Privacy logo

Privacy Notice

Effective as of 31 August 2023.

YOUR PRIVACY IS OUR #1 PRIORITY.


At FitrWoman, we believe that your privacy is a fundamental right and that you should be in complete control of your data.  We will do our part to ensure you have a full understanding of what data we collect from you, how we use it, how we keep it safe – and importantly, how you can request to access it and delete it at any time. 

Should you have any questions or concerns about your data privacy or security, please reach out to us at privacy@fitrwoman.com.

OUR PRIVACY PRINCIPLES


Transparency is everything.

When you use FitrWoman, you trust us with your data.  It is our job to earn your trust – in what we say and, most importantly, in what we do.  And it all starts with transparency.  You have the right to know and the right to choose exactly how your data are used, and we have the responsibility to ensure you are fully informed on all matters relating to your data.  

You are in control.

You can request to access, update and delete your data – all of it – at any time.  We make this
as easy as possible through built-in account management tools, and you can always contact us directly at privacy@fitrwoman.com for support with any data request.

We will never sell your data.
We never have and never will sell your data to third parties, including advertisers or other marketing businesses.


Secure by design, secure by default.
We have developed FitrWoman in line with leading international standards and best practices on information security and data protection. 

OUR PRIVACY NOTICE – IN BRIEF


Here is a summary of the key points in our Privacy Notice to get you grounded in our data practices. Importantly, this is not a substitute for reading the notice in full, which has additional information on how we manage your Personal and Sensitive Data. You may contact us anytime at privacy@fitrwoman.com for help with any questions or data requests.


What data do we collect?
We collect Personal Data like your name, email address and date of birth when you set up your account, as well as Sensitive Data you may choose to provide like your menstrual cycle dates and symptoms, which we use to create a personalized experience for you and help you learn about your body.  We also capture data about how you use FitrWoman to help us understand what you like and continue to make it better.

What do we do with your data?
We only collect data for which we have an explicitly defined purpose and lawful basis.
• Your Personal Data is used to create your account and to communicate with you.
• Your Sensitive Data is used to provide you the benefits of the FitrWoman platform, including a personalized content experience and insights on your menstrual cycle trends.
• At your discretion, you may choose to share your Personal and Sensitive Data with your coach or trainer through FitrCoach.
• We may anonymize and aggregate your data for use in supporting scientific research on female heath and performance.
• Your Personal and Sensitive Data is shared with third-parties for the limited and specific purposes of running the FitrWoman platform, or in special circumstances in which we are required by law. Your data is never sold.

We handle your data with great care.
FitrWoman is built in accordance with the international standard for data protection and information security, ISO-27001, and in line with guidance and best practices established by leading cybersecurity organizations including NCSC, CIS, NIST, and OWASP.

We limit children’s access to the platform.
You must be at least 13 years old to use FitrWoman. If you live in the European Economic Area (EEA), you must be at least 16 years old to use FitrWoman. We do not knowingly collect Personal Data or Sensitive Data from children under 13 (under 16 in the EEA). If you are aware of any child under 13 (under 16 in the EEA) using FitrWoman, please contact us at privacy@orreco.com, and we will take the required steps to immediately delete the child’s account and all related Personal and Sensitive Data. Furthermore, should we, ourselves, become aware of any child under 13 (under 16 in the EEA) using FitrWoman, we reserve the right and will take the required steps to immediately delete the child’s account and all related Personal and Sensitive Data.


You have expansive data rights and are in complete control.

You have full rights to object to or restrict the processing of your Personal and Sensitive Data, as well as to request access to, corrections and deletion of your Personal and Sensitive Data at any time. To exercise your rights, please reach out to us at privacy@fitrwoman.com.

We are here to help.
You can contact us at privacy@fitrwoman.com for help with any questions or data requests.

OUR PRIVACY NOTICE – IN FULL


INTRODUCTION


About FitrWoman
FitrWoman is a software platform designed to educate and empower female athletes and their coaches, comprising the FitrWoman Mobile Application ("Mobile App"), the FitrCoach Web Application (“Web App”) (together, the “Apps”) and FitrWoman Website (“Website”) (all collectively, “FitrWoman” or the “Services”).

