PRIVACY POLICY

Last revised: August 30, 2023

Effective: September 20, 2023

  1. Introduction
    1. This privacy policy (“Privacy Policy”) applies to personal information provided to TSR Gym Technik Ltd. (the “Vendor” “we” “us” or “our”) through the services we make or offer (“Services”), including the Trainerize software-as-a-service platform as well as any associated website, application, or widget that links to this Privacy Policy.
    2. This Privacy Policy covers how our Services process information relating to identified or identifiable individuals and households (“Personal Information”). (We use the term “process” to refer to the collection, use, storage, and sharing of Personal Information.)
    3. We process Personal Information on behalf of our customers (“TSR Customers”), which include various kinds of individuals and businesses who provide training, coaching, or similar services to individuals (“Trainees”). For instance, our customers include a wide variety of personal trainers, coaches, studios, clinics, and fitness facilities. We provide this Privacy Policy on their behalf.
    4. We also process certain Personal Information of our customers on our own behalf, and this kind of processing is also described in this Privacy Notice.
    5. Your Personal Information may be shared with third parties. For example, if you use the Services as a trainee as part of your fitness facility membership or as a trainer for a TSR Customer, your Personal Information may also be provided to your fitness facility and/or your trainer. This Privacy Policy does not cover collection and use of Personal Information by third parties, and we are not responsible for the actions of third parties with respect to your Personal Information. You are encouraged to review the privacy practices of your fitness facility and/or trainer prior to providing Personal Information.
    6. We shall revise this Privacy Policy when our Personal Information processing practices change. The most current version of which shall always be available at https://www.trainerize.com/privacy.
    7. Please note that we are not regulated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Consequently, we are not required to comply with that law in our delivery of the Service or the processing of your Personal Information.

