ITFITS.FIT WEB SITE PRIVACY POLICY

Effective as of January 15, 2024

This Privacy Policy ("Privacy Policy") explains how CashFlow LLC and its affiliates ("Company" or "we" or "us") collects, stores, uses, and discloses information from our users ("you") in connection with your use of the ITFITS.FIT website (the "Website") and any related content, features, materials, applications, and/or services.

 

1. Acceptance of privacy policy. Changes to privacy policy

This Privacy policy is an integral part of the Terms of Use. By accepting the Terms of Use, you also accept this Privacy Policy. In some cases, we may ask you to explicitly accept this Privacy Policy.

We reserve the right to and may periodically change, amend, or update this Privacy Policy. We will notify you by email, through the Website, or by presenting you with a new version of Privacy Policy for you to accept if we make modifications that materially change your rights. Your continued use of the Website after the effective date of an updated version of this Privacy Policy will indicate your acceptance of the Privacy Policy as modified. In some cases, we may ask you to explicitly accept the updated Privacy Policy.

Defined terms used in this Privacy Policy have the same meaning attributed to them in the Terms of Use.



2. PERSONAL DATA AND INFORMATION WE COLLECT

When you open and use the Website, we may collect the following technical or (and) personal data ("Data"):

·       Your name (if you voluntarily enter it in order to contact us);

·       Your e-mail address (if you voluntarily enter it in order to contact us);

·       Your phone (if you voluntarily enter it in order to contact us);

·       Your company name (if you voluntarily enter it in order to contact us);

·       Your job title (if you voluntarily enter it in order to contact us);

·       Location information (country/region);

·       Photos of your foots (for building a 3D models and measuring);

·       Interests/affinities within the Website;

·       Information about your device (description of a device that is used to access the Website, for example, device ID, type of OS, its version and language);

·       Sessions (completed Sessions across OS);

·       Information that is gathered about your use of the Website (frequency of use, experienced problems, etc.) via cookies or similar technologies (for instance, through third party services like Amplitude). We need such information in order to improve Website's functionality and technical stability. This section may include information about your interaction with Third-Party Services).

We do not collect other personal information which was not mentioned above if not voluntarily and expressly shared by you, however, reserve our right to do so in the future granted we amend this Privacy Policy as stipulated by Section 1. We never collect any sensitive personal data about you. "Personal Data" is referred to herein as information that relates to an identified or identifiable individual.



3. YOUR CONSENT

By using the Website, you explicitly consent that:

1.    WE MAY STORE AND PROCESS YOUR PERSONAL DATA AND INFORMATION FOR THE PURPOSE OF PROVIDING SERVICES TO YOU, TO IMPROVE OUR SERVICE FEATURES AND OTHER PURPOSES INDICATED IN SECTION 4 OF THIS PRIVACY POLICY. SUCH SERVICES MAY INCLUDE SENDING YOU INFORMATION AND REMINDERS THROUGH THE APP.

2.    WE WILL NOT TRANSMIT ANY OF YOUR INFORMATION TO THIRD PARTIES, EXCEPT IF IT IS REQUIRED TO PROVIDE THE SERVICE TO YOU (E.G. TECHNICAL SERVICE OR ANALYTICS PROVIDERS), UNLESS WE HAVE ASKED FOR YOUR EXPLICIT CONSENT.

4. HOW WE USE YOUR PERSONAL DATA

We use all collected Data to improve the Website and deliver a better experience. Among others, we may use your Personal data and information to:

1.    analyze, operate, maintain and improve the Website, to add new features and services to the Website;

2.    provide and received from you commercial information;

3.    send you technical notices, updates, security alerts and support and administrative messages;

4.    monitor and analyze trends, usage and activities in connection with our Website.

5. HOW WE PROCESS YOUR PERSONAL DATA

·       Lawfully, fairly and transparently;

·       Only for the purpose stated at the time of collection;

·       Only such Personal Data that is adequate, relevant and limited to what is necessary for the stated purpose will be collected;

·       It is your responsibility to ensure that any Personal Data you provide is accurate at the time of collection and if ensure timely changes to the Personal Data, and we will take every reasonable action to ensure the data remains accurate;

·       Your Personal Data will not be kept longer than necessary for the stated purpose except for statistical reasons in which case appropriate technical and organizational measures will be implemented to safeguard your data;

·       We will process your data in a manner that ensures security using appropriate technical or organizational measures;

·       We do not sell, lease, rent or otherwise disclose your Personal Data to third parties, except our group companies or authorized third parties who process Personal Data for the Company for the purposes described in this Policy. These authorized third parties are not permitted to use your Personal Data for any other purposes. We require them to act consistently with this Privacy Policy and to use appropriate security measures to protect your Personal Data.

