Privacy | FittyAI

PRIVACY POLICY

FittyAI

1. PURPOSE AND SCOPE

FittyAI (also referred to as “we”, “us” or “Company”), company registration number 305878211, having its registered office at Elbingo 11-11, Vilnius, is committed to protecting and respecting your privacy. Therefore, in this privacy policy (the “Policy”) we explain what kind of personal data we collect and for what purposes, when providing you with our products and/or services (the “Services”), when you visit our website, and/or when you otherwise make contact with us. In any case, all personal data collected by us are processed in accordance with the EU General Data Protection Regulation No. 2016/679 (the “GDPR”), Law on the Legal Protection of Personal Data of the Republic of Lithuania and other applicable legal acts. For any questions regarding this Policy or any requests regarding processing your personal data, please contact us at info@fittyai.com.

2. WHAT INFORMATION ABOUT YOU WE COLLECT, FOR WHAT PURPOSES AND ON WHAT LEGAL BASES

We have set out below, in a table format, a description of how and why we use your personal data – i.e. we listed the personal data or categories of personal data used for specific purposes and indicated which legal basis we rely on to do so.

To present Services overview, marketing data, and regular updates

To analyse usage of Services we use third party analytics providers such as Google Analytics

To improve accuracy of the Services provided

To provide real-time analysis of movement, immediate workout summary, long-term insights of movements, and our algorithms improvement

To identify the same user using Services

Purpose

• You provide consent by submitting a Contact form on the website or giving consent in the demo app; Art. 6 (1)(a) GDPR.

• We inform you together with cookies notification; Art. 6 (1)(a), Art. 6 (1)(f) GDPR

• By providing optional data in the questionnaire, you provide consent; Art. 6 (1)(a) GDPR.

• By starting a workout, you provide as consent; Art. 6 (1)(a), Art. 6 (1)(f) GDPR.

• We get your consent for using cookies; Art. 6 (1)(a), Art. 6 (1)(f).

Legal basis

Name, surname, e-mail

IP, location, date, and time of Services usage

Gender, weight, height, fitness workouts frequency, fitness goals

Joints positions during the workout

Personal data

3. HOW WE COLLECT YOUR PERSONAL DATA

We collect the information you provide directly to us when you:

a) fill out any forms on our website, platform and/or mobile application;

b) communicate with our partnership and/or customer support team;

c) contact us with via our website or by using other means of communication (e.g., via our social network accounts);

d) use our Services.

We may also receive your personal data from third parties. In particular:

a) we may receive personal data from a third party that is connected to you or is dealing with us, for example, business partners, sub–contractors, service providers, merchants, etc.;

b) we may collect personal data from banks or other financial institutions in case the personal data is received while executing payment operations;

c) we may receive personal data from other entities that we collaborate with.

4. PROCESSING OF DATA ACQUIRED VIA THIRD PARTIES

Particularly in regard to carrying out a movement analysis, it is possible that you utilize our services on behalf of a third party. The references to “your data” contained in this Privacy Policy include the data you provide to us via third parties.

5. GUARANTEE OF DATA SECURITY

Our products are equipped with security features to ward off threats against your data. In particular, we carry out the following measures:

• We use secure/encrypted protocols for data transmission.

• We constantly endeavor to improve our security standards. Furthermore, we continuously adapt the anonymization of personal data according to state-of-the-art technical standards.

• Internal access to personal data is restricted to those who absolutely need access.

6. DIRECT MARKETING

In case you are our existing client (i.e. you already use our Services), we may use your e-mail address for direct marketing purposes, but only with regard to products and/or services that are similar or related to the Services, and only if you do not object to such use of your e-mail address. You are also granted with a clear, free of charge and easily realisable possibility to object or withdraw from such use of your contact details. In other cases, we may use your personal data for the purposes of direct marketing, only if you give us your prior consent regarding such use of the data. We provide a clear, free-of-charge, and easily realisable possibility not to give your consent or, at any time, to withdraw your consent to receive our marketing communications. We shall state in each communication sent by e-mail that you are entitled to object to such processing of your personal data, and to refuse receiving communications from us. You shall be able to refuse receiving our marketing communications by clicking on the respective link in each marketing e-mail received from us.

