FIT-C Coming Soon Banner

Fit-C Centre – Privacy Policy

1.Introduction

This Privacy Policy describes how BJ Dhanvi Software Solutions Private Limited with brand name Fit-C (“we” or “us”) collects, uses, shares, and protects personal data in relation to the Fit-C Centre Dashboard and associated services (collectively, the “Centre Platform”). The Centre Platform is provided to fitness centres, gyms, studios, or similar organizations (referred to here as “Centres” or “you”) to manage memberships, payments, scheduling, staff (including trainers), promotions, CRM, events, and other operations. We understand that the Centre Platform involves handling a significant amount of personal data – including data about your members (end users) and trainers – and we are committed to helping you manage that data responsibly and in compliance with applicable laws. This Policy explains our respective roles and responsibilities regarding personal data, what data we collect and process, how we use it, and how it is shared. It also outlines the privacy choices and rights available to you and to individuals whose data is processed via the Centre Platform.

By using the Centre Dashboard or related services, you confirm that you have read and understood this Privacy Policy. If you, as a Centre or authorized Centre admin, do not agree with any part of this Policy, please refrain from using the platform.

Role of Fit-C vs Centre:

It is important to note that Centres have primary control over and responsibility for the personal data of their members and trainers that are managed via the Fit-C platform. In data protection terms, the Centre typically acts as the “data fiduciary” (or data controller) for member and trainer data – determining the purposes and means of processing – while Fit-C acts as a “data processor” (or service provider) that processes such data on the Centre’s behalf. This means that while this Policy outlines how Fit-C handles data within the platform, Centres must ensure they have appropriate legal grounds (such as consent) to collect and use personal data in the platform, and that they comply with their obligations under privacy laws. We assist by providing tools and safeguards, but we rely on Centres to use the platform in a law-abiding manner.

2.Data We Collect via the Centre Platform

When a Centre uses the Fit-C Centre Dashboard, data is collected at multiple levels: Centre account data, data about Centre staff (including trainers), and data about end users (members/clients). Below are the categories of data involved:

Centre Account Information:

To set up your Centre on our platform, we collect business-related data such as the Centre’s name, address, contact details (phone, email), and administrative contact persons. We may also collect billing details (e.g., GST number, billing address) and payment information for subscription fees (such as UPI details, bank account, or credit card info, processed via secure payment gateways). If the Centre has multiple branches, we may collect information for each branch (location, manager contact, etc.).

Administrator and Staff Data:

For individuals who are given access to the Centre Dashboard (Centre administrators, receptionists, managers, etc.), we collect personal data to create their user accounts. This typically includes name, work email, phone number, job title/role, and authentication credentials for the platform (like username and password or SSO identity). If staff use the platform’s attendance or HR features, we might also process work schedules, performance metrics, or other work-related info. For trainers onboarded by a Centre: their profile information (name, qualifications, contact), schedule, payroll/payout data (if managed through our system) and similar details are collected.

Member (End User) Personal Data:

This is a significant category. When your members join and use services through the Fit-C platform (often via the Fit-C User App or through Centre staff input), the system collects and stores their personal data. This can include:

  • Identification and Contact Details: Name, phone number, email, date of birth, gender, address of the member.
  • Membership and Transaction Data: Membership start/end dates, membership plan details, payment history (fees paid, invoices), attendance logs (gym check-ins), class or session bookings, cancellations, and renewals. If your Centre offers trials or guest passes via the platform, visitor info might also be recorded.
  • Fitness and Health Data: The platform can record fitness assessment details and progress metrics – e.g., height, weight, BMI, body fat percentage, workout history, diet preferences, injury or medical conditions (if the member provides that to tailor their program), and any biometric data captured (like heart rate, if integrated via wearable sync). Biometric and health data are considered sensitive, and we treat them with higher security (see Section 7 on Data Security).
  • Activity Data: Data on classes or training sessions the member has participated in, trainer feedback notes, challenge or event participation, usage of AI Chatbot, and engagement with promotions or referrals.
  • Communication Data: If the platform includes messaging or community features, any interactions the member has (posts, chats with trainers, feedback submitted) are stored. Additionally, if members contact Fit-C support, those communications are logged.
  • Device/Technical Data: When members use the mobile app or interact via web, we may collect device identifiers, operating system, IP address, and cookies or similar tracking technologies.

