Privacy Policy

in DuoLife S.A. online services

I. Purpose and Scope of this
Privacy Policy

This Privacy Policy of DuoLife S.A. (“Privacy Policy and Policy of Using Cookies in DuoLife S.A. Online Services”) was created by and for the needs of DuoLife S.A. and its European branches and subsidiaries in order to explain processing personal data by DuoLife S.A.

DuoLife S.A. processes personal data according to legal requirements applicable in countries where DuoLife S.A. conducts its business activity. This Privacy Policy applies to personal data according to the Resolution of the European Parliament and the Council (EU) 2016/679 of 27 April 2016 on protection of natural persons due to processing personal data and on free flow of such data, revoking the Resolution 95/46/EC (general ordinance on data protection).

By Users’ privacy, we mean any actions the purpose of which is providing a User with safety in accordance with the above GDPR [General Data Protection Regulation].

Additional information concerning how your personal data is used in relation to specific services and products may be found in DuoLife Club Regulations and Purchases Regulations, which supplement this Privacy Policy.

Information collected about a User is processed by online pages:,, and other online information channels that belong to DuoLife S.A. and closely cooperating entities, (hereinafter “the Service”), the owner of which is DuoLife S.A. with its registered offices in Więckowice, ul. Topolowa 22, PL 32-082, entered into the National Court Register under KRS [National Court Register] no. 0000638495, NIP [tax id. no.] 675-148-53-20, REGON [national business registry no.] 122746305.

II. Data Administration

Processing personal data is based on compliance with law, reliability and information clarity. Data is collected by the Data Controller in a specific, clear and legally justified purpose, whereas the scope of data is limited to necessary data for achieving this aim. The Controller, upon a User’s request, provides the possibility of updating data, whereas all out-of-date or useless data is deleted by him. The Controller uses its best efforts to provide the highest level of safety and protection of personal data processed by it. Provision of data is voluntary. Each User is entitled to access their personal data, update them and request for removal of data collected with violation of provisions or if it is useless for rendering services by the Controller.

III. Definitions

1. Personal Data Controller (PDC) – means an owner of the aforesaid online services, DuoLife S.A. with its registered offices in Więckowice, near Cracow, entered into the Register of Entrepreneurs of the National Court Register under KRS no. 0000638495, NIP: 675-148-53-20, which renders services by electronic means, stores and gains access to information on User’s devices.

2. Personal data – means any information that relates to identifying or data enabling identification of a natural person.

3. Processing personal data – means conducting the following operations: collecting, storing, deleting, developing and disclosing data.

4. Consent of a person to whom data relates – means voluntary, voluntarily determined, specific, conscious and unambiguous indication of a person to whom data relates, by declaration or explicit actions confirming, expressing consent for processing personal data related to it. The consent must be documented in an appropriate manner.

5. Cookies - means IT data, in particular small text files, saved and stored on devices by which a User uses Service webpages.

6. Service - – means webpage, under which the Controller conducts online service, operating in domains:,,,, and domains related to DuoLife products.

7. Device - – means an electronic device through which a User gains access to Service webpages.

8. User – means an entity to which, pursuant to the Regulations and provisions of law, services may be rendered by electronic means, or with which a Contract for rendering services by electronic means may be concluded.

9. Profiling - – means any form of automated processing of personal data, which consists in using personal data for evaluating some personal factors of a natural person, in particular for analysing or forecasting work outcomes of such a natural person, their economic situation, health, personal preferences, interests, credibility, behaviour, location or travelling.

IV. Collecting and Processing Personal Data

Depending on your relation with DuoLife S.A. and the level of using particular Services’ functionalities, referred to in Regulations of DuoLife Club, Personal Data may be collected and processed in different manners, including by:

collecting data about a User by “Cookies” (Cookies Policy was included in Regulations of DuoLife Club, available at:,file,warunki-wspolpracy.pdf),

personal data given by you on our webpages by “Cookies”,

orders for services and products, placed online in online store,

enquires sent to us through a contact form,

email, telephone, chat and other forms of communication, and

providing personal data by partners of DuoLife S.A.

