Fitze's Privacy Policy

This Privacy Policy (“Policy”) is designed to help you understand how we use your Personal Data in accordance with the data protection laws and regulations in the Abu Dhabi Global Market (“ADGM”) [1], UAE’s Personal Data Protection Law (“PDPL”), European Union’s General Data Protection Regulation (“GDPR”), and further guidance thereunder applicable legislation. This Policy applies to the Processing of Personal Data by Fitze, which is incorporated in ADGM, Abu Dhabi, United Arab Emirates.

We encourage you to read the whole Policy. This policy was last updated on September 23rd, 2023.

PART A – PURPOSE & APPLICABILITY

Identity

We, Fitonclick FZE, and our affiliate, subsidiary and parent companies (collectively, “Fitze”, “us”, “we” or “our”) and as applicable to the respective entity, in this Privacy policy.

Our registered office is located at:

Fitonclick FZE
T1-10-6F AKEZ Amenity Center
Al Hamra Industrial Zone-FZ

Our use of Personal Data

In compliance with the applicable legislation and regulations (“Applicable Legislation”), we collect several different types of information for various purposes to provide and improve our Service to you.

What is Personal Data?

Personal Data is any information referring to an identified or Identifiable Natural Person [3]. This includes information like your name, (e-mail) address, and telephone number but can also include less obvious information such as your attendance at a seminar or analysis of your use of our website(s).

Additional protection is afforded under the Applicable Legislation to Special Categories of Personal Data, i.e., Personal Data revealing or concerning (directly or indirectly) racial or ethnic origin, communal origin, political affiliations or opinions, religious or philosophical beliefs, criminal record, trade-union membership and health or sex life and including genetic data and biometric data where it is used for the purpose of uniquely identifying a natural person.

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

Email address
First name and last name
Phone number
Address, Country, State, Province, ZIP/Postal code, City
Cookies and Usage Data

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you through emails, phone calls, SMS, WhatsApp or social media. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link on emails or through an explicit email to support@fitze.ae requesting opt out.

Usage Data

We may also collect information that your browser sends whenever you visit our Service or when you access Service by or through any device (“Usage Data”).

This Usage Data may include information such as your computer’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access Service with a device, this Usage Data may include information such as the type of device you use, data from Services and fitness app, your device unique ID, the IP address of your device, your device operating system, the type of Internet browser you use, unique device identifiers and other diagnostic data.

We might also use user-generated data from the fitness activities and associated services, including fitness-generated data, fitness performance data, and sell or provide it to third parties and governments in an anonymized fashion.

By using Fitze app and services, you give up any rights to the data our platform generates while you are using it, and you are giving up any commercial rights arising from the data you generate in the app and associated Fitze platforms.

Location Data

We may use and store information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our Service, to improve and customize our Service.

You can enable or disable location services when you use our Service at any time by way of your device settings.

Tracking Cookies Data

We use cookies and similar tracking technologies to track the activity of our Service, and we hold certain information.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies such as beacons, tags, and scripts, are also used to collect and track information, and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

Session Cookies: We use Session Cookies to operate our Service.
Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
Security Cookies: We use Security Cookies for security purposes.
Advertising Cookies: Advertising Cookies are used to serve you with advertisements that may be relevant to you and your interests.

Employment Data

We may also collect the following information: sex, age, date of birth, place of birth, passport details, citizenship, registration at place of residence and actual address, telephone number (work, mobile), details of documents on education, qualification, professional training, employment agreements, NDA agreements, information on bonuses and compensation, information on marital status, family members, social security (or other taxpayer identification) number, office location, and other data related to employment with Fitze.

Children’s Privacy

Our Services are not intended for use by children under the age of 18 (“Child” or “Children”).

We do not knowingly collect personally identifiable information from Children under 18. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.

This Privacy Policy

This is our general Privacy Policy that applies to our operations.

Updating this Privacy Policy

This Policy may be updated from time to time and can be found in its most current format here: https://www.fitze.ae/privacy-policy/

Our responsibility to you

We Process your Personal Data in our capacity as a Controller. This means we are responsible for ensuring we comply with the Applicable Legislation when Processing your Personal Data.

