Privacy Policy
Last updated: 15 October 2025
WHY WE HAVE THIS PRIVACY POLICY
At FitBaltics, we believe trust starts with transparency. Protecting your personal information and respecting your privacy are not just legal obligations, they’re part of our core values. This Privacy Policy explains clearly how and why we collect, use, and safeguard your personal data when you visit fitbaltics.com, interact with us on social media, subscribe to our marketing, or purchase our products.
Your personal data is protected under the General Data Protection Regulation (EU) 2016/679 (GDPR) and related data protection laws. We fully comply with these obligations and take every reasonable measure to ensure your information remains secure, confidential, and processed only for legitimate purposes.
We know this Privacy Policy is detailed, and that’s intentional. We want you to be fully informed about what data we collect, how it is used, who we share it with, and the rights you have as an individual.
WHO WE MEAN BY “WE” AND “YOU”
Throughout this Policy:
- “We “, “our”, or “us” refers to FitBaltics, the legal entity that owns and operates fitbaltics.com.
- “You” or “your” refers to any individual who interacts with us, including website visitors, customers, newsletter subscribers, and participants in our campaigns or promotions.
This Privacy Policy applies to all such interactions unless you are engaging with us under a separate policy, such as a candidate or supplier policy.
YOUR DUTY TO INFORM US OF CHANGES
To keep your information accurate and up to date, please update your FitBaltics account or contact us if your details change.
WHAT HAPPENS IF YOU DO NOT PROVIDE YOUR PERSONAL INFORMATION
Providing certain personal data (such as delivery or payment information) is required for us to process and ship your order. If you choose not to provide the required details, we may not be able to fulfill your order or provide specific services. However, generally, you are not obliged to provide us with any of your personal information.
QUESTIONS OR CONCERNS
If you have any questions about this Privacy Policy or how your data is handled, please contact our Data Protection Officer at privacy@fitbaltics.com
CHANGES TO THIS PRIVACY POLICY
We review this Privacy Policy regularly to reflect updates in our operations, services, or laws. The latest version will always be available on www.fitbaltics.com/privacy-policy
. When material changes occur, we will notify you via email or by posting news on our website.
DATA PROTECTION PRINCIPLES
We are committed to processing your personal information in accordance with the following GDPR principles:
- Lawfulness, fairness, and transparency – We only process your data lawfully and transparently.
- Purpose limitation – We use your data only for clearly defined, legitimate purposes.
- Data minimization – We collect only the information necessary for those purposes.
- Accuracy – We take steps to keep your data current and correct inaccuracies.
- Storage limitation – We retain data only as long as needed or required by law.
- Integrity and confidentiality – We protect data through technical and organizational safeguards, including encryption, access controls, and secure storage.
WHAT PERSONAL INFORMATION WE COLLECT
Depending on your interaction with FitBaltics, we may collect and process:
- Personal contact details, including name, title, address (billing and delivery), email address, and telephone number(s).
- Information about your date of birth, age, gender, marital status, and the name of any delivery recipient.
- Details regarding or connected to products or services that you have ordered from us.
- Details of apps that you have licensed from us to use and usage information relating to those apps, where it was downloaded from, traffic and communications data and resources accessed.
- Device data where you use our apps or website which may include information about the device you use and the unique device identifier for example your device’s IMEA number, the MAC address of the device’s wireless network interface, or the mobile phone used by the device, mobile network information, your mobile operating system, the type of mobile browser you use, time zone setting, the IP address, device type, usernames and account details, location data which may include your current location disclosed by your own software. However, we do not use separate location tracking software.
- Profile data, including your username, purchase history, your interests, preferences, feedback, and responses, and any inferences drawn from any of your personal data to create a profile about you to reflect your preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities, and aptitudes.
- Content data, which includes information stored on your device, including login information, videos, photographs, and audio recordings or other digital content, check-ins, or your workout data that you input and upload, and your social media handles, posts, and information about your followers that you tag us in.
- Payment details, payment card details, bank account details, financial transactions, and refunds.
- Any terms and conditions relating to your relationship with us.
- Any communications between us and you.
- Your social media handles, social media posts, information about your social media followers, information about any product/service endorsements by you, and other aspects of your social media activity.
- Publicly available personal information, including any that you have shared via a public platform, online, or on social media.
- Details of your sporting or athletic achievements and activity, and related plans and progress, where you tell us about them.
- Personal history and information, including hobbies, interests, and your preferences.
- Responses and results of surveys.
- Fraud prevention-related information, which may include details of other transactions you have been involved in.
- Applications to enter or attend competitions, promotions, or events, attendance at events and promotions, and any results or other related personal information.
