1. Our details as the data controller

2. What personal data is processed and the legal basis for processing

3. What we do with your personal data

4. How long personal data is stored for

5. Security measures used by Us

6. Categories of recipients and Data Processors

7. Transfer of your data abroad

8. Social Network Services

9. Your rights

10. Do Not Track (California OPPA)

11. Cookies and similar technologies

12. Children’s privacy

13. Our commitment

14. Changes to the privacy policy

1. Our details as the data controller

Fitingo application (hereinafter “App”) is brought to you by Fitingo Limited, Data Controller” of your personal data). Consequently, “We”, “Us” and “Ours” refers to the Data Controller.

You may email Us with regards to queries of any nature (in particular, to exercise Your Rights) at support@temp.com

2.              What personal data is processed and the legal basis for processing

There are different types of information we obtain, whether directly from you or automatically via your device when you use the App. Essentially, we only obtain what is strictly necessary to provide you with our services, no more, no less.

Information, relating to you or your device, is either identified automatically by Our systems, provided to Us by the operating system of your device or is input by you manually when filling out certain fields, authorizing certain actions in the Apps.

Information you provide Us with:

Legal basis for processing

1.     Email address when you log in to use the App as a registered user.

Performance of the contract with you.

Unless you sign up via other means (SNS, see below), We could not provide you with our services as a logged in user other than through some means of unique identification.

We may contact you for marketing purposes of similar products and/or services. It will be in Our legitimate interests to do so, but you will always have a chance to opt out of such marketing communications prior to any such communication and every time thereafter.

We will store just enough information to honour your opt-out preference in the future.

2.     Social Network information via the “OAuth” method for secure login (read more about OAuth by following the link https://oauth.net/)

Essentially, this is information from your public profile (with, for instance, Facebook) that you can control at any stage. We do not have access to your password which is hashed.

Performance of the contract with you.

Same as above, We could not otherwise provide you with our services as a registered user.

3.     History of your workouts when using the App, your age, gender, height, weight and body measurements (which you input yourself and are both free to delete at any time or amend as required).

Performance of the contract with you.

You could not otherwise conveniently track your progress and history.

4.     Messages and communication with support

Performance of contract to respond to your queries and provide customer support. We do not use this information for anything else (for instance, we do not build your profile or target you based on your communication with us or with other users of the App).

Strange, but that is it. The rest is the technical stuff that must be processed in order to provide you with our services.

Information collected automatically or assigned by Us to you

Legal basis for processing

1.    The server that hosts the App may record requests your device makes to the server, the details on device and browser you use, your IP address, date and time of access, city and country, operating system, browser type, mobile network information.

Performance of the contract.

The App would not operate otherwise, you need this to connect to the Internet.

This data is used only for technical purposes – that is, to ensure the proper functioning and security of the App and to investigate possible security incidents.

2.    Advertising identifiers provided by the operating system of your handheld device (such as, for instance, IDFA)

Your consent to the provision of such identifiers given by default through the operating system of your device (Apple iOS, for instance). You are free to withdraw your consent by resetting those identifiers or opting out of interest based advertising.

This may be done via the settings of your handset and/or your browser. We respect those choices you make through the settings of your device.

3.    Various device identifiers, provided by the operating system (device ID or a vendor ID, for instance)

Our legitimate interests in fraud prevention and potential unauthorized access from multiple devices/locations, ensuring the technical availability and security of the App.

4.    App version, OS version information, browser type, language used, make/model of your device

Performance of the contract.

We need to know this technical information so the App functions properly on your device.

5.    All the events that naturally occur during your usage of the App. Statistical information with regards to App usage.

Partly, performance of the contract and partly our legitimate interests in fraud prevention and potential unauthorized access, ensuring the technical availability and security of the App.

Analysis of statistical information helps us to optimize the App in future updates, such usage does not affect your rights and freedoms and does not disclose any personal data of yourself or your contacts.

3.              What we do with your personal data

We protect your data and do not treat your personal data in any way that would surprise you (unless We told you about it and you made an informed decision to consent to such usage).

We use the advertising identifiers in strict compliance with the requirements of the operating systems (for otherwise We would be in breach of their usage terms). Thus, We only use those advertising identifiers to meet our contractual obligations towards the parties that brought you to Us and vice versa (to trace the effectiveness of ad campaigns, for instance).

