Welcome to the Fitr privacy policy.

Fitr respects Your privacy and is committed to protecting Your personal data. This privacy policy will inform You as to how We look after Your personal data when You visit Our Site (app.fitr.training) regardless of where You visit it from and tell You about Your privacy rights and how the law protects You.

‍The aim of Our Privacy Policy is to clearly outline to You:

• what data We/Us/Our (Fitr. Holdings Limited – trading as Fitr) will collect at different times when You use Our service;
• how We may use that data;
• how long We may store that data;
• how You/Your (the human user of Our Site or service) may opt-out of Us using or storing that data; and
• where We may send that data for Us to operate Our service (both critical use and optional use).

We are the controller and We are responsible for Your personal data.

Our Site is not intended for under 16s and We do not knowingly collect data relating to anyone under 16 years of age.

Inside this Privacy Policy We identify which information is optional to provide to use Our service, and which information is critical.

To use the Fitr service We have made it easy for You to view which information We will store, and You can change Your preferences at any time at within Your account settings.

It is important that the personal data We hold about You is accurate and current. Please keep Us informed if Your personal data changes during Your relationship with Us.

You can delete Your account at any time and You can unsubscribe from email communication via the ‘unsubscribe’ link at the bottom of each email.

We use industry standard efforts to safeguard the confidentiality of Your personal identifiable information, such as firewalls and Secure Socket Layers where appropriate.

If You have any questions about this Privacy Policy, including any requests to exercise Your legal rights, please contact Us at support@fitr.training.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with Your concerns before You approach the ICO so please contact Us in the first instance.

Third-party links

Our Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about You. We do not control these third-party websites and are not responsible for their privacy statements. When You leave Our Site, We encourage You to read the privacy policy of every website You visit.

We have separated the remainder of the Policy into the following sections:

1. The data We collect for Our core (critical) service
2. The data We share with 3rd parties
3. How We may use Your data for marketing purposes and additional data We may request permission for
4. Information about keeping Your information
5. Your rights over Your data
6. Where We store Your data
7. International Transfers
8. Data Security
9. Future changes to Our privacy policy
10. Cookies
11. Glossary

1. THE DATA WE COLLECT FOR OUR CORE (CRITICAL) SERVICE

Fitr is an online health and fitness management tool where professionals can manage training plans sent to their clients. The full feature set for both parties can be seen on Our Site.

We require certain information from You in order to run the Fitr service. The following information in the table below is deemed as critical to Our business, depending on how much You interact with Us (for example: We need more information from You if You purchase from Us, compared to if You simply sign up for an account). For avoidance of doubt, this information does not include instances where Fitr may need to use Your data to comply with legal and/or regulatory purposes

We will only use Your personal data when the law allows Us to. Most commonly, We will use Your personal data in the following circumstances:

• Where We need to perform the contract We are about to enter into or have entered into with You.
• Where it is necessary for Our legitimate interests (or those of a third party) and Your interests and fundamental rights do not override those interests.
• Where We need to comply with a legal obligation.

Generally, We do not rely on consent as a legal basis for processing Your personal data although We will get Your consent before sending third party direct marketing communications to You. You have the right to withdraw consent to marketing at any time by contacting Us.

For more information please see the Glossary below.

Information We Use

How & Why We may use the data provided

When does this become critical?

Lawful basis for processing including basis of legitimate interest

Email

To be able to log in.

To contact You if there if there are notifications on Your account, for example if You have a new client

Customer service may use this to verify Your identity and assist You.

Fraud detection and prevention against You or Us.

Account verification purposes.

To manage Our relationship with You which will include:
(a) Notifying You about changes to Our terms or privacy policy
(b) Asking You to leave a review or take part in a survey

When You sign up to the service.

Ongoing management of Our relationship with You

Performance of Our contract with You

Your Full Name

To allow You to be found by other users on the platform, for example to find You for messaging purposes.
‍
Customer service may use this to verify Your identity and assist You.
‍
Fraud detection and prevention against You or Us.

When You sign up to the service.

Performance of Our contract with You

Your Date of Birth

To ensure You are of legal age to use Fitr (16+).
‍
Fraud detection and prevention against You or Us.

When You sign up to the service.