- How you use our website as we collect information about the pages you look at and how you use them, usernames, account details and passwords, entry and exit data when you look at or leave our website, details of products, events and materials that may be interest to you, online subscription information, for example, when you subscribe to one of our updates, blogs or other materials, browser related information, cookies that are set on your device by our website (for more details see our separate cookie policy at https://fitbaltics.com/cookie-policy.
- Your use of the IT systems we make available to visitors to our premises, including any visitor internet facilities.
- IP address information that allows us to track your use of our website.
- Identification information, including your driving license and/or passport, and background checks, when verification is needed.
- Gym training records, professional details.
- Vehicle registration number, make, and model if you are driving to visit us at our premises or an event.
- Details of any queries, complaints, claims, and cases involving both us and you, including any related communications.
- Photographs, video footage, audio recordings, and other content, for example, any created as part of our marketing or promotion campaigns, which are taken at events we hold, when you enter a competition, posts made on social media, or when you are on our premises, or which you provide to us.
- Any other personal information you provide to us.
If you are providing us with details of any other individuals, for example, a friend of yours that you ask us to deliver our products to where you have ordered them as a present, they have a right to know and to be aware of what personal information we hold about them, how we collect it and how we use and may share that information. Please share this privacy policy with them. They also have the same rights regarding their personal data that we collect as set out in this privacy policy .
WE AIM NOT TO COLLECT PERSONAL INFORMATION ABOUT CHILDREN
Our supply of products or services (whether in store or online), our apps, our website, events, promotions, social media, content, blogs, materials, and other services we provide are not intended for use by anyone under the age of 18 years and we do not knowingly collect personal information relating to anyone under the age of 18 years old.
We may, in some cases, collect limited personal information related to children where they are connected to someone who is 18 or older with whom we have a relationship, for exampl,e a child may attend an event or our premises when accompanied by a responsible adult who has won a competition or who is entitled to attend one of our events.
WHO WE SHARE YOUR PERSONAL INFORMATION WITH
Fitbaltics collects your personal information in a variety of ways and from a variety of sources as set out below:
Most of your personal information is collected directly from you, for example through contact with you, through information you input into your account on our website, through information you input into our app, from orders placed by you, from correspondence with you, through your applications, entries to competitions/promotions, entries to events, attendance at events or promotions, subscriptions, memberships, from correspondence with you or through other interactions with us, when you visit our premises or other personal information you provide to us.
- From other individuals known to you who may have given us your personal information so that we can send you any of our products as a gift.
- From websites, the internet, social media, or other platforms, including public sources of information.
- From our website, apps, information technology and communications systems, access control systems and suppliers we use in connection with them.
- From third parties appointed by you, for example, any financial or legal advisors.
- From third parties appointed by us, for example, legal advisors appointed by us, identity or background check providers, fraud prevention organisations, data cleansing service providers, or market/data research and analysis service providers.
- From government or government-related bodies, regulators, the police, law enforcement authorities, or the security services.
HOW WILL WE USE YOUR PERSONAL INFORMATION?
There are many ways we will need to use your personal information in the context of your relationship with us. We have set out the main uses below and indicated the main applicable legal bases of processing, but there may be other specific uses which are linked to or covered by the uses below.
- We use your personal information to process and deliver orders, manage payments, handle returns, and provide customer support. This processing is necessary to perform our contract with you and is also in our legitimate interests to ensure a reliable shopping experience.
- We use your data to maintain your FitBaltics account, keep communication records, and manage your preferences so we can offer consistent service and support. Where you consent, we also use your contact details to send newsletters, promotions, and personalized offers. You can withdraw your consent at any time by using the unsubscribe link in our emails or contacting privacy@fitbaltics.com.
- We use personal data to secure our systems, prevent fraud, detect misuse, and comply with our legal obligations under consumer, accounting, and data protection laws. We may also use anonymized or aggregated data for analytics, product development, and service improvement based on our legitimate interest in optimizing our website and operations.
- When you participate in promotions, campaigns, or giveaways, we use the information you provide to administer those activities, contact winners, or promote events. If you share images, reviews, or other content, we rely on your consent before using it for marketing.
- We also process personal data to keep accurate business and financial records, respond to legal claims, cooperate with authorities where required, and manage our general business operations.
We always aim to use your personal information ethically and non-intrusively. Your security as a Fitbaltics customer or potential Fitbaltics customer is very important to us. We will not use your personal information to target, segment, or profile individuals based on their health (including pregnancy), negative financial status or condition, political affiliation or beliefs, racial or ethnic origin, religious or philosophical affiliation or beliefs, sex life or sexual orientation, data relating to an alleged or actual commission of a crime, for any unlawful or discriminatory purpose or in any other manner that would be inconsistent with your reasonable expectation of privacy.
