Last updated: August 26, 2025

 

This Privacy Policy explains how FEDMAN (“FEDMAN”, “we”, “us”, “our”) collects, uses, discloses and protects personal data when you use the FEDMAN mobile application (the “App”) and the fedman.io website (the “Site”), and describes your privacy rights.

This Policy is designed to comply with the EU GDPR, the UK GDPR and the Data Protection Act 2018, and the Swiss Federal Act on Data Protection (FADP).

It also covers our use of cookies, similar technologies, and mobile SDKs.

​

1) Who we are (Controller)

 

Controller: SkillForge.VIP Ltd (“FEDMAN”)

Registered address: 7 Manchester Square, London, England, W1U 3PQ

Contact: info@fedman.io

​

2) Scope

 

This Policy applies to personal data we process when:

• you browse or interact with the Site;

• you install and use the App;

• you contact us (e.g., support, sales, partnerships) or engage with our content;

• we provide services to business customers and end-users.

 

This Policy does not apply to third‑party websites, services or integrations that we do not control. Their privacy practices are governed by their own policies.

​

3) Personal data we collect

 

A) Data you provide directly

 

• Account & profile data: name, email, phone, country, password, role, organisation, preferences.

• Customer service & correspondence: messages, attachments, contact details, ticket metadata.

• Transactions & billing: billing address, tax and invoicing data, payment method (processed via our payment provider), purchase history.

• Identity verification (if enabled in your region): photographs/video/selfie, document scans (e.g., ID, passport), date of birth, and verification outcomes.

• Forms & surveys: responses and feedback you submit.

 

B) Data we collect automatically

​

• Site analytics: IP address, device/browser type, OS, referral URLs, pages viewed, time and date, clickstream, error logs, cookie IDs.

• App diagnostics & telemetry: device model, OS version, app version, device identifiers (e.g., IDFA/AAID where permitted), crash logs, performance data, event logs.

• Approximate location: derived from IP or device settings (only if enabled by you).

• Push notifications tokens: device token/ID to deliver notifications (you can disable in system settings).

 

C) Data from third parties

​

• Single Sign-On (SSO) / identity providers: account identifiers and profile data you allow to share.

• Payment processors: limited payment status, last four digits/expiry (tokenised), and transaction metadata.

• Marketing & referral partners: campaign and attribution data (where permitted).

• Sensitive data. We do not require sensitive data (e.g., health, biometrics) unless a feature clearly requires it (e.g., identity verification). Where required by law, we will ask for explicit consent and/or provide a clear alternative.

​

​

4) Why we process personal data (purposes) and legal bases

​

A) EU/EEA and UK – legal bases (GDPR/UK GDPR Art. 6)

​​​​​​​​​​​​​​​​​​​​

• Provide the App/Site and services: create and manage accounts; enable features; provide support; ensure availability and security - Legal basis: Contract (to perform a contract with you) and Legitimate interests (to run our services)

• Payments & billing: process orders, subscriptions, and invoices- Legal basis: Contract; Legal obligation (tax, accounting)

• Security & abuse prevention: detect/prevent fraud, misuse, and unauthorised access; maintain logs- Legal basis: Legitimate interests; Legal obligation where applicable

• Communications: service messages, updates, and transactional notifications- Legal basis: Contract; Legitimate interests

• Marketing: newsletters, promotions, referrals (email/SMS/notifications)- Legal basis: Consent where required (e.g., cookies, email/SMS marketing); Legitimate interests for B2B direct marketing (with opt‑out)

• Analytics & product improvement: usage analytics, A/B tests, diagnostics- Legal basis: Consent (for non‑essential cookies/SDKs where required); Legitimate interests (first‑party analytics compatible with law)

• Regulatory compliance: compliance checks, record‑keeping, response to lawful requests- Legal basis: Legal obligation; Legitimate interests

• Identity verification (if enabled): KYC/AML or fraud prevention, confirming identity- Legal basis: Consent (where required); Legal obligation (if applicable); Legitimate interests

​

​

B) Switzerland – compliance under the FADP

​

We process personal data in line with the FADP principles of lawfulness, good faith, proportionality, purpose limitation and transparency. Where required (e.g., processing of sensitive data or high‑risk profiling), we obtain explicit consent. In other cases, processing is justified by overriding private or public interests, contract performance, or consent. We implement appropriate technical and organisational measures and respect your information and access rights.

