Privacy
We respect your privacy
Fitfam Findr Pty Ltd (ACN 636 652 778) (Fitafy) is committed to safeguarding the privacy of users of the Fitafy mobile application (Application) and our website (www.fitafy.com) (Website).
We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (Privacy Act) and the United Kingdom’s General Data Protection Regulation (UK GDPR), as implemented by the Data Protection Act 2018 of the United Kingdom.
This Privacy Policy sets out how we collect and treat your personal information when you:
create an account with Fitafy;
use the Application and/or use our Website and any services offered on them; or
participate in any event, activity or promotion created by Fitafy.
Fitafy's principal place of business is 11 Delawney Street, Balcatta, Western Australia 6021 and its registered office is C/- Quantum Accounting & Advisory Pty Ltd, Suite 2 G, 193 Main Street, Osborne Park, Western Australia 6017.
Our data protection officer and privacy officer is Cem Miral who can be contacted here: support@fitafy.com.
‘Personal information’ or 'personal data' is information we hold which is identifiable as being about you. This includes information such as your name, email address, identification number, or any other type of information that can reasonably identify an individual, either directly or indirectly. It does not include data where identity has been removed (i.e. anonymous data).
By providing us with personal information, you consent to the terms of this Privacy Policy and the types of disclosure covered by this Privacy Policy. Where we disclose your personal information to third parties, we will request that the third party follow this Privacy Policy regarding handling your personal information.
What personal information we collect
We may collect, use, store and transfer different kinds of personal information about you which we have grouped together as follows:
Identity Data including your name and date of birth.
Contact Data including email address, telephone number and address.
Financial Data including financial, banking and credit card details.
Profile Data including your sexual preference/orientation, gender, lifestyle interests (such as dietary interests and preferred fitness activities), occupation, profile images, historical fitness activities (for example via Application Programming Interfaces available to the public such as Strava and Apple Health), information about your personal affairs, information about when you post or interact with content on the Application and/or our Website, conversations between you and other users, information you provide when you respond to surveys and/or promotions, provide feedback or communicate with our customer support, and any other information you include in your profile.
Technical Data including your last known location while using the Application, mobile unique device ID, internet protocol (IP) address, device identification, your login data, browser type and version, operating system, websites visited immediately before coming to our Website, time zone setting, browser plug-in types and versions and other technology on the devices you use to access the Application and Website.
Usage Data including information about how you use the Application and Website.
Marketing and Communications Data including your preferences in receiving marketing from us and third parties and your communications preferences.
We may use GPS technology (or other similar technology) to determine your current location in order to determine the city you are located within and display a location map with relevant advertisements.
Cookies
We may from time to time use cookies or other similar technologies such as pixels in the Application and/or on our Website. Cookies are very small files used to identify you when you come back to the Application or our Website and to store details about your use of the Application and our Website. Cookies are not malicious programs that access or damage your mobile device or computer. Most web browsers automatically accept cookies and similar technologies, but you can choose to reject them by changing your browser settings. However, this may prevent you from taking full advantage of the Application and our Website.
Third party sites
The Application and our Website may have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that Fitafy is not responsible for the privacy practices of other such websites. We encourage our users to be aware, when they leave the Application or our Website, to read the privacy statements of each and every website that collects personal identifiable information.
Failure to provide personal information
Some of the personal information that you may provide might be optional (e.g. phone number, sexual preference, historical fitness activities). However, where we need to collect personal information by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (i.e. provide you with access to the Application and/or Website or to create an account). In this case, we may have to cancel your use of these but we will notify you if this is the case at the time.
Collection of personal information
Fitafy will, from time to time, receive and store personal information from and about you including by the following methods:
- Direct interactions. You may give us your Identity, Contact, Financial, Profile and Marketing and Communications Data by filling in forms on the Application or our Website or by corresponding with us.
Automated technologies or interactions. As you interact with the Application and Website, we will automatically collect Technical and Usage Data about your equipment, browsing actions and patterns.
