Last updated July 31, 2020
To the extent provided under applicable law, the terms “personal data,” “data controller” and “data processor” shall have the meanings given to their respective corresponding terms under such law.
Without limiting the foregoing, to the extent that the California Consumer Privacy Act (the “CCPA”) applies to your use of our products or services, the following terms used herein shall have the following meanings:
- Personal data shall mean personal information;
- Data controller shall mean business; and
- Data processor shall mean service provider.
1. Role of Predictive Fitness
We act as a data controller with respect to personal data collected from visitors and customers.
2. Collection of Personal Data
This section explains the various ways in which we may collect your personal data.
Personal Data You Provide to Us
We may collect personal data you provide to us in the following scenarios:
- You provide it to us by signing up for an account and/or using our products and services;
- You provide it to us by filling out a form to request content, such as a newsletter;
- You provide it to us by filling out a form or starting a conversation to request additional information about our products or services;
- You provide it to us in connection with purchasing products through our online store;
- You provide it to us by applying for a job with us; or
- You provide it to us by contacting us via email or telephone.
The personal data collected in these instances may include your name, phone number, email address, physical address, medical information, geolocation data, biometric data, genetic data, payment information, data about your training and event performance and/or any other personal data that you choose to provide.
Personal Data We Collect Automatically
As you navigate our website, we may also collect information through the use of commonly used information-gathering tools, such as web beacons, standard information from your web browser (such as browser type and browser language), your IP address, and the actions you take on our website. We may receive reports based on your use of our website and/or products and services from third party service providers as de-identified information or as aggregate data (as defined below).
Personal Data We Collect From Third-Parties
We may obtain personal data about you from third-party products or from third party sponsored activities or events in which you are a participant. For example, we may obtain geolocation and biometric data from third-party products, such as bicycle computers, triathlon watches, heart rate monitors or similar devices. We may also obtain geolocation and biometric data from third-party services, such as third-party genetic screening applications and third-party workout mapping platforms. We may obtain genetic data from third-party service providers with whom you have subscribed to for services and elected to share with us. Personal data will only be obtained by us from such third-party providers if and to the extent you elect to have such personal data transmitted to us.
Our site is directed to individuals who are the age of majority or older in their jurisdiction. We do not knowingly collect information from children under the age of 13. If you believe your child has provided information to us, please contact us using the information provided below.
3. Cookies and Do Not Track
When you visit our website, we use “session cookies” (a piece of information stored on your computer temporarily and deleted from the user’s device when the browser is closed) and “persistent cookies” (which stay on your device until you delete them). Session cookies help us confirm your identity and are required in order to log into your account, whereas persistent cookies assist you in using our website or services (such as by not having to re-enter your username and password each time you use our services) or aid in website navigation.
We also use performance cookies provided by Google and Facebook, which enable us to provide a better user experience when using our website and to improve our web services and to aid in marketing efforts.
If you wish to prevent cookies from being used as you navigate our website, you can set your browser to refuse all cookies and/or indicate when a cookie is being sent. Users who disable their web browsers’ ability to accept cookies will be able to browse the website, but may not be able to access or take full advantage of all of the features and services on the website.
Some web browsers have a “do not track” feature. This feature lets you tell websites you visit that you do not want to have your online activity tracked. These features are not yet uniform across browsers. Our sites are not currently set up to respond to those signals.
4. Uses of Personal Data
Uses of Personal Data
We use personal data in order to provide our products and services to you, respond to requests from you, to carry out our legal obligations and our obligations to you, to protect your interests, and to provide you with notices. Following are examples of how we use your personal data and, if you are a resident of the European Union (the “EU”) or United Kingdom (the “UK”), the legal basis for such use:
- We may process the personal data you provide to us when you fill in forms on our website to respond to your request and to contact you about that request. Our legal basis for processing this personal data is our legitimate interest in communicating with you and fulfilling your requests.
- We may process your personal data to provide products and services to you (including the as well as for non-marketing or administrative purposes (including any geolocation data that we may collect from third-party products, such as bicycle computers, triathlon watches, heart rate monitors or similar devices). Our legal basis for processing this personal data is in the performance of our contract to provide products and services to you; provided, that for any biometric, genetic or other sensitive personal data, the basis for such processing is consent. You may withdraw your consent at any time by deleting your account; however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
- We may process your personal data for purposes of allowing you to share such personal data with others (e.g., coaches or other users) through our products and services. Our legal basis for processing this personal data is your consent. You may withdraw your consent at any time by deleting your account; however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal. You should be thoughtful about your sharing choices. Once you have chosen to share any personal data, the individuals with whom you share this information may also use or share your personal data, including any biometric, genetic or other sensitive information that you choose to share.