We may preserve and share your Personal Data in response to a legal request from a competent authority (search warrant, subpoena, court order). We may also preserve and share your Personal Data when we have a good belief that that is necessary for a legitimate purpose, e.g., detecting fraudulent behavior, to protect security, and in other cases.




6. HOW WE STORE AND SHARE YOUR PERSONAL DATA

All your Personal Data is stored and processed only by us.

We do not share your Information with any third parties except as specified by this Privacy Policy.

We may preserve and share your Personal Data in response to a legal request from a competent authority (search warrant, subpoena, court order). We may also preserve and share your Personal Data when we have a good belief that that is necessary for a legitimate purpose: like detecting fraudulent behavior at the Website, in order to protect the security of the Website, and in other cases.

You may choose to share your content (for example your photos with applied footwear masks) using our proprietary or Third-Party Services. Please note that any such Third-Party Services are not governed by this Privacy Policy. For instance, if you choose to send an email to share your photo using your Google account, then all applicable Google privacy policies will apply. When you access and use Third-Party Services via the Website, we are not responsible for these Third-Party Services and we do not endorse or make any warranties and representations about such Third-Party Services.



7. DATA RETENTION AND SECURITY

If you choose to not use the Website again, we may retain your Information for as long as you are active and within a reasonable period, but normally no longer than 2 years.

We take all reasonable and appropriate measures to protect all collected Personal Data and information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Among others, we utilize the following information security measures to protect your Personal Data:

1.    Pseudominization and tokenization of certain categories of your Personal Data;

2.    Encryption of your Information in transit and in rest;

3.    Systematic vulnerability scanning and penetration testing;

4.    Protection of data integrity.

Please keep in mind that no security system is perfect and, as such, we cannot guarantee the absolute security of the Website, or that your Personal Data won't be intercepted while being transmitted to us. If we learn of a security systems breach, we may post a notice, and will take reasonable steps to remedy the breach.



8. YOUR RIGHTS

Modification, correction and erasure. You have a right to modify, correct, erase, and update your Personal Data by contacting us at support@itfits.fit.

Access. You have a right to access your Personal Data you submit to the Website and ask us about what kind of Personal Data we have about you. You can do this by contacting us at support@itfits.fit.

EEA residents. Individuals residing in the countries of the European Economic Area have certain statutory rights in relation to their personal data introduced by the General Data Protection Regulation (the "GDPR"). Subject to any exemptions provided by law, you have the following rights:

1.    Rectification of Personal Data and Restriction of Processing. You are responsible for ensuring the accuracy of your Personal Data that you submit to the Website. If you believe that your Personal Data is inaccurate, you have the right to ask us to correct such Personal Data by contacting us at support@itfits.fit. You shall also have the right to request restriction of processing of your Personal Data, if you contest the accuracy of the Personal Data and we need some time to verify its accuracy.

2.    Access to your Personal Data and Data Portability. You have the right to request information about whether we have any Personal Data about you, to access your Personal Data (including in a structured and portable form) by contacting us at support@itfits.fit.

3.    Erasure of your Personal Data. If you believe that your Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, or in cases where you have withdrawn your consent or object to the processing of your Personal Data, or in cases where the processing of your Personal Data does not otherwise comply with the GDPR, you have right to contact us at support@itfits.fit and ask us to erase such Personal Data. Please be aware that erasing some Personal Data submitted by you may affect your possibility to utilize the Website and its features. Erasure of some Personal Data may also take some time due to technical reasons.

4.    Notification requirements. We commit to notify you within a reasonable period of time and your data protection authority within the timeframe specified in applicable law and, where feasible, not later than 72 hours after having become aware of it, about any personal data breaches in the Website.

5.    Data Protection Authorities. Subject to GDPR, you also have the right to (i) restrict our use of Personal Data and (ii) lodge a complaint with your local data protection authority about any of our activities that you deem are not compliant with GDPR.

Please keep in mind that in case of a vague access, erasure, objection request or any other request in exercise of the mentioned rights we may engage you in a dialogue so as to better understand the motivation for the request and to locate respective information. In case this is impossible, we reserve the right to refuse granting your request.

Please note that we will grant your request within 30 days after receiving it, but it may take us up to 90 days in some cases, for example, for full erasure of your Personal Data stored in our backup systems - this is due to the size and complexity of the systems we use to store data.



9. CHILDREN'S PRIVACY

We are committed to protecting the privacy of children under COPPA, GDPR or any other applicable law.


10. DATA PROTECTION OFFICER

To communicate with our Data Protection Officer on any privacy matters, please email at support@itfits.fit.


11. CONTACT US

If you have any questions or concerns about your privacy, any provisions of this Privacy Policy or any of your rights, you may contact us at:

CashFlow LLC
Email: support@itfits.fit