. Article 6(1) 1(f). GDPR.

  1. Clients’ personal data will be stored by PDC for the following period:

    • with respect to data processed for the purposes indicated in point 13(a), (d) and (e) – for the duration of the performance of the agreement, and after its expiry for the period resulting from the applicable provisions of law, in particular in the scope of pursuing claims and for the period of storing accounting books and tax documentation,

    • with respect to data processed for the purposes indicated in point 13(c) and (g) – until an objection is raised,

    • with respect to data processed for the purposes indicated in point 13(b), (f) – until the consent is withdrawn,

  1. The recipients of the data may be entities which, on the basis of relevant agreements signed with the Administrator, process personal data as a processor. This applies primarily to entities providing various types of services to the Administrator, such as, among others: consulting, legal, accounting, IT, advertising, sales support and other services.

  2. Neither the Administrator nor the entities entrusted with the processing of personal data transfer personal data outside the European Economic Area (including the European Union, Norway, Liechtenstein and Iceland).

  3. Every data subject has the right to:

      1. access to data – obtain confirmation from the Administrator as to whether his/her personal data is being processed. If data about a person is processed, he or she is entitled to access it and obtain the following information: the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the data have been or will be disclosed, the period of storage of the data or the criteria for determining them, the right to request rectification, erasure or restriction of the processing of personal data of the person, data subject and to object to such processing (Article 15 of the GDPR);

      2. receive a copy of the data – obtain a copy of the data subject to processing, the first copy of which is free of charge, and the Administrator may impose a reasonable fee for subsequent copies resulting from administrative costs (Article 15(3) of the GDPR);

      3. rectification – to request the rectification of inaccurate personal data concerning you or the completion of incomplete data (Article 16 of the GDPR);

      4. erasure of data – request the deletion of his/her personal data if the Administrator no longer has a legal basis for their processing or the data is no longer necessary for the purposes of the processing (Article 17 of the GDPR);

      5. restriction of processing – request restriction of processing of personal data (Article 18 of the GDPR) when:

    • the accuracy of the personal data is contested by the data subject for a period enabling the Administrator to verify the accuracy of the data;

    • the processing is unlawful and the data subject opposes the erasure of the data by requesting the restriction of its use;

    • The Administrator no longer needs the data, but they are needed by the data subject to establish, pursue or defend claims,

    • the data subject has objected to the processing – until it is determined whether the legitimate grounds on the part of the Administrator override the grounds of the objection of the data subject;

      1. data portability – to receive in a structured, commonly used and machine-readable format the personal data concerning him or her, which he or she has provided to the Administrator, and to request the transfer of such data to another Administrator, if the data is processed on the basis of the consent of the data subject or a contract concluded with him/her, and if the data is processed in an automated manner (Article 20 of the GDPR);

      2. objection – object to the processing of his/her personal data for the legitimate purposes of the Administrator, for reasons related to his/her particular situation, including profiling. The Administrator assesses the existence of compelling legitimate grounds for processing, overriding the interests, rights and freedoms of data subjects, or grounds for establishing, pursuing or defending claims. If, according to the assessment, the interests of the data subject take precedence over the interests of the Administrator, the Administrator will be obliged to cease processing the data for these purposes (Article 21 of the GDPR);

      3. withdraw their consent at any time and without giving any reason, but the processing of your personal data carried out before the withdrawal of consent will still be lawful. Withdrawal of consent will result in the cessation of personal data processing by the Administrator for the purpose for which the consent was given.

  1. The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office with its registered office in Warsaw. Complaints can be submitted in the form of:

    1. in writing to the address: ul. Stawki 2, 00-193 Warsaw,

    2. electronically: via the ePUAP platform,

  1. The Administrator’s Website uses cookies. Cookies are small text files that are stored on your computer or other mobile device when you use websites. These cookies are used To use the various features provided on the website or to confirm that you have seen certain content from the website. The only way to save this is that your browser allows it.

  2. A cookie usually contains the name of the domain from which it originated, its “expiration time” and an individual, randomly selected number identifying the cookie. The information collected with the use of files of this type helps to adapt the products offered by the Administrator to the individual preferences and actual needs of visitors to the Administrator’s Website. They also make it possible to develop general statistics of visits to the presented products on the Administrator’s Website.