7. HOW WE SHARE YOUR PERSONAL DATA

We may disclose your personal data to the recipients of the following categories:

a) public authorities, institutions, organisations, courts, and other third parties, but only upon request and only when required by applicable laws, or in cases and under procedures provided for by applicable laws, e. g. for the purposes to secure and/or defend Company’s legitimate interests;

b) third parties providing services to the Company including providers of legal, financial, auditing, tax, business management, personnel administration, accounting, advertising (including online advertising), direct marketing, communications, data centers, hosting, cloud and/or other services. In each case, we provide such third parties with only as much data as necessary to provide their services. Service providers engaged by us may process your personal data only in accordance with our instructions and may not use them for other purposes;

c) third parties for the purpose of performance of the contract concluded with you;

d) third parties, when the Company intends to enter into a business sale transaction and/or to perform legal and/or financial due diligence of the Company prior to such transaction;

e) other persons with your consent.

8. INTERNATIONAL DATA TRANSFERS

We use cloud providers and integrate tools offered by companies based in the USA into our Services. Your personal data can be transmitted to the US servers of the respective companies. We would like to point out that the USA is not a safe non-member country within the meaning of EU data protection law. US companies are obligated to disclose personal data to security authorities without you, as the data subject, being able to take legal action against this. Thus, it cannot be ruled out that US authorities, e.g., secret services, may process, evaluate, and permanently store your data for monitoring purposes on servers in the USA. We have no influence on these processing activities.

9. HOW LONG WE KEEP YOUR PERSONAL DATA

We will keep your personal data for as long as it is needed for the purposes for which your data was collected and processed, but not longer than it is required by the applicable laws and regulations, including for the purposes to comply with any legal, regulatory, tax, accounting or reporting obligations. If the legislation of the Republic of Lithuania does not provide any applicable data retention period, it shall be determined by us, taking into account the legitimate purpose of the data retention, the legal basis and the principles of lawful processing of personal data. Personal data that is important for the contractual relationship between you and Company is normally stored for as long as the contractual relationship lasts and thereafter for a maximum period of 10 years after the relationship. If you do not enter into a contract with us, the personal data are normally stored for a maximum of 24 months. We may retain your personal data for a longer period when:

a) it is necessary for the Company to be able to defend itself against existing or threatened claims or to exercise its rights, or for the proper resolution of dispute, complaint or claim;

b) there is a suspicion of illegal activity;

c) it is required by applicable laws. Upon expiration of the retention period, we will delete and/or reliably and irrevocably depersonalize your data as soon as possible, within the reasonable time required to perform such action.

9. HOW LONG WE KEEP YOUR PERSONAL DATA

If you do not enter into a contract with us, the personal data are normally stored for a maximum of 24 months. We may retain your personal data for a longer period when:

a) it is necessary for the Company to be able to defend itself against existing or threatened claims or to exercise its rights, or for the proper resolution of dispute, complaint or claim;

b) there is a suspicion of illegal activity;

c) it is required by applicable laws.

Upon expiration of the retention period, we will delete and/or reliably and irrevocably depersonalize your data as soon as possible, within the reasonable time required to perform such action.

10. YOUR RIGHTS

a) The right to be informed. You have the right to be provided with clear, transparent, and easily understandable information about how we process your personal data.

b) The right to access. You have the right to request from us a copy of your personal data. Where your requests are excessive if they are repetitive, we may refuse to act on the request, or charge a reasonable fee taking into account the administrative costs for providing the information.

c) The right to rectification. You have the right to request us to correct or update your personal data at any time if your personal data is incomplete or incorrect.

d) The right to be forgotten. When there is no good reason for us to process your personal data anymore, you can ask us to delete your data. We will take reasonable steps to respond to your request.

e) The right to restrict processing. You have the right to restrict the processing of your personal data in certain situations (e.g., when you want us to investigate whether that data is accurate; we no longer need your personal data, but you want us to continue holding it for you in connection with a legal claim).

