PRIVACY POLICY PhiApp

Article 13 General Data Protection Regulation (GDPR)


With this information, PhiAcademy GmbH (hereinafter “PhiAcademy“ or “we“) informs you about the processing of your personal data (“Data“) as well as your Data protection claims and rights:
   1. Which Data are processed and from which sources do they come from?
We process the Data that we receive from you as user of our mobile application called PhiApp (hereinafter “PhiApp “). 
Personal Data include: 
		• Your personal details: e.g. name, city and country of residence, e-mail address, age, telephone number, profile photo and gender
		• Your biography text and photos of your works if you are an artist (optionally, not required)
		• Customer medical questionnaire, if you are a customer (optionally, not required). Medical questionnaire includes your  height, weight, hair color, eye color, and you are able to select from the list if you suffer from some of the following diseases or taking any of following medicines: hemophilia, diabetes mellitus, hepatitis a,b,c,d,e,f, hiv+,skin diseases, eczema, allergies, autoimmune diseases, herpes, infection diseases, high temperature, epilepsy, cardiovascular problems, blood thinners (anticoagulants), are you pregnant, do you have wound healing, do you take medications on daily basis, do you have pace maker, have you consumed narcotics or alcohol 24h before, have you had surgery, laser therapy, or any other medical intervention in the past 14 days. 
		• Status and summaries of your treatments (optionally)
		• Your questions and other comments in the Consultation section, if you choose to actively participate in this forum (optionally)
		• Your appointments, be it as an artist or as a customer (optionally)

   2. For what purposes, duration and on which legal basis are Data processed?
We process your Data in accordance with applicable data protection law and for specific purposes and for a specific period. The most important purposes, 
duration and legal basis of the processing are listed below. If we collect Data from you for other purposes, we will inform you separately before collecting 
that Data.

    2.1 PhiApp Profile (Customers and Artists)
		Purpose:  If you are a Customer, we process your Data for the purpose of managing your use of the PhiApp and during the period of your registration in our PhiApp, as long as you do not withdraw your consent.  
			If you are an Artist, we process your Data for the purpose of managing your contractual relationship with us, during the period of such contractual relationship and three years thereafter.
		Duration:  As long as you do not withdraw your consent.
		Legal Basis:  If you are a Customer, we process this Data based on your consent.
			If you are an Artist, we process this Data in order to fulfill our contractual obligations and for our legitimate interests (to provide our customers a professional platform for their work and exchange experience).
    
	2.2 Biography text and Photos of your work and location of your business (only Artists)
		Purpose:  To show your business location, experience and work results to (potential) customers.  
		Duration:  We process your biography text and photos of your work as long as you do not withdraw your consent. We process your business location as long as you are a Phi Artist and member of our Phi Artist community.
		Legal Basis:  We process your biography and photos of your work based on your consent. We process your business location based on our legitimate interests (to provide Customers with comprehensive information about our Artists network).
    
	2.3 Customer Medical Questionnaire (only Customers)
		Purpose:  To provide this Data to Artists who will be treating you (only with your consent) in order to prevent health complications for you as a Customer.  
		Duration:  As long as you do not withdraw your consent.
		Legal Basis:  We process this Data based on your consent.
    
	2.4 Status and Summaries of your Treatments
		Purpose:  To manage your treatments, in order to provide you and our Artists with your treatment history.  
		Duration:  As long as you do not withdraw your consent.
		Legal Basis:  We process this Data based on your consent.
    
	2.5 Questions and Comments to the Consultation section (Customers and Artists)
		Purpose:  To enhance the user experience and to facilitate the sharing of experience and knowledge among the PhiApp users.  
		Duration:  As long as you do not withdraw your consent.
		Legal Basis:  We process this Data based on your consent.
    
	2.6 Appointments (Customers and Artists)
		Purpose:  To provide Customers and Artists the possibility to manage their appointments directly in the PhiApp.  
		Duration:  As long as you are a registered user of the PhiApp.
		Legal Basis:  We process this Data based on our and our Artist’s legitimate interests.  These interests are to be able to manage our Artist community (and for the Artists: to manage their customer community).

  3. Who receives your Data?
Within PhiAcademy and our parent company, PhiAcademy d.o.o., those employees will receive your personal information, who need them for the purposes outlined above. In addition, we share the Data within the Artist and Customer community (your health data only with your explicit consent). If we are legally obliged to do so, we will also transfer your Data to public bodies and authorities. In addition, companies commissioned by us (in particular IT or payment services and back office providers) will receive your Data if they need them to fulfill their respective tasks. These providers are obliged to treat your Data confidentially and to process them only to the extent necessary for their service provision. If these companies provide their processing activities outside the European Economic Area, they have a Privacy Shield Certificate or have undertaken to ensure an adequate level of data protection.

We will transfer your Data to the following recipients:

	• Company name: Execom, Registered office of the company: Novi Sad, Bulevar vojvode Stepe 50, Novi Sad 21000, Place of Data processing; guarantee according to Art. 46 GDPR: Serbia; EU standard contractual clauses

	• Company name Phi-academy doo, Registered office of the company Belgrade, Bulevar Oslobodjenja 137, Place of Data processing; guarantee according to Art. 46 GDPR: Serbia; EU standard contractual clauses

	• Company name Google (only for google and phone logging), Registered office of the company Mountain View, 1600 Amphitheatre Parkway, Place of Data processing; guarantee according to Art. 46 GDPR USA; Privacy Shield

	• Company name Facebook (only for facebook logging), Registered office of the company Menlo Park, CA 94025, Place of Data processing; guarantee according to Art. 46 GDPR USA; Privacy Shield

   4. Are you obliged to provide Data?
As a Customer, you are not obliged to provide any Data. However, to use the PhiApp with a value-add to you, it is necessary that you provide at least your contact details.

As an Artist, it is necessary that you provide the Data we need to fulfill our contractual obligations to you. Those Data are marked with (*) as mandatory. Unless you provide those mandatory Data, we will generally be unable to provide our services.
    
   5. Your rights in the context of the processing of your Data
You have the right
		• to request information about which of your personal Data we process (Article 15 GDPR); 
		• to rectify or erase your Data (Article 16 GDPR); 
		• to restrict the processing of your Data (Article 18 GDPR);
		• to withdraw your consent (Article 7 GDPR);
		• to object to the processing of your Data (Article 21 GDPR); 
		• to Data portability (Article 20 GDPR).
If you believe that we violate your rights under the GDPR or national data protection law when processing your Data, please contact us. This is the only way 
we can treat your concerns as quickly as possible. You also have the right to lodge a complaint with a supervisory authority (in Austria: www.dsb.gv.at).
	
   6. Automated decision-making
We do not use automated decision-making or profiling according to Article 22 GDPR. 
    
   7. Who can you contact?
If you have any requests or concerns, you can contact us directly by e-mail, by phone or by post to the following address: 

PhiAcademy GmbH
Gartengasse 8/8, 1050 Vienna
E-Mail: info@phishop.com

Version 21st October 2019