  3. The Administrator uses two types of cookies:

        1. Session cookies: when the browser session ends or the computer is turned off, the stored information is deleted from the device’s memory. The mechanism of session cookies does not allow for the collection of any personal data or any confidential information from users’ computers.

        2. Persistent cookies: they are stored in the memory of the User’s end device and remain there until they are deleted or expire. The mechanism of persistent cookies does not allow the collection of any personal data or any confidential information from the user’s computer.

  1. The Administrator uses its own cookies for the purpose of analyses and research as well as audience audits, and in particular to create anonymous statistics that help to understand how users use the Administrator’s Website, which enables the improvement of its structure and content.

  2. The Administrator uses external cookies to collect general and anonymous statistical data through Google Analytics analytical tools on the terms specified in detail in the documents concerning the processing of personal data by Google and ensuring the protection of individual rights as provided for in the GDPR.

  3. The cookie mechanism is safe for the computers of the users of the Administrator’s Website. In particular, it is not possible for viruses or other unwanted software or malicious software to enter users’ computers in this way. However, Users have the option of restricting or disabling the access of cookies to computers in their browsers. If you use this option, you will be able to use the Administrator’s Website, except for functions that by their nature require cookies.

  4. The Administrator may collect the IP addresses of users. An IP address is a number assigned to a visitor’s computer by your Internet Service Provider. An IP number allows you to access the Internet. In most cases, it is assigned to the computer dynamically, i.e. changes every time you connect to the Internet. The IP address is used by the Administrator to diagnose technical problems with the server, to create statistical analyses (e.g. to determine from which regions we record the most visits), as information useful in the administration and improvement of the Administrator’s Website, as well as for security purposes and possible identification of undesirable automatic programs for viewing the content of the Administrator’s Website that burden the server.

  5. The Administrator’s Website contains links and references to other websites. The Administrator is not responsible for the privacy protection rules applicable therein and indicates that access to them is made at the user’s risk.

  6. The use of the Service may involve potential risks. Up-to-date information on special features is available on the Website as an appendix to the Privacy Policy.

  7. By using the Administrator’s services, the customer accepts the implemented Privacy Policy.

  8. Any changes to the Privacy Policy will be announced via the website:


Information about the risks associated with the use of the Services

We regret to inform you that even if measures have been taken to secure the data transmitted by the Service Provider via the Internet, it is not possible to fully eliminate some of the risks associated with the use of the service provided electronically.

The following information applies to threats that we identify as potential hazards that should be taken into account despite the fact that we use adequate safeguards. The following list is for example:

  1. the possibility of receiving spam (unsolicited advertising (commercial) information transmitted electronically);

  2. the presence and operation of malware, including: computer viruses;

  3. the presence and operation of Internet worms (WORMs);

  4. the ability of spyware to work;

  5. the possibility of being exposed to cracking or phishing (password fishing);

  6. the ability to crack security to obtain personal and confidential information for identity theft, by sending fraudulent electronic messages that resemble authentic messages

  7. piracy;

  8. sniffing;

  9. the possibility for other persons using the ICT system and/or telecommunications network to introduce illegal devices giving unauthorised access to protected services;

  10. cryptanalysis, i.e. finding weaknesses in the cryptographic system and thus enabling it to be broken or circumvented;

  11. infringement of copyrights through their unauthorized copying and use without the consent and knowledge of the rightholder

  12. the possibility of being exposed to other unwanted or “malicious” software, performing actions not intended by the user, not included in the above, but appearing e.g. under the names: wabbit, trojan, backdoor, exploit, rootkit, keylogger, dialer, hoax



Good Time Institute & Medical Spa
Grunwaldzka 52, 60-311 Poznań

Opening hours:
Monday – Friday: 9:00 a.m. – 9:00 p.m.
Saturday: 9:00 a.m. – 5:00 p.m.

GOOD TIME DAY SPA © 2020 All rights reserved Privacy Policy Terms & Conditions