- We may process the personal data you provide to us for the purpose of operating our website, products and services, ensuring the security and integrity of our website, products and services and maintaining back-ups of our databases. Our legal basis for processing this personal data is our legitimate interests, namely the proper administration of and security of our website, products and services; provided, that for any biometric, genetic or other sensitive personal data, the basis for such processing is consent. You may withdraw your consent at any time by deleting your account; however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
- We may process the personal data that you provide to us for the purpose of improving and optimizing our website, products and services, including the analytics capabilities included therein. Our legal basis for processing this personal data is our legitimate interests, namely the improvement and optimization of our website, products and services; provided, that for any biometric, genetic or other sensitive personal data, the basis for such processing is consent. You may withdraw your consent at any time by deleting your account; however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
- For data and information that we collect through tracking technologies about your interaction with our website, products and services, we use this information for analyzing the use of the website or such products or services in order to improve the quality, design and user experience of our website or such products or services. Our legal basis for processing this type of data is our legitimate interests, namely to provide you with a better user experience.
- We may use the personal data you provide to us for the purpose of offering, marketing and selling products and services to you. Our legal basis for processing this personal data is consent. You may withdraw your consent at any time by deleting your account; however, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
- We may also use any of your personal data for the purposes of: (i) enforcing our agreements and policies, (ii) protecting or defending our legal rights; (iii) protecting your vital interests or the vital interests of another natural person; (iv) complying with a legal obligation; or (v) providing you with customer support, including answering questions, troubleshooting problems, and other support that you may, from time to time, request.
Retention of Personal Data
We do not use any personal data provided by you for the purpose of any automated decision-making that produces legal effects concerning you or similarly significantly affects you.
5. Sharing of Personal Data
We may disclose personal data that we collect or you provide as described below. We do not share or sell your personal data with any third-parties for direct marketing purposes.
- We may disclose your personal data if we believe in good faith that such action is necessary in order to comply with (i) a legal obligation, (ii) protect and defend the rights of Predictive Fitness, (iii) act in urgent circumstances to protect the personal safety of our users or customers, or (iv) protect against legal liability.
- If you purchase our products or services, your payment information may be provided to a third-party payment processor, and such processor’s use of such payment information would be governed by such processor’s own privacy and other policies.
- With your consent, we may provide your personal data to third-parties for purposes of enabling such third-parties to use such personal data for purposes of your relationship with such third-parties. Any use of your personal data by such third-parties will be subject to the terms and policies implemented by such parties, and Predictive Fitness shall have no responsibility for any improper use or disclosure of your personal data by such third-parties. Predictive Fitness will obtain your express consent prior to any such disclosure, and if you do not wish for your personal data to be shared in this manner, you may choose not to permit Predictive Fitness to disclose it.
- We may, from time to time, partner with other companies to jointly offer products or services. In such cases, you will be asked to specifically opt in to share your personal data with our business partners if you choose to purchase or specifically express interest in a jointly offered product or service. If you do not wish for your information to be shared in this manner, you may choose not to purchase or express interest in a jointly offered product or service.
- We may transfer your information to an entity or individual that (i) acquires, buys, or merges with us, or our affiliated business units or (ii) acquires or otherwise takes possession of all or any part of our business assets, including in connection with a liquidation or dissolution.
We may share with third-parties “aggregate data,” which is information that has been removed of any personal data and is combined with information of others so that you cannot reasonably be identified as an individual. This information does not identify any particular individual or disclose any particular individual’s data. We may share aggregate data with our users as well as third-parties as we deem appropriate.
6. Data Security
We take the protection of your data seriously and use reasonable measures to safeguard the collection, transmission and storage of any data we collect. Despite using reasonable protections to protect your data, we cannot guarantee the security of the information you share with us. We use industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of personal data and credit card numbers and employ network segmentation strategies to prevent disclosure to bad actors. We also engage providers that are industry leaders in online security to strengthen the security of our products and services.
To maximize the effectiveness of our security measures, you should use a security-enabled browser to submit your credit card information and other personal data to us. Please note that if you do not use a SSL-capable browser, you are at risk for having data intercepted. We also recommend using a unique password in connection with your account and updating that password frequently.