Performance of Our contract with You

Necessary to comply with a legal obligation

Gender (optional)

To help Us identify product deals more relevant to You, and filter training performances.

When You sign up to the service.

Necessary for Our legitimate interests (to study how customers use Our products/services, to develop them, to grow Our business and to inform Our marketing strategy)

Product purchase details and history

To help customer service to verify Your identity and to help with support issues.
‍
Fraud detection and prevention against You or Us.

When You sign up to the service.

Performance of Our contract with You

Necessary for Our legitimate interests (to study how users use Our service, to develop them and grow Our business)

Credit card information

(This information is actually collected by Our payment service provider)

We do not keep a record of Your credit card information, We use a secure 3rd-party service (currently Stripe) to process payments.

When You make an order, so Stripe can take payment and make actions in the future.

When Stripe take or receive payments on Your behalf.

Performance of Our contract with You

Necessary for Our legitimate interests (to recover debts due to Us)

Anonymous Aggregate data

To create internal reports, test Our IT systems, research, data analysis, improving Our Site, building & developing Our Website or developing new products or services.

‍
We only use and share this information with third parties when it is anonymous i.e. without identifying information

We use anonymous aggregated data at all times on Our service.

Necessary for Our legitimate interests (to study how customers use Our products/services, to develop them, to grow Our business and to inform Our marketing strategy)

We will only use Your personal data for the purposes for which We collected it, unless We reasonably consider that We need to use it for another reason and that reason is compatible with the original purpose. If You wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact Us.

If We need to use Your personal data for an unrelated purpose, We will notify You and We will explain the legal basis which allows Us to do so.

Please note that We may process Your personal data without Your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Other data we may collect

Technical information, including the Internet protocol (IP) address used to connect Your computer to the Internet, Your login information, browser type and version, time zone setting, GPS location, device, browser plug-in types and versions, operating system and platform.

Information about Your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from Our site (including date and time); products You viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

Marketing and Communications Data including Your preferences in receiving marketing from Us and Our third parties and Your communication preferences.

We may combine this information with information You give to Us and information We collect about You. We may Us this information and the combined information for the purposes set out above (depending on the types of information We receive).

We do not collect any Special Categories of Personal Data about You (this includes details about Your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about Your health, and genetic and biometric data). Nor do We collect any information about criminal convictions and offences.

If You fail to provide personal data

Where We need to collect personal data by law, or under the terms of a contract We have with You, and You fail to provide that data when requested, We may not be able to perform the contract We have or are trying to enter into with You (for example, to allow You to access Our services). In this case, We may have to cancel Your application for that service but We will notify You if this is the case at the time.

2. THE DATA WE SHARE WITH 3RD PARTIES

We do not sell or intend to share any of Your personal details to or with third parties, excluding instances and purposes listed in this section.

We share some data with the following third parties in order for Us to carry out business, deliver a great customer service experience to You and improve Our business. As the service evolves We may add services to this list.

Further information about 3rd parties that may store data about You (either anonymous or identifiable) about You can be found in Our Cookie Policy.

3rd Party

URL

Why we use this service

Coaches

We may share your email address with any Coach that you engage with using our service. You may at any time ask us not to share your email address with your Coach using the option available in your Account.

Google Analytics

https://analytics.google.com

We use Google Analytics to track anonymous data about Our Site and service usage. Google collects data via a cookie on Our Site

Stripe

https://stripe.com/

Stripe is a payment processor who stores and manages Our online transactions. We will send them all information relating to payment and order details You provide.

Facebook
Instagram
Twitter
LinkedIn

https://facebook.com
https://instagram.com
https://twitter.com
https://linkedin.com

We use Our social channels to feed organic information about Fitr and also, where permission is granted (see section 3) for multiple format targeting and re-targeting campaigns. Facebook targets its own users, We also send cookie data for the remarketing and basket abandonment where permission is granted.

Mailchimp

www.mailchimp.com/

We use Mailchimp for the delivery of email marketing messages

OVH

https://www.ovh.co.uk

Our data is hosted by OVH– see section 6 below.

Intercom

https://www.intercom.com/

We use Intercom for Our live chat services and to send ad-hoc in-platform and email messages to Our users.

AWS

https://aws.amazon.com

We use AWS for Our automated email messages.

