Privacy Policy

Principles of Personal Data Processing and Protection and the Data Subject’s Consent to the Processing of Personal Data

I. Basic Provisions

The controller for the purposes of personal data processing pursuant to Section 5 letter (o) of Act No. 18/2018 Coll. on Personal Data Protection, as amended (hereinafter referred to as the “Act”), is NINE SPORT s. r. o., with its registered office at Ambrova 33, 831 01 Bratislava, Company ID No.: 51 698 994 (hereinafter referred to as the “controller”).

The controller’s contact details are as follows: postal address: Ambrova 33, 831 01 Bratislava, Slovak Republic; email: app@healthprofile.digital

The data subject is a client – a natural person (athlete) who has concluded a service provision agreement with the controller in accordance with the legal order of the Slovak Republic on the healthprofile.digital platform or who has created a client account in the healthprofile.digital application. In the case of a minor data subject, consent to the processing of personal data is provided by his or her legal representative.

Personal data shall mean any information relating to an identified or identifiable natural person; an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

The controller ensures the provision of diagnostic and consultancy services also through sports professionals who act as persons authorized by the controller or as processors within the meaning of Section 34 of Act No. 18/2018 Coll. on Personal Data Protection, as amended. Sports professionals process the personal data of data subjects exclusively to the extent necessary for the provision of services, based on the controller’s instructions and in accordance with this document, the General Terms and Conditions, and the Special Terms and Conditions.

II. Consent of the Data Subject to the Processing of Special Category Personal Data

The data subject expressly consents to the processing of special categories of personal data, exclusively for the purposes of evaluating data related to the data subject’s sports performance and health condition. The controller allows the data subject to enter special category personal data into the Health Profile application; however, the data subject is not obliged to enter any specific special category data and may independently decide which data to provide and, consequently, which diagnostic functions of the service to use. This means that the data subject independently selects the special category personal data that will be processed (evaluated) within the Health Profile application. Consent is granted electronically via the application interface and its granting is recorded in a demonstrable manner. The data subject acknowledges and expressly agrees that special category personal data may, within the provision of services, also be processed by sports professionals authorized by the controller who perform professional supervision, measurements, evaluation, or interpretation of the data.

The provisions of Sections V to VIII of this document shall apply to the processing of special category personal data of the data subject, unless the nature of the matter precludes their application.

The data subject has the right to withdraw his or her consent to the processing of special category personal data at any time, without any negative impact on the lawfulness of the processing carried out prior to such withdrawal. However, the withdrawal of consent may result in the limitation or inability to use application functionalities that evaluate such data.

The data subject expressly consents to the processing of special category personal data that are entered into the Health Profile application by the data subject or by the controller (if the data subject so agrees) manually:

