Fitech are the Data Processor, our lawful basis for processing is contract and special category data. We are registered with the UK Informations Commissioners Office under ZA129103
All data, assets and processing occurs in the EU with Microsoft under the Azure program.
All data is encrypted at rest and in transit to the clients browser.
All access to data servers is audited and secured via limited access based upon 3 factor authentication.
Subjects (the focus of the assessment) may request a CSV export file of all their personal data. This request must be made prior to the lapsing of the host account. In order to receive the data file they must have an email address registered against their Fitech account.
Our client (you) are the data controller, as such it is your duty to ensure consent has been given by the focus of the assessment.
Access to Fitech Health Assessment System - We have a strict policy forbidding the sharing of access accounts, we have provided the means that ensures all Operators can access the system via their own account login which is audited.
Lapsed clients accounts:
1. Clients must request a data export prior to the lapsing of their accounts. This will be provided in a timely manner not exceeding 30 days, as a CSV file via a password protected ZIP file.
2. Once a client's account has lapsed, all personally identifiable data will be over written to assure irrevocable destruction.
You can review the full terms by clicking below: