Last updated March 13, 2020
To the extent provided under applicable law, the terms “personal data,” “data controller” and “data processor” shall have the meanings given to their respective corresponding terms under such law.
Without limiting the foregoing, to the extent that the California Consumer Privacy Act applies to your use of our products or services, the following terms used herein shall have the following meanings:
- Personal data shall mean personal information;
- Data controller shall mean business; and
- Data processor shall mean service provider.
1. Role of TriDot
We act as a data controller with respect to personal data collected from visitors and customers.
2. Collection of Personal Data
This section explains the various ways in which we may collect your personal data.
Personal Data You Provide to Us
We may collect personal data you provide to us in the following scenarios:
- You provide it to us by signing up for an account and/or using our products and services;
- You provide it to us by filling out a form to request content, such as a newsletter;
- You provide it to us by filling out a form or starting a conversation to request additional information about our products or services;
- You provide it to us in connection with purchasing products through our online store;
- You provide it to us by applying for a job with us; or
- You provide it to us by contacting us via email or telephone.
The personal data collected in these instances may include your name, phone number, email address, physical address, medical information, geolocation data, biometric data, genetic data, payment information, data about your training and event performance and/or any other personal data that you choose to provide.
Personal Data We Collect Automatically
As you navigate our website, we may also collect information through the use of commonly used information-gathering tools, such as web beacons, standard information from your web browser (such as browser type and browser language), your IP address, and the actions you take on our website. We may receive reports based on your use of our website and/or products and services from third party service providers as de-identified information or as aggregate data (as defined below).
Personal Data We Collect From Third-Parties
We may obtain personal data about you from third-party products or from third party sponsored activities or events in which you are a participant. For example, we may obtain geolocation and biometric data from third-party products, such as bicycle computers, triathlon watches, heart rate monitors or similar devices. We may also obtain geolocation and biometric data from third-party services, such as third-party genetic screening applications and third-party workout mapping platforms. We may obtain genetic data from third-party service providers with whom you have subscribed to for services and elected to share with us. Personal data will only be obtained by us from such third-party providers if and to the extent you elect to have such personal data transmitted to us.
Our site is directed to individuals who are the age of majority or older in their jurisdiction. We do not knowingly collect information from children under the age of 13. If you believe your child has provided information to us, please contact us using the information provided below.
3. Cookies and Do Not Track
When you visit our website, we use “session cookies” (a piece of information stored on your computer temporarily and deleted from the user’s device when the browser is closed) and “persistent cookies” (which stay on your device until you delete them). Session cookies help us confirm your identity and are required in order to log into your account, whereas persistent cookies assist you in using our website or services (such as by not having to re-enter your username and password each time you use our services) or aid in website navigation.
We also use performance cookies provided by Google and Facebook, which enable us to provide a better user experience when using our website and to improve our web services and to aid in marketing efforts.
If you wish to prevent cookies from being used as you navigate our website, you can set your browser to refuse all cookies and/or indicate when a cookie is being sent. Users who disable their web browsers’ ability to accept cookies will be able to browse the website, but may not be able to access or take full advantage of all of the features and services on the website.
Some web browsers have a “do not track” feature. This feature lets you tell websites you visit that you do not want to have your online activity tracked. These features are not yet uniform across browsers. Our sites are not currently set up to respond to those signals.
4. Uses of Personal Data
Uses of Personal Data
We use personal data in order to provide our products and services to you, respond to requests from you, to carry out our legal obligations and our obligations to you, to protect your interests, and to provide you with notices. Following are examples of how we use your personal data and, if you are a resident of the European Union (the “EU”) or United Kingdom (the “UK”), the legal basis for such use:
- We may process the personal data you provide to us when you fill in forms on our website to respond to your request and to contact you about that request. Our legal basis for processing this personal data is our legitimate interest in communicating with you and fulfilling your requests.
- We may process your personal data to provide products and services to you (including the as well as for non-marketing or administrative purposes (including any geolocation data that we may collect from third-party products, such as bicycle computers, triathlon watches, heart rate monitors or similar devices). Our legal basis for processing this personal data is in the performance of our contract to provide products and services to you; provided, that for any biometric, genetic or other sensitive personal data, the basis for such processing is consent. You may withdraw your consent at any time by deleting your account; however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
- We may process your personal data for purposes of allowing you to share such personal data with others (e.g., coaches or other users) through our products and services. Our legal basis for processing this personal data is your consent. You may withdraw your consent at any time by deleting your account; however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal. You should be thoughtful about your sharing choices. Once you have chosen to share any personal data, the individuals with whom you share this information may also use or share your personal data, including any biometric, genetic or other sensitive information that you choose to share.