MARKETING AND COMMUNICATION PREFERENCES
You may opt in to receive promotional communications via email or SMS. You can withdraw consent or change preferences at any time by:
- Clicking “Unsubscribe” in any marketing email, or
- Contacting privacy@fitbaltics.com
The measures listed above do not apply to service messages such as order updates/ tracking and other non-marketing communications from us. They also don’t apply to advertising that may appear on our website, other websites, or our apps.
WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH EXTERNALLY?
When using your personal information we may share it with third parties, but we will only do so when it is appropriate, and we have a lawful basis for doing so. Third parties that we may share your personal information with include:
| Category | Provider | Purpose | Privacy Policy |
|---|---|---|---|
| Email Marketing | Mailchimp | Managing newsletters and marketing subscriptions | https://www.intuit.com/privacy/statement/ |
| Security/CDN | Cloudflare Enterprise | Website performance, encryption, and DDoS protection | https://www.cloudflare.com/privacypolicy/ |
| Payment Providers | Stripe, and PayPal | Processing secure payments | 1.https://stripe.com/en-lv/privacy 2.https://www.paypal.com/us/legalhub/paypal/privacy-full |
| Analytics Tools | Google Analytics | Site performance and traffic insights | To opt out of being tracked by Google Analytics across all websites visit https://tools.google.com/dlpage/gaoptout |
OTHER BUSINESSES WE MIGHT SHARE DATA WITH:
- We collaborate with trusted manufacturing and fulfillment partners who produce, package, and ship your orders on our behalf. These partners act as data processors and receive only the information necessary to complete delivery (e.g., name, address, and order contents). They are contractually bound to handle all data securely and in accordance with GDPR requirements.
- Our website runs on the WordPress platform and uses performance, security, and functionality plugins (for example, caching, anti-spam, form, and optimization tools). These services may process limited technical information, such as IP addresses, page views, or device data, strictly for website operation, security, and analytics, in compliance with GDPR.
- Another company within our group of companies, especially if you have a relationship with that part of our group.
- Purchasers, investors, funders, and their advisers, if we sell all or part of our business, assets, or shares, or restructure, whether by merger, reorganisation, or in any other way.
- Social media and other online platforms are relevant to our relationship with you.
- Governmental bodies, regulators, police, law enforcement agencies, security services, courts/tribunals.
We do not sell, rent, or exchange personal data with third parties for marketing purposes. Any data shared with processors or service providers is limited to what is necessary, encrypted where applicable, and governed by strict confidentiality and data-processing terms.
INTERNATIONAL DATA TRANSFERS
It is sometimes necessary to share your personal information outside of the UK and the European Economic Area (the EEA), or it will be collected outside of the UK and the EEA. This will typically occur when service providers to our business are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under applicable data protection laws.
The same applies to any transfer of personal information to another part of our group of companies based outside of the UK and the EEA. We also apply the same standards to any transfer of personal information between members of our group, regardless of the location of the group company.
If we transfer your personal information outside the UK and/or the EEA, we will ensure that the transfer complies with applicable data protection laws and that all personal information is secure. Our standard practice is to assess the rules and practices of the destination country and the relevant service provider, and the security measures to be taken regarding personal Information in the overseas location; alternatively, we use standard data protection/contractual clauses. This means that when a transfer such as this occurs, you can expect a similar level of protection for your personal information.
In limited circumstances, the people to whom we may disclose personal information may be located outside of the UK and/or the EEA, and we will not have an existing relationship with them, for example, a foreign police force outside of the UK and/or the EEA. In these cases, we will impose any legally required protections on the personal information before it is disclosed.
If you would like any more details about how we protect your personal information in relation to international transfers, please contact us at privacy@fitbaltics.com
HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
We are committed to keeping your personal information safe and secure, and so we have numerous security measures in place to protect against the loss, misuse, and alteration of information under our control. We will always aim to use best-in-class security systems implemented across our networks and hardware to ensure access and information are protected. Our security measures include:
- Encryption of personal information where appropriate.
- Regular cybersecurity assessments of all service providers who may handle your personal information.
- Regular planning and assessments to ensure we are ready to respond to cybersecurity attacks and data security incidents.
- Regular penetration testing of systems.
- Cloudflare Enterprise DDoS and WAF protection.
- Role-based access controls and limited personnel access.
- Security controls that protect our information technology systems and infrastructure, and our premises, from external attacks and unauthorised access.
- Regular backups of information technology systems data with functionality to correct errors or accidental deletion/modification to data.
- Internal policies outlining our information security rules for staff.
- Regular training for our staff to ensure staff understand the appropriate use and processing of personal information.