  • FMS TESTS: Overhead Squat, Hurdle Step (right), Hurdle Step (left), In-Line Lunge (right), In-Line Lunge (left), Shoulder Mobility (right), Shoulder Mobility (left), Active Straight-Leg Raise (right), Active Straight-Leg Raise (left), Trunk Stability Push-Up, Rotary Stability (right), Rotary Stability (left), and others.
  • POSTURE: Head, Chest, Spinal Curvature, Position of Hips and Shoulders, Scapulae, and others.
  • SUPPLEMENTARY TESTS: Ankle Mobility (right), Ankle Mobility (left), Klatt Test (right), Klatt Test (left), Klatt Test bilateral, Rectus Abdominis, Transversus Abdominis, Diaphragmatic Breathing, Gluteal Muscle Test (right), Gluteal Muscle Test (left), Hip Flexor / Lumbar (right), Hip Flexor / Lumbar (left), and others.
  • SPEED TESTS: 10 meters, 30 meters, 50 meters, maximum speed, and others.
  • STRENGTH TESTS: Vertical countermovement jump bilateral, Vertical countermovement jump (right), Vertical countermovement jump (left), Standing long jump bilateral, Standing long jump (right), Standing long jump (left), Vertical jump without countermovement bilateral, Vertical jump without countermovement (right), Vertical jump without countermovement (left), Air bike 10 – arms, Air bike 10 – legs, Air bike 10 – arms and legs, Hamstring endurance strength (right), Hamstring endurance strength (left), Quadriceps endurance strength (right), Quadriceps endurance strength (left), Adductor endurance strength (right), Adductor endurance strength (left), Abductor endurance strength (right), Abductor endurance strength (left), and others.
  • AGILITY AND BALANCE: Illinois test, Single-leg toe stand (right), Single-leg toe stand (left), and others.
  • HEALTH QUESTIONNAIRE: Diseases, Injuries, Surgeries, Heart diseases, Pulmonary diseases, ENT diseases, Eye diseases, Gastrointestinal diseases, Skin diseases, Urogenital diseases, and others.
  • FULL BODY ANALYSIS: Percentage of body water, percentage of body fat mass, percentage of skeletal muscle mass, and others.
  • ANTHROPOMETRY: Current weight, current height, hip circumference, waist circumference, chest circumference, biceps circumference, thigh circumference, calf circumference, and others.
  • INJURIES: Contact, non-contact, and others.
  1. The data subject expressly consents to the processing of special category personal data that will be imported into the Health Profile application from external devices (via API integration or integration through the controller’s backend):
  • Tanita, InBody, Catapult, FieldWiz, OptoJump, Microgate, mySASY, STATSports, Apple Watch, Garmin, BlazePod, Omron, and others.
  1. The data subject expressly consents to the processing of special category personal data that will be integrated with the HILBI platform (https://hilbi.com/; via API integration or integration through the controller’s backend), i.e. the data subject expressly agrees to the processing of the following special category personal data also by a separate controller – Hilbi Health s.r.o., with its registered office at k Baťáku 2780/25, 909 01 Skalica, Company ID No.: 51031060, email: info@hilbi.sk, tel.: +421 948 860 670:
  • Vital data: body temperature, blood pressure, cholesterol, glucose, heart rate, body measurements (height, weight, BMI), respiratory rate, oxygen saturation, waist circumference, and others.
  • Behavioral data: distance, sleep, steps, stress level, and others.

    III. Processing of Personal Data for the Purpose of Contract Performance

    The Controller processes personal data (hereinafter also referred to for the purposes of this document as “other personal data”), which were provided by the data subject upon registration of a customer account for the purpose of concluding a service provision agreement. Such personal data include: email address, telephone number, first name, last name, gender, date of birth.

    For the purpose of proper performance of the service provision agreement, the personal data of the data subject may be disclosed to sports professionals cooperating with the controller, solely to the extent necessary for carrying out diagnostics, consultations, evaluation of results, and provision of professional outputs.

    IV. Legal Basis and Purpose of Processing Other Personal Data

    The legal basis for the processing of other personal data is:

    • the performance of a contract between the data subject and the controller pursuant to Section 13(1)(b) of the Act,
    • the legitimate interest of the controller in providing direct marketing (in particular for sending commercial communications and newsletters) pursuant to Section 13(1)(f) of the Act, which is directly related to the services provided

    V. Retention Period of Personal Data

    The controller retains personal data:

    • for the period necessary to exercise the rights and obligations arising from the contractual relationship between the data subject and the controller and to assert claims arising from such contractual relationships
    • for the period until consent to the processing of personal data for marketing purposes is withdrawn, for a maximum of 10 years, if the personal data are processed on the basis of consent.

    After the expiration of the personal data retention period, the controller shall delete the personal data.

    VI. Rights of the Data Subject

    Under the conditions set out in the Act, the data subject has the right to:

    • the right of access to his or her personal data pursuant to Section 21 of the Act,
    • the right to rectification of personal data pursuant to Section 22 of the Act, or, where applicable, the right to restriction of processing pursuant to Section 24 of the Act,
    • the right to erasure of personal data pursuant to Section 23 of the Act,
    • the right to object to the processing pursuant to Section 27 of the Act,
    • the right to data portability pursuant to Section 26 of the Act,
    • the right to withdraw consent to the processing of personal data in writing or electronically to the controller’s address or email.

    Furthermore, the data subject has the right to lodge a complaint with the Office for Personal Data Protection if he or she believes that his or her right to the protection of personal data has been violated.

    Detailed information on rights related to the processing of personal data is provided below.

    VII. Conditions for Securing Personal Data

    The controller declares that it has adopted all appropriate technical and organizational measures to ensure the security of personal data.

    The controller has adopted technical measures to secure data repositories and repositories of personal data in electronic form, in particular by means of passwords and firewalls.

    The controller declares that only persons authorized by the controller have access to the personal data.

    The controller does not intend to transfer the personal data of the data subject to a third country (a country outside the EU) or to an international organization.