- We may process the personal data you provide to us for the purpose of operating our website, products and services, ensuring the security and integrity of our website, products and services and maintaining back-ups of our databases. Our legal basis for processing this personal data is our legitimate interests, namely the proper administration of and security of our website, products and services; provided, that for any biometric, genetic or other sensitive personal data, the basis for such processing is consent. You may withdraw your consent at any time by deleting your account; however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
- We may process the personal data that you provide to us for the purpose of improving and optimizing our website, products and services, including the analytics capabilities included therein. Our legal basis for processing this personal data is our legitimate interests, namely the improvement and optimization of our website, products and services; provided, that for any biometric, genetic or other sensitive personal data, the basis for such processing is consent. You may withdraw your consent at any time by deleting your account; however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
- For data and information that we collect through tracking technologies about your interaction with our website, products and services, we use this information for analyzing the use of the website or such products or services in order to improve the quality, design and user experience of our website or such products or services. Our legal basis for processing this type of data is our legitimate interests, namely to provide you with a better user experience.
- We may use the personal data you provide to us for the purpose of offering, marketing and selling products and services to you. Our legal basis for processing this personal data is consent. You may withdraw your consent at any time by deleting your account; however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
- We may also use any of your personal data for the purposes of: (i) enforcing our agreements and policies, (ii) protecting or defending our legal rights; (iii) protecting your vital interests or the vital interests of another natural person; (iv) complying with a legal obligation; or (v) providing you with customer support, including answering questions, troubleshooting problems, and other support that you may, from time to time, request.
Retention of Personal Data
We do not use any personal data provided by you for the purpose of any automated decision-making that produces legal effects concerning you or similarly significantly affects you.
5. Sharing of Personal Data
We may disclose personal data that we collect or you provide as described below. We do not share or sell your personal data with any third-parties for direct marketing purposes.
- We may disclose your personal data if we believe in good faith that such action is necessary in order to comply with (i) a legal obligation, (ii) protect and defend the rights of TriDot, (iii) act in urgent circumstances to protect the personal safety of our users or customers, or (iv) protect against legal liability.
- If you purchase our products or services, your payment information may be provided to a third-party payment processor, and such processor’s use of such payment information would be governed by such processor’s own privacy and other policies.
- With your consent, we may provide your personal data to third-parties for purposes of enabling such third-parties to use such personal data for purposes of your relationship with such third-parties. Any use of your personal data by such third-parties will be subject to the terms and policies implemented by such parties, and TriDot shall have no responsibility for any improper use or disclosure of your personal data by such third-parties. TriDot will obtain your express consent prior to any such disclosure, and if you do not wish for your personal data to be shared in this manner, you may choose not to permit TriDot to disclose it.
- We may, from time to time, partner with other companies to jointly offer products or services. In such cases, you will be asked to specifically opt in to share your personal data with our business partners if you choose to purchase or specifically express interest in a jointly offered product or service. If you do not wish for your information to be shared in this manner, you may choose not to purchase or express interest in a jointly offered product or service.
- We may transfer your information to an entity or individual that (i) acquires, buys, or merges with us, or our affiliated business units or (ii) acquires or otherwise takes possession of all or any part of our business assets, including in connection with a liquidation or dissolution.
We may share with third-parties “aggregate data,” which is information that has been removed of any personal data and is combined with information of others so that you cannot reasonably be identified as an individual. This information does not identify any particular individual or disclose any particular individual’s data. We may share aggregate data with our users as well as third-parties as we deem appropriate.
6. Data Security
We take the protection of your data seriously and use reasonable measures to safeguard the collection, transmission and storage of any data we collect. Despite using reasonable protections to protect your data, we cannot guarantee the security of the information you share with us. We use industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of personal data and credit card numbers and employ network segmentation strategies to prevent disclosure to bad actors. We also engage providers that are industry leaders in online security to strengthen the security of our products and services.