f) The right to object to processing. Under certain circumstances you have the right to object to certain types of processing (e.g., to receive our marketing communications).

g) The right to lodge a complaint with a supervisory authority. You have the right to lodge a complaint with a competent supervisory authority, if you believe that your personal data is processed in a way that violates your rights and legitimate interests stipulated by applicable legislation. Our data processing is supervised by the State Data Protection Inspectorate of the Republic of Lithuania (address: L. Sapiegos St. 17, LT-10312 Vilnius, phone No.: +370 5 271 2804 / 279 1445, e-mail address: ada@ada.lt, for more information, visit https://vdai.lrv.lt/en/).

h) Right to withdraw your consent. If personal data is processed on the basis of your consent, you can withdraw it at any time. Withdrawal will not affect the lawfulness of processing of your data before the withdrawal.

If you would like to exercise any of these rights, please contact us via e-mail: info@fittyai.com

Your request shall be fulfilled, or fulfilment of your requests shall be refused by specifying the reasons for such refusal, within 30 (thirty) calendar days from the date of submission of the request that complies with our internal rules and the GDPR. The afore-mentioned term may be extended by 60 (sixty) calendar days taking into account the complexity and number of the requests. The Company will inform you of any such extension within 30 (thirty) calendar days of receipt of the request, together with the reasons for the delay.

We may refuse to satisfy your request if the exceptions and/or limitations to the exercise of data subjects' rights set out in the GDPR apply, and/or if your request is found to be manifestly unfounded or disproportionate. If we refuse to satisfy your request, we will give you our reasons for such refusal in writing.

11. HOW WE PROTECT YOUR PERSONAL DATA

Please note that, although no system of technology is completely secure, we have implemented security measures to minimize the risk of unauthorized access to or improper use of your personal information. We and our third-party service providers that may be engaged in the processing of personal data on our behalf (for the purposes indicated above) are contractually obligated to respect the confidentiality of the personal data.

12. COOKIE POLICY

Our website uses so-called “cookies”. Cookies are small text files and do not damage your device in any way. They are stored either temporarily for the duration of a session (session cookies) or permanently on your device (permanent cookies). Session cookies are automatically deleted after your visit to the website. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.

In some cases, cookies from third party companies can also be stored on your device when you access our website (third-party cookies). These enable us or you to use certain third-party services, e.g. cookies to utilize payment services and process payments.

Cookies have various functions. Numerous cookies are necessary for technical reasons because certain website functions would not work without them, e.g., the shopping cart function or the display of videos. Other cookies are used to evaluate user behavior or to display adverts.

Cookies that are necessary to carry out the electronic communication process or to provide certain functions that you desire, e.g., for the shopping cart function or to optimize the website (e.g., cookies to evaluate the website audience), are stored on the basis of Art. 6 (1)(f) GDPR, insofar as no other legal basis is stipulated. The website operator has a legitimate interest in the storage of cookies for the 5 technically error-free and optimized provision of its services. If you consent to the storage of cookies in response to a request, the storage of the relevant cookies takes place exclusively on the basis of this consent according to Art. 6 (1)(a) GDPR; said consent can be revoked at any time. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases; you can exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when you close your browser. If cookies are deactivated, the functionality of this website may be limited.

Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you of this separately within the framework of this Privacy Policy and, if necessary, request your consent.

13. LINKS TO OTHER WEBSITES

Our website may contain links to other websites which are not operated by the Company. When you decide to click on these links and be led to such websites, we recommend familiarising yourself with their privacy policies or notices, cookie policies and/or other documents. The Company assumes no responsibility for the content, policies or practices of such third-party websites or services.

14. CHANGES TO THIS POLICY

We regularly review this Policy and reserve the right to modify it at any time in accordance with applicable laws and regulations. Any changes will take effect immediately upon their publication on our website: https://fittyai.com.

Please review this Policy from time to time to stay updated regarding any changes.

15. CONTACT US

You may contact us by writing an e-mail to info@fittyai.com