  2. Processing of Personal Information
    1. Our Services collect the following categories of Personal Information:
      1. Information you submit to us
        1. Account and identity information: in the event that you choose to register as a user of the Services, you will be asked to create a unique username and private password (collectively, the “Access ID”) which will be used to create and activate an account through which we can make the Services available to you (the “Account”). We may require certain information such as your name, address, telephone number, and email address to make the Services available to you. Trainers may also elect to import their trainees’ contacts and information contained from their contact lists.
        2. Fitness information: you may choose to provide other information to improve your experience or enable certain features of the Services. If you are a Trainer (as defined in the Terms of Service), such information can include fitness and meal plans you create for Trainees (as defined in the Terms of Service). If you are a Trainee, such information can include your fitness and nutrition information.
        3. Financial information: we may collect billing and other financial information to process payments required in connection with the Services.
        4. Commercial information: we maintain records about the transactions you engage in with us or other parties (e.g., a Trainer) through the Services, such as information about purchases, what has been provided to you, when and where, if applicable, how much you paid, and similar information.
        5. User content: you may choose to provide additional information to improve your experience or for Trainees’ or Trainers’ experiences which may be in any form, such as text, images, sound, or video. You may also choose to provide additional information to us, such as when you contact us for technical support through the Services, participate in a poll, survey, or otherwise provide feedback on the Services.
      2. Information we collect from your use of the Services
        1. Log and usage data: we collect log data and usage information relating to your use of the Services. For example, we collect information about how you interact with the Services, such as when you log into your Account, how you navigate the Services, and what functions you use in the Services. We also collect information about the devices used to access the Services, such as the device type, operating system, and IP address.
        2. Location Information: With your consent, we collect Personal Information about your location.
      3. Information we collect from third parties
        1. Social Media and App Information: If you link your Account to third-party services, we may collect information about you from such other services. You can also link your Account to other social media, fitness, or business applications. The types of information we may collect from such third-party services depends on the nature of the third-party services you connect to your Account. For example, you can link your account to Facebook and import your Facebook profile information. You may also choose to grant us access to fitness or activity information from a third-party fitness application.
        2. YouTube API Data: Without limiting the foregoing, the Services use certain YouTube API Services. Google, which operates YouTube, describes its processing of Personal Information in its privacy policy at https://www.google.com/policies/privacy. We process data, content (including audiovisual content) and information provided to the Services through the YouTube API services, including without limitation YouTube Video ID information, connection tokens for YouTube channels, and YouTube video thumbnail information (collectively, the “YouTube API Data”) to provide the functionality of the Services to you, including without limitation to (i) enable Trainers to search and select video content (including training exercises) for sharing and display to Trainees and other users of the Services; (ii) enable Trainers to connect to their YouTube channel, and create custom video content (including training exercises) for the Services and link to, share and display such content and control the settings of such content (including un-listing the content from YouTube); (iii) enable Trainers, Trainees, and other users of the Services to play YouTube content through the Services.
        3. Consumer profile information: Information used to create a profile about you reflecting your preferences, market segments, likes, favorites and other data or analytics provided about you or your account by a Trainer, TSR Customer, social media companies or data aggregators, including household data, the products and services you use or intend to use or purchase, and your interests.
    2. We use Personal Information for the following purposes:
      1. to create and activate your Account;
      2. to respond to any request for customer service or technical support;
      3. to make the Services available to you and to other users of the Services;
      4. to improve the quality of the Services;
      5. to assess service levels, monitor traffic patterns and gauge popularity of different features, functionalities and service options of, or related to, the Services;
      6. to create and manage your Account, and to verify access rights to the Services;
      7. to bill, or render invoices relating to, your Account, and to collect any debt owed to us;
      8. to facilitate payments between you and other users of the Services;
      9. to communicate with you, including for the purpose of providing you with notifications, content, and information about your Account and/or the Services;
      10. to communicate with you for marketing purposes with your consent;
      11. to administer, maintain, monitor, and secure the Services;
      12. to respond to claims of any violation of our rights or those of any third party;
      13. to protect the rights, property, or personal safety of you, our personnel, other users, and the public;
      14. as required to comply with any applicable laws, or as authorized by any applicable laws; and
    3. You may at any point withdraw your consent to receive the marketing communications set out above. We provide an “opt-out” function within all email communications of this nature, and/or will cease communications of this nature if you inform us that you would like to opt-out. However, you may not opt-out of communications related to the Services or your Account.
    4. We retain each category of Personal Information above for as long as may be reasonably to achieve the purposes for which it was collected or as may be required or permitted by law, after which time we will delete the Personal Information or aggregate or anonymize the information so that it no longer relates to an identified or identifiable person or household. We generally consider the following factors when we determine how long to retain Personal Information: (1) retention periods established under applicable law; (2) industry best practices; (3) whether the purpose of processing is reasonably likely to justify further processing; (4) risks to individual privacy in continued processing; (5) applicable data protection impact assessments; (6) IT systems design considerations/limitations; and (7) the costs associated with continued processing, retention, and deletion. For more information about our retention periods, please contact us using the information in the “Contact Us” section, below.

  3. The Legal Basis for Processing Your Personal Information
    1. For users of our Services in the EU and UK, the legal bases for our processing of Personal Information is primarily that the processing is necessary for providing and supporting the Services for which you, as a Trainee, Trainer, or TSR Customer have entered into a contract with us.
    2. We may also process Personal Information in accordance with our legitimate interests, as outlined in this privacy policy, or because of a non-contractual legal obligation that applies to us, such as legally compelled disclosures.
    3. We may also, on occasion, process Personal Information on the basis of your consent. Under such circumstances, you have the right to withdraw your consent.

