Fit+ Privacy Policy

SweatWorks Oy (Fit+), Business ID 3544330-3, Hyytänpiha 1, 20400 Turku, Finland ("Fit⁺", "we", "us") respects your privacy.

This Privacy Policy explains how we process personal data when you use:

• the Fit+ website,

• the Fit+ mobile application, and

• our related services, products, and communications (together, the “Services”).

Our Services are intended for adult users in the EU/EEA. We comply with the EU General Data Protection Regulation (GDPR) and the Finnish Data Protection Act. Fit+ acts as the data controller for the personal data described in this policy.

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date.

1. Data Controller and Processors

Data controllerSweatWorks Oy (Fit+)
Business ID: 3544330-3
Hyytänpiha 1, 20400 Turku, Finland
Email: aya@fitplus.co 

A data controller determines the purposes and means of processing personal data. A data processor processes personal data on behalf of the controller under a written agreement.

Fit+ uses the following types of processors to provide the Services, subject to separate agreements:

• Website and application hosting providers (EU/EEA)

• Authentication and identity providers (e.g. Apple, Google Sign-In)

• Customer relationship management and marketing automation tools, including HubSpot

• Analytics providers

• Customer support tools

• Professional advisers (legal, accounting, compliance)

Personal Data is not sold and is not transferred or processed outside the EU/EEA.

2. Personal Data and Legal Basis for Processing

Personal Data is processed only where necessary, for defined purposes, and on a lawful basis under Article 6 of the GDPR.

2.1 Categories of Personal Data

We only collect Personal Data that is necessary to provide the Services and manage our relationship with you.

Account and identity information

• Name

• Email address

• Phone number (if provided)

• Date of birth

• City

• Profile picture

• Authentication identifiers from Apple or Google (where used)

Used to create and manage user accounts, verify eligibility to use the Services, and provide customer support. When using Apple Sign-In, Fit+ receives only the identifiers and information authorised by the user.

Subscription and entitlement information

• Subscription status

• Subscription start and end dates

• Entitlement level determining access rights

This data is required to operate the service and determine access to partner facilities.
Fit+ does not process payment card data. Payments are handled outside the application through separate B2B arrangements or platform providers.

Partner information and photographs

• Images

• Venue or company details

• Other onboarding information provided by partners

Used to identify partners, verify details, and deliver the Services.

Usage, access, and transactional informationWhen you use the Fit+ mobile application or Services, we generate and store usage data such as:

• Facility identifiers

• Timestamps of access or check-in events

• Method of access (e.g. QR, NFC, PIN)

• Subscription or entitlement used

• Internal user identifier

This data is required to:

• Enable access to partner facilities

• Display visit history to users

• Support partner reporting and compensation

• Maintain service integrity and prevent misuse

Technical information

• Log data

• IP address (transient)

• Application and device information (e.g. operating system version)

Fit+ does not store persistent device identifiers. Limited device-related data may be introduced in the future to restrict account use to a single active device and prevent abuse.

Marketing preferences

• Information about whether you have opted in to receive marketing communications

Inquiries and communications

• Name, email address, company name (if provided)

• Message content submitted via contact forms, support requests, or other communications

Used only to respond to inquiries and manage communications, in line with data minimisation principles.

Special categories of dataFit+ does not intentionally collect special categories of Personal Data, such as health data. If such data is voluntarily provided, it is processed only with explicit consent.

2.2 Legal Basis and Retention

Fit+ does not use Personal Data for automated decision-making that produces legal or similarly significant effects.

3. Cookies and Analytics (Website)

Fit+ uses a cookie consent banner that allows visitors to accept or reject non-essential cookies before they are placed on their device.

• Essential cookies are always enabled

• Analytics and marketing cookies are set only after consent

• No pre-ticked boxes are used

• Consent can be withdrawn at any time via cookie settings or browser controls

Whenever data is submitted directly on the website, a link to this policy is provided at the point of collection.

4. Data Sharing and Third Parties

To enable access to partner facilities, limited user data (such as name, email address, pseudonymised identifier, or internal user ID) may be shared with:

• Fitness and wellness venue operators

• Access control system providers

These parties act as independent data controllers for their own processing activities. Fit⁺ shares only the minimum data necessary for access and operational purposes.

5. Data Retention

• Account and subscription data is retained for the duration of the user account

• Access and usage logs are retained until account deletion

• Upon deletion, personal identifiers are removed or anonymised where transactional records must be preserved for accounting or reporting purposes

• Analytics data is retained only in anonymised or aggregated form

6. Account Deletion

Users may request account deletion:

• Directly through the mobile application, or

• By contacting Fit+ at support@fitplus.co 

Deletion removes or anonymises Personal Data in accordance with Section 5. Read more in the delete my account. 

7. Security

Fit⁺ applies appropriate technical and organisational measures to protect Personal Data, including:

• Role-based access controls

• Encryption of data in transit and, where applicable, at rest

• Secure infrastructure and monitoring

• Confidentiality and contractual obligations for personnel and processors

Security measures are proportional to the sensitivity of the data and the risks involved.

8. Children’s Data

Fit⁺ is intended for adult users only. We do not knowingly collect Personal Data from children or allow accounts for minors.

9. Your Rights as a Data Subject

Under the GDPR, you have the right to:

• Access your Personal Data

• Rectify inaccurate or incomplete data

• Request erasure

• Restrict processing

• Receive your data in a portable format

• Object to processing based on legitimate interests or direct marketing

• Withdraw consent at any time

Requests can be made to: aya@fitplus.co 

You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman:
https://tietosuoja.fi/en/private-persons

10. Contact Information Regarding Data Privacy Matters

SweatWorks Oy (Fit+)
Business ID: 3544330-3
Hyytänpiha 1, 20400 Turku, Finland
Email: aya@fitplus.co 

For security reasons, we may request proof of identity when responding to privacy requests.

11. Changes to the Privacy Policy

The latest version of this Privacy Policy will always be available on our website.

https://fitplus.co/privacy

Material changes may also be communicated through the mobile application or other appropriate channels.