- Third parties or publicly available sources. We will receive personal information about you from various third parties such as:
- Profile Data (in particular historical fitness activities and health data) from Strava, Inc and Apple, Inc Health (both located in the United States) through an API;
- Technical Data from analytics providers such Google Firebase (located in the United States) and Adjust (headquartered in Germany); and
- Identity Contact and Profile Data from pixels used on social media sites such as Facebook and Instagram to target people likely to be interested in becoming a Fitafy user.
Use of your personal information
Fitafy may use personal information collected to:
allow you to interact with other users on the Application (including by permitting other uses of the Application and/or our Website to view the content you have submitted to the Application and/or our Website);
provide updates to you in relation to the Application and our Website;
provide you with information;
investigate, prevent or provide information to authorities for fraudulent activity and/or for tax/audit purposes;
protect our legal rights and enforce our Terms of Service;
resolve disputes and troubleshoot problems in relation to the Application or our Terms of Service;
conduct research and analytics about how you use and interact with the Application; or our websites; and
to enable authorised parties to better use the functionality of the Application and our Website.
We may also make you aware of new and additional products, services and opportunities available to you. We may use your personal information to improve our products and services and better understand your needs.
Fitafy may contact you by a variety of measures including, but not limited to email, text-message, telephone or by post.
If you are located in the United Kingdom (‘UK’), please see sections 7, 8 and 9 for more details of how we process your personal data.
What others may see
The Application is designed to be easy for you to connect and interact with other users. When you use the Application, you should assume that anything you post or submit may be viewed and accessed publicly (both by users and non-users of the Application).
Accordingly, you are encouraged to exercise caution when posting any sensitive details about yourself on the Application – for example in relation to your political leanings, sexual preferences or religious beliefs. Photographs and other content you post on the Application may reveal information about yourself as well.
Where you upload information and choose to tell us sensitive information about yourself (including through any photographs or other content posted on the Application), you acknowledge and agree that you are explicitly consenting to Fitafy processing of this information and for it to be made available to others. This information may be made available to individuals who do not use the Application – for example (but without limitation) where a user takes a screenshot of your profile and shares it with a friend.
Disclosure of your personal information and international transfers
We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this Privacy Policy. Subject to this clause 5, personal information is only supplied to a third party when it is required for the delivery of our services or for the functionality of the Application and/or our Website.
We may from time to time need to disclose personal information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request.
We may also use your personal information to protect the copyright, trade marks, legal rights, property of Fitafy or the safety of our customers or third parties.
If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer, to the extent permissible at law, our user databases, together with any personal information and non-personal information contained in those databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality. We would seek to only disclose information in good faith and where required by any of the above circumstances.
The personal information we hold is stored and hosted on Amazon AWS. This can be replicated across multiple countries to provide performance optimisation (i.e. speed of access) to you by hosting a server in closer geographical proximity to where you are located. The server is currently located in Asia Pacific but is also soon to be located in Europe.
We allow Google Firebase (based in the United States) and Adjust (headquartered in Germany) to collect statistics on user behavior anonymously and without personally identifying any users.
The Terms of Service governing your access and use of the Application and our Website provides further details about disclosure of your personal information.
Security of your personal information
Information that we collect may from time to time be stored, processed in or transferred between parties located in countries outside of Australia, the United Kingdom and the United States. If you are located in the UK, we only transfer your personal data to countries which have been deemed to provide an adequate level of protection for personal data or where we have adequate safeguards in place. Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK. If you would like more details about the transfer of your personal data, please contact our data protection officer privacy officer.
Fitafy is committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
Although we comply with data protection laws and are confident in our security measures, the transmission and exchange of information is carried out at your own risk and like any business we cannot absolutely guarantee the security of any information that you transmit to us, or receive from us.
UK's General Data Protection Regulations (UK GDPR)
This section 7 and sections 8 and 9 apply if you are a resident of the UK.
