For trainer Download app

Privacy policy

Effective Date: 09 July 2025
Last Updated: 09 July 2025

 

V.1.0.0.

 

This Privacy Policy of Stadami Platform constitutes an integral part of Stadami’s Terms and Conditions and shall be interpreted in conjunction therewith. In the event of any inconsistency, the provisions of the Terms and Conditions shall prevail unless expressly stated otherwise herein.

 

Summary Overview:

 

This Privacy Policy outlines how LOSI Sp. z o.o. (“Stadami”) collects, processes, stores, and shares personal data of users interacting with its digital ecosystem, including:

We are committed to protecting your privacy and complying with the highest standards under:

  • GDPR and RODO (Polish data protection);
  • DAC7 Directive (EU tax reporting);
  • DSA and DMA (Digital Services & Markets Acts).

We collect data including identity details, location, financial activity, usage behavior, and technical logs. Data may be shared with:

  • Trusted third parties (e.g., Stripe, Google, Apple);
  • National tax authorities (for DAC7);
  • Regulatory or law enforcement authorities (when legally required).

Your rights include access, correction, deletion, objection, data portability, and complaint submission to UODO (Polish DPA).

Data is stored in the EU, protected with encryption, access control, and monitoring tools.

 

Table of Contents:

1. Introduction and Legal Framework

2. What Personal Data We Collect and How

3. Purposes of Data Processing and Legal Bases

4. Data Sharing and Transfers

5. Your Rights Under GDPR and RODO

6. Google Maps API Disclosure

7. Changes to This Policy

8. Limitations of Liability and Legal Disclaimers

9. User-Generated Content and Platform Responsibility

10. Trainers’ Responsibility for Personal Data Processed Outside the Platform

11. Automated Decision-Making and Profiling

12. Data Retention Periods

13. Data Breach Notification Policy

14. Contact Us

 

 

Welcome to the Privacy Policy of Stadami!

This policy outlines in extensive detail how LOSI Sp. z o.o. (“Stadami,” “we,” “us,” or “our”) collects, processes, stores, transfers, and protects your personal data when you interact with any part of our platform. We strongly believe in your right to privacy and transparency, and this document serves as a thorough explanation of our data practices, in accordance with both European and Polish legal standards.

Our services consist of:

  • The Stadami Trainer App, which provides trainers with tools to offer services and connect with clients;
  • The Stadami Client App, which allows clients to search for and communicate with personal trainers;
  • The official Stadami website accessible at https://stadami.com, which acts as a web interface to the same ecosystem.

Stadami is managed by LOSI Sp. z o.o., a company incorporated and registered under Polish law. Our company identification details are:

  • Registered Address: ul. Korytnicka 46/52, 04-109 Warsaw, Poland
  • KRS: 0001146588
  • REGON: 540499518
  • NIP (VAT ID): 1133154642

This Privacy Policy applies to all individuals who interact with any Stadami service, whether through our apps, our website, or associated third-party providers. It is designed to be consistent with all applicable data protection standards, including:

  • The General Data Protection Regulation (EU) 2016/679 (GDPR), which sets rules for data protection across the European Union;
  • The Digital Services Act (DSA), which governs platforms acting as intermediaries in digital markets and ensures user rights and transparency obligations;
  • The Digital Markets Act (DMA), which introduces responsibilities for platforms that may be considered gatekeepers and aims to preserve contestability and fairness;
  • The DAC7 Directive, which mandates that digital platforms collect and report tax-relevant data about their users to national tax authorities;
  • Key Polish legislation, including (collectively referred to as “RODO” in Poland, aligning with the GDPR):
    • The Personal Data Protection Act of 10 May 2018 (Ustawa o ochronie danych osobowych), which is the national implementation of GDPR in Poland and regulates the rights of data subjects and duties of controllers;
    • The Act on Provision of Electronic Services of 18 July 2002 (Ustawa o świadczeniu usług drogą elektroniczną), which establishes obligations for electronic service providers and includes specific rules about information duties, consents, and data integrity;
    • The Telecommunications Law of 16 July 2004 (Prawo telekomunikacyjne), which governs the use of telecommunications networks for commercial and tracking purposes, including cookie usage and marketing communications;
    • The Polish Civil Code (Kodeks cywilny) and the Act on Consumer Rights (Ustawa o prawach konsumenta), especially provisions on unfair contractual terms, distance contracts, and obligations arising from the use of personal data in consumer relations.