FitrWoman is developed and owned by Orreco Limited (“Orreco” or the “Company”), a leading provider of sports data analytics products and services. Orreco is a private company limited by shares based in Ireland with a registered address at Business Innovation Centre, Unit 103, National University of Ireland Galway, Upper Newcastle, Galway, H91 RW53, Ireland.

About our Privacy Notice
At FitrWoman, we believe that your privacy is a fundamental right and that you should be in complete control of your data.  We will do our part to ensure you have a full understanding of what data we collect from you, how we use it, how we keep it safe – and importantly, how you can request to access it and delete it at any time. Should you have any questions or concerns about your data privacy or security, please reach out to us at privacy@fitrwoman.com.


Our approach to data privacy is grounded by the following principles:


Transparency is everything.
When you use FitrWoman, you trust us with your data.  It is our job to earn your trust – in what we say and, most importantly, in what we do.  And it all starts with transparency.  You have the right to know and the right to choose exactly how your data are used, and we have the responsibility to ensure you are fully informed on all matters relating to your data.  


You are in control. You can request to access, update and delete your data – all of it – at any time. We make this as easy as possible through built-in account management tools, and you can always contact us directly at privacy@fitrwoman.com for support with any data request.


We will never sell your data. We never have and never will sell your data to third parties, including advertisers or other marketing businesses.


Secure by design, secure by default. We have developed FitrWoman in line with leading international standards and best practices on information security and data protection. 


Throughout our Privacy Notice, we will use a few specific, important terms and make references to certain applicable legislation that guides our data management practices. These terms and legislation references are defined below:


Personal Data: any information related to an identified or identifiable natural person.


Sensitive Data: a special class of Personal Data that includes the health-related data you may choose to provide us in your use of FitrWoman. For accuracy and completeness, we will reference Sensitive Data specifically throughout our Privacy Notice to bring your attention to this important category of Personal Data. Often, we will refer to Personal Data and Sensitive Data together as “Personal and Sensitive Data”.

EU GDPR: General Data Protection Regulation (EU) 2016/679 (“EU GDPR”), which establishes the primary requirements and guidelines that inform our Privacy Notice and overall data management practices.

UK GDPR: General Data Protection Regulation implemented in the United Kingdom (“UK GDPR”) in accordance with the Data Protection Act 2018, which is based on and substantially similar to EU GDPR.


COPPA: Childrens Online Privacy Protection Act of 1998, 15 U.S.C. 6501–6505 (“COPPA”), which establishes minimum age requirements for processing personal data from residents of the United States.

Our Privacy Notice is organized into the following sections:


• Notice on Children’s Privacy
• Personal and Sensitive Data We Collect
• How We Use Your Personal and Sensitive Data
• Third Parties Processing Your Personal and Sensitive Data
• Storage and International Transfers of Your Personal and Sensitive Data
• Our Security Measures
• Your Data Rights
• How To Contact Us


We reserve right to and may make changes to Privacy Notice from time to time as legal requirements and data management best practices evolve. If we make material changes, we will notify you via email. You can always find the current Privacy Notice on our Website (www.fitrwoman.com/privacy-policy). As permitted by law, your continued use of the Services indicates your acceptance of this and any future changes to this Privacy Notice.

NOTICE ON CHILDREN’S PRIVACY


General age limitation.
 The Services are not intended for children and we do not knowingly solicit or process Personal Data (including Sensitive Data) from children under the age of 13 through the Services. If you are aware of any child under 13 using the Services, please contact us at privacy@fitrwoman.com, and we will take the required steps to immediately delete the child’s account and all related Personal and Sensitive Data. Furthermore, should we, ourselves, become aware of any child under 13 using the Services, we reserve the right and will take the required steps to immediately delete the child’s account and all related Personal and Sensitive Data.

Age limitation for residents of the European Economic Area (EEA). Owing to our obligations under EU GDPR, we do not allow the use of the Services by residents of the EEA under the age of 16. We do not knowingly solicit or process Personal Data (including Sensitive Data) from residents of the EEA under the age of 16 through the Services. If you are aware of any resident of the EEA under 16 using the Services, please contact us at privacy@fitrwoman.com, and we will take the required steps to immediately delete the account and all related Personal and Sensitive Data. Furthermore, should we, ourselves, become aware of any resident of the EEA under 16 using the Services, we reserve the right and will take the required steps to immediately delete the account and all related Personal and Sensitive Data.