Sentry

https://sentry.io/welcome/

Errors monitoring service.

Datadog

https://www.datadoghq.com

Network monitoring service.

We may provide further data to third parties not listed above, but before We do so We ensure that all data is anonymous meaning it cannot be identified as You.

There are three reasons where We may share Your data with 3rd parties that We have not listed here:

• Professional Advisers and Investors: We may also share Your data with professional advisers such as Our lawyers, accountants and insurers to manage risks and legal claims, and/or as part of Our relationship and obligations to Our investor organisations. This is in Our legitimate interests.
• Group: It is possible that We could sell Our business and We may share Your data with third parties to whom We may choose to sell, transfer or merge parts of Our business or Our assets. Alternatively, We may seek to acquire other businesses or merge with them. If a change happens to Our business, then the new owners may use Your personal data in the same way as set out in this privacy policy. In such a scenario, Our database is one of the biggest parts of that business and so We would need to share it with the third-party buyer and their advisers. This is in the legitimate interests of selling Our business.
• Law Enforcement/Legal Compliance: We will cooperate with all third parties to enforce their intellectual property or other rights. We will also cooperate with law enforcement requests from within or outside Your country of residence. This may include disclosing Your personal information to government or law enforcement agencies, or private parties, when We have a good faith belief that disclosure is required by law or when We, in Our discretion, believe that disclosure is necessary to protect Our legal rights, or those of third parties and/or to comply with a judicial proceeding, court order, fraud reduction or legal process served on Us. In such cases, We may raise or waive any legal objection or right available to Us. These uses of Your data are in Our legitimate interests of protecting Our business security. We may also use Your data and share it with the recipients listed in this Privacy Policy for the purpose of complying with Our legal obligations.

We require all third parties to respect the security of Your personal data and to treat it in accordance with the law. We do not allow Our third-party service providers to use Your personal data for their own purposes and only permit them to process Your personal data for specified purposes and in accordance with Our instructions.

3. HOW WE MAY USE YOUR DATA FOR MARKETING PURPOSES AND ADDITIONAL DATA WE MAY REQUEST PERMISSION FOR.

Part of the role of the Fitr team is to market Our products and services to enable more people to register with Our service. To do so We use a number of different 3rd parties to help Us with these initiatives. Those 3rd parties are listed in Section 2, and unless stated otherwise anonymised information about Your interactions with Fitr is sent to these services. We see these anonymised transfers of data as critical to the running and future success of Our business and You cannot opt-out of them if You use Fitr.

In addition to the anonymised data We send to 3rd parties, We may ask permission from You to use extended data to help give You a better service. A better service may include (but is not limited to) the ability for Us to personalise Our email communication to You based on identifiable information (e.g. name, DOB).

For this We will ask You to opt-in to Our marketing initiatives; You will automatically be opted-out of these services when You join Fitr. If at any stage You would like to opt in or out You can do so in Your account settings.

The additional data We will request permission to use to send to 3rd parties is as follows:

Data provided by You

Use

Email address

To identify You on 3rd party services and internally.

Name

To improve user experience with email and advertising personalisation and re-targeting

Date of birth

Helps Us identify product deals more relevant to You based on purchases of other people in Your age demographic

Gender (optional)

Helps Us identify product deals more relevant to You, and improve service based on learnings of others similar to You.

4. INFORMATION ABOUT KEEPING YOUR INFORMATION

We keep Your information for as long as it is seen necessary to uphold Our obligations to: deliver Your training plan order, keep Your historic training data, fulfil Our obligations to You in connection with Our service, meet government regulations (for example: relating to accountancy) improve Our service to You, prevent fraud and for law enforcement purposes.

We keep back-ups of Our Site for 30 days.

If reasonably necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce Our terms and conditions, We may also keep hold of some of Your information as required, even after You have closed Your account, or it is no longer needed to provide the services to You.

To give You a better understanding, We usually keep financial records (including information about orders & transactions) for 7 years. We will keep top-level information (for example relating to the total quantity of sales transacted in any year) for as long as We as a business deem it useful.