Other Data Categories:

  • Centre Operations Data: Inventory of products (if using a POS module), CRM notes about leads and prospects, marketing campaign details, and event listings.
  • Feedback and Surveys: If either the Centre or Fit-C conducts surveys (like member satisfaction surveys), those responses are collected and tied to the individual respondents if not anonymous.

3.How We Use the Data

Fit-C uses the data collected through the Centre Platform for the following purposes, acting primarily as a service provider to the Centre:

  • Service Delivery: To deliver the core functionality of the Centre Dashboard and connected Fit-C services (e.g., managing schedules, sending reminders, processing payments, populating dashboards). This is carried out on your behalf.
  • Centre Administration: To manage the relationship with your Centre, including billing for subscription fees, notifying you of platform changes, and responding to support requests. We may offer new features, but you can opt-out of promotional communications.
  • Analytics and Reporting for Centre: Aggregating data into useful analytics for your Centre’s benefit (e.g., revenue reports, membership growth trends, attendance statistics). We generate and display these reports to authorized Centre users.
  • Improvement of Platform (Product Development): We use data (often in aggregated or anonymized form) to understand usage patterns, fix performance issues, and guide new feature development (e.g., training our AI Chatbot). We do not use any personal data in a way that would identify your Centre’s members or share your Centre-specific data with other centres.
  • Support and Training: Accessing relevant data to assist you if you reach out for support, and using support incidents to improve our help resources. Support calls or chats may be recorded or logged for quality purposes.
  • Compliance and Legal Obligations: Processing and retaining data as necessary to comply with legal obligations (e.g., keeping consent records, responding to data access/deletion requests, maintaining security logs).
  • Protecting Rights and Preventing Misuse: Using data to investigate, prevent, or take action regarding illegal activities, suspected fraud, or violations of our terms (e.g., detecting unusual login patterns). This may involve sharing data with appropriate authorities.

Important Note: Where we act as a data processor (processing member and trainer data on your behalf), we will not use that data for any purpose outside the scope of providing services to you and improving the platform as described. We will not use your members’ personal data to market to them or sell their information.

4.Disclosure of Data (Sharing)

Fit-C will share or disclose data in the following circumstances:

  • Within the Platform Ecosystem: Data flows by design between the Centre Dashboard, Trainer App, and User App (e.g., schedule updates, trainer notes) to enable service functionality. We ensure that only the appropriate linked accounts can see each other’s data.
  • Service Providers (Processors): We use third-party service providers (e.g., cloud hosting providers like AWS/Azure, payment processors like Razorpay/Paytm, email/SMS delivery services like Twilio/Msg91). We share only necessary data and these providers are bound by contracts to process data only under our instructions and implement suitable security measures.
  • With Your Consent or Instruction: We might share data with third parties if you (the Centre) explicitly instruct us to or consent to it (e.g., integrating Fit-C with a local accounting system via our API).
  • Business Transfers: If Fit-C undergoes a merger, acquisition, or asset sale, personal data might be transferred. We will ensure the successor entity is bound to the same privacy standards and provide notice.
  • Legal Compliance: Disclosing data to third parties (including governmental authorities) if reasonably necessary to comply with any applicable law, regulation, legal process, or governmental request (e.g., a court order).
  • Aggregated Insights: Sharing aggregated, anonymized insights externally (e.g., industry reports) that will not reveal any personal or Centre-identifiable data.

Fit-C does not share your end-users’ personal data with advertisers or marketers for their own use, and we do not sell personal data.

5.Data Stewardship and Responsibilities

Centre’s Responsibilities (Data Fiduciary):

As the party with primary control over member and trainer data, you are responsible for:

  • Having a clear legal basis for processing (e.g., obtaining the member’s informed consent or having a contractual necessity). You must provide a privacy notice to your members and staff.
  • Ensuring data quality (i.e., data entered by staff is accurate and up-to-date).
  • Handling any privacy rights requests (access, deletion, correction) from your members or trainers. Fit-C will assist, but the decision and primary duty lies with you.
  • Maintaining the confidentiality of login credentials and using our role-based access controls to limit staff access.
  • Addressing grievances of data principals (members) and reporting any incidents to Fit-C promptly.

Fit-C’s Responsibilities (Data Processor):

As the platform provider and data processor, Fit-C is responsible for:

  • Implementing appropriate technical and organizational security measures to protect personal data (see Section 7).
  • Not accessing or using the data for purposes outside the scope of delivering and improving the service (unless required by law).
  • Assisting Centres in complying with law (e.g., providing tools for deletion requests, enabling consent features, and notifying you promptly of any data breaches).
  • Adhering to any specific data processing terms and serving as a point of contact for privacy concerns via our Grievance Officer.