- Where we engage third parties to process personal information on our behalf, they do so based on our written instructions, they are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of personal information.
We take information security very seriously and will use all reasonable endeavours to protect the integrity and security of the personal information we collect about you.
HOW LONG WE KEEP YOUR PERSONAL INFORMATION
We retain your personal data only as long as necessary for the purposes described:
| Data Category | Retention Period | Purpose / Legal Basis |
|---|---|---|
| Inactive customer accounts | 24 months | To allow reactivation or order history access; deleted if unused. |
| Pending orders | 7 days | Automatically removed if not completed; prevents duplicate transactions. |
| Failed orders | 7 days | Retained briefly for fraud-prevention review. |
| Cancelled orders | 14 days | Retained for short-term customer-service reference. |
| Refunded orders | 6 months | Required for accounting and reconciliation of payments. |
| Completed orders | Until consent is withdrawn or 24 months of inactivity | Required for tax, legal, and warranty record-keeping. |
| Customer support messages | Up to 24 months after resolution | To ensure service continuity and handle follow-up inquiries. |
| Marketing subscriptions | Based on consent, removed or anonymized after inactivity. | For site functionality and performance analytics, based on consent where required. |
| Website analytics and cookies | 90 days – 13 months (depending on cookie type) | For site functionality and performance analytics; based on consent where required. |
| Technical and security logs | 90 – 365 days | To detect abuse, ensure service integrity, and comply with security obligations. |
| Legal or accounting records | 6 years | Required under accounting and business-record laws. |
In limited cases, it may be necessary to retain your personal information for longer, for example, if it is relevant to a dispute, legal case, or claim.
We will not retain your personal information for longer than necessary for the purposes for which it was collected and is being used.
For more information, please contact our privacy@fitbaltics.com to request a copy of our Data Retention Policy.
YOUR RIGHTS
As an individual whose personal data we collect and process, you have specific rights under the GDPR. These include:
| Your Right | Description |
|---|---|
| Withdraw Consent | You can withdraw any consent you have previously given to us. Once withdrawn, we will stop processing your data for that purpose unless another lawful basis applies. |
| Access Your Data | You can request a copy of the personal data we hold about you and details of how it is being used (known as a Data Subject Access Request). |
| Correct Your Data | You can request that we correct or update any inaccurate or incomplete personal information we hold about you. |
| Request Deletion | You can ask us to delete your personal data when it is no longer needed or if you object to its processing. This right may not apply where we must retain data for legal or contractual reasons. |
| Restrict Processing | You may request that we temporarily suspend processing your personal data in certain situations, such as when verifying its accuracy. |
| Object to Processing | You can object to our processing where it is based on our legitimate interests. |
| Object to Marketing | You have an absolute right to object to your personal data being used for direct marketing. |
| Data Portability | You can request a copy of your personal data in a structured, commonly used, and machine-readable format, or ask us to transfer it to another controller where technically feasible. |
FitBaltics does not make decisions based solely on automated processing that produces legal or similarly significant effects.
If you wish to exercise any of your rights, please contact us at privacy@fitbaltics.com. We may need to verify your identity before fulfilling your request.
We will respond within 30 days of receiving your verified request, as required by law.
If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority. In the European Union, this is the supervisory authority in your country of residence or work.
COMPLAINTS
We aim to process all personal data lawfully and transparently, but if you believe your rights under data protection law have been violated, you have the right to lodge a complaint with your national data protection authority.
If you are based in Latvia. You may contact the Data State Inspectorate (Datu valsts inspekcija):
- Address: Elijas iela 17, Riga, LV-1050, Latvia
- Phone: +371 67223131
- Email: info@dvi.gov.lv
- Website: https://www.dvi.gov.lv
If you are based in Estonia. You may contact the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon):
- Address: Tatari 39, 10134 Tallinn, Estonia
- Phone: +372 627 4135
- Email: info@aki.ee
- Website: https://www.aki.ee
If you are based in Lithuania. You may contact the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija):
- Address: L. Sapiegos g. 17, 10312 Vilnius, Lithuania
- Phone: +370 5 271 2804
- Email: ada@ada.lt
- Website: https://vdai.lrv.lt
If you are based in another EU or EEA country. You may contact your local supervisory authority. A list of all EU/EEA data protection authorities can be found on the European Data Protection Board website:
https://edpb.europa.eu/about-edpb/board/members_en
We encourage you to contact us first so we can address your concern directly and aim to resolve it promptly.
CONTACTING US
If you have any questions, concerns, or requests regarding how FitBaltics handles your personal data or this Privacy Policy, please contact us at:
Email: privacy@fitbaltics.com
We review and respond to all data protection inquiries as quickly as possible and always within the time limits required under the GDPR.