Data Storage Locations:

We use secure cloud-based infrastructure for data hosting. All personal data collected from users within the European Economic Area (EEA) is stored on servers physically located within the EEA. This approach is consistent with the requirements of the General Data Protection Regulation (GDPR) and its implementation in Poland under the name RODO (Rozporządzenie o Ochronie Danych Osobowych). We ensure that all hosting providers meet strict standards of data protection, including appropriate technical and organizational measures. These include data encryption at rest and in transit, strict access controls, physical server security, real-time monitoring, and regular audit logging. The physical and logical security of user data is treated as a top priority, and business continuity procedures are implemented to ensure data integrity and availability under all conditions.

Should you have any inquiries, require clarification, or wish to exercise your rights, please contact us at: support@stadami.com

 

2. What Personal Data We Collect and How

 

We collect personal data directly from you when you interact with our platform (e.g., by creating an account, making a booking, completing your profile, or processing payments), automatically through technologies such as cookies or analytics scripts, and through integrations with trusted third-party service providers such as Stripe, Google, and Apple. Stripe, in particular, facilitates payment processing and is responsible for conducting mandatory KYC (Know Your Customer) and AML (Anti-Money Laundering) procedures on our behalf, including the verification of identity documents, tax information, and business credentials. In line with the EU DAC7 Directive, we also collect and transmit relevant seller and transaction data to tax authorities where required.

The types of data we collect include:

a. Identity and Registration Data:

  • Full legal name;
  • Date of birth;
  • Gender (optional);
  • Nationality and country of residence;
  • Unique user ID assigned by the platform.

    b. Contact and Account Information:

  • Email address;
  • Phone number (if provided);
  • Account password (hashed and not accessible in plain text);
  • Communication preferences and language settings.

    c. Authentication and Login Data:

  • Login credentials (username, encrypted password);
  • Social login credentials (Google ID, Apple ID – processed via OAuth);
  • Account creation and login timestamps.

    d. Financial and Verification Data (via Stripe):

  • IBAN, bank account numbers, and card tokens;
  • Uploaded identity documents (passport, national ID);
  • Selfies or biometric confirmation (for onboarding);
  • Tax Identification Number (TIN) and DAC7-related documentation;
  • Verification results from Stripe’s automated KYC/AML systems.

    e. Location and Device Information:

  • IP address and approximate geolocation;
  • GPS location data (only if explicitly allowed by the user);
  • Device model, operating system, and browser version;
  • Mobile device advertising ID (for push and remarketing);
  • Access timestamps, device language, and region settings.

    f. Activity and Usage Data:

  • Pages visited and buttons clicked on the website or in the app;
  • Screen navigation paths within the mobile apps;
  • Time spent on each screen or feature;
  • Search queries submitted via the platform;
  • Crash reports and error logs.

    g. Communication and Support Data:

  • Emails or messages exchanged with our support team;
  • Feedback, complaints, refund/dispute documentation;
  • Submitted reviews and public comments.

    h.Marketing and Consent Data:

  • Newsletter subscriptions and opt-in choices;
  • Campaign interaction history (opens, clicks);
  • Consent status for cookies, tracking, and personalised ads.

    i. Cookies and Similar Technologies:

  • Session cookies for authentication and load balancing;
  • Persistent cookies for analytics and saved preferences;
  • Third-party cookies for ad targeting and remarketing;
  • Tracking pixels (used in emails and app notifications).

The processing of these data types may vary depending on the nature of your interaction with Stadami (e.g., whether you are a trainer or client) and your platform usage frequency.

We do not collect sensitive personal data (e.g., racial or ethnic origin, political opinions, religious beliefs) unless explicitly required by law or regulation, and only with your explicit consent.

 

3. Purposes of Data Processing and Legal Bases

 

We process your personal data for specific, clearly defined, and lawful purposes. Each purpose of processing is linked to a corresponding legal basis as permitted under Article 6 of the General Data Protection Regulation (GDPR) and aligned with RODO under Polish law. Below is an overview of these purposes and their legal justifications:

a. Account Creation and User Identification

  • To register you on the platform as a trainer or client;
  • To authenticate your login credentials or enable third-party login;
  • To personalize your account and settings.
    Legal Basis: Contractual necessity (Art. 6(1)(b) GDPR)

    b. Payment Processing and Financial Administration

  • To facilitate secure payments and payouts via Stripe;
  • To process refunds, manage Stripe accounts, and settle transactions.
    Legal Basis: Contractual necessity (Art. 6(1)(b)), Legal obligation (Art. 6(1)(c))

    c. Compliance with KYC, AML, and DAC7 Requirements

  • To verify your identity, legal and tax status in accordance with anti-money laundering (AML) and know-your-customer (KYC) regulations;
  • To collect, store, and report your platform activity and related financial transactions as required by the DAC7 Directive;
  • To share detailed reports with competent national tax authorities regarding your income, tax residency, identification data, and financial operations made through the platform.