To maximize the effectiveness of our security measures, you should use a security-enabled browser to submit your credit card information and other personal data to us. Please note that if you do not use a SSL-capable browser, you are at risk for having data intercepted. We also recommend using a unique password in connection with your account and updating that password frequently.
While we continue to work hard to protect your personal data, no data transmission over the Internet can be guaranteed to be absolutely secure, and we cannot guarantee the security of any personal data you provide to us.
7. Your Rights Under GDPR and the Data Protection Act
We strive to provide you with choices regarding the personal data you provide to us, and we understand that you may have the right to access, correct, delete, object to and restrict our use of your personal data. In particular, if you are a resident of the EU or UK, you have the following rights with respect to your personal data:
- Rectification. You can ask us to rectify inaccurate information. We may seek to verify the accuracy of the data before rectifying it.
- Erasure. You can ask us to erase your personal data, but only (i) when it is no longer needed for the purposes for which it was collected, (ii) when you have withdrawn your consent (where the data processing was based on consent), (iii) following a successful right to object, (iv) when it has been processed unlawfully, or (v) to comply with a legal obligation to which we are subject. We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.
- Restriction. In certain contexts, you can ask us to restrict (i.e., keep but not use) your personal data. We can continue to use your personal data following a request for restriction (i) where we have your consent; (ii) to establish, exercise, and defend legal claims; or (iii) to protect the rights of another natural or legal person.
- Objection. You can object to any processing of your personal data which has our ‘legitimate interests’ as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. In addition, you can object to the processing of your personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing without providing any reason. We will then cease the processing of your personal data for direct marketing purposes.
- Portability. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another data controller, but only where our processing is based on your consent and the processing is carried out by automated means.
- Withdrawal of Consent. You can withdraw your consent in respect of any processing of personal data which is based upon a consent which you have previously provided.
Requests for any of the foregoing should be submitted via email to: firstname.lastname@example.org. Please allow a reasonable time to process any such request.
8. International Transfers
If we transfer any personal data from the UK, Switzerland or the European Economic Area (“EEA”) to a third country or territory outside the UK, Switzerland or the EEA that has not received a binding adequacy decision by the European Commission or a competent national data protection authority, such transfer will be subject to appropriate safeguards in accordance with applicable data protection laws.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, TriDot is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal data relating to you in the United States. Upon request, we will provide you with access to the personal data that we hold about you. You may also correct, amend, or delete the personal data we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate personal data transferred to the United States under Privacy Shield, should direct their query to email@example.com. If requested to remove data, we will respond within a reasonable timeframe.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
TriDot’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, TriDot remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless TriDot proves that it is not responsible for the event giving rise to the damage. Where required by Privacy Shield, TriDot enters into written agreements with third-party agents and service providers requiring them to provide the same level of protection Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf.
In compliance with the Privacy Shield Principles, TriDot commits to resolve complaints about your privacy and our collection or use of your personal data transferred to the United States pursuant to Privacy Shield. Individuals in the EU, UK, or Switzerland with Privacy Shield inquiries or complaints should first contact TriDot by email at firstname.lastname@example.org.
TriDot has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
9. Third-Party Websites
We have no responsibility or liability for the content and activities of other websites, even if they are linked to our website. We also have no responsibility or liability for any transactions between you and any third-party, even if linked to our website.
11. Contact Us
We commit to resolve complaints about your privacy and our collection or use of your personal data. If you have any questions or concerns regarding the way in which your personal data is being processed or you want to exercise your rights above, please reach out to us using the following details:
Predictive Fitness, Inc.
2600 E. Southlake Blvd., Suite 120 #140
Southlake, Texas 76092
3rd and 4th floor, Altmarkt 10 B/D
Dresden, 01067, Germany
BPM 335368, 372 Old Street, EC1V 9AU
London, United Kingdom
To reach our EU and UK representative by electronic mail, please send emails to email@example.com referencing “Predictive Fitness, Inc.” in the subject line. You can also contact our EU and UK representative through their online web form at www.dpr.eu.com/datarequest. Please ensure that all postage is addressed to “DPR Group” and not “Predictive Fitness” or “TriDot.”
12. Filling a Complaint
If you are in the EU or UK, you may lodge a complaint with a supervisory authority that has authority in your country or region. Please click here for contact information for such authorities.
* * * * *