PERSONAL AND SENSITIVE DATA WE COLLECT

We collect Personal Data (including Sensitive Data) about you from data you provide us directly, as well as from data generated automatically when you use the Services.

Data You Provide Us Directly


General Information:
When you create your account and as you access and use the Services, we may collect certain Personal Data about you, such as:


• Name
• Email Address
• Date of Birth
• Password
• Country of Residence
• Language Preference

Health and Wellness Information: When you create your account and as you access and use the Services, you may choose to provide certain Sensitive Data about your health and wellness, such as:


• Height
• Weight
• Menstrual cycle dates
• Menstrual cycle symptoms and characteristics
• Hormonal contraception use


Other Information: As you access and use the Services, you may choose to provide other data to further enhance your experience, such as:


• Dietary preferences
• Content favorites
• Training intensity


Data We Collect Automatically


As you access and use the Services, we may automatically collect information about you, such as:


Device Information:


• Device brand, name and model
• Device operating system and version
• Browser version


Location Information:


• IP address
• Time zone


Event and Usage Information:

• Frequency of access or use
• Areas and features of the Services accessed or used
• Engagement with specific areas and features of the Services

We may use cookies to collect some of this information. To learn more, please visit our Cookie Notice.


HOW WE USE YOUR PERSONAL AND SENSITIVE DATA


We will not collect or use your Personal Data (including Sensitive Data) without informing you. We take great care to adhere to all applicable data protection legislation and process your Personal and Sensitive Data solely in accordance with on one or more of the following lawful bases:


• Your explicit consent;
• To meet our contractual obligations in providing the Services to you;
• For legitimate interests, such as our interests in providing quality Services to you and protecting the security and integrity of the Services;
• To comply with legal obligations.


The following table summarizes the ways we will use your Personal and Sensitive Data along with our lawful bases for doing so, illustrated by some examples.

Purpose of processing
Type of data
Legal basis
Example
To deliver existing features and functional benefits of the Services to you.
Personal Data
Sensitive Data
Explicit Consent
We make automated decisions using your cycle data and symptoms logging activity to predict your future cycles and provide relevant content to you.
For billing and other account management  purposes, as applicable.
Personal Data
Performance of Contract
We may send you an email pertaining to the payment of an invoice or the renewal of your subscription, as applicable.
To inform you of material changes to our Privacy Notice or Terms of Services.
Personal Data
Legal Obligation
We may send you an email to bring to your  attention material changes to our Privacy Notice or Terms of Services.
To respond to your queries and to provide you with the information you request from us in relation to the Services.
Personal Data
Legitimate Interest
We may process your name and send you an email  in reply to a support request or query you have raised.
To provide you with information about Services we offer that are similar to those that you have inquired about.
Personal Data
Legitimate Interest
We may send you an email containing information of potential interest related to our Services. You may opt-out of receiving such emails any time by contacting us at privacy@fitrwoman.com.
To provide you with information on pertinent technical notices and updates, security alerts, and other administrative  matters.
Personal Data
Legitimate Interest
We may send you an email that contains information on an update to the Services.  You may opt-out of receiving such emails any time by contacting us at privacy@fitrwoman.com.
To ensure the quality and integrityof the Services we provide to you.
Personal Data
Legitimate Interest
We may send you an  email that contains a customer satisfaction survey.  You may opt-out of receiving such emails any time by contacting us at privacy@fitrwoman.com.
To monitor and analyze trends in  your usage of the Services.
Personal Data
SensitiveData
Explicit Consent
We may analyze your browsing activities on the Website and Apps to understand what you like or dislike and inform how we improve your future experience.

Our Data Processing Principles

Data minimization and purpose limitation.  We will not process Personal and Sensitive Data in a way that is incompatible with the purposes for which they have been collected or our lawful bases to do so.  Furthermore, we will not process any Personal and Sensitive Data that is not needed for the established purposes.  If we need to process your Personal and Sensitive Data for any new purpose, we will notify you to explain the new purpose of processing and our lawful basis and ask for your explicit consent.

