1. Personal Data Administrator
   This Privacy Policy sets out the principles for collecting, processing, and using personal data by the Personal Data Administrator – Nord Medical sp. z o.o., with its registered office in Warsaw (00-095) at Plac Bankowy 2 – the owner of the website available at https://balanced-body.fi/.

2. Personal Data Security
   The Personal Data Administrator takes all possible measures to ensure the protection of the information and personal data provided by users while using the website, in compliance with the provisions of the General Data Protection Regulation (GDPR) 2016/679 and the Act on the Protection of Personal Data. Personal data is processed by the administrator in a fair and transparent manner. It is collected solely for specific and legally justified purposes, in accordance with the principle of data minimization, and is retained no longer than necessary to achieve the purposes for which the data is processed or to fulfill obligations imposed on the administrator by law. The administrator ensures the required level of security for personal data during its transmission, processing, and storage, protecting it against unauthorized access, processing, accidental loss, destruction, or damage, through appropriate technical and organizational measures that are constantly reviewed and updated as necessary.

3. Purposes of Personal Data Processing
   1. Processing Personal Data of Website Visitors or Users
      The website is designed to be accessible without requiring user identification. During website use, no data is collected automatically except for data collected via cookies (more details in section 5) and system logs, such as user IP addresses, browser types, or website entry sources, which help analyze user activity and monitor website traffic. This data is used by the administrator for analytical and statistical purposes (under Article 6(1)(f) GDPR – processing is necessary for purposes arising from the administrator’s legitimate interests, such as analyzing user activity, improving website functionality and usability), for marketing purposes including profiling and presenting tailored advertisements (under Article 6(1)(f) GDPR – processing is necessary for purposes arising from the administrator’s legitimate interests, such as direct marketing of its products and services), and to protect the administrator’s legal rights and security or to defend against potential claims (under Article 6(1)(f) GDPR).
   2. Processing Personal Data of Users Contacting the Website
      The administrator also processes data collected during direct user-initiated contact with the website, e.g., to obtain information about offered products. Providing data for this purpose is voluntary, but failure to do so may prevent correspondence with the user or the provision of requested information or answers. This data is used by the administrator to provide website services (under Article 6(1)(b) GDPR – processing is necessary for the performance of a contract, i.e., responding to inquiries, providing information), for analytical and statistical purposes (under Article 6(1)(f) GDPR – processing is necessary for purposes arising from the administrator’s legitimate interests, such as analyzing user inquiries and statistical analysis of the types of questions received), and to protect the administrator’s legal rights and security or to defend against potential claims (under Article 6(1)(f) GDPR).

4. Recipients of Personal Data
   Data collected and processed by the administrator may be transferred to other entities, such as IT service providers, only when allowed by applicable legal regulations and when the recipients ensure compliance with the requirements for protecting entrusted personal data. The scope of transferred data is limited to the necessary minimum. Personal data processed by the administrator may also be disclosed to public authorities as required by applicable laws.

5. Information About Cookies
   In accordance with the Telecommunications Act, we inform you that our website uses cookies. A cookie is a small text file sent by a web server and stored on the user’s side (typically on a hard drive). The default parameters of cookies allow only the server that created them to read the information contained in them. Cookies are widely used by most websites. They allow, for instance, online stores to remember a customer’s profile, cart contents, or prepare personalized offers tailored to the user’s expectations. Cookies are also used by popular internet tools for analyzing website statistics, usability, and marketing purposes. These tools rely on cookies stored on the user’s device. The Personal Data Administrator uses the following integrated elements on this website:
   Google Analytics – a tool provided by Google Inc. (1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA) for analyzing user behavior on the website, optimizing website performance and functionality, and assessing the effectiveness of online advertising campaigns. Based on the IP address, it creates an anonymous user profile and, through cookies stored on the user’s device, tracks website usage, time spent on specific pages, visit frequency, and entry sources.
   Google AdWords – a service for conducting online advertising campaigns based on defined keywords. Integrated with Google AdWords, the tool (provided by Google Inc.) uses cookies stored on the device to assess the effectiveness of these advertising efforts – create visit statistics, analyze conversions, and optimize future advertising activities. The information collected by cookies is not linked with other personal data and does not allow identification of the individual to whom it relates. Automatically collected data via cookies is used for analytical and statistical purposes (monitoring website traffic and analyzing user behavior on the website to improve website functionality and user convenience), marketing, and profiling – tailoring content to individual interests, needs, and expectations.
   Users may delete previously installed cookies and block the permanent storage of these files on their devices at any time by choosing appropriate settings in their web browser. However, it should be noted that this may hinder or prevent the use of certain website functionalities.
   Regarding data stored by Google Analytics, users can install a browser add-on that prevents data and information from being transmitted by this tool (https://tools.google.com/dlpage/gaoptout/?hl=en). For personalized Google ads, users can adjust settings and install plugins to opt-out of interest-based ads (https://support.google.com/ads/answer/7395996?hl=en).

6. Profiling
   As outlined in sections 3 and 5, the administrator may process users’ data for marketing purposes, including directing advertising content to them. These activities may involve profiling, i.e., an automated process of inferring users’ interests, expectations, and needs, predicting their behavior, and creating tailored offers based on their profile. The legal basis for processing data for this purpose is the legitimate interest pursued by the administrator, i.e., direct marketing (Article 6(1)(f) GDPR). Profiling will not have legal consequences for individuals or otherwise significantly affect them.

7. Data Transfer Outside the European Economic Area (EEA)
   When using the integrated analytical and marketing tools mentioned in section 4, provided by Google, a strictly limited scope of data (e.g., IP, website entry source, time spent on specific subpages) may be transferred to countries outside the EEA. Google, headquartered in the United States, participates in the EU-US Privacy Shield program approved by the European Commission, ensuring an adequate level of personal data protection in line with GDPR requirements.

8. User Rights
   Users have the right to access their data and obtain information about it, request rectification of inaccurate personal data, erasure of personal data, restriction of processing, transfer of their personal data to another administrator, and withdraw consent at any time if processing is based on consent. To exercise these rights, please contact the data administrator at contact@balanced-body.fi. Users also have the right to object to data processing based on Article 6(1)(f) GDPR, such as direct marketing by the administrator, including profiling. To object to profiling conducted using cookies, users must delete previously installed cookies and block their permanent storage by choosing the appropriate browser settings or using plugins mentioned in section 5. Users also have the right to lodge a complaint with a supervisory authority.

9. Data Retention Period
   The administrator retains personal data for as long as necessary to achieve the purposes or fulfill the legal obligations imposed on the data administrator. After the legal basis for processing data expires, all data is retained for a period corresponding to the statute of limitations for claims the administrator may assert or that may be brought against them, as well as the period for filing legal objections or defending against claims. This retention period may be extended if special regulations impose such an obligation on the administrator. After this period, all data stored by the administrator is deleted.
   Any questions, comments, or concerns regarding the Privacy Policy and the method of processing personal data should be directed to: contact@balanced-body.fi