Unless you have asked us not to, We may rarely contact you by email about similar products and services to the App (the so-called “newsletter” email). Whenever We contact you, We would always give you the right to opt out prior to the first communication and at any time thereafter (see the section “Your Rights” below). If you allow push notifications through your device settings, you may receive such notifications from us when relevant. You can always disable those push notifications via the settings of your device. Please note, where we contact you via email in relation to an update to our terms of service or other app-related information, you could not opt-out of those as such communication relates to the essence of our contract (the so-called non-marketing communication).

Other purposes for processing personal data mostly include our legitimate interests such as:

·       Fraud prevention

·       Improving our services

·       Notifying you of any changes in our services

4.              How long personal data is stored for

Depending on the type, your personal data is stored either until you delete the App or we are positive that you may have left us (i.e. after a certain period of inactivity, such as if you have not logged into the App for over 6 months). Some data (such as IP addresses or blacklisted email addresses used for fraud) may be held for longer in our legitimate interests to protect our business from losses and also to respect your choice of opt-outs from marketing emails.

5.              Security measures used by Us

We use appropriate level of technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.

6.              Categories of recipients

We do not share your personal data with any third parties, except for:

·       the data processors that act on our instructions and solely for our purposes;

·       as stated in this privacy policy; or

·       where We have to comply with a legal obligation.

This does not mean that We blindly follow disclosure orders. We will check each request to ensure it satisfies the relevant safeguards, contains a court order or is issued under a legislative measure for the prevention, investigation, detection or prosecution of criminal offences.

As regards third parties that we use to assist in providing our Services, those are listed below:

3^rd party SDKs:

1) Appsflyer - https://support.appsflyer.com/hc/en-us/sections/201691546-iOS-SDK

2) Facebook SDK - https://developers.facebook.com/docs/ios

3) Google Firebase - https://firebase.google.com/docs/ios/setup

4) Dev2Dev - https://www.devtodev.com/help/4/devtodev_sdk_for_ios_analytics_part_integration/

5) Sentry.io SDK - https://docs.sentry.io/platforms/apple/guides/ios/

7.              Transfer of your data abroad

While your data may be accessed from different parts of the world on our behalf, We do not actually transfer your personal data outside the EEA. To any extent that data is accessed from abroad, We follow set contractual safeguards and protections to ensure that your data is as safe abroad as it is within the EEA.

Where a third party accesses your data on our behalf or upon our instructions (be it inside or outside the EEA), We use the relevant legal basis to comply with the data protection legislation. In cases where there is no finding of an adequacy decision by the European Commission, we use model contracts to safeguard your rights and data.

8.              Social Network Services (SNS)

When you log in to use any of Our Apps via an SNS (such as Facebook) you provide Us with certain information from you profile for that site. The information provided via SNS varies and depends on a particular SNS. You can untick the boxes for information you prefer not to share with us during the sign up process.

You can find out more about these settings at the SNS where you use Our App (for instance, you can edit the privacy and settings of your apps with Facebook by following the link https://www.facebook.com/help/218345114850283?helpref=about_content - last accessed on 9 July 2019).

Your activity when using the App via an SNS will also be subject to the SNS’ privacy policy for their part of data processing.

9.              Your rights

You are entitled to the full spectrum of the rights under the General Data Protection Regulation and We will go out of our way to accommodate any valid request. You can either exercise your rights by deleting certain features through your device or by emailing us at support@temp.com to exercise all the other rights.

You have a wide array of rights that we respect. Among those the right to:

·       Require access to your personal data;

·       Require rectification of your personal data;

·       Require erasure of your personal data;

·       Withdraw consent to processing of your personal data, where applicable;

·       Lodge a complaint with your national supervisory authority (in the EEA) if you believe that your privacy rights have been breached

You may be required to prove through a certain procedure that the request emanates from the data subject (i.e. contact us from within the app itself and confirm a code that we would send to the registered email address). This is so that we do not disclose personal data to those that are not entitled to it.

If your personal data is erased at your request or in accordance with our data retention policy, We only retain such information that is necessary to protect our legitimate interests or to comply with a legal obligation.

Please note, all requests should be emailed to Us at support@temp.com or sent to us by post. Due to the sheer volume of messages, in-App customer support messages cannot be regarded as an effective method of notice to Us.