 

Access and disclosure minimization.  We employ least privilege principles in how we develop and deliver the Services.  In other words, we limit the access of all internal staff and third-parties involved in the processing of your Personal and Sensitive Data to the fewest persons and lowest privilege levels possible to perform the required tasks.  We will not disclose your Personal and Sensitive Data except as otherwise described in this Privacy Notice. We may share your Personal and SensitiveData with third-parties solely as described in this Privacy Policy

 

No sale of Personal and Sensitive Data.  Under no circumstance will we sell your Personal and Sensitive Data. Period.

 

Retention of your Personal and Sensitive Data

We will retain your Personal and Sensitive Data for as long as necessary to provide you the Services or otherwise fulfill our legal obligations and the purposes for which it was collected.

 

Impact of Requests to Erase Personal and Sensitive Data: You may submit a request to erase all or part of your Personal and Sensitive Data directly to us at privacy@fitrwoman.com.  We will generally respond to and action your requests as soon as possible and in good faith subject to our legal obligations.  Once erased, your Personal and Sensitive Data will not be recoverable and certain features and functionality of the Apps maybe affected.

 

Impact of Mobile App Deletion or Account Inactivity: If you choose to delete the Mobile App from your device and / or no longer actively engage with Services, we will generally retain your Personal and Sensitive Data for a period of five (5) years in accordance with our legal obligations.  If within this five-year period you decide to re-install the Mobile App and / or actively engage with the Services, you will have access to your historical Personal and Sensitive Data. It is important to note: simply deleting the Mobile App from your device will not delete your Personal and Sensitive Data.

 

THIRD PARTIES PROCESSING YOUR PERSONAL AND SENSITIVE DATA

We will not share your Personal and Sensitive Data with third parties except as specified below.

 

Processing to deliver the Services

As a part of our delivering the Services to you, we engage other companies to process your Personal and Sensitive Data on our behalf. We refer to these companies as “Processors.”  Processors help us run the Services we provide to you, support our communication with you and perform other related activities. We remain responsible for any acts or omissions of our Processors and undertake to execute formal data processing agreements with them to the extent required by applicable law.

Here is the list of our primary Processors:

Infrastructure

Google Cloud Platform

Google Cloud Privacy Notice

• Data Processed: All Personal and Sensitive Data

• Purpose: Providing Services (Mobile App and WebApp)

GoogleFirebase

Google Firebase Data Processing and Security Terms

Privacy and Security in Google Firebase

• Data Processed: All Personal and Sensitive Data

• Purpose: Providing Services (Mobile App and WebApp)

Deduce 

Deduce Privacy Policy

• Data Processed: Personal Data (name, email, password)

• Purpose: Security and Integrity of Services (Mobile App and Web App)

 

Communications

SendGrid (Twilio)

SendGrid (Twilio) Privacy Notice

• Data Processed: Personal Data (name, email)

• Purpose: Communications on the Services

MailChimp (Intuit)

MailChimp (Intuit) Privacy Statement

• Data Processed: Personal Data (name, email)

• Purpose: Communications on the Services

 

Analytics

Google Analytics

Google Privacy Policy

Google Analytics Terms of Service

• Data Processed: Personal Data (name, email)

• Purpose: Improving the Services

 

Customer Support

Slack 

Slack Privacy Policy

• Data Processed: Personal Data (name, email)

• Purpose: Providing Services; Security and Integrity of Services

 

Payments

Stripe

Stripe Privacy Policy

• Data Processed: Personal Data (name, email,payment information)

• Purpose: Providing Services (Web App)

 

Connecting with the FitrCoach Web Application

One of the key features of the Services involves the ability to share certain Personal and Sensitive Data with trusted trainers or coaches via the FitrCoach Web Application.

The Personal Data shared in your connection to FitrCoach include your:

 

• Name

• EmailAddress

• Date ofBirth

 

The Sensitive Data shared in your connection to FitrCoach include your:

 

• Height

• Weight

• Menstrual cycle dates

• Menstrual cycle symptoms and characteristics

• Hormonal contraception use

 

Other data shared in your connection to FitrCoach include your:

 

• Content engagement (i.e. receiving and reading messages from your coach)

• Training intensity

 

Importantly, you have the unequivocal right to choose whether you share your Personal and Sensitive Data with your coach or trainer via FitrCoach, and you should choose to do so only under the premise of a trusting relationship and on a fully, independently consenting basis.