Contact Person for Data Protection

We have a data protection officer (DPO) to monitor our compliance with data privacy, provide advice where requested, and cooperate with supervisory authorities. You can contact our data protection officer for any queries relating to our Data Processing activities under this Policy or Applicable Legislation, by:
sending an email to: jason@cybersense.one
calling us at: +1 (570) 530-9779

For any queries relating to our Data Processing activities in relation EU (European Union) GDPR (General Data Protection Regulation) requirements, you may contact us by:
sending an email to: jason@cybersense.one
writing us at:
JORGE SIMÕES DIAS UNIPESSOAL LDA
Address: Rua Doutor Justino Cruz 90 7, 4700-314 Braga – Portugal

PART B – YOUR PERSONAL DATA

Why are we collecting Personal Data about you?

We only collect Personal Data about you in connection with providing our services and conducting our normal business operations, and/ or communications to invite you to our event or sharing relevant information with you. We may hold information about you if:

to provide and maintain our Service
to notify you about changes to our Service
to allow you to participate in interactive features of our Service when you choose to do so
to provide customer support
to gather analysis or valuable information so that we can improve our Service
to monitor the usage of our Service
to detect, prevent and address technical issues
to carry out our obligations and enforce our rights arising from any contracts entered between you and us, including for billing and collection
to provide you with notices about your account and/or subscription, including expiration and renewal notices, email instructions, etc.
to provide you with news, exclusive offers and general information about other goods, services, and events which we offer that are like those that you have already purchased or enquired about unless you have opted not to receive such information
in any other way we may describe when you provide the information
for any other purpose with your consent
you are a client, a representative of a client, or the beneficial owner of a client.
you are a party or the representative of a party in a matter on which we are advising a client.
we are required to Process your Personal Data in accordance with Applicable Legislation, for e.g., anti-money laundering laws.
your information is provided to us by a client or others, or we otherwise obtain your information, in connection with the service(s) we are providing a client.
you provide services to us (or you represent a company which provides services to us).
you represent a regulator, certification body or government body which has dealings with us.
you attend our seminars, webinars, or events, receive our newsletter updates, or visit our offices or websites.
you are an applicant for a job with us.
you are or were an employee of the group.
you are an authorized signatory or a director or an individual shareholder or an office bearer.
you are an authorized signatory or a director or a shareholder or an office bearer of the shareholder.
you may have met one of our staff and have exchanged business cards or contact details.

What Personal Data do we collect about you?

Depending on the purposes, the types of information we Process about you may include:

Types of Personal Data	Details
Individual details	Name, address (including proof of address), other contact details (e.g., email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you
Identification details	Identification numbers issued by government bodies or agencies, such as your passport number, Emirates ID or other national identity number, tax identification number and driving license number, including copies of such government-issued identification document
Financial information	Bank account details, income, source of wealth, source of funds or other financial information
Engagement details	Information about you which is relevant to a matter on which we are providing our Service or a client
Anti-money laundering and sanctions data	Screening information received from various anti-money laundering, counter-terrorism financing and sanctions databases relating to you
Special Categories of Personal Data	Information about your political affiliations or opinions or criminal record, to the extent required for compliance with Applicable Legislation.
Identifiers	Information which can be traced back to you, such as an IP address, a website tracking code or any other information that may be automatically collected through our Website(s) or any other digital communication or network security applications used by us.

As a policy, we do not normally collect any Special Categories of Personal Data, unless such collection is warranted under specific circumstances such as employment.

Where do we collect your Personal Data from?

We may collect your Personal Data from various sources, including:

your usage of our product and services
our clients and our service providers
anti-money laundering and counter-terrorism financing databases, sanctions lists, court judgements and other databases
government agencies and publicly accessible registers or sources of information
by actively obtaining your Personal Data ourselves, for example, app usage.

The sources that apply to you will depend on the purpose for which we are collecting your Personal Data. Where we obtain your information from a third party, we may ask them to provide you with a copy of this Privacy Policy (or a shortened version of it) to ensure that you know we are Processing your information and the purpose for such Processing.

PART C – OUR USE OF YOUR PERSONAL DATA

How do we use your Personal Data?

