MOBILE MENU

PRIVACY POLICY

 

Fisikal Limited (“Fisikal”, “we”, “our”, “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, protect, and disclose your personal data when you visit our website, use Fisikal-powered mobile applications, or interact with our services.

By visiting any website available on the fisikal.com domain (the “Website”), or by using any Fisikal mobile application (the “Apps”), you accept and consent to the practices described in this Privacy Policy.

This Privacy Policy should be read together with our Terms of Use, End User Licence Agreement, SaaS Contracts, and any other agreements referenced within them.

 

1. Who We Are (Data Controller)

For the purposes of the UK General Data Protection Regulation (UK-GDPR), the EU GDPR (where applicable), and the Data Protection Act 2018, the Data Controller for personal data collected through our Website or Apps is:

Fisikal Limited
71–75 Shelton Street
London
WC2H 9JQ
United Kingdom

Email: support@fisikal.com
Privacy Contact: privacy@fisikal.com

Fisikal also acts as a Data Processor on behalf of our Customers (gyms, studios, fitness organisations, personal trainers, etc.) when processing personal data inside the Fisikal platform.

We do not transfer your personal data to third parties except as provided in this Privacy Policy or as required to deliver the Services.

 

2. What Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Information You Provide to Us
When using our Website or Apps:
  • Name
  • Email address
  • Phone number
  • Company/business details (for subscriptions and demos)
  • Address (optional)
  • Account login details
  • Information submitted through contact forms or reports of issues
  • Optional profile details you add to your account
When registering for demos or trials:
  • Full name
  • Email address
  • Business/organisation name
  • Contact information
When subscribing as a Customer:
  • Company name
  • Business address
  • Contact name(s)
  • Email and phone number
  • Billing and subscription data
When your customers interact with Fisikal:
  • Name
  • Email
  • Phone number
  • Transaction details
  • Appointment bookings
  • Service purchases
  • Attendance history
2.2 Special Category Data (Health Information)

If you register for our Apps or Services, you may provide health-related information such as:

  • Height
  • Weight
  • Injuries or conditions
  • Fitness assessments
  • PAR-Q responses

This is Special Category Data. We rely on Explicit Consent to collect and process this data, which you grant when you register and use our Apps.

2.3 Device & Technical Data
  • IP address
  • Device type
  • Unique device identifiers
  • Browser type
  • Operating system
  • Usage logs
  • Fisikal app performance data
  • Crash/diagnostic reports
2.4 Information We Receive Through Transactions

If you initiate a transaction (purchase, booking, subscription), we may collect:

  • Name
  • Email
  • Phone number
  • Billing details (non-card details)
  • Transaction metadata
  • Payment status

Fisikal never has access to full payment card details. All payment data is processed directly by PCI-compliant third-party payment providers.

 

3. Payment Providers

When you make payments through the Fisikal Website or Apps, the transaction is processed by one of these integrated third-party payment platforms:

  • Stripe
  • GoCardless

Fisikal never stores or has access to your full credit card information.
Please review each provider’s own privacy policy before submitting card information.

 

4. Cookies and Tracking Technologies

We use cookies to provide core functionality and improve user experience. Cookies may include:

Strictly Necessary Cookies

Required for security, login, transactions, and navigation.

Analytical/Performance Cookies

Used to analyse behaviour on the Website.
Examples: Google Analytics

Functionality Cookies

Remember user settings and preferences.

Targeting Cookies

Used to tailor Website experience; may be shared with third parties but contain no personally identifiable data.

Social Media Cookies

Buttons or widgets may set cookies including:

  • Twitter – used for sharing
  • Facebook – used for sharing and following
  • Instagram – used for following and engagement

You may manage cookies via your browser settings. Blocking cookies may affect Website or App functionality.