​

5) Cookies, similar technologies and SDKs

 

• On the Site: we use cookies, pixels and similar technologies for essential functions (e.g., login, security), analytics, and—where permitted—personalisation and marketing.

• In the App: we use SDKs for crash reporting, analytics, push notifications, sign‑in and similar functions. Where required by law, we request consent before setting non‑essential technologies.

 

You can manage your choices any time via our Cookie Settings (on the Site) and via your device Settings (App notifications; ad identifiers). See Annex A – Cookie & SDK Notice for details.

​

6) How we share personal data

 

We share personal data only as described below:

• Service providers (processors): cloud hosting, analytics, customer support, communications, payments, KYC, and security vendors who act under our instructions.

• Business customers (if you use FEDMAN via an organisation): certain account/profile or usage data may be visible to your administrator according to your organisation’s configuration.

• Legal and compliance: to comply with laws, enforce our terms, or protect rights, safety and security.

• Corporate transactions: in connection with a merger, acquisition, financing or sale of assets, subject to appropriate safeguards.

• With your consent: where you direct us to share (e.g., integrations).

 

We do not sell personal data.

​​

7) International data transfers

​

We may transfer personal data outside your country, including to countries that may not provide the same level of data protection. Where we do so, we implement appropriate safeguards, such as:

• EU Standard Contractual Clauses (2021/914/EU);

• UK International Data Transfer Agreement (IDTA) or the UK Addendum to EU SCCs;

• Swiss addendum / adapted SCCs recognised by the FDPIC;

• EU‑U.S. Data Privacy Framework, UK‑U.S. Data Bridge, and Swiss‑U.S. Data Privacy Framework for certified recipients; and

• other lawful transfer tools as applicable.

 

Details of specific transfers and safeguards are available on request.

​

8) Data retention

​

We retain personal data only as long as necessary for the purposes set out in this Policy (e.g., while you have an account), and as required by law (e.g., tax/accounting). We apply fixed retention periods where feasible and otherwise use criteria such as account activity, service needs, legal requirements, and the nature of the data. After expiry, we securely delete or irreversibly anonymise data.

​

9) Security

 

We implement appropriate technical and organisational measures to protect personal data, including access controls, encryption in transit and at rest (where appropriate), network security, logging, vulnerability management, and staff training. No method of transmission or storage is 100% secure; we continually improve our safeguards.

 

10) Your privacy rights

 

Your privacy rights depend on where you live but may include:

• Access to your personal data;

• Rectification of inaccurate or incomplete data;

• Erasure (deletion);

• Restriction of processing;

• Portability (obtain and reuse certain data);

• Objection to processing (e.g., direct marketing);

• Withdraw consent at any time where processing is based on consent;

• Right not to be subject to certain automated decisions (EU/UK) and to request human review;

 

Swiss FADP rights, including the right to information and data portability, and remedies before competent authorities/courts.

 

You can exercise your rights by contacting us at info@fedman.io.

We will verify your identity and respond within the timelines required by law. You may also have the right to lodge a complaint with your local data protection authority (see section 13 below).

 

11) Children

 

Our services are not intended for children and we do not knowingly collect personal data from children. If we learn that a child’s data has been collected, we will delete it. If any service is likely to be accessed by children, we will apply heightened protections and age‑appropriate design measures and obtain consent from the holder of parental responsibility where required by law.