For security reasons, DuoLife never contacts with you for obtaining information, such as credit card no., bank account no., password or PIN. If you receive an email in which such information is required, we ask you to immediately inform DuoLife about that. Service Administrator does not collect data related to particular data of persons who browse webpages except for cases in which there is a need to register and log in for using the service. Providing any of the above data is voluntary, but if you do not provide it, it may be impossible to use services in the scope of specific service functionalities, which require that. Personal data is collected by the Data Controller and processed with all Services in the scope necessary for conducting a contract between the Controller and a natural person or an entity conducting business activity, to which data relates and for performing legal obligations by the Data Controller.

A Service User who is a Club Member of DuoLife at registering, and during the membership contract term, apart from basic personal data, may share a photo which will be assigned to their Club Member profile. When placing a photo, in particular a photo that presents their image, a Club Member gives its consent for processing a photo for purposes necessary for implementation of a service. For the purposes of ensuring quality of services rendered by the Controller, data is processed on the basis of legally justified interest of the Controller for:

a) Marketing of services and own products,

b) Organizing marketing events and conferences,

c) Securing or claiming compensations,

d) Analysis of quality of services rendered by the Controller,

e) Adjusting offer categories to particular offers on the basis of User’s activity in the Service.

The Controller indicates that for purposes determined in the above item e), it uses automated tools which process Users’ data for increasing effectiveness of marketing actions, such as forecasting behaviour and preferences of prospective customers (profiling).

V. Consent for Processing Personal Data

On the basis of a separate consent given by a User, personal data may also be processed for direct marketing of products and the Controller’s own services, such as:

a) sending to a User commercial and marketing information and notifications by the Controller and affiliated entities,

b) sending commercial and marketing information and notifications by SMS gateway, email by the Controller and affiliated entities.

Data is processed for these purposes on the basis of justified legal interest until filing an appeal/revoking the consent by a person at any time.

VI. Transferring Personal Data to Third Parties

The Data Controller is entitled to transfer personal data of a User to the third parties (data recipients under the Act on Personal Data Protection of 29 August 1997) for rendering a service and in the scope necessary for implementing the contract, if the party:

a) provided appropriate assurance in protection of Personal Data, according to the requirements of this Privacy Policy, or

b) signed a contract with DuoLife for transferring Personal Data, consistent with Directive on Protection of Personal Data, or

c) has its seat in the European Union or another country obliged to deliver appropriate protections for Personal Data, consistent with assumptions of the Directive on Protection of Personal Data, or

d) has certificate of “Safe Harbour” program. Obtaining certificate of “Safe Harbour” program by entities participating in it provides that they guarantee appropriate level of personal data protection, referred to in the Directive on Protection of Personal Data.

DuoLife may transfer Personal Data to other members of DuoLife group, as well as entities located outside the European Union, also in the USA and other companies, with which DuoLife closely cooperates in appropriate performance of a service, including:

Companies servicing our IT systems or providing us with IT tools,

Subcontractors who support us in rendering IT services,

Entities conducting postal and courier activity,

Entities conducting accounting, financial and legal activity,

Entities rendering us services concerning car program.

VII. VII. Disclosing Personal Data to other Club Members
who are in the same Structure

Personal data of Users in the meaning of definition included in a separate Regulations of DuoLife Club (available at: ………….), who belong to DuoLife Club is processed for implementing membership contract in DuoLife Club. Personal data is disclosed to other Club Members who are in the same structure as the User to whom data relates. The data includes:

Basic information:

a) ID no.,

b) Login (displayed name),

c) City

d) Country,

e) Name, surname, ID no. and email of a recommending person,

f) Name, surname, ID no. and email of a sponsor,

g) Registration date,

h) Photo shared by a Club Member, assigned to their profile.

