Privacy Policy
This Privacy Policy governs the manner in which FitFinance collects, processes, uses, discloses, and otherwise manages the personal data of individuals who interact with our website, applications, and services. Please read it carefully to understand our practices regarding your information.
Last updated: January 1, 2026
1. Introduction and Scope
FitFinance (hereinafter referred to as "FitFinance", the "Company", "we", "us", or "our") is committed to protecting and respecting the privacy of every individual (the "data subject", "you", or "your") whose personal data we process. This Privacy Policy (the "Policy") sets out the basis on which any personal data we collect from you, or that you provide to us, will be collected, recorded, stored, adapted, transferred, disclosed, and otherwise processed by us.
This Policy applies to all personal data collected through our website located at fitfinance.com (the "Website"), any associated subdomains, our web-based and mobile applications, our communications with you, and any other services, features, content, or applications we offer from time to time (collectively, the "Services"). It applies in conjunction with, and should be read together with, our Cookie Policy and any other notices we may provide on specific occasions when we are collecting or processing personal data.
By accessing or using our Services, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your personal data in accordance with this Policy. If you do not agree with the terms of this Policy, you must refrain from accessing or using the Services.
2. Data Controller and Contact Details
For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679) (the "GDPR"), the UK GDPR, and other applicable data protection legislation, FitFinance is the "data controller" responsible for determining the purposes and means of the processing of your personal data. Any questions regarding this Policy, or requests to exercise your rights, should be directed to our privacy team at privacy@fitfinance.com.
3. Categories of Personal Data We Collect
We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped together into the following categories:
- Identity Data, including your first name, last name, title, job title, company or organization name, and any username or similar identifier you provide.
- Contact Data, including your billing address, email address, telephone numbers, and the postal address of your business or place of work.
- Financial and Transaction Data, including details relating to the assessments, engagements, or services you request from us, and information you voluntarily submit concerning your business or financial circumstances.
- Technical Data, including your internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Website.
- Usage Data, including information about how you use our Website, products, and services, such as pages viewed, the duration of visits, navigation paths, and interaction with content.
- Marketing and Communications Data, including your preferences in receiving marketing from us and our third parties, and your communication preferences.
We do not knowingly collect any "special categories" of personal data (including details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, or genetic and biometric data), nor do we knowingly collect information about criminal convictions and offences.
4. How Your Personal Data Is Collected
We use different methods to collect personal data from and about you, including through:
- Direct interactions. You may provide us with your Identity, Contact, and Financial Data by filling in forms, requesting an assessment, corresponding with us by post, phone, email, or otherwise, subscribing to our communications, or providing feedback.
- Automated technologies or interactions. As you interact with our Website, we may automatically collect Technical Data and Usage Data about your equipment, browsing actions, and patterns by means of cookies, server logs, and other similar technologies.
- Third parties or publicly available sources. We may receive personal data about you from various third parties, such as analytics providers, advertising networks, search information providers, and providers of technical, payment, and delivery services.
5. Purposes and Legal Bases for Processing
We will only process your personal data when the law allows us to do so. Most commonly, we will rely on one or more of the following legal bases to process your personal data:
- Performance of a contract we are about to enter into or have entered into with you, or to take steps at your request prior to entering into such a contract.
- Legitimate interests pursued by us or a third party, provided such interests are not overridden by your fundamental rights and freedoms, including operating and improving our Services, preventing fraud, and marketing our offerings.
- Consent that you have freely given, which you may withdraw at any time, in particular in relation to certain marketing communications and non-essential cookies.
- Compliance with a legal or regulatory obligation to which we are subject.
Where we rely on legitimate interests as a basis for processing, we will carry out a balancing test to ensure that such processing is necessary and that your interests, rights, and freedoms do not override those interests. You may request further information about this balancing exercise by contacting us.
6. Marketing Communications
We may use your Identity, Contact, Technical, Usage, and Marketing and Communications Data to form a view of what we think you may want or need, or what may be of interest to you, and to send you relevant communications. You will receive marketing communications from us only if you have requested information from us, engaged our Services, or otherwise consented to receiving such communications, and in each case only where you have not opted out. You may ask us to stop sending you marketing messages at any time by following the opt-out links contained within any marketing communication or by contacting us directly. Opting out of marketing communications will not affect any processing carried out on a lawful basis other than consent.