Should you choose to share your Personal and Sensitive Data with your coach, you do so at your own risk, as outlined in the Terms of Service.

 

You can withdraw your consent and break the connection to your coach or trainer on FitrCoach at any time in the FitrWoman Mobile App Settings under Coach Connections.  This will effectively delete your profile and all associated Personal and Sensitive Data on your coach’s or trainer’s FitrCoach.  You can also reach out to us at privacy@fitrwoman.com for assistance with breaking your connection(s) toFitrCoach.

 

Anonymizing and aggregating information for scientific research

 

We may anonymize your Personal and Sensitive Data so that it cannot be identified with you.  Such data is by definition no longer Personal and Sensitive Data, and accordingly, its processing does not fall under the governance of EU GDPR or other regulation concerning Personal and Sensitive Data.  We may aggregate and use anonymized data in statistical analyses and other scientific research to advance our understanding of female physiology and improve our Services. We may also share aggregated anonymized data with third-party research partners or institutions to further scientific progress in female health and sport performance.  Our legal basis for processing your data for this purpose is Legitimate Interest.

 

Navigating special circumstances

 

We may also share some of your Personal and Sensitive Data in the following special circumstances: 

 

• When disclosure is directed and explicitly consented by you;

• In response to subpoenas, court orders or legal processes, including those involving the interests of national security or law enforcement, to the minimum extent required and as restricted by law;

• When disclosure is required to maintain the security and integrity of the Services or to protect the privacy and security of individual persons, in accordance with applicable law. In such cases we may also delete some of your Personal and Sensitive Data (e.g. resetting your password to avoid unauthorized access);

• In the event that we go through a business transition, such as a merger, divestiture, acquisition, liquidation or sale of all or a portion of our assets, where your Personal and Sensitive Data will, in most instances, be part of the assets transferred.

Depending on the circumstance, Explicit Consent, Legitimate Interest, or Legal Obligation establish our legal basis for sharing your Personal and Sensitive Data.

 

STORAGE AND INTERNATIONAL TRANSFERS OF YOUR PERSONAL AND SENSITIVE DATA

FitrWoman’s parent company, Orreco, is based in Ireland.  The Personal and Sensitive Data we collect is stored in Google Cloud’s Europe-West region.  For the purposes of providing, and to the extent necessary to provide, the Services to you, your Personal and Sensitive Data will be transferred from and to the country from where you are engaging with the Services.  

Personal and Sensitive Data processed and transferred within and between the EEA and UK are governed by EU GDPR and UK GDPR, respectively.  Personal and Sensitive Data processed in and transferred from and to the United States (“US”) or other countries around the world are governed by the applicable laws of those jurisdictions (e.g. in the US, COPPA provides protection and guidelines alongside state-specific legislation). Importantly, while we are a European company and we hold ourselves to the high standards of EU GDPR, the laws of your jurisdiction may not offer the same protections and rights to you.

When we transfer Personal and Sensitive Data outside the EEA, we either implement Standard Contractual Clauses (“SCC”) with our Processors in accordance with EU GDPR or rely on current European Commission adequacy decisions.  Of note, on 10 July 2023, the European Commission adopted an adequacy decision for the EU-US Data PrivacyFramework (“EU-US DPF”), whereby participating US companies certify their compliance with EU law.  Google, our Processor who provides the infrastructure handling all of your Sensitive Data, along with SendGrid (Twilio) are certified under the new EU-US DPF.  We continue to partner with our other US-based Processors to ensure SCCs are in place and expect many to formally adopt the EU-US DPF in the near future.

 

While SCCs and frameworks like EU-US DPF establish clear data protection requirements and expectations for our Processors, it is important to recognize that they do not bind the governmental bodies of the non-EEA and -UK countries in which our Processors operate to deliver the Services to you.  In some cases, governments may have powers of surveillance and other rights to access Personal and Sensitive Data that run contrary to EU and UK GDPR principles. As such, the legal environment of non-EEA and -UK countries, including the US, creates a risk that Processors may be required by law to provide local governments access to Personal and Sensitive Data with limited rights for us as a company and you as an individual to seek legal recourse against such actions. With regard specifically to the US, the Personal and Sensitive Data our Processors manage is unlikely to be the subject of inquiry by a legal authority that would invoke laws compelling our Processors to disclose such data.  While low, however, we cannot eliminate the risk of disclosure in these cases.