  4. Disclosure of Personal Information
  5. We disclose Personal Information as described below.

    1. If you are a Trainee, Personal Information you provide may be shared with your Trainer and/or TSR Customer.
    2. If you are a Trainer, Personal Information you provide may be shared with the TSR Customer with which you are associated.
    3. We share Personal Information with law enforcement authorities who make a request in accordance with applicable law.
    4. We may also share Personal Information with third parties when needed to comply with a legal obligation that we are subject to.
    5. We may share Personal Information to a successor or potential successor to all or a part of our business.
    6. We share Personal Information with our partner organizations, such as the Trainerize family of companies, which includes parents, corporate affiliates, subsidiaries, business units and other companies that share common ownership.
    7. We share Personal Information with third-party service providers that we engage with contracts that require them to use your Personal Information only for the purpose of delivering the services for which we have engaged the third-party or as otherwise permitted by law. These kinds of third parties provide business, professional, administrative, or technical support functions for us, such as payment processing, billing, data storage, transmission of email or other messages, and quality assurance.
    8. At your direction, we share Personal Information with third-party partners in connection with your use of the functionality of the Services. This includes companies, such as FitBit, Garmin, and Withings, that collect, analyze, process, and/or store data that you may elect to integrate with our Services.
  6. Children's Privacy
  7. We do not direct the Services to children under the legal age of majority in their jurisdiction, typically age 18, or knowingly collect Personal Information from children under that age. If you have not reached the legal age of majority in your jurisdiction, our Terms of Service do not allow you to use our Services. If we learn that Personal Information has been collected on the Services from persons under that age, we will promptly delete this information. If you are a parent or guardian and discover that your child has provided Personal Information, then you may alert us as set forth in the “Contact Us” section, below, and request that we delete your child’s Personal Information from our Services.

  8. Rights to Your Information
  9. Depending on the jurisdiction in which you live, you may be entitled to exercise rights relating to your Personal Information, including: (i) the right to withdraw consent to processing; (ii) the right to access your Personal Information and certain other supplementary information, under certain conditions; (iii) the right to object to data processing premised on our legitimate interests, a third party’s legitimate interests, the public interest, or official authority vested in us; (iv) the right to erasure of Personal Information about you, under certain conditions; (v) the right to demand that we restrict processing of your Personal Information, under certain conditions, if you believe we have exceeded the legitimate basis for processing, processing is no longer necessary, are processing, or believe your Personal Information is inaccurate; (vi) the right to data portability of Personal Information concerning you that you provided us in a structured, commonly used, and machine-readable format, under certain conditions; (vii) the right object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you, under certain conditions; (viii) the right to lodge a complaint with data protection authorities; (ix) the right to request that we rectify or correct inaccurate Personal Information; and (x) the right to appeal the action we take in response to your request to exercise any of your other rights. If you contact us to appeal, please tell us why you believe we erred in responding to your request. We will respond to your appeal in accord with the timelines set forth in applicable law. To exercise your rights, please submit a request by contacting us through any of the means outlined in the “Contact Us” section, below.

  10. Do Not Track and Global Privacy Control Signals
  11. Because no consensus has emerged on how to handle “Do Not Track” signals, the Services do not respond to such signals or use them to alter how Personal Information is processed. We also do not process the Global Privacy Control signal because, in connection with the Services, we do not sell or share Personal Information for cross-contextual behavioral advertising purposes.

  12. Security
    1. We strive to prevent unauthorized access to your Personal Information. We will regularly assess our security to ensure that we have in place reasonable technical, administrative, and physical safeguards in place to protect your Personal Information from unauthorized access, use, and disclosure.
    2. We take steps designed to ensure that only those of our employees who need access to your Personal Information to fulfil their employment duties will have access to it.
    3. Nevertheless, there is no guarantee that such technology or procedures can or will eliminate the risks of unauthorized access, use, disclosure, theft, loss or misuse.
    4. Do not disclose your Access ID to anyone. If you forget your password, we will ask you for the username associated with your Access ID and will send you an email containing your password to the email address associated with your Access ID.
    5. You are responsible for maintaining the secrecy of your Access ID. If you disclose your Access ID, others who have your Access ID will be able to access your Personal Information.
    6. We cannot be responsible for and do not control how other users of our Services use your Personal Information. You should use caution in sharing your Personal Information with others through the Services.
    7. If we learn of a breach of security, we will comply with the notification rules set forth in applicable law.
  13. Jurisdictions Where Processing Occurs
  14. Your Personal Information may be processed in any country where we have facilities or in which we engage third-party processors/service providers, currently the United States, Canada, and France. By using the Services, you consent to the transfer of information to countries outside your country of residence, which may have different data protection rules than in your country. While such information is outside of the jurisdiction where it was collected, it may be subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country. However, our practices regarding your Personal Information will at all times continue to be governed by this Privacy Policy and, if applicable, we will comply with the General Data Protection Regulation (“GDPR”) requirements for the transfer of Personal Information from the EU/EEA to a third country.

