Privacy and Cookies Policy – Fit Net

Introduction and Purpose

Introduction

As part of its business activities—which include the design, development, and operation of gyms, fitness centres, and wellness facilities, as well as the sale of products and provision of services across the fitness and wellbeing sectors—JUMATIC, S.A., a public limited company with registered office at The Tower, Rua do Silval, 37, Sala 1.4, 2780-373 Oeiras, Portugal, company number 518082229 (hereinafter "Fit Net"), collects and processes various categories of personal data.

Purpose of this Policy

This Policy aims to provide clear and transparent information to data subjects (hereinafter "Users") regarding the processing of their personal data by Fit Net, ensuring full compliance with applicable legal requirements.

Fit Net is committed to safeguarding the confidentiality of all information provided and to protecting Users' privacy.

General Principles for Data Processing

Fit Net ensures that personal data is:

• Processed lawfully, fairly, and transparently
• Collected for specific, explicit, and legitimate purposes
• Adequate, relevant, and limited to what is necessary
• Accurate and kept up to date
• Retained only for as long as necessary
• Processed securely, with appropriate technical and organisational safeguards

General Provisions

Data Controller

Fit Net acts as the data controller responsible for the processing of personal data and for this Privacy and Cookies Policy.

Purposes of Data Processing

Personal data is processed for the following purposes:

• Customer management and contractual relationship
• User registration on the Website/App
• Communication management
• Billing and payment processing
• Access control to Fit Net gyms
• Consumer profiling and behaviour analysis
• Marketing and commercial communications
• Recruitment and staff management
• Workplace safety and health
• Supplier management
• Compliance with legal obligations
• Video surveillance

Legal Basis for Processing

Processing is based on one or more of the following:

• Performance of a contract or pre-contractual steps
• Compliance with legal obligations
• Legitimate interests pursued by Fit Net or third parties
• User consent (where applicable)

Data Retention Periods

Retention periods vary depending on purpose. As a general rule:

• Customer management: 10 years after contract termination
• User registration: 2 years after termination
• Communications: 2 years
• Billing: 10 years
• Access control: 2 years
• Profiling: 2 years
• Marketing: Until consent is withdrawn
• Recruitment: 2 years (unless extended by consent)
• Staff management: 10 years
• Supplier management: 10 years
• Legal compliance: 10 years
• Video surveillance: 30 days

Data may be retained longer where required by law or ongoing legal proceedings.

Cookies Policy

Fit Net uses cookies and similar tracking technologies. Cookies are small text files stored on a User's device to:

• Remember preferences
• Improve navigation
• Enhance user experience

Types of Cookies Used

• Essential Cookies – Required for site functionality
• Performance Cookies – Analyse usage and improve services
• Marketing Cookies – Deliver relevant advertising
• Personalisation Cookies – Store user preferences

Users may manage cookie settings via their browser. Disabling cookies may affect functionality. Fit Net is not responsible for cookies used on third-party websites.

Security Measures

Fit Net implements appropriate technical and organisational measures, including:

• Regular audits
• Staff training
• Data encryption and pseudonymisation
• Secure systems and infrastructure
• Incident recovery mechanisms
• Restricted access controls

Data Processors

Fit Net may engage third-party processors to handle data on its behalf. These entities:

• Act strictly under Fit Net's instructions
• Are contractually bound to comply with GDPR
• Cannot subcontract without prior written approval

Data Sharing

Personal data may be shared:

• With User consent
• For contractual performance
• To comply with legal obligations
• To pursue legitimate interests

International Data Transfers

Where data is transferred outside the EU, Fit Net ensures compliance with applicable legal safeguards, including adequacy decisions and appropriate contractual protections.

User Rights

Users have the right to:

• Access – Request confirmation and access to their personal data.
• Information – Receive clear information on how their data is processed.
• Rectification – Correct inaccurate or incomplete data.
• Erasure ("Right to be Forgotten") – Request deletion where legally applicable.
• Restriction – Limit processing under certain conditions.
• Portability – Receive data in a structured, machine-readable format.
• Objection – Object to processing, including for direct marketing.
• Automated Decisions – Not be subject to decisions based solely on automated processing, except where legally permitted.

Right to Lodge a Complaint

Users may lodge complaints with the Portuguese Data Protection Authority (CNPD):

• Address: Av. D. Carlos I, 134 – 1.º, 1200-651 Lisbon
• Phone: +351 213 928 400
• Email: geral@cnpd.pt

Exercising Your Rights

Users may exercise their rights via:

• dados@rgpd.fitnetgyms.com
• Or through the Fit Net App

Fit Net will respond within one month, extendable to two months for complex requests.

Final Provisions

Policy Updates

Fit Net may amend this Policy at any time. Updates will be published with the revision date.

Contact

For questions or complaints: dados@rgpd.fitnetgyms.com

Governing Law and Jurisdiction

This Policy is governed by EU Regulation (GDPR – 2016/679) and applicable Portuguese law. Disputes fall under the jurisdiction of the courts of Lisbon.

Last updated: May 2026