Fitafy will comply with the principles of data protection set out in the UK's General Data Protection Regulation (‘UK GDPR’) for the purpose of fairness, transparency and lawful data collection and use.
Fitafy is the controller of the personal data of users of the Application and Website. Our authorised representative in the UK is Cem Miral.
You may choose to provide us with what is known as ‘special categories of personal data’ under the UK GDPR. Of these types of data, we are most likely to collect details about your sexual orientation and health. We do not intend to process other kinds of special categories of personal data however it is possible you will provide us with these, such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, and/or trade union membership. Profile Data that you choose to provide us with may include some of these types of personal data.
We do not knowingly collect or process the personal information of persons under the age of 18 years.
Under the UK GDPR we cannot retain your personal data in a form that identifies you for longer than is necessary to fulfil the purposes for which we collected it. This may include for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirement.
Generally we retain your personal data for the duration of you having your account with us and 7 years from the date you close your account. Users can deactivate, hide, delete or make a request to permanently delete their account, either themselves or with the help of technical support. We assess our database annually to delete any accounts which have been inactive for over 12 months.
We may anonymise personal data which means that it is no longer associated with you. We do this for statistical or research purposes so we can improve the services we offer to you. We can use anonymous data indefinitely without further notice to you.
Lawful basis under the UK GDPR
Under the UK GDPR, we must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it. We have set these out in the table below:
| Purpose/Activity | Category of Data | Lawful basis for processing including basis of legitimate interest |
|---|---|---|
| To register you as a user of the Application and/or Website | Identity Data Contact Data Profile Data Financial Data (If subscribed to Fitafy Premium) Marketing and Communications Data | Performance of a contract with you |
| To process and manage your account (including where there are in-app purchases such as subscribing to Fitafy Premium) and provide you with our Fitafy dating community and friend finder service | Identity Data Contact Data Financial Data Profile Data Technical Data Usage Data Marketing and Communications Data | Performance of a contract with you Necessary to comply with our legal obligationsNecessary for our legitimate interests (for administration purposes, to keep our records updated, and to manage your account effectively) |
| To record that any payments attached to your account have been processed and to deal with any payment issues | Identity Data Contact Data Financial Data Usage Data | Performance of a contract with you Necessary for our legitimate interests (to recover debts due to us) |
| To manage and respond to your enquiries and to communicate with you | Identity Data Contact Data Technical Data Usage Data | Performance of a contract with you Necessary for our legitimate interests (for administration purposes and for customer relationship management) |
| To deal with complaints and to block or remove accounts where they breach our terms and/or the law or are spam accounts | Identity Data Contact Data Profile Data Technical Data Usage Data Marketing and Communications Data | Necessary to comply with our legal obligations (such as not allowing illegal images to be shared) Necessary for our legitimate interests (of removing or blocking accounts where they breach our terms and/or the law such as where a user harasses another user, and to deal with complaints) |
| To send you direct marketing information about our services, offers, promotions, initiatives | Identity Data Contact Data Marketing and Communications Data | Consent |
| To administer and protect the Application, Website and our business (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) Necessary to comply with a legal obligation | |
| To carry out research and to improve the Application, Website, our services, customer relationships and experiences | Usage Data Technical Data | Necessary for our legitimate interests (to define types of clients for our services, to keep the Application and Website updated and relevant, to develop our business and to inform our marketing strategy) |
| To advertise, market and target users and potential users of the Application and Website using non-essential cookies or similar technologies and to measure the effectiveness of such campaigns | Profile Data Technical Data Marketing and Communications Data | Consent – indicated by you in your privacy or cookie settings or where specifically obtained by us |
| To display health data on your profile, to match you according to your sexual orientation or do other processing of special categories of personal data | Profile Data Any other special categories of personal data of yours that we hold or process | Consent – specifically obtained by us for special categories of personal data |
| To defend or make legal claims, protect legal rights and to protect people from harm | Any of the data categories listed where applicable | Necessary for our legitimate interests (to defend ourselves and others from legal claims and to bring them where appropriate) |
Your rights under the UK GDPR
If you are an individual residing in the UK, you have certain rights as to how your personal data is obtained and used. Fitafy complies with your rights under the UK GDPR as to how your personal information is used and controlled.
