Fitpass Privacy Statement

Last modified on 18.09.2023.

At Fitpass we take data protection seriously. Privacy and information security are at the heart of Fitpass. This Privacy Policy Statement describes the key principles and practices we abide by in order to ensure your privacy is respected while using our services.

Fitpass, local country-specific Fitpass companies and Up Coop belonging to the same group of companies (“Fitpass”, “we”) process personal data of users of Interactive services, members of Fitpass’s members and services ordered through Fitpass application (“Fitpass App”) and members of other Fitpass delivery products and services and the visitors of the website Fitpass.rs (“Website”).

In this Privacy Statement, the word “Fitpass Services” refers jointly to the Website and the Fitpass App and other services provided by Fitpass to members. In this Privacy Statement, the word “Members” or “you” refers jointly to our and our group companies’ customers, members of Fitpass services, representatives and other authorized members of our customer organizations, potential customers and the members of the Fitpass Services. Our Privacy Statement explains, for example, the types of personal data we process, how we process the personal data and how you may exercise your rights as a data subject (for example, right to object, right of access).

Some of our services might be subject to a separate privacy policy. If a separate privacy policy applies to a particular service, we will post it in connection with the service in question in a timely manner.

This Privacy Statement may be updated from time to time in order to reflect the changes in data processing practices or otherwise. You can find the current version on the Website. We will not make substantial significant changes to this Privacy Statement or reduce the rights of the Members under this Privacy Statement without prior notice to Members.

1. DATA CONTROLLERS

This Privacy Statement applies to the processing of personal data of Members carried out by Fitpass. Fitpass is part of Up Coop a company with an official address Z.A.C. des Louvresses, 27-29 avenue des Louvresses – 92230 GENNEVILLIERS, Paris, Republic of France. We form one team and sometimes we can decide together on processing of personal data.

In relation to the processing of personal data of Members in the below countries, Fitpass Group and the local Fitpass group company are acting as joint data controllers. This means that Fitpass Group and the local Fitpass group company together determine the purposes for and means by which personal data is processed.

Individual data controllers for Customers in specific countries are listed below:

• Emergo Sport d.o.o, Bul. vojvode Bojovica 8, 11158 Belgrade, Serbia, if the User is located in Serbia,
• FitPass Georgia LLC, Lech Khachinsky street #1, Tbilisi, Georgia, if the User is located in Georgia,
• AA SPORT d.o.o, Space Office Center – Pijacna 14k, Sarajevo, Bosnia and Herzegovina, if the User is located in Bosnia and Herzegovina,
• Multinet Kurumsal Hizmetler A.S, Esentepe Mah. Kore Şehitleri Cad. Propa Plaza Apt. No: 4-6, İç Kapı No: 3 Şişli/İstanbul/Türkiye, if the User is located in Turkey,
• Up Hellas, Dragatsaniou 6, Athens, 10559, GR, if the User is located in Greece,
• Up Moldova, Doina si Ion Aldea-Teodorovici str. 22 A, MD 2064, Chisinau, if the User is located in Moldova.

To avoid any doubt, the main data controller center for all Customers of Fitpass services is located in Bulgaria, with having its address at Haydushka Polyana 8, 1000, Sofia, Bulgaria.

Emergo Sport d.o.o. has been appointed responsible for handling all data subject requests and questions relating to the personal data processing of the Fitpass group on behalf of the local joint controllers.

2. FITPASS’S CONTACT DETAILS

Emergo Sport d.o.o.

Business ID: 21054097.

Correspondence address: Bul. vojvode Bojovica 8, 11158 Belgrade, Serbia.

E-mail address: kontakt@fitpass.rs.

Data Protection Officer: Fitpass has appointed a data protection officer who you can reach through the above contact details or by sending an e-mail to privacy@fitpass.rs.

3. PERSONAL DATA PROCESSED AND SOURCES OF DATA

We process personal data only to the extent necessary and appropriate for the specific processing purpose. The personal data collected and processed by us can be divided into two general data categories: Member Data and Usage Data.