 

We recognize that the storage and international transfer of your Personal and Sensitive Data is complex, as data protection legislation differs country by country – and in cases like the United States, within country.  To help us manage this complexity and ensure the highest possible levels of protection for your Personal and Sensitive Data, we choose our Processors very carefully, partnering with experienced service providers who employ similar principles and policies on data privacy and security. We also engage external experts in relevant fields to inform our data management policies and practices specific to storage and international transfers.

For further information on how your Personal and SensitiveData are stored and transferred, please contact us at privacy@fitrwoman.com.

 

OUR SECURITY MEASURES

FitrWoman is built in accordance with the international standard for data protection and information security, ISO-27001, and in line with guidance and best practices established by leading cybersecurity organizations including NCSC, CIS, NIST, and OWASP.

 

What we do to ensure the security and integrity of your Personal and Sensitive Data

We implement a system of technical and organizational measures in best efforts to protect your Personal and Sensitive Data from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction.  

 

Examples of the technical measures we use include:

• Encryption of your Personal and Sensitive Data in transit (TLS 1.3) and at rest (AES-256);

• Continuous vulnerability scanning on the software we use to build the Mobile App and Web Platform;

• Periodic penetration testing performed by an independent cybersecurity agency.

 

Examples of the organizational measures we use include:

•  Least privilege principles to limit access to Personal and Sensitive Data;

•. Systematic reviews of access rights and other organizational control measures;

• Data Protection Impact Assessments to identify and minimize risks involved in our processing of Personal and Sensitive Data;

• Training curriculum for all personnel to raise awareness and establish important individual and team-level responsibilities to ensure the security of Personal and Sensitive Data;

• Contracts with all personnel, including employees and contractors, and third-party Processors that establish clear expectations and strict liabilities on data management practices.

 

What you can do to ensure the security and integrity of your Personal and Sensitive Data

 

When it comes to ensuring the security and integrity of your Personal and Sensitive Data, you have a critically important role to play – we’re all in this together.  Here are some of the ways that you can help to protect your data:

 

Strong Passwords: You should create the strongest possible password for your account; one that you can remember but is difficult for others to guess or crack.  We use a password strength estimation algorithm called zxcvbn to give you an indication of how strong your password is. We recommend the following best practices for your password:

 

•  Use a minimum of 12 characters;

•  Use a minimum of 3 character types of the 4 character types: upper case letters, lower case letters, numbers and special characters (examples: !@#$%^&*()-+=);

• Do not write your password down;

• Do not share your password.

 

Enable 2-Factor Authentication (“2FA”) on FitrCoach: We strongly recommend coaches and trainers enable 2FA for their FitrCoach login.  You can turn on 2FA at any time in your Settings.

 

Device Security: We strongly recommend you secure the devices you use to access the Mobile App and Web App with lock screens and pins, passwords, and / or biometric scans like fingerprints or facial recognition, as available.  Do not write down or share your device pins or passwords.  Be wary when allowing others to use your device: only do so with people you trust and ensure your Mobile App and / or Web App is closed and logged out.  We also recommend setting up features that allow you to erase all data from your device in the event it is lost or stolen. Here are a few helpful links to guide such a setup for Apple devices (Find My and Erase Devices) and Google devices (Find My).

 

It is important to recognize, however, that no security system is perfect.  Accordingly, we cannot guarantee the absolute security of the Services, or that the integrity and privacy of your Personal and Sensitive Data will never be compromised.

 

How we handle things in the event of a security breach

 If we learn of a breach in the security and integrity of our systems, generally, we may either post a notice on our Website and / or notify you by email and will take all reasonable and required steps to remedy the breach as soon as possible in accordance with applicable law.

If we learn of a breach in the security and integrity of your Personal and Sensitive Data, specifically, we will notify you by email and will take all reasonable and required steps to remedy the breach as soon as possible in accordance with applicable law.  We will undertake particular actions as the circumstances may require, which may include logging you out from your devices, resetting your password (and sending you a temporary password to regain access to your account), and other steps as necessary to mitigate the risk of disclosure of your Personal and SensitiveData.