While we continue to work hard to protect your personal data, no data transmission over the Internet can be guaranteed to be absolutely secure, and we cannot guarantee the security of any personal data you provide to us.
7. Your California Privacy Rights
If you are a California resident, then you have certain additional rights under the CCPA regarding your personal data.
Right to Know
You have the right to know and see what data we have collected about you over the past twelve months, including:
- The categories of personal data we have collected about you;
- The categories of sources from which the personal data is collected;
- The business or commercial purpose for collecting your personal data;
- The categories of third parties with whom we have shared your personal data; and
- The specific pieces of Personal data we have collected about you.
Right to Delete
You have the right to request that we delete the personal data we have collected from you (and direct our service providers to do the same), subject to certain legally permitted exceptions.
Exercising Your Rights
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data or an authorized representative; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you.
8. Your Rights Under GDPR
We strive to provide you with choices regarding the personal data you provide to us, and we understand that you may have the right to access, correct, delete, object to and restrict our use of your personal data. In particular, if you are a resident of the EU or UK, you have the following rights with respect to your personal data:
- Rectification. You can ask us to rectify inaccurate information. We may seek to verify the accuracy of the data before rectifying it.
- Erasure. You can ask us to erase your personal data, but only (i) when it is no longer needed for the purposes for which it was collected, (ii) when you have withdrawn your consent (where the data processing was based on consent), (iii) following a successful right to object, (iv) when it has been processed unlawfully, or (v) to comply with a legal obligation to which we are subject. We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims. There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.
- Restriction. In certain contexts, you can ask us to restrict (i.e., keep but not use) your personal data. We can continue to use your personal data following a request for restriction (i) where we have your consent; (ii) to establish, exercise, and defend legal claims; or (iii) to protect the rights of another natural or legal person.
- Objection. You can object to any processing of your personal data which has our ‘legitimate interests’ as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. In addition, you can object to the processing of your personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing without providing any reason. We will then cease the processing of your personal data for direct marketing purposes.
- Portability. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another data controller, but only where our processing is based on your consent and the processing is carried out by automated means.
- Withdrawal of Consent. You can withdraw your consent in respect of any processing of personal data which is based upon a consent which you have previously provided.
Requests for any of the foregoing should be submitted via email to: firstname.lastname@example.org. Please allow a reasonable time to process any such request.
9. International Transfers
If we transfer any personal data from the UK, Switzerland or the European Economic Area (“EEA”) to a third country or territory outside the UK, Switzerland or the EEA that has not received a binding adequacy decision by the European Commission or a competent national data protection authority, such transfer will occur only with your explicit consent and in accordance with applicable data protection laws. In particular, where data is collected from an individual in the UK, Switzerland or the EEA, explicit consent will be obtained for the data to be transferred to the United States. You should know that the United States’ laws may not provide the same level of protection as the laws of the EEA.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Predictive Fitness is committed to resolving complaints about your privacy and our collection or use of your personal data transferred to the United States. Individuals in the EU, UK or Switzerland with international transfer inquiries or complaints should first contact Predictive Fitness by email at email@example.com.
Predictive Fitness does not sell the personal data of its users.
10. Third-Party Websites
We have no responsibility or liability for the content and activities of other websites, even if they are linked to our website. We also have no responsibility or liability for any transactions between you and any third-party, even if linked to our website.
12. Contact Us
We commit to resolve complaints about your privacy and our collection or use of your personal data. If you have any questions or concerns regarding the way in which your personal data is being processed or you want to exercise your rights above, please reach out to us using the following details:
Predictive Fitness, Inc.
2600 E. Southlake Blvd., Suite 120 #140
Southlake, Texas 76092
3rd and 4th floor, Altmarkt 10 B/D
Dresden, 01067, Germany
BPM 335368, 372 Old Street, EC1V 9AU
London, United Kingdom
To reach our EU and UK representative by electronic mail, please send emails to firstname.lastname@example.org referencing “Predictive Fitness, Inc.” in the subject line. You can also contact our EU and UK representative through their online web form at www.dpr.eu.com/datarequest. Please ensure that all postage is addressed to “DPR Group” and not “Predictive Fitness” or “TriDot.”
13. Filling a Complaint
If you are in the EU or UK, you may lodge a complaint with a supervisory authority that has authority in your country or region. Please click here for contact information for such authorities.
* * * * *