  15. California Privacy Information
    1. Your California Privacy Rights

      If you are a California resident, you may have certain rights as a consumer regarding your personal information conferred under Cal. Civ. Code § 1798.100, et seq., known as the California Consumer Privacy Act (CCPA). These rights include:

      • the “right to know,” meaning the right to request any or all of the following:
        • the specific pieces of personal information we collected about you;
        • the categories of personal information we collected;
        • the categories of sources used to collect the personal information;
        • the business or commercial purposes for collecting your personal information; and
        • the categories of third parties with whom we have shared your personal information
      • the right to request deletion of your personal information that we collected
      • the right to have someone you authorize make a request on your behalf
      • the right to opt-out of “sale” (as that term is defined in the CCPA) or the sharing of personal information for cross-contextual behavioral advertising purposes; please note, however, that, in connection with the Services, we do not sell or share personal information for cross-contextual behavioral advertising purposes
      • the right to make a request for the correction of errors or inaccuracies in your personal information
      • the right to restrict the processing of sensitive personal information
      • the right not to be discriminated against for exercising any of these rights
      • the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

      Only you, or someone legally authorized to act on your behalf, may make a request related to your personal information. We will verify that any requests from persons other than you have your legal authorization. You may also make a request on behalf of your child.

      Your request must:

      • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
      • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
    2. Collection of Personal Information

      The following tables show the categories of personal information we have collected in connection with the Services in the last 12 months and indicates whether each category of personal information has been shared for a business purpose or sold to a third party.


      Category

      Collected

      A. Identifiers.

      Yes

      B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

      Yes

      C. Protected classification characteristics under California or federal law.

      No

      D. Commercial information.

      Yes

      E. Biometric information.

      No

      F. Internet or other similar network activity.

      Yes

      G. Geolocation data.

      Yes

      H. Sensory data.

      Yes

      I. Professional or employment-related information.

      No

      J. Non-public education information

      No

      K. Inferences drawn from other personal information

      Yes
    3. Disclosure of Personal Information
      Category
      If sold or shared, categories of recipients

      Categories of recipients to which information is disclosed for a business purpose

      A. Identifiers.

      Not sold or shared

      Service providers

      B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

      Not sold or shared

      Service providers

      C. Protected classification characteristics under California or federal law.

      Not sold or shared

      None

      D. Commercial information.

      Not sold or shared

      Service providers

      E. Biometric information.

      Not sold or shared

      None

      F. Internet or other similar network activity.

      Not sold or shared

      Service providers

      G. Geolocation data.

      Not sold or shared

      Service providers

      H. Sensory data.

      Not sold or shared

      Service providers

      I. Professional or employment-related information.

      Not sold or shared

      None

      J. Non-public education information

      Not sold or shared

      None

      K. Inferences drawn from other personal information.

      Not sold or shared

      Service providers
    4. Sensitive Personal Information

      The following table shows the categories of sensitive Personal Information we collect in connection with the Services along with the purposes for which each category is processed and whether we sell or share such Personal Information for cross-contextual behavioral advertising purposes.


      Category

      Purposes

      Sold/shared

      Social security, driver’s license, state identification card, or passport number

      Not collected

      No

      Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account

      For processing your access to the Services

      No

      Precise geolocation

      Not collected, but the Services may enable certain functionality for users in proximity to one of our facilities; this is done without collecting or storing geolocation information.

      No

      Racial or ethnic origin

      Not collected

      No

      Contents of correspondence (other than correspondence directed to us)

      To facilitate messaging between users

      No

      Genetic Data

      Not collected

      No

      Biometric information processed to identify you

      Not collected

      No

      Data concerning your health

      To provide the Services

      No
  16. Contact Us
  17. If you have any questions or comments about this Privacy Policy or our processing of your Personal Information, to make an access or correction request, to exercise any applicable rights, to make a complaint, or to obtain information about our policies and practices, you may contact us by emailing privacy@trainerize.com, calling us toll free at 1-844-625-1155, or mailing us at TSR Gym Technik, LTD, c/o ABC Fitness Solutions, LLC, 2600 North Dallas Parkway, Suite 590, Frisco, TX 75034.