In this section we set out in more detail:

the main purposes for which we Process your Personal Data
the lawful bases upon which we are Processing your Personal Data

Purpose for Processing	Lawful basis for Processing
Client services We may obtain information about individuals where this is necessary or appropriate to provide services to our clients. We disclose this information to our clients in connection with our role in the relevant engagement.	For Personal Data -Performance of an engagement
Fitness data We collect information about you in relation to your usage of our services and products. We do not collect Special Categories of Personal Data for this purpose.	For Personal Data -Consent from Data Subject
Service providers We collect information about you in connection with your provision of services to us or your position as a representative of a provider of services to us. We do not collect Special Categories of Personal Data for this purpose, other than where we are required to do so to meet our legal obligations (see ‘Anti-Money Laundering and other legal obligations’ above).	For Personal Data -Performance of an engagement
Seminars, events, legal updates, and other marketing activities If you wish to attend our seminars or events or receive our updates, we ask you to provide us with a limited amount of information (normally your work contact details, your employer’s name, your job title, and the legal subjects/events of interest). We use this information to communicate with you about our seminars, events, and updates, to ensure that you are an appropriate audience for them, and to conduct analysis for marketing purposes. We do not collect Special Categories of Personal Data for this purpose.	For all communications with you -Consent from Data Subject
Visitors to our websites Where you provide us with Personal Data on our Website(s) for the purpose of inquiring about our services, we will only use it for the purpose of communicating with you in connection with your request. Most of our websites have a few non-intrusive cookies to help them work more efficiently and to provide us with information on how the website is being used You can control cookies through the settings or preferences of your browser, as well as through dedicated browser extensions or add-ons. We do not collect Special Categories of Personal Data on our Website(s).	For Personal Data – Consent for business development purposes
Visitors to our offices We have security measures in place at our offices, which include building access controls and may include CCTV. Images captured by CCTV are securely stored and only accessed on a need-to-know basis (e.g., to investigate an incident). Visitors to our offices may be required to sign in and sign out at building reception in accordance with the building’s security policies. In addition, we may also maintain visitor records ourselves, which are securely stored and only accessible on a need-to-know basis (e.g., to investigate an incident). We do not collect Special Categories of Personal Data for this purpose.	For Personal Data – Consent for information security and physical security purposes
Visitors to our events Where you provide us with Personal Data on our Website(s) for the purpose of inquiring about our services, we will only use it for the purpose of communicating with you in connection with your request.	For Personal Data –Consent for business development purposes
Staff Recruitment We ask you to provide Personal Data to us as part of your job application. We will also conduct checks in order to verify your identity and the information in your application as well as to obtain further information about your suitability for a role within the group. This may include obtaining information from regulators, anti-money laundering databases, sanctions lists, etc. In some cases, this information will include Special Categories of Personal Data, where such information is required for the purpose of pre-employment verification checks or other employment-related Processing.	For Personal Data -(1) For compliance with Applicable Legislation that we are subject to For Special Categories of Personal Data -For carrying out our obligations and exercising our rights in the context of the Data Subject’s employment
Former Staff We retain the Personal Data of former staff members to the extent that we have a statutory obligation to do so.	For all Personal Data -For compliance with Applicable Legislation that we are subject to

Consent

We generally Process your Personal Data based on your consent (as we usually cannot rely on another lawful basis). Where we do Process your Personal Data based on your consent, you have the right to withdraw your consent at any time. To withdraw your consent, please contact us using the contact details mentioned above.

Do we share your information with anyone else?

We do not sell your information nor make it generally available to others. However, we may share your information in the following circumstances:

Depending on the situation or on your request, we may transfer Personal Data to countries or jurisdictions with data protection or privacy laws that are not adequate in comparison with the applicable legislation. Where any such transfers of Personal Data to non-adequate jurisdictions take place, we take appropriate measures to protect Personal Data in accordance with the applicable legislation.
We may Process Personal Data of clients, or representatives, or beneficial owners of clients, through screening databases or search engines for identity verification or background screening.
Depending on the scope of our services, we may require the assistance of various external professional service providers, based in or out of the group. The use of these external service providers may involve the service provider receiving your Personal Data from us, and some transfers of Personal Data may be made to countries or jurisdictions with data protection or privacy laws that are not adequate in comparison with the Law. Where any such transfers of Personal Data to non-adequate jurisdictions take place, we take appropriate measures to protect Personal Data in accordance with the applicable legislation.
We use the support services of various external companies to help us run our business efficiently, particularly in relation to our IT systems. Some of these services (such as email hosting and data backups) may involve the service provider Processing your Personal Data. Some transfers of Personal Data may be made to countries or jurisdictions with data protection or privacy laws that are not adequate in comparison with the applicable legislation. Where any such transfers of Personal Data to non-adequate jurisdictions take place, we take appropriate measures to protect Personal Data in accordance with the applicable legislation.
Where we use external companies to organize or host events for us, we may need to provide these service providers with your Personal Data.
We share your Personal Data and Usage Data with our business partners, service providers, and governments.
We may share your Personal Data with other third parties, such as relevant regulators or other authorities, where we are required to do so to comply with legal or regulatory requirements.