Important for Trainers: If you are a service provider (Trainer) who receives income through Stadami, your relevant personal and business data may be subject to mandatory annual reporting to tax authorities in the EU under the Council Directive (EU) 2021/514 (known as DAC7). The information we are obligated to collect, verify, and transmit includes, but is not limited to:

  • Your full legal name;
  • Primary and, if applicable, permanent address;
  • Date of birth (for natural persons);
  • Tax Identification Number (TIN) and the issuing jurisdiction;
  • VAT number (if available);
  • Member State(s) of residence for tax purposes;
  • National ID/passport number and country of issue (if applicable);
  • Business registration number (if you operate as a sole proprietor or entity);
  • Bank account identifiers (e.g., IBAN) linked to payouts;
  • Total consideration (gross income) paid to you during the reportable period;
  • Number of relevant transactions facilitated through Stadami;
  • Periods in which the income was generated (monthly or quarterly);
  • Any commissions, fees, or withheld amounts applicable to your transactions;
  • Status and result of identity verification (KYC);
  • Country and currency of payment;
  • Property addresses or geolocation used to deliver the service (where applicable).

We collect and store this data in line with GDPR and RODO, and we transmit it securely to the competent tax authorities of the relevant EU Member States via automated reporting channels.

This is a mandatory obligation under EU law. You cannot opt out of this reporting, and failure to provide accurate and complete data may result in account restrictions, payment delays, or legal obligations as imposed by competent authorities.
. It ensures tax transparency and compliance with EU regulations. Stadami is legally obligated to retain and transmit this information securely and only to authorized government entities.

Legal Basis: Legal obligation (Article 6(1)(c) of the General Data Protection Regulation — GDPR, and its Polish implementation, RODO — Rozporządzenie o Ochronie Danych Osobowych), including specific obligations set forth in Council Directive (EU) 2021/514 (DAC7) concerning the collection, verification, and reporting of platform user data to EU tax authorities.

d. Platform Operation, Analytics and Security

  • To maintain and secure our platform infrastructure;
  • To prevent fraud and detect misuse;
  • To analyze usage patterns and improve service design.
    Legal Basis: Legitimate interest (Art. 6(1)(f))

    e. Geo-Based Matching and Service Delivery

  • To match clients with nearby trainers;
  • To assist in dispute resolution or investigate claims using geolocation data.
    Legal Basis: Consent (Art. 6(1)(a)), Legitimate interest (Art. 6(1)(f))

    f. Customer Support and Communication

  • To respond to your requests, feedback, or complaints;
  • To notify you about service updates and changes.
    Legal Basis: Contractual necessity (Art. 6(1)(b)), Legitimate interest (Art. 6(1)(f))

    g. Marketing and Remarketing Communications

  • To send you promotional content, newsletters, or platform updates;
  • To personalize content using usage and campaign data;
  • To run performance-based remarketing campaigns.
    Legal Basis: Consent (Art. 6(1)(a))

    h. Legal Defense and Enforcement of Terms

  • To enforce our contractual agreements;
  • To defend against legal claims or regulatory investigations.
    Legal Basis: Legitimate interest (Art. 6(1)(f)), Legal obligation (Art. 6(1)(c))

Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

 

4. Data Sharing and Transfers

 

We do not sell your personal data. However, we may share your data with third parties in limited and controlled circumstances necessary to deliver our services, fulfill our legal obligations, or improve your experience on the platform. These transfers are subject to strict safeguards to ensure compliance with GDPR and RODO.

a. Third-Party Service Providers

  1. We work with carefully selected service providers who support our core infrastructure and functionalities, including:

All such partners are contractually bound to handle your data securely, confidentially, and only as instructed by us.

  • Stripe (payment processing, KYC/AML checks);
  • Google (authentication, maps, analytics);
  • Apple (authentication);
  • Cloud infrastructure providers (secure hosting, backups);
  • Email and messaging services (transactional and marketing emails);
  • Analytics and bug-tracking tools (performance and diagnostics).

All such partners are contractually bound to handle your data securely, confidentially, and only as instructed by us.

b. Public Authorities and Legal Requirements

  1. We may disclose your data to:
  • Tax authorities within the EU for the purposes of DAC7 reporting;
  • Supervisory bodies and courts, in connection with legal claims or regulatory compliance;
  • Law enforcement agencies, when legally required.

