Last updated: 16 June 2026
Data Processing Agreement
This Data Processing Agreement ("DPA") forms part of the Terms and applies where you, as a trainer using FitBrand, act as the data controller of your clients' personal data and FitBrand acts as your data processor. For your own account data, FitBrand is the controller (see the Privacy Policy).
1. Roles
As a trainer you decide what client data you collect and why, so you are the controller of that data. FitBrand processes it only to provide the Service to you, so we are your processor. FitBrand is the controller of your own trainer-account data.
2. Our instructions
We process client personal data only to provide and support the Service and on your documented instructions, unless we are required to do otherwise by law.
3. Confidentiality
Everyone we authorise to process the data is bound by an obligation of confidentiality.
4. Security
We implement appropriate technical and organisational measures under GDPR Art. 32 / KVKK Art. 12, including encryption in transit, access controls, and regular backups.
5. Sub-processors
You authorise us to engage the sub-processors listed at our Sub-processors page. They are bound by data-protection terms no less protective than this DPA. We will inform you of any intended change so you can object.
6. International transfers
Some sub-processors are located outside the EEA / Türkiye. Such transfers are protected by an adequacy decision, Standard Contractual Clauses, or the EU–US Data Privacy Framework, as applicable.
7. Assisting you
Taking into account the nature of the processing, we assist you in responding to your clients' data-subject requests and in meeting your security, breach-notification, and impact-assessment obligations.
8. Personal data breaches
We notify you without undue delay after becoming aware of a personal data breach affecting your clients' data.
9. Deletion and return
On termination, we delete or return the client personal data we process on your behalf, unless we are legally required to retain it.
10. Audit
We make available the information reasonably necessary to demonstrate compliance with this DPA.