In each case where we share your Personal Data with other parties, whether or not in an adequate jurisdiction, we take appropriate measures and ensure that the relevant party is contractually required to keep such Personal Data safe, secure and confidential in accordance with the minimum standards under the applicable legislation.

PART D – OTHER IMPORTANT INFORMATION

Keeping your Personal Data safe

We implement appropriate steps to help maintain the security of our information systems and processes and prevent the accidental destruction, loss, or unauthorized disclosure of the Personal Data we Process.

How We Protect Your Personal Data

We maintain administrative, technical, and physical safeguards for the protection of your Personal Data.

Administrative Safeguards

Access to the Personal Data of our users is limited to authorized personnel who have a legitimate need to know based on their job descriptions, for example, employees who provide technical support to end users, or who service user accounts. In the case of third-party contractors who process personal information on our behalf, similar requirements are imposed. These third parties are contractually bound by confidentiality clauses, even when they leave the company. Where an individual employee no longer requires access, that individual’s credentials are revoked.

Technical Safeguards

We store your personal information in our database using the protections described above. In addition, we utilize technical safeguards such as up-to-date firewall protection for an additional layer of security, high-quality anti-virus software, and we regularly update our virus definitions. Third parties who we hire to provide services and who have access to our users’ data are required to adopt appropriate measures if we deem them necessary.

Physical Safeguards

Access to user information in our database by Internet requires using an encrypted VPN, except for email which requires user authentication. Third-party contractors who process Personal Data on our behalf agree to provide reasonable physical safeguards.

Proportionality

We strive to collect no more Personal Data from you than is required by the purpose for which we collect it. This, in turn, helps reduce the total risk of harm should data loss or a breach in security occur: the less data we collect, the smaller the overall risk.

Profiling and automated decision making

We do not use profiling (where an electronic system uses Personal Data to try and predict something about you) or automated decision making (where an electronic system uses Personal Data to make a decision about you without human intervention).

How long do we keep your Personal Data?

We retain your Personal Data in accordance with our data retention policy which categorizes all the information held by us and specifies the appropriate retention period for each category of information. Those periods are based on the requirements of the relevant laws and regulations, and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and our business purposes.

Cross-border transfers of your Personal Data

We transfer Personal Data in specific circumstances. We do not work within sanction-affected states.

Where any such transfers of Personal Data to non-adequate jurisdictions take place, we take appropriate measures in accordance with the Law.

We are a global business that provides products and services all around the world. In order to reach all of our users and provide all of them with our software, we operate on an infrastructure that spans the globe. The servers that are part of this infrastructure may therefore be located in a country different than the one where you live. We provide the same level of protection to all Personal Data processed.

At the same time, when we transfer Personal Data or cooperate with a third-party vendor, we always make sure to put in place appropriate safeguards, such as Standard Contractual Clauses or adequacy decisions adopted by ADGM, to ensure that your data remains safe and secure at all times and that your rights are protected.

Situations where we transfer Personal Data include allowing access to Personal Data stored in the Amazon cloud services, the provisioning of our products and services and third-party services related to it, the processing of transactions and of your payment details, sharing of fitness data to third parties and governments, and the delivery of support services. Further, a transfer may also occur in case of a merger, acquisition or a restructuring (see the Mergers, Acquisitions and Restructurings section).

Mergers, Acquisitions and Corporate Restructurings

Like any other company, we too go through our own cycle of growth, expansion, streamlining and optimization. Our business decisions and market developments therefore affect our structure. As a result of such transactions, and for maintaining a continued relationship with you, we may transfer your Personal Data to a related affiliate.

If we are involved in a reorganization, merger, acquisition or sale of our assets, your Personal Data may be transferred as part of that transaction. We will notify you of any such deal and outline your choices in that event, when applicable. Information including personal data relating to our business may be shared with other parties in order to evaluate and conclude the transaction. This would also be the case if we were required by law to make such changes.