 

If you have any questions on how we manage security breaches, or if you want to report a security incident to us, please reach out to us at privacy@fitrwoman.com.

 

YOUR PRIVACY RIGHTS

No matter where you are in the world, where you reside, or where your citizenship lies, we are committed to providing you the highest standards of data protection and privacy rights, as grounded in EU GDPR.  Here is a summary of your rights and how to exercise them:

 

Your Right to Object

You have the right to object to the processing of your Personal and Sensitive Data.  You may exercise your right at anytime by reaching out to us at privacy@fitrwoman.com.

 

Your Right to Access

You have the right to request information about the Personal and Sensitive Data we process, to have full access your Personal and Sensitive Data, and to receive a copy of your Personal and Sensitive Data in a structured and portable form.  

You can export your data at any time with the Export Data function in the Mobile App Settings.  When you export your data, a file containing your name, cycle status with start and end dates, phase status with start and end dates, and logging activity (symptoms and exercise intensity) is securely sent to the email associated with your account. 

You may also exercise your right by submitting a request for a copy of your Personal and Sensitive Data directly to us at privacy@fitrwoman.com.  As we process your request, we will take necessary steps to verify your identity and may require more information or clarifications from you. There is typically no charge to access your Personal and Sensitive Data. In cases of clearly unfounded, repetitive or excessive requests, however, we do reserve the right to assign a reasonable fee.

Your Right to Correct

You have the right to correct any of your Personal and Sensitive Data that you believe is inaccurate. You may exercise your right at anytime by reaching out to us at privacy@fitrwoman.com.

 

Your Right to Restrict

You have the right to request that the processing of your Personal and Sensitive Data be restricted in certain circumstances. Examples of such circumstances include:

 

• you have contested the accuracy of your Personal and Sensitive Data (your Right to Correct) and the verification of its accuracy is pending;

• you have contested the legal bases for which we are processing your Personal and Data (your Right to Object) and the verification of our legitimate grounds is pending;

• the processing of your Personal and Sensitive Data has been deemed unlawful and you request the restricted use of your Personal and Sensitive Data instead of its erasure; or

• we no longer require your Personal and Sensitive Data for our established purposes of processing but you request these data for the establishment, exercise or defense of a legal claim.

You may exercise your right to restrict the processing of your Personal and Sensitive Data at anytime by reaching out to us at privacy@fitrwoman.com.

 

Your Right to Erase

You have the right to request the erasure (deletion) your Personal and Sensitive Data. You may exercise your right at anytime by reaching out to us at privacy@fitrwoman.com. We will generally respond to and action your requests as soon as possible and in good faith subject to our legal obligations.  In some circumstances, we may not be able to comply with your request, in part or in full.  Once erased, your Personal and Sensitive Data will not be recoverable and certain features and functionality of the Apps may be affected.

 

How to exercise your privacy rights

You can exercise your privacy rights anytime by reaching out to us at privacy@fitrwoman.com.  We will address your request as soon as possible, in most cases within 30 days of receipt.  We will let you know if we need more time and explain the reasons for the delay. 

 

Please keep in mind that if you submit a request, we may contact you to provide additional information or clarification.  We may also require you to prove your identity.  Generally, we verify that the request is coming from the same email that you used to create your account.  In cases where you have not yet created an account, we may perform additional verification measures.

While we are here to help, we may refuse to comply with a request that is clearly unfounded or with repetitive or excessive requests. 

In addition to exercising your privacy rights directly with us, you may have a right to lodge a complaint with your local data protection authority about any of our data management practices that you think are not compliant with applicable law.  

 

HOW TO CONTACT US

If you have any questions or concerns about our Privacy Notice or data management practices, in general, please reach out to us at privacy@fitrwoman.com.

You may also send correspondence to our company headquarters:

Orreco Limited

Business Innovation Centre, Unit 103

National University of Ireland Galway

Upper Newcastle

Galway

H91 RW53

Ireland

 

You may also contact your local data protection authority directly.

 

European Economic Area

United Kingdom

United States