Member Data

Member Data is personal data collected directly from you or from our customer organization on behalf of which you are using Fitpass Services (“Customer Organization”), as the case may be. We may collect Member Data from our Members and Customer Organizations in a variety of ways, including, after conclusion of a service agreement with the Customer Organization or when Members register to the Fitpass Services, subscribe to a newsletter, or fill out a form. Further, please note that we also collect details of any transactions and payments you carry out through Fitpass Services.

1. Member Data that is necessary in order to use the Fitpass Services

The following personal data collected and processed by us is necessary for a proper performance of the contract between you and us as well as for our legitimate interest whilst fulfilling our contractual obligations towards our Customer Organizations and for the compliance with our legal obligations.

After conclusion of the service agreement between us and the Customer Organization, the Customer Organization provides, on your behalf, us with your full name and email address.

When you register to the Fitpass Services and create a member account, you need to provide us with the following information:

• Full name;
• Email address;
• Employer (corporate members who use Fitpass Services through the Customer Organization).

In case of withholding the mentioned data in any way (such as requesting deletion or objection), you will not be able to use any of the Fitpass Services.

1. Member Data you give us voluntarily and while using Fitpass Services

Your member or customer experience may be enhanced by providing us with the following information, which you voluntarily share with us:

Additional Account Information:

• Picture;
• Location data (if you consent to the processing of your location data);
• Other information, apart from the mandatory ones, you provide either when creating a member account or later when modifying your account profile.

1. Other Information. We may also process other information provided by you voluntarily such as:

• Information related to your check-ins through Fitpass Services;
• Information you provide when submitting ratings, comments or responding to surveys;
• Favorite venues and other preferences;
• Marketing opt-ins and opt-outs;
• Information you provide by phone, email or chat correspondence with our customer service.

Usage Data

Usage Data arises from Member interactions with the Fitpass Services. Although we do not normally use Usage Data to identify you as an individual, you can in certain circumstances be identified from it, either alone or when combined or linked with Member Data. In such situations, Usage Data can also be considered personal data, those that you voluntarily provide, under applicable laws and we will treat such data as personal data.

We may automatically collect the following Usage Data when you visit, use, or exchange information within Fitpass Services:

• Information that describes your device or browser and Fitpass application, their versions, features, capabilities, and settings.
• Information about your operator, Internet service provider and network connection type, including your IP address.
• Identifiers provided by your device or third parties for application vendors or advertisers, or identifiers we create ourselves.
• Country, locale, time zone and geo-IP level location information.
• Details of your interactions with, and usage of, Fitpass Services. This includes, for example, usage patterns, which features you use, advertisement, participating in a specific campaign and offer impressions and interactions, and information on orders.
• Data for tracking and reporting transactions initiated by our advertising partners, including timestamps, and identifiers mentioned above.

For details on how to control advertising and analytics identifiers on your device, see below under the section “Cookies and other technologies”.

Cookies and other technologies

We use various technologies to collect and store Usage Data and other information when the Members visit the Fitpass Services, including cookies, storing website data, and using web and application telemetry.

Cookies and other website data saved on your device allow us to identify visitors of the Fitpass Services and facilitate the use of the Fitpass Services and to create aggregate information of our visitors. This helps us to improve the Fitpass Services and better serve our Members. The cookies and other website data will not harm your device or files. We use cookies and other website data to tailor Fitpass Services and the information we provide in accordance with the individual interests of our Members. Please note that the retention time of different cookies is limited and varies from less than a minute till indefinitely and when a specific cookie is deleted.

The Members may choose to set their web browser to refuse cookies. For example, the following links provide information on how to adjust the cookie and other web data settings on some popular browsers:

• Apple Safari
• Google Chrome
• Microsoft Edge
• Mozilla Firefox

Please note that some parts of Fitpass Services may not function properly if use of cookies is refused.

Fitpass Services use pseudonymized identifiers to track and predict your app and service usage and preferences. Fitpass also uses session-only 3rd-party tracking technologies to verify and report transactions initiated by our advertising partners.