PART E – YOUR RIGHTS

Contacting us and your rights

If you have any questions in relation to our use of your Personal Data, please contact us using the details provided:

For any queries relating to our Data Processing activities under this Policy or Applicable Legislation, you may contact us by:
sending an email to: jason@cybersense.one
calling us at: +1 (570) 530-9779

Subject to certain exceptions outlined in local legislation, you have the right to require us to:

Right to information – Right to receive information about the processing of your Personal Data, prior to processing as well as during the processing, upon request.
Right of access – You have the right to receive a copy of your Personal Data
Right to rectification – You have the right to seek correction of inaccurate Personal Data.
Right to erasure (“right to be forgotten”) – You have the right to erasure of your Personal Data, but only in specific cases stipulated by law, e.g., if there is no legally recognized title on our part for further processing of your Personal Data.
Right to data portability – The right to receive Personal Data which you have provided and is being processed on the basis of consent or where it is necessary for the purpose of conclusion and performance of a contract, in machine-readable format. This right applies exclusively to Personal Data where processing is carried out by automated means.
Right to withdraw consent – In the case of processing based on your consent, as specified in our Consent Policy, you can withdraw your consent at any time, by using the same method (if technically possible) you used to provide it to us (the exact method will be described in more detail with each consent when you provide it). The withdrawal of consent shall not affect the lawfulness of processing based on your consent before its withdrawal.
Right to restriction of processing – You have the right to restriction of processing of your Personal Data if: You are contesting the accuracy of your Personal Data for a period enabling us to verify the accuracy of your Personal Data; the processing is unlawful, and you oppose the erasure of the Personal Data and request the restriction of its use instead; we no longer need the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.
Right to contact a supervisory authority or court – You may contact and lodge a complaint with the supervisory authority or your local authority or a relevant court.
provide you with further details on the nature of your Personal Data held by us and the use we make of your Personal Data, including any sharing or transfer thereof.

In certain circumstances, we may need to restrict your rights to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., responding to regulatory requests) or in accordance with other exceptions and limitations specified in local legislation.

Your Right to Erasure

Under the General Data Protection Regulation (GDPR), users have the right to request the deletion of their personal data. If you wish to exercise this right, please use the “Delete Account Permanently” option under Settings -> Account Info. Upon receiving a verifiable request, we will delete your data from our systems within 3 days, unless otherwise required by law. This deletion will include all personal information and associated content, ensuring that the data is permanently removed and cannot be recovered.

Your Right to complain

If you are not satisfied with our use of your Personal Data or our response to any request by you to exercise your rights, or if you think that we have breached any relevant provision of the Law, then you have the right to complain to the authority that supervises our Processing of your Personal Data.

Our data protection supervisory authority is the Office of Data Protection in ADGM whose contact details are as follows:

Office of the Data Protection, ADGM
Abu Dhabi Global Market
Telephone: +971 (2) 333 8888
Website: https://www.adgm.com/operating-in-adgm/office-of-data-protection
Email: Data.Protection@adgm.com

PART F – The California Consumer Privacy Act Supplement

PII Rights for California Residents

The California Consumer Privacy Act (“CCPA”) requires us to make certain additional disclosures and provides California residents with the ability to request additional information about their PII. If you are a California resident and it is determined that the CCPA applies to you, this section details those rights, how you may exercise them, and what Fitze will do in response.

Please note that the rights under the CCPA do not apply to PII collected, processed, sold or disclosed pursuant to Gramm-Leach-Bliley Act (Public Law 106-102) and Fair Credit Reporting Act (12 CFR 1022).

If you are an individual who resides in California and whose PII is collected and processed by Fitze, you may have the right to:

Request that we disclose, free of charge, the categories and specifics of the PII we collect about California residents, the sources from which the PII was collected (and/or, if applicable, sell or otherwise disclose to a third party), and the business purpose for collecting PII.
Choose to opt-out of the sale of PII. Currently, however, Fitze does not sell PII.
Request that we delete the PII we have collected. Following our verification of the request, we will comply with the request and delete any or all the PII in our possession that we collected from the California resident and/or any or all such PII in the possession of our service providers, unless otherwise restricted by law or regulation.

Non-Discrimination for Exercising Your PII Rights

We follow the requirements of California Civil Code §1798.125, and will not discriminate against any consumer who exercises the rights set forth in this privacy policy.

[1] https://www.adgm.com/operating-in-adgm/office-of-data-protection

[2] “Processing” of Personal Data can include any one or more of the following, whether or not by automated means: collection, recording, organization, structuring, storage and archiving, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, transfer or otherwise making available, alignment or combination, restricting, erasure or destruction.

[3] Identifiable Natural Person means a natural living person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one (1) or more factors specific to his biological, physical, biometric, physiological, mental, genetic, economic, cultural or social identity (and “Identified Natural Person” is interpreted accordingly).