Except as otherwise provided in the UK GDPR, you have the following rights:
access details of the personal data we hold and process about you (usually this is called a subject access);
to ask us to correct your personal data we hold if it is inaccurate;
to delete your personal data (also known as ‘the right to be forgotten’);
to ask that we give you a copy of the personal data that we hold about you, or (where it is technically feasible for us to do so) that we give this personal data to a third party chosen by you, in a commonly-used, machine-readable, format;
to restrict our processing of your personal data for certain purposes;
to object to your personal data being used; and
to object against us making decisions about you using completely automated means.
These rights are not available to everyone all of the time. Some are subject to exemptions, and so we may not always able, or required, to comply with your request to exercise these rights. Further information on your rights is available from the Information Commissioner’s Office (ICO).
If you want to exercise any of the rights described above or are dissatisfied with the way we have used your information, please contact our data protection officer privacy officer at: support@fitafy.com. We would be grateful if you could provide us with as much information as you can so we can respond as soon as we can. Sometimes we may need proof of your identity (for example, your passport or driving licence) before we can fully respond so we can be sure we are giving the correct personal data to the correct individual.
We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of the GDPR. We usually respond to data subject requests within one month, but it can take longer if your request is particularly complex or if you have a number of requests. You will not usually have to pay a fee, but we reserve the right to charge a fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request.
Please note that we may keep a record of your communications to help us resolve any issues which you raise.
If you remain dissatisfied, you have the right to lodge a complaint with the ICO at Make a complaint | ICO
Your rights under the Privacy Act
If you are a resident of Australia, you may request details of personal information that we hold about you in accordance with the provisions of the Privacy Act.
Further information on your rights is available from the Office of the Australian Information Commissioner (OAIC).
If you would like a copy of the information which we hold about you or believe that any information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading, or if you are dissatisfied with the way we have used your information, please contact our data protection officer privacy officer at: support@fitafy.com.
We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of the Privacy Act. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act.
If you remain dissatisfied, you have the right to lodge a complaint with the OAIC at Privacy complaints — OAIC
Your California Privacy Rights
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act, and you have the right to be free from unlawful discrimination for exercising your rights under that Act:
You have the right to request that we disclose certain information to you and explain how we have collected, used and shared your personal information over the past 12 months.
You have the right to request that we delete your personal information that we collected from you, subject to certain exceptions.
California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about the businesses’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. If you wish to find out about any rights you may have under California Civil Code section 1798.83, you can write to us at support@fitafy.com.
From time to time, as part of a joint promotion with a third party, we may, if you participate in such promotion, disclose your contact information to the third party to allow them to market their products or services to you. Where this is a condition for participation in a promotion, we will always let you know before when you enter the promotion. Please follow the instructions provided to you by third parties to unsubscribe from their messages.
In addition, under California law, operators of online services are required to disclose how they respond to “do not track” signals or other similar mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information of a consumer over time and across third party online services, to the extent the operator engages in that collection. This law also requires operators of online services to disclose whether third parties may collect personal information about their users’ online activities over time and across different online services when the users use the operator’s service. Where we track our user’s personal information over time and across third party online services, we do so in accordance with the requirements of the UK GDPR. We do not knowingly permit third parties to collect personal information about an individual user’s online activities over time and across different online services when using the Application.
Changes to Privacy Policy
Please be aware that we may change this Privacy Policy in the future. We may modify this Privacy Policy at any time, in our sole discretion and all modifications will be effective immediately upon notifying you through the Application or our posting of the modifications on our Website. The most current version of this policy will govern our use of your information.
Download our app today