You can manage your cookie preferences through the cookie banner on our websites.

You can also manage your communication and other privacy settings via Fitpass App.

You have the right to object to automated data processing at any time. After you raise an objection, we will no longer be able to process data automatically, except in cases where there are lawful and legitimate reasons.

Fitpass visitor identifiers can be disabled on iOS and Android mobile devices by changing your settings (for iOS: Settings → Fitpass → Fitpass settings → Limit Tracking, and for Android: Fitpass application → Profile tab → Settings icon in the top-right corner).

Generally, advertising identifiers can be disabled on iOS mobile devices by turning on the Limit Ad Tracking tab (Settings → Privacy → Advertising → Limit Ad Tracking). For an overview and more information on the advertising identifier, please see Apple Advertising and Privacy site.

Fitpass uses different third party analytics and telemetry providers, marketing or affiliate partners, and other services integrated into our client software listed below:

Name	Purpose	Vendor Privacy Statement
SparkPost	Email delivery platform	Link
Sentry	Error tracking tool for developers	Link
IPAY GE	Payment provider for Georgia	Link
Taxcore CodeLess	E-Fiscalize receipts for online purchases	Link
WSPay	Payment provider for Serbia	Link
Intercom	Customer communication platform	Link
Fertimo	Access control system for venues in Georgia	Link
Link Mobility	SMS solution for BiH and Serbia	Link
WiFisher	SMS solution for Georgia	Link
Azeoo	White-labeled online workout app	Link
UpMoldova SMS	SMS provider for Up countries	Link
Firebase	Various aspects for development, maintenance, and user engagement via apps	Link
Mixpanel	Advanced analytics platform used for tracking user interactions with web and mobile apps	Link
Google Maps	Web mapping platform	Link
Hotjar	Analytics platform used for tracking user interactions with websites and products	Link
Google Analytics	Web analytics service	Link
Facebook Pixel	Website code for measuring, optimizing and building audiences for ad campaigns	Link
Google Tag Manager	Tag management system for marketing and third-party code snippets	Link

Please note that not all the above vendors are necessarily being used at any given time, or on all market areas.

4. THE PURPOSES AND GROUNDS FOR THE PROCESSING

We process personal data only to the extent necessary and appropriate for the specific processing purposes. Please note that one or more of the following purposes and legal grounds may apply simultaneously.

Firstly, Fitpass processes your personal data to perform our contractual obligations towards you or the Customer Organization, for example, to the extent necessary to:

• Offer the Fitpass Services to you under the contract between you and Fitpass or between Customer Organization and Fitpass;
• Perform the contract between you and Fitpass and for purposes of managing and your Check-in as well as communicating with you about changes to terms and conditions, privacy policies, or other important changes related to the contract;
• Handle your payments or any refunds (where applicable);
• To answer your questions or solve your support cases if you contact us.

Secondly, we may process your personal data if there is an appropriate and justifiable interest (that is, a legitimate interest) to run, maintain and develop our business or to create and maintain customer relationships. When choosing to use your data, and despite your consent, we weigh our own interests against your right to privacy and, for example, provide you with easy to use opt-out from our marketing communications and use pseudonymized or non-personally identifiable data when possible. You have the right to object to processing your data on the basis of legitimate interest. However, Fitpass can refuse such an objection in accordance with applicable legislation, for example, if the processing is necessary for preparing, exercising or defending legal claims.

We process your personal data to the extent necessary to fulfill obligations, improve services, comply with legal regulations, and in other cases based on your consent, for example, for:

• Claims handling, debt collection and legal processes. We may also process data for the prevention of fraud, misuse of our services and for information, system and network security and safety.
• Contact you regarding the Fitpass Services and to inform you of changes relating to them or asking your review or feedback on Fitpass Services.
• Market Fitpass Services to you or show you targeted or personalized advertisements through Fitpass Services or send you otherwise targeted marketing of services or products that may be of your interest. In order to form such a target group we may process information listed above in the section on Usage Data. Please note that processing of personal data for marketing purposes will be based on your consent (see also section “Direct Marketing” below).
• Improve the quality of Fitpass Services and develop our business, for example, by analyzing any trends in the use of the Fitpass Services by processing data related to your use of Fitpass Services.
• Ensure that our services are in line with your needs, personal data can be used for things like customer satisfaction surveys. When possible, we will do this using only aggregated, non-personally identifiable data.
• Process your data within the Fitpass group of companies in accordance with this Privacy Statement.