10.           Do Not Track (California OPPA)

There is no consensus on how mobile application companies should interpret the DNT signals. For the purposes of the OPPA, We do not currently respond to DNT signals whether that signal has been received on a computer or a mobile device.

11.           Cookies and similar technologies

Currently, We do not use any cookies when you visit Our Websites.

12.           Children’s privacy

We never knowingly collect or solicit any information from anyone of 13 years and younger. The App and its content are not directed at nor made look to appeal to such persons. Parents or guardians that believe that We hold information about their children aged 13 and under may contact Us at support@temp.com

13.           Our commitment

·       We will only collect and use your data where We have a legal basis to do so;

·       We will always be transparent and tell you about how we use your information;

·       When We collect your data for a particular purpose, We will not use it for anything else without your consent, unless other legal basis applies;

·       We will not ask for more data than needed for the purposes of providing our services;

·       We will adhere to the data retention policies and ensure that your information is securely disposed of at the end of such retention period;

·       We will observe and respect Your rights by ensuring that queries relating to privacy issues are dealt with promptly and transparently;

·       We will keep our staff trained in privacy and security obligations;

·       We will ensure to have appropriate technological and organizational measures in place to protect your data regardless of where it is held;

·       We will also ensure that all of our data processors have appropriate security measures in place with contractual provisions requiring them to comply with Our commitment;

·       We will obtain your consent and ensure that suitable safeguards are in place before personal data is transferred to other countries.

14.           Changes to the privacy policy

We will always try to notify you should we update this privacy policy. Feel free to contact us at any time should you have any questions in relation to this privacy policy, either via email or by post.

Fitingo Limited

Attention: Data Protection

Boumpoulinas

1-3 Bouboulina Building

Office 42

1060

Nicosia, Cyprus

Support Team: support@fitness-app.com

Date: 5 August 2019

Information you provide Us with:	Legal basis for processing
1. Email address when you log in to use the App as a registered user.	Performance of the contract with you. Unless you sign up via other means (SNS, see below), We could not provide you with our services as a logged in user other than through some means of unique identification. We may contact you for marketing purposes of similar products and/or services. It will be in Our legitimate interests to do so, but you will always have a chance to opt out of such marketing communications prior to any such communication and every time thereafter. We will store just enough information to honour your opt-out preference in the future.
2. Social Network information via the “OAuth” method for secure login (read more about OAuth by following the link https://oauth.net/) Essentially, this is information from your public profile (with, for instance, Facebook) that you can control at any stage. We do not have access to your password which is hashed.	Performance of the contract with you. Same as above, We could not otherwise provide you with our services as a registered user.
3. History of your workouts when using the App, your age, gender, height, weight and body measurements (which you input yourself and are both free to delete at any time or amend as required).	Performance of the contract with you. You could not otherwise conveniently track your progress and history.
4. Messages and communication with support	Performance of contract to respond to your queries and provide customer support. We do not use this information for anything else (for instance, we do not build your profile or target you based on your communication with us or with other users of the App).

Information collected automatically or assigned by Us to you	Legal basis for processing
1. The server that hosts the App may record requests your device makes to the server, the details on device and browser you use, your IP address, date and time of access, city and country, operating system, browser type, mobile network information.	Performance of the contract. The App would not operate otherwise, you need this to connect to the Internet. This data is used only for technical purposes – that is, to ensure the proper functioning and security of the App and to investigate possible security incidents.
2. Advertising identifiers provided by the operating system of your handheld device (such as, for instance, IDFA)	Your consent to the provision of such identifiers given by default through the operating system of your device (Apple iOS, for instance). You are free to withdraw your consent by resetting those identifiers or opting out of interest based advertising. This may be done via the settings of your handset and/or your browser. We respect those choices you make through the settings of your device.
3. Various device identifiers, provided by the operating system (device ID or a vendor ID, for instance)	Our legitimate interests in fraud prevention and potential unauthorized access from multiple devices/locations, ensuring the technical availability and security of the App.
4. App version, OS version information, browser type, language used, make/model of your device	Performance of the contract. We need to know this technical information so the App functions properly on your device.
5. All the events that naturally occur during your usage of the App. Statistical information with regards to App usage.	Partly, performance of the contract and partly our legitimate interests in fraud prevention and potential unauthorized access, ensuring the technical availability and security of the App. Analysis of statistical information helps us to optimize the App in future updates, such usage does not affect your rights and freedoms and does not disclose any personal data of yourself or your contacts.