 

5. How We Use Your Personal Data

We use your data for the following purposes:

  • To operate and improve our Website and Apps
  • To deliver the services you request
  • To provide subscription services to Customers
  • To process bookings, purchases, and transactions
  • To deliver our commercial services to Customers
  • To send newsletters (with consent)
  • To notify you of changes to our services
  • To personalise your Website experience
  • To perform data analytics, audits, fraud monitoring, and service improvements
  • To enable social sharing features
  • To deliver push notifications
  • To respond to enquiries and provide support

We may also, with your consent or where legally permitted, use your data for marketing about similar products or services.

 

6. Legal Basis for Processing

Our lawful bases include:

  • Performance of a Contract – providing services to you or our Customers
  • Explicit Consent – for special category health data
  • Legitimate Interests – improving services, securing systems, supporting customers
  • Legal Obligations – compliance with laws, fraud prevention
  • Consent – marketing or optional tracking cookies

 

7. Disclosure of Your Information

We may disclose your personal data to:

7.1 Strategic Partners and Service Providers

These support hosting, infrastructure, email delivery, analytics, IT services, and customer support.

Key providers include:

  • DigitalOcean (hosting)
  • Docker (container infrastructure)
  • Amazon Web Services (AWS S3) (backups)
  • Google (analytics)
  • Apple (mobile distribution)
  • Websand (communications)
  • SendGrid (email delivery)
  • Zendesk (support)
  • Power BI (analytics environment)
  • Firebase (mobile services)
  • Microsoft Azure (selected components)
7.2 Payment Providers

Stripe, PayPal, DPS, Smartpay, GoCardless

7.3 Social Sharing

Where you choose to share Fisikal services on social platforms.

7.4 Corporate Transactions

If we sell or acquire a business.

7.5 Legal or Safety Requirements

To comply with law, enforce terms, prevent fraud, or protect safety.

7.6 Customer-Driven Disclosures

You consent that Fisikal may share your data with:

  • Your personal trainer
  • Your gym/fitness club
  • Other membership organisations
    When necessary to deliver the services you have requested.

 

8. Hosting, Storage, and International Transfers

All identifiable EU/UK personal data is stored within the UK or EU.

We may transfer data internationally only where appropriate safeguards are in place, including:

  • UK International Data Transfer Agreements (IDTAs)
  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions

 

9. Data Security

We use industry-standard security measures including:

  • TLS/SSL encrypted communications
  • Encrypted backups
  • Isolated customer databases
  • Firewalls & private networking
  • Role-based access control
  • Strict internal access restrictions
  • Monitoring and incident response
  • Secure software development lifecycle (SDLC)

While no system is 100 percent secure, we maintain strict procedures to prevent unauthorised access.

 

10. Your GDPR Rights

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure (“Right to be Forgotten”)
  • Restrict processing
  • Object to processing
  • Data portability (export)
  • Withdraw consent (where processing is consent-based)
  • Lodge a complaint with the ICO

To exercise any rights, contact:
support@fisikal.com

We will respond within 1 month.

 

11. Subject Access Requests (SAR)

You may request a copy of the personal data we hold about you.
We provide this electronically free of charge (reasonable requests).

 

12. Right to Be Forgotten

You may request deletion of all personally identifiable information.
We may retain data where required for legal or financial purposes.
Residual backup data will be removed automatically through backup rotation.

 

13. Data Retention

We regularly review the personal data we hold.

  • If you do not interact for a significant period, data may be deleted after notification.
  • If you cancel a subscription, data is deleted after 90 days.
  • Backups retain data for a limited technical retention window before automated deletion.
  • Anonymised data may be retained indefinitely.

 

14. Changes to This Privacy Policy

Updates will be posted on this page and, where appropriate, notified by email.
You may be required to accept updated terms to continue using the Services.

 

15. Contact Us

Questions, comments, and requests should be sent to:

support@fisikal.com
or
Fisikal Limited
71–75 Shelton Street
London
WC2H 9JQ
United Kingdom

If unsatisfied, you may contact the Information Commissioner’s Office (ICO):

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
www.ico.org.uk

Updated November 2025