While processing your personal data for the purposes of providing Fitpass Services to you as well as other purposes stated above, we may use automated means in processing that may also include automated decision-making.

Further, we may process your personal data to administer and fulfill our legal obligations. This includes data processed for complying with our bookkeeping obligations and providing information to relevant authorities such as tax authorities or law enforcement authorities in accordance with mandatory legal provisions.

In some parts of Fitpass Services, you may be requested to grant your consent for the processing of personal data. For example, within Fitpass App you may manage your marketing and other permissions. If processing of your personal data is based on your consent, you may withdraw it at any time by contacting us or amending the respective consent setting for example within the Fitpass App.

5. TRANSFER TO COUNTRIES OUTSIDE EUROPE

In order to protect your personal data, Fitpass may transfer your personal data to Bulgaria or another country of the European Union where an appropriate level of protection of personal data is applied. However, we have service providers, operations and group companies in several geographical locations. As such, we and our service providers may transfer your personal data to, or process it in, jurisdictions outside the European Economic Area or the Member’s domicile.

We will take steps to ensure that the Members’ personal data receives an adequate level of protection in the jurisdictions in which it is processed. We provide appropriate and adequate protection for the transfers of personal data to countries outside of the European Economic Area through a series of agreements with our service providers based on the Standard Contractual Clauses or through other appropriate safeguards.

More information regarding the transfers of personal data may be obtained by contacting us at any of the addresses indicated above.

6. DATA RECIPIENTS

We only share your personal data within the organization of Fitpass if and as far as reasonably necessary for the purposes of this Privacy Statement.

We do not share your personal data with third parties outside of Fitpass’s organization unless one of the following circumstances applies:

For the purposes set out in this Privacy Statement and to authorized service providers – Partners

To the extent that third parties (such as venues, partners or retailers which provide your services) require access to personal data for us to perform the Fitpass Services or for other legal reasons, we may provide your data to such third parties. For example, we may share your full name with Partners listed as service providers through the Fitpass service from whom the User has used a specific membership within the Fitpass service, but only the data necessary to fulfill the Interactive service, such as verifying membership status.

Furthermore, we may provide your personal data to our group companies or to authorized service providers who perform services for us (including data storage, analytics, marketing and payment fraud prevention) to process it for us and to payment service providers to process your payments to us.

When data is processed by third parties on behalf of Fitpass, Fitpass has taken the appropriate contractual and organizational measures to ensure that your data are processed exclusively for the purposes specified in this Privacy Statement and in accordance with all applicable laws and regulations and subject to our instructions and appropriate obligations of confidentiality and security measures.

Please bear in mind that if you provide personal data directly to a third party, such as through a link in Fitpass Services, the processing is based on their policies and standards.

For legal reasons and legal processes

We may share your personal data with third parties outside Fitpass if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, crime, security or technical issues; and/or (iii) protect the interests, properties or safety of Fitpass, the Members or the public as far as in accordance with the law. When possible, we will inform you about such processing.

For other legitimate reasons

If Fitpass is involved in a merger, acquisition or asset sale, we may transfer your personal data to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will give notice to all the Members concerned when the personal data are transferred or become subject to a different privacy statement.

With your explicit consent

We may share your personal data with third parties outside Fitpass when we have your explicit consent to do so. You have the right to withdraw this consent at all times free of charge, for example, by contacting us.

Emergo will not be held responsible for any potential use of the forwarded personal data by third parties for purposes other than those specified; therefore, it cannot be held liable for any damages that may arise from such use by third parties for the User.