    The controller ensures that sports professionals who come into contact with the personal data of data subjects are bound by a duty of confidentiality and process personal data only to the extent and in the manner determined by the controller, in compliance with applicable personal data protection legislation.

    VIII. Final Provisions

    The controller is entitled to amend this document. The new version of the personal data protection terms will be published on the controller’s website and, at the same time, sent to the data subject to the email address provided by the data subject to the controller.

    Information on the Rights of the Data Subject

    On the basis of a written request, the data subject has the right to require the controller to:

    • confirmation as to whether or not personal data concerning him or her are being processed; the controller is obliged to comply with such a request of the data subject free of charge,
    • information on the processing of personal data and its purpose in the controller’s information system, provided in a generally understandable form. The data subject is entitled to become acquainted with the procedure of processing and evaluation. The controller is obliged to comply with this request free of charge,
    • precise information, in a generally understandable form, about the source from which the controller obtained his or her personal data for processing; the controller is obliged to comply with this request free of charge,
    • a list of his or her personal data that are subject to processing, provided in a generally understandable form; the controller is obliged to provide this information free of charge.
    • the rectification or erasure of his or her incorrect, incomplete, or outdated personal data that are subject to processing; the controller is obliged to comply with this request free of charge. Until the rectification is carried out, the data subject has the right to restriction of the processing of personal data.
    • the withdrawal of consent to the processing of personal data and the erasure of personal data. The right to erasure may be exercised by the data subject only in cases provided for by law or by an EU regulation (e.g. if the original purpose of processing personal data no longer exists, if the processing of personal data was unlawful, or if the erasure of personal data is necessary to comply with a legal obligation). The data subject does not have the right to erasure of personal data where the law prohibits the controller from erasing them.
    • the transfer of personal data. On the basis of a written request, the data subject has the right to transfer the processed personal data to another controller.

    The rights of the data subject may be restricted only if such restriction arises from a special law or if the exercise of such rights would infringe the protection of the data subject or the rights and freedoms of other persons. The controller is obliged to notify the data subject, as well as the Office for Personal Data Protection of the Slovak Republic, of such restriction in writing without undue delay.

    On the basis of a free written request, the data subject has the right to object to the controller against:

    • the processing of his or her personal data which he or she assumes are or will be processed for the purposes of direct marketing without his or her consent, and to request their erasure,
    • the use of personal data for the purposes of direct marketing in postal communications, or
    • the provision of personal data for the purposes of direct marketing.

    The data subject may at any time further object to the processing of personal data by stating legitimate reasons or submitting evidence of unauthorized interference with his or her rights and legally protected interests that are or may be harmed by such processing of personal data in a specific case; if there are no statutory grounds preventing this and it is demonstrated that the data subject’s objection is justified, the controller is obliged to block and erase the personal data whose processing was objected to without undue delay, as soon as circumstances permit.

    The data subject has the right not to be subject to a decision of the controller that produces legal effects concerning him or her or significantly affects him or her, if such decision is based solely on automated processing of his or her personal data. The data subject has the right to request the controller to review such decision by a method other than automated processing, and the controller is obliged to comply with such request by ensuring that an authorized person has a decisive role in the review. The controller shall inform the data subject of the method of review and the outcome of the assessment no later than 30 days from the date of receipt of the request. This right of the data subject does not apply if:

    • it is provided for by a special law which lays down measures to safeguard the legitimate interests of the data subject,
    • within pre-contractual relations or during the existence of contractual relations, the controller issued a decision that complied with the data subject’s request,
    • or if the controller has adopted other appropriate measures to safeguard the legitimate interests of the data subject on the basis of a contract.

    In the case of the health profile service, data are processed using automated algorithms that serve exclusively to provide informative outputs (e.g. recommendations related to training, prevention, or dietary habits). These outputs do not have legal effects nor similarly significant impact on the data subject.

    The data subject has the right to compensation for damage, which he or she may be claimed by the data subject if material or non-material damage arises in connection with a breach of the controller’s obligations. The data subject also has the right to bring an action before a court when exercising rights arising from a claim for compensation for damage.

    If the data subject does not have full legal capacity, his or her rights may be exercised by a legal representative. If the data subject is deceased, his or her rights may be exercised by a close person.

    If the data subject wishes to exercise the above-mentioned rights in relation to the Controller, the data subject may contact the Controller using the contact details provided above.

    Updated on 01 February 2026