6.International Data Transfers

Fit-C is an India-based service, and we primarily store and process data on servers located in India. However, some of our service providers or backup systems might be located in other countries (e.g., Asia-Pacific region, US, or EU).

We carefully monitor and comply with all rules regarding cross-border data transfers under the Digital Personal Data Protection Act, 2023. We ensure that data is only sent to jurisdictions that are not disallowed and that we implement contractual safeguards to ensure an adequate level of protection even outside India. Our default practice is to use Indian servers for primary data.

7.Data Security

We employ robust security measures to safeguard personal data, including:

  • Encryption: All network communications are encrypted via HTTPS/TLS. Sensitive personal data (including passwords, which are hashed) and financial information are additionally encrypted at rest in our databases or securely stored by PCI-compliant payment gateways.
  • Access Controls: We use the principle of least privilege. Within Fit-C, only authorized, trained, and monitored employees have limited access. We require multi-factor authentication for production systems and offer role-based permissions for Centre staff accounts.
  • Monitoring and Auditing: Our systems log access and actions. We actively monitor for unusual patterns and utilize intrusion detection systems. We conduct periodic Penetration Tests and Vulnerability Assessments.
  • Incident Response: We have an incident response plan to promptly contain, investigate, and notify affected Centres of any security breach without undue delay, as per legal requirements.

We ask that you also take steps such as using strong passwords and informing us if you suspect any account compromise.

8.Data Retention and Deletion

We retain personal data for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations.

  • Active Use: Data is retained for as long as your Centre remains an active customer.
  • Archival of Former Members: Profiles may be marked inactive but not immediately deleted, as the Centre might need historical access. Centres have the ability to manually delete a member’s profile.
  • Terminated Centre Accounts: If your subscription ends, we retain your data for a limited period (e.g., 120 days) to allow you to export it. After that window, we commence the deletion of member and trainer personal data from our live systems.
  • Legal Exceptions: Certain data (like financial records) may be retained longer to comply with tax or accounting laws, or if needed for a legal claim.
  • Anonymized Data: Anonymized or aggregated data (which is no longer personal data) may be retained indefinitely for cumulative insights and product analysis.
  • Request-Based Deletion: If a member or data subject exercises their right to erasure (and you approve), we will assist in deleting or pseudonymizing their data promptly.

9.Individual Rights and How to Exercise Them

Individuals have rights under law, which are managed differently depending on the relationship:

A. Member/Trainer Data Subject Rights:

These rights (e.g., Right to Access, Right to Correction, Right to Deletion, Right to Withdraw Consent) should ideally be directed to the Centre (you), as you are the Data Fiduciary and have the direct relationship.

Fit-C’s Role: We provide the necessary tools and support (e.g., data export, deletion functions) to help you fulfill these requests efficiently and legally. We will not independently erase or provide someone’s data without your instruction.

B. Centre User Rights (vis-à-vis Fit-C):

For the personal data we hold about you as a Centre admin/contact person (e.g., your business email, logs), Fit-C is the Data Fiduciary. You have similar rights towards us (e.g., correcting your contact info, requesting account removal if you leave the Centre). We will process these requests directly.

10.Grievance Redressal and Contact Information

Fit-C has appointed a Grievance Officer to address any privacy-related concerns or complaints from users, Centres, or any data principals in a timely manner.

Grievance Officer Contact:

  • Email: [Please provide Email]
  • Address: [Please provide Address]
  • Phone: [Please provide Phone]

Please include your Centre name and a detailed description of your concern/request in your communication.

We will acknowledge receipt of grievances typically within 24 hours and aim to resolve or respond substantively within 15 days or as required by law. If you are not satisfied, data principals may have the right to file a complaint with the Data Protection Board of India once established.

11.App Store and Third-Party Platforms

If you obtain our app through an app store, the data it collects is as described above. App store downloads are governed by the app store's own privacy policy. If the Centre Dashboard integrates with any social media or third-party login (e.g., Google account login for an admin), basic profile data is used with your consent at the time of linking.

12.Updates to this Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will revise the “Last Updated” date at the top. If changes are significant, we will provide a more prominent notice (e.g., a banner or email to the account owner). Continuing to use the Centre Platform after an update indicates your acceptance of the new terms.