These disclosures are always assessed for necessity and proportionality.

c. International Transfers

  1. Where our service providers or partners operate outside the EEA (e.g., in the US), we implement appropriate safeguards such as:
  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Data Processing Agreements ensuring GDPR-compliant handling;
  • Additional technical measures, including encryption, access control, and auditing.

We aim to store and process your personal data exclusively within the EEA whenever possible.

 

5. Your Rights Under GDPR and RODO

 

As a data subject under the General Data Protection Regulation (GDPR) and its Polish implementation (RODO), you are entitled to a wide range of rights concerning your personal data. These rights ensure transparency, control, and accountability in how your data is handled by Stadami.

  1. Right of Access (Art. 15 GDPR / Art. 15 RODO)
    You may request confirmation of whether we process your personal data and receive a copy of the data we hold about you, including the purposes, categories, recipients, and retention period.
  2. Right to Rectification (Art. 16 GDPR / Art. 16 RODO)
    You can request that we correct or complete inaccurate or incomplete personal data without undue delay.
  3. Right to Erasure (“Right to be Forgotten”) (Art. 17 GDPR / Art. 17 RODO)
    You may request that your personal data be deleted, for example if it is no longer necessary, if you withdraw consent, or if processing is unlawful. This right may be limited where legal obligations (e.g., DAC7) require us to retain certain information.
  4. Right to Restriction of Processing (Art. 18 GDPR / Art. 18 RODO)
    You may request limited use of your data under specific conditions, such as contesting its accuracy or opposing its deletion.
  5. Right to Data Portability (Art. 20 GDPR / Art. 20 RODO)
    You can request a structured, commonly used, machine-readable copy of your personal data and have it transferred to another data controller where technically feasible.
  6. Right to Object (Art. 21 GDPR / Art. 21 RODO)
    You may object to processing based on our legitimate interests, including profiling. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests.
  7. Right to Withdraw Consent
    Where processing is based on your consent (e.g., marketing or location data), you have the right to withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
  8. Right to Lodge a Complaint with a Supervisory Authority
    If you believe your data protection rights have been violated, you may lodge a complaint with the competent supervisory authority in Poland:

Urząd Ochrony Danych Osobowych (UODO)
ul. Stawki 2, 00-193 Warsaw, Poland
Website: https://uodo.gov.pl
Tel: +48 22 531 03 00
Email: kancelaria@uodo.gov.pl

 

You may also contact us directly with any request at support@stadami.com. We will respond to all requests within the timelines prescribed by GDPR (usually within 1 month).

 

6. Google Maps API Disclosure

 

Stadami uses the Google Maps Platform APIs (including Places API, Maps SDK, and Geolocation API) within our mobile applications and website to offer location-based services, such as showing trainers or clients nearby, assisting in dispute resolution, and facilitating geo-matching.

According to Google’s Terms of Service, you must be informed of and agree to Google’s policies when using our platform:

By using Stadami’s apps and website that integrate Google Maps, you are also bound by Google’s terms. Stadami only uses location data with your explicit permission, and you can disable location tracking through your device settings at any time.

 

7. Changes to This Policy

 

We reserve the right to update this Privacy Policy from time to time in order to reflect changes in legal requirements, business practices, or technological developments. Any changes will be posted on this page with a revised “Last Updated” date.

In the case of material changes affecting your rights or the way we process personal data, we will notify you in advance via email, app notification, or prominent notice on the platform.

We encourage you to regularly review this Privacy Policy to stay informed of how we are protecting your data. Continued use of the Stadami platform after being notified of changes to this Privacy Policy will constitute your acceptance of those changes, in accordance with applicable data protection laws.

 

8. Limitations of Liability and Legal Disclaimers

 

Stadami takes all reasonable efforts to protect your personal data in compliance with applicable laws. However, Stadami shall not be liable for:

  • Any indirect, incidental, special, consequential or punitive damages arising out of or relating to the misuse of data by third-party service providers beyond our control;
  • Unauthorized access to or use of your data that occurs due to your own negligence (e.g., sharing login credentials);
  • Force majeure events, such as cyberattacks, natural disasters, or government actions that compromise the confidentiality or integrity of data despite reasonable preventive measures.

Our liability for damages related to personal data shall in all cases be limited to the extent permitted by applicable laws and subject to the limitations set out in our Terms and Conditions.