Contact information:

a) Telephone no.,

b) Email

In the case of the Users who are recommending persons and sponsors, apart from the above data, the following information will be disclosed to other Users who are in the same structure:

a) The highest and current position in the structure,

b) Current position,

c) ID;

d) Login;

e) Name, surname, ID no. and email of a sponsor,

f) Name, surname, ID no. and email of a recommending person,

g) Partnership link,

h) Activation date,

i) Status of payment for Business Assistant.

The following data which relates to placed orders is also disclosed under one structure, the so-called “Order of my structure”, i.e.:

a) Order code,

b) Date of placing an order,

c) Expiration date,

d) Purchaser’s data,

e) No. of gathered points for an order,

f) Order status.

VIII. Right to Access own Personal Data

Personal data is stored during the contract term, whereas after its expiration or receiving a request for removal of personal data, only for the period necessary for:

a) Processing complaints and returns,

b) Securing and claiming prospective claims to the Controller,

c) Fulfilling Controller’s legal obligations (e.g. for the needs of audit, tax obligations).

Each User, whose personal data is processed by the Controller and affiliated entities indicated in item 6 has the following rights:

a) The right to access processed personal data which relates to them, in particular to confirm its processing and information concerning processing,

b) The right to amend, update or request for data removal, if it is wrong or incomplete,

c) The right to request for limiting data processing:

- if data correctness is questioned for the period allowing the Controller to verify data correctness,

- if data is processed against the law, or the person to whom data relates opposes its deleting, instead requesting for its limitation,

- if data is no longer needed for processing, but for determining, pursuing or protecting claims,

- if an appeal is filled, until it is verified whether Controller’s legally justified reasons are superior to basis for appeal of a person to whom data relates.

d) The right to obtain personal data submitted to the Controller and to send it to another controller, i.e. the right to transfer data,

e) The right to file an appeal concerning data processing, including profiling profile on the basis of justified Controller’s interest or at processing data for direct marketing purposes,

f) The right to file an appeal to the Polish supervisory body or supervisory body (President of the Office for Personal Data Protection) of another member country of the European Union, appropriate for normal place of residence or work of a person to whom data relates or for place of supposed violation of GDPR,

g) The right to obtain human intervention from the Controller, presenting own opinion and to question decision based on automated data processing.

In order to use the above rights, except the right indicated in item f), we invite you to contact the Controller at the email address: or by traditional post:

DuoLife S.A.
ul. Topolowa 22
32/082 Więckowice

A response to a User’s question or request will be given in electronic form at email address of a User, from which the question/request was sent, unless a User requests for another form of response, within 1 month from the day of receiving the question/request by the Controller. If the request is of complex nature or there are many requests, the Controller may extend this period for next 2 months, about which a User will be informed within 1 month from receiving the request.

If requests of a person to whom data relates are clearly unjustified or excessive, in particular due to its statutory nature, the Controller may:

a) charge a reasonable fee, taking into consideration administrative costs of giving information, conducting communication or assuming requested activities, or

b) deny assuming actions in relation to the request.

The Controller provides the person to whom data relates with a copy of personal data that is processed. A Controller may charge a reasonable fee resulting from administrative costs for issuing other copies for which a person to whom data relates will ask.

IX. IX. Using Cookies

DuoLife S.A. online services, pursuant to art. 173 the Telecommunications Act of 16 July 2004 use Cookies which are IT data, in particular text files, which are stored at User’s device.

The principles determining processing data and which data is collected by Cookies were determined in a separate document (hereinafter “Cookies Policy”). To obtain more information on this topic, we encourage you to visit the webpage:

X. Changes to the Privacy Policy

DuoLife S.A. any time may introduce changes to this Privacy Policy without the need of informing you about that. Any introduced changes will be applicable as of publishing them on DuoLife webpages.

The date of the last documentation update: May 16, 2018.