 

12) Automated decision‑making & profiling

 

We do not make decisions based solely on automated processing that produce legal or similarly significant effects, unless this is necessary to provide the service, authorised by law, or you have given explicit consent. In such cases, we implement safeguards including human review, the ability to express your point of view, and the right to contest the decision.

 

13) How to contact us and supervisory authorities

 

• Contact FEDMAN: info@fedman.io

• EU/EEA: You can contact your local supervisory authority (see the EDPB member list).

• United Kingdom (ICO): Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, ico.org.uk.

• Switzerland (FDPIC): Federal Data Protection and Information Commissioner, Feldeggweg 1, CH‑3003 Bern, edoeb.admin.ch.

 

14) Changes to this Policy

 

We may update this Policy to reflect changes in our practices or the law. We will post the updated version and change the “Last updated” date. Significant changes will be highlighted. Please review this Policy periodically.

 

15) Region‑specific information
 

A) EU/EEA

​

• Controller & EU representative: see section 1.

• Legal bases: see section 4A (GDPR).

• International transfers: we rely on SCCs and, where applicable, the EU‑U.S. Data Privacy Framework for certified recipients.

• Complaints: contact your local authority or the lead authority for our main EU establishment.

​

B) United Kingdom

​

• Controller & UK representative: see section 1.

• Legal bases: UK GDPR and Data Protection Act 2018.

• International transfers: we rely on the IDTA / UK Addendum and, where applicable, the UK‑U.S. Data Bridge for certified recipients.

• Complaints: the ICO (see section 13).

 

C) Switzerland

​

• Controller & Swiss representative (if required): see section 1.

• Legal framework: FADP and ordinances. Where processing involves sensitive data or high‑risk profiling, we obtain explicit consent or ensure another lawful justification.

• International transfers: we use SCCs adapted for Switzerland (or recognised by the FDPIC) and, where applicable, the Swiss‑U.S. Data Privacy Framework for certified recipients.

• Complaints and remedies: the FDPIC and competent courts (see section 13).

 

Annex A – Cookie & SDK Notice

 

What are cookies/SDKs? Cookies are small files stored on your device by your browser. SDKs are code modules embedded in the App. Both can be essential (strictly necessary) or non‑essential (e.g., analytics, personalisation, marketing).

 

How we use them

• Essential: security, load balancing, session management, consent storage.

• Analytics: measuring traffic and usage to improve the Site/App.

• Functional/personalisation: remembering settings and preferences.

• Marketing/advertising: measuring campaigns; showing relevant content (only where permitted by law).

 

Your choices

• Site: use the Cookie Settings banner to accept/reject non‑essential categories and to change your choices later.

• Browser controls: you can delete cookies or block them via your browser.

• App: control notifications in your device settings; reset ad identifiers (IDFA/AAID) in system settings.

 

Third‑party technologies
We work with trusted providers (e.g., hosting, analytics, crash reporting, payment, KYC). A current list of categories is available on request. Some providers may process data outside your country; see section 7 (International transfers).

 

Retention
Cookies and SDK data are kept only as long as necessary for their purpose; persistent cookies expire after a defined period. You can delete cookies at any time.

​

Consent
Where the law requires opt‑in consent for non‑essential cookies/SDKs, we request it before placing them. You can withdraw consent at any time via Cookie Settings (Site) or your device settings (App).

 

Annex B – Glossary (summary)

​

• Personal data: any information relating to an identified or identifiable natural person.

• Processing: any operation performed on personal data (e.g., collection, storage, use, disclosure).

• Controller/processor: the organisation that determines purposes/means of processing (controller) and the one that processes on behalf of a controller (processor).

• Special categories of personal data: e.g., data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic and biometric data, health data, sex life or sexual orientation.

• High‑risk profiling (CH): automated processing that poses a high risk to personality or fundamental rights.

 

Annex C – How to reach us

​

Email: info@fedman.io

Postal: 7 Manchester Square, London, England, W1U 3PQ

​

​