 

9. User-Generated Content and Platform Responsibility

 

The Stadami Platform enables users, including trainers and clients, to submit, upload, or display content such as profile information, descriptions, photos, feedback, and communication through messaging tools or booking systems. By uploading such content, you grant Stadami a limited, non-exclusive, royalty-free, and worldwide license to use, store, reproduce, and display the content strictly for purposes related to operating, marketing, and maintaining the platform.

Stadami reserves the right (but is not obligated) to monitor, moderate, or remove any content that violates the law, platform policies, or the rights of others. Users are solely responsible for ensuring that their uploaded content complies with all applicable intellectual property, defamation, and data protection laws.

Content must not:

  • Include personal data of third parties without lawful basis;
  • Infringe upon copyright or other proprietary rights;
  • Contain misleading, offensive, or discriminatory material;
  • Include false or deceptive information regarding services offered.

Improper use of user-generated content may result in account suspension or permanent removal.

 

10. Trainers’ Responsibility for Personal Data Processed Outside the Platform

 

While Stadami processes user data within its secure infrastructure in compliance with GDPR and RODO, trainers who collect or store additional personal data (e.g., through third-party CRMs, spreadsheets, external calendars, or direct messaging tools outside the Stadami ecosystem) may act as independent data controllers for those operations.

In such cases, trainers are solely responsible for ensuring their independent processing activities comply with applicable data protection laws, including but not limited to:

  • Informing clients of such data processing activities;
  • Implementing appropriate legal grounds for data processing (e.g., consent, contract);
  • Ensuring security of data stored outside Stadami;
  • Providing data subjects with access, correction, or erasure rights as required.

Stadami is not liable for any unauthorized or unlawful data processing conducted by trainers outside of the platform environment. Trainers are encouraged to consult local legal counsel or their national data protection authority for guidance on their obligations under GDPR and/or national legislation.

 

11. Automated Decision-Making and Profiling

 

Stadami may use automated tools and logic to support certain platform functionalities, such as search rankings, suggested trainers or sessions, personalized recommendations, or display prioritization based on profile completeness, user reviews, geolocation, popularity, or previous activity.

These systems are designed to enhance user experience and enable faster matching between trainers and clients. However, no legally binding decision is made solely on the basis of automated processing without human oversight.

Users have the right to:

  • Request information about how automated decisions are made;
  • Object to profiling in certain contexts;
  • Request human intervention where legally required.

We ensure transparency by explaining how recommendations or filtered search results may be influenced. You may also control personalization features via your account settings, where available.

 

12. Data Retention Periods

 

We retain personal data for no longer than is necessary for the purposes for which it is processed. Below is an overview of key data categories and their corresponding retention periods:

Data Category Purpose Retention Period
Account Data (Profile, Login, Contact Info) Platform operation and account management Until account deletion + 6 months for backup and fraud prevention
Financial & KYC Data (via Stripe) Compliance with legal obligations incl. DAC7, AML 10 years (in line with Polish and EU tax law)
Location and Device Data Analytics, geo-matching 2 years or until consent is withdrawn
Communication and Support Data Customer service records 3 years (standard complaint and dispute window)
Marketing & Consent Data Newsletter management, advertising Until consent is withdrawn or up to 24 months of inactivity
Cookies and Analytics Performance monitoring, personalization Depends on cookie type (see Cookie Policy)

After expiration of the retention period, data is either deleted or anonymized, unless longer retention is legally required or justified by a legitimate interest.

 

13. Data Breach Notification Policy

 

Stadami implements robust technical and organizational measures to prevent unauthorized access, data loss, or compromise. However, in the unlikely event of a personal data breach that affects your rights and freedoms, we will take immediate steps to mitigate the impact and comply with legal obligations.

In accordance with Articles 33 and 34 of the General Data Protection Regulation (GDPR), Stadami will:

  • Notify the relevant data protection authority (UODO in Poland) without undue delay and, where feasible, within 72 hours of becoming aware of a breach;
  • Communicate the nature of the breach, likely consequences, and measures taken to address it;
  • Inform affected users directly and without undue delay if the breach is likely to result in a high risk to their rights and freedoms (e.g., identity theft, financial loss, or loss of confidentiality);
  • Document the breach, its effects, and corrective actions in a dedicated incident register.

Users are encouraged to report any suspected vulnerabilities or incidents immediately to support@stadami.com.

 

14. Contact Us

 

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your data, please contact us at:

LOSI Sp. z o.o.
ul. Korytnicka 46/52, 04-109 Warsaw, Poland
Email: support@stadami.com
Website: https://stadami.com