Data Processing Agreement (DPA)

1. Parties

Processor:
Fitmall Africa Ltd, a company registered in Rwanda with the Rwanda Development Board (RDB).

Controller:
Any gym, fitness center, or business that uses the Fitmall platform to manage members and process payments.

2. Scope of Processing

Fitmall provides a digital platform that allows gyms to manage memberships, bookings, and payments. In providing these services, Fitmall processes personal data on behalf of the Controller.

Processing activities include:

• Managing gym member accounts
• Processing membership payments and subscriptions
• Providing customer support
• Maintaining system security and functionality
• Generating operational reports for gyms

3. Categories of Personal Data

Fitmall may process the following personal data:

• Full name
• Phone number
• Email address
• Account login information
• Payment transaction data
• Membership details and activity history

4. Categories of Data Subjects

Personal data processed through the platform may relate to:

• Gym members
• Customers of gyms
• Gym staff or trainers registered on the platform

5. Responsibilities of the Controller

Gyms using Fitmall are responsible for:

• Collecting personal data lawfully
• Informing their members how their data will be used
• Obtaining consent where required by law
• Ensuring data provided to Fitmall is accurate and lawful

6. Responsibilities of Fitmall

Fitmall will:

• Process personal data only to provide the platform services
• Implement appropriate technical and organizational security measures
• Maintain confidentiality of personal data
• Assist controllers in responding to data subject requests when required
• Notify controllers of any personal data breach where applicable

7. Subprocessors

Fitmall may use trusted third-party providers to operate the platform, including:

• Payment service providers
• Cloud hosting providers
• Infrastructure and security providers

These providers are required to maintain appropriate data protection safeguards.

8. International Data Transfers

Some service providers used by Fitmall may process or store data outside Rwanda. Where this occurs, Fitmall will ensure appropriate safeguards are in place in accordance with applicable data protection laws.

9. Data Security

Fitmall implements security measures including:

• Access control systems
• Encryption of sensitive communications
• Secure authentication mechanisms
• Infrastructure security monitoring

These safeguards are designed to protect personal data against unauthorized access, disclosure, or loss.

10. Data Retention

Fitmall retains personal data only for as long as necessary to provide the platform services or comply with legal obligations.

Upon termination of services, gyms may request deletion of personal data unless retention is required by law.

11. Data Subject Rights

Fitmall will assist gyms in responding to lawful requests from individuals relating to:

• Access to their personal data
• Correction of inaccurate data
• Deletion of personal data where applicable
• Other rights provided under applicable data protection laws

12. Governing Law

This Agreement is governed by the laws of the Republic of Rwanda, including Law No. 058/2021 relating to the protection of personal data and privacy.

13. Contact

For questions regarding this Agreement or data protection matters, contact:

Fitmall Africa Ltd
Email: hello@fitmall.africa