5.YOUR RIGHTS OVER YOUR DATA

You have the following rights when it comes to Your personal information

• The right to be informed about how We use and store Your information
• The right to access the personal information We store about You
• The right to request the correction of inaccurate information, such as through the My Account section on Our Website
• The right to object to processing of Your personal data.
• The right to request restriction of processing Your personal data.
• The right to request transfer of Your personal data.
• The right to withdraw consent.
• The right to complain to Your data protection regulator

If You want to exercise Your rights, or have any questions or concerns please contact Us at support@fitr.training.

Right To Be Forgotten

Users also have the legal right to request deletion of any personally identifiable information. We will adhere to this request where the deletion of information does not impact Our commitment to uphold any financial or legal requirements We must undertake to operate.

We may require to keep anonymous training plan detail, such as the schedule of all a coach’s plans that have been purchased by other users. We do so, so those users that have purchased this information do not lose access to their historic data when You close Your account. Your name, DOB and email will not be linked to this stored data.

What We may need from You‍

We may need to request specific information from You to help Us confirm Your identity and ensure Your right to access Your personal data (or to exercise any of Your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact You to ask You for further information in relation to Your request to speed up Our response.

Time Limit To Respond

We try to respond to all legitimate requests within one month. Occasionally it could take Us longer than a month if Your request is particularly complex or You have made a number of requests. In this case, We will notify You and keep You updated.

No Fee Usually Required

We do not anticipate that You will have to pay a fee to access Your personal data (or to exercise any of the other rights). However, We may charge a reasonable fee if Your request is clearly unfounded, repetitive or excessive. Alternatively, We may refuse to comply with Your request in these circumstances.

We may need further data from You

We may need to request specific information from You to help Us confirm Your identity and ensure Your right to access Your personal data (or to exercise any of Your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

6. WHERE WE STORE YOUR DATA

The data that We collect from You may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for Us or for one of Our suppliers. Such staff maybe engaged in, among other things, the fulfilment of Your order, the processing of Your payment details and the provision of support services. By submitting Your personal data, You agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this privacy policy.

We always ensure that Your data is only transferred in full accordance with UK data protection laws. In particular that means Your data will only be transferred to a country that the European Commission has determined provides an adequate level of protection, or to service providers who have an agreement with Us committing to the Model Contract Clauses, which are defined by the European Commission.

All information You provide to Us is stored on Our hosting provider’s secure servers (currently OVH). Where We have given You (or where You have chosen) a password which enables You to access certain parts of Our site, You are responsible for keeping this password confidential. We ask You not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although We will do Our best to protect Your personal data, We cannot guarantee the security of Your data transmitted to Our site; any transmission is at Your own risk. Once We have received Your information, We will use strict procedures and security features to try to prevent unauthorised access.

7. INTERNATIONAL TRANSFERS

Many of Our external third parties are based outside the EEA so their processing of Your personal data will involve a transfer of data outside the EEA.

Whenever We transfer Your personal data out of the EEA, We ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer Your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
• Where We use certain service providers, We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

Please contact Us if You want further information on the specific mechanism used by Us when transferring Your personal data out of the EEA.

8. DATA SECURITY

We have put in place appropriate security measures to prevent Your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, We limit access to Your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process Your personal data on Our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify You and any applicable regulator of a breach where We are legally required to do so.

9. FUTURE CHANGES TO OUR PRIVACY POLICY

We keep Our privacy policy under regular review. This version was last updated on 06/08/2020.

We will make changes to Our Privacy Policy from time to time. We suggest You always take time to read any changes before continuing to use Our service.

10. COOKIES

We have a separate Cookie policy, this can be found here.

11. GLOSSARY

Legitimate Interest means the interest of Our business in conducting and managing Our business to enable Us to give You the best service/product and the best and most secure experience. We make sure We consider and balance any potential impact on You (both positive and negative) and Your rights before We process Your personal data for Our legitimate interests. We do not use Your personal data for activities where Our interests are overridden by the impact on You (unless We have Your consent or are otherwise required or permitted to by law). You can obtain further information about how We assess Our legitimate interests against any potential impact on You in respect of specific activities by contacting Us.

Performance of Contract means processing Your data where it is necessary for the performance of a contract to which You are a party or to take steps at Your request before entering into such a contract.

Comply with a legal obligation means processing Your personal data where it is necessary for compliance with a legal obligation that We are subject to.

‍