7. Disclosure of Your Personal Data
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may, however, share your personal data with the following categories of recipients, in each case subject to appropriate contractual and technical safeguards:
- Service providers and processors who perform functions on our behalf, including hosting, data storage, analytics, customer relationship management, email delivery, and professional advisory services.
- Professional advisers, including lawyers, bankers, auditors, and insurers, who provide consultancy, banking, legal, insurance, and accounting services.
- Regulators, governmental authorities, law enforcement agencies, and other third parties where we are required to do so by law, or where such disclosure is necessary to protect our rights, property, or safety, or those of others.
- Prospective buyers, successors, or assignees in connection with any merger, acquisition, reorganization, financing, or sale of all or a portion of our business or assets.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
8. International Transfers of Data
As we operate across both the European Union and the United States, it may be necessary to transfer your personal data to, and store it in, a destination outside your country of residence, including jurisdictions that may not provide the same level of data protection. Whenever we transfer your personal data out of the European Economic Area (the "EEA") or the United Kingdom, we ensure that an appropriate level of protection is afforded to it by relying on one of the recognized transfer mechanisms, such as an adequacy decision of the European Commission, the use of Standard Contractual Clauses approved by the European Commission, or another lawful transfer mechanism. You may request a copy of the relevant safeguards by contacting us.
9. Data Retention
We will retain your personal data only for as long as is reasonably necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, and whether we can achieve those purposes through other means, as well as the applicable legal, regulatory, and contractual requirements. When personal data is no longer required, we will securely delete or anonymize it.
10. Data Security
We have implemented appropriate technical and organizational measures designed to secure your personal data from accidental loss and from unauthorized access, use, alteration, and disclosure. These measures include, where appropriate, encryption, access controls, and restricting access to personal data to those employees, agents, contractors, and other third parties who have a legitimate business need to know. Such parties are subject to a duty of confidentiality. In addition, we have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Notwithstanding these measures, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee the absolute security of your personal data.
11. Your Legal Rights
Under certain circumstances, and subject to applicable data protection law, you have the following rights in relation to your personal data:
- The right to be informed about the collection and use of your personal data.
- The right of access to obtain a copy of the personal data we hold about you.
- The right to rectification of any incomplete or inaccurate personal data we hold about you.
- The right to erasure (the "right to be forgotten"), enabling you to ask us to delete or remove personal data where there is no good reason for us to continue processing it.
- The right to restrict processing of your personal data in certain circumstances.
- The right to data portability, allowing you to obtain and reuse your personal data for your own purposes across different services.
- The right to object to the processing of your personal data where we are relying on a legitimate interest, and to object to direct marketing.
- The right to withdraw consent at any time where we are relying on consent to process your personal data.
You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee, or refuse to comply with your request, if your request is clearly unfounded, repetitive, or excessive. We may need to request specific information from you to help us confirm your identity before responding to any request. We try to respond to all legitimate requests within one month, though it may occasionally take us longer if your request is particularly complex or you have made a number of requests.
12. Rights of California Residents
If you are a resident of the State of California, you may have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"), including the right to know what personal information we collect, use, disclose, and sell, the right to request deletion of your personal information, the right to correct inaccurate personal information, and the right not to be discriminated against for exercising your privacy rights. FitFinance does not sell personal information as that term is defined under the CCPA. To exercise your rights under the CCPA, please contact us using the details provided in this Policy.
13. Children's Privacy
Our Services are directed at businesses and professionals and are not intended for, or directed to, children under the age of sixteen (16). We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data without appropriate consent, please contact us, and we will take steps to delete such information from our records.
14. Third-Party Links
Our Website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy notice of every website you visit.
15. Changes to This Policy
We reserve the right to update, amend, or modify this Policy at any time and from time to time in our sole discretion. Any changes we make will be posted on this page with a revised "Last updated" date, and, where the changes are material, we may provide a more prominent notice or seek your consent where required by law. Your continued use of the Services following the posting of any changes constitutes your acceptance of such changes. We encourage you to review this Policy periodically to stay informed about how we are protecting your personal data.
16. How to Contact Us and Complaints
If you have any questions, concerns, or complaints about this Policy or our data protection practices, or if you wish to exercise any of your legal rights, please contact our privacy team at privacy@fitfinance.com. You also have the right to lodge a complaint at any time with the competent data protection supervisory authority in your jurisdiction. We would, however, appreciate the opportunity to address your concerns before you approach the supervisory authority, so please contact us in the first instance.
