What is LegitFit’s role under GDPR, and what are my responsibilities as a LegitFit customer?
Understand who’s responsible for what when it comes to handling personal data — and how to stay compliant.
Why Use This Feature
LegitFit supports your business, but it’s important to understand who is responsible for data protection under GDPR. Knowing the roles and responsibilities ensures quicker responses, better protection for your members, and peace of mind for everyone involved.
Step-by-Step Instructions
Here’s how GDPR roles work with LegitFit:
-
Understand the two key roles:
-
Data Controller – the person or business who decides why and how personal data is used
-
Data Processor – the company or service that processes that data on the controller’s behalf
-
-
When LegitFit is the Data Controller (your business account data):
-
LegitFit is responsible for your business account data.
-
You can request access, correction, or deletion of your business account data directly from us.
-
-
When You are the Data Controller (your members’ data):
-
You are responsible for your members’ personal data.
-
LegitFit acts as the data processor.
-
You must respond to GDPR requests from your members (access, correction, deletion) and instruct us if technical action is needed.
-
-
In practice:
-
If a member emails you with a GDPR request, review it and submit it to LegitFit if action is needed.
-
If you email us about your own LegitFit account, we will process your request directly.
-
If a member contacts LegitFit directly, we will direct them back to you — we cannot take action without your instruction.
-
What Happens Next
When you submit a GDPR request (for yourself or on behalf of a member), we log the request, confirm any missing details, and aim to complete it within 30 calendar days. You’ll receive confirmation when the request is complete.
Success Tip
Provide as much detail as possible when submitting a GDPR request (e.g. member’s full name and email address) to help us complete the process faster.