7. STORAGE PERIOD

Fitpass does not store your personal data longer than is legally permitted and necessary for the purposes of providing the Fitpass Services or the relevant parts thereof. The storage period depends on the nature of the information and on the purposes of processing. The maximum period may therefore vary per use.

After a Member has deleted their member account personal data may be stored only as long as such processing is required by law or is reasonably necessary for our legal obligations or legitimate interests such as claims handling, bookkeeping, internal reporting and reconciliation purposes.

We regularly assess the storage period for personal data to ensure the data is stored only for the necessary time period.

8. YOUR RIGHTS

Right of access

You have the right to request, access and be informed about your personal data processed by us. We give you the possibility to view certain data through your member account with Fitpass Services or request a copy of your personal data by contacting us.

Right to withdraw consent

In case the processing is based on a consent granted by the Member, the Member may withdraw the consent at any time free of charge. Withdrawing a consent may lead to fewer possibilities to use the Fitpass Services. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to rectify

You have the right to have incorrect or incomplete personal data we have stored about you corrected or completed by contacting us. You can correct or update some of your personal data through your member account in Fitpass Services.

Right to erasure

You may also ask us to delete your personal data from our systems. We will comply with such a request unless we have a legal base to not delete the data.

Right to object

You may have the right to object to certain use of your personal data if such data is processed for other purposes than necessary for the performance of the Fitpass Services or for compliance with a legal obligation. If you object to the further processing of your personal data, this may lead to fewer possibilities to use the Fitpass Services.

Right to restriction of processing

You may, lodge an objection against the processing of personal data and request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. After filing an objection, Emergo will no longer be able to process data except in cases where there are lawful and justified reasons. This may however lead to suspension or fewer possibilities to use the Fitpass Services.

Right to data portability

You have the right to receive the personal data you have provided to us yourself in a structured and commonly used format and to independently transmit that data to a third party.

How to use your rights

The abovementioned rights may be used by contacting Fitpass support or sending a letter or an e-mail to us at the addresses set out above, including the following information: the full name, address, e-mail address. If you have Fitpass account, we recommend you contacting us through Fitpass support as that allows us to identify you more easily. We may request the provision of additional information necessary to confirm the identity of the Member. We may reject or charge requests that are unreasonably repetitive, excessive or manifestly unfounded.

9. DIRECT MARKETING

The Member has the right to prohibit us from using the Member’s personal data for direct marketing purposes, market research and profiling made for direct marketing purposes by contacting us on the addresses indicated above or by using the functionalities of the Fitpass Services or the unsubscribe possibility offered in connection with any direct marketing messages.

10. LODGING A COMPLAINT

In case the Member considers our processing of personal data to be inconsistent with the applicable data protection laws, the Member may lodge a complaint with the local supervisory authority for data protection in Serbia, the current Commissioner for Information of Public Importance. Alternatively, the Member may lodge a complaint with the other local and competent supervisory authority for data protection.

10. INFORMATION SECURITY

Emergo stores all data in databases and on servers protected by modern security technologies, with continuous implementation of data security measures.

We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures include, for example, where appropriate, encryption, pseudonymization, firewalls, secure facilities and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability to restore the data. We regularly test Fitpass Services, systems, and other assets for security vulnerabilities. Furthermore, access to personal data by employees of Fitpass is restricted and access is subject to what is necessary for purposes of the employee’s work assignments.

11. CHANGE TO PRIVACY STATEMENT (PRIVACY POLICY)

We will periodically update this Privacy Statement due to changes in our practices and services. When we make changes to this privacy notice, we will update the “last updated” date at the top of the privacy statement. If we make significant changes in how we collect, use, and share personal data, we will notify you by posting a notice of the changes on the website.

By continuing to use the Interactive Service after changes to the Privacy Policy, it is assumed that the User has accepted all the terms of the amended Privacy Policy.

We recommend checking this page from time to time to stay informed about any changes to our privacy notices.