PRIVACY POLICY

 

EXOS Privacy Policy

Last Modified: November 1, 2019

 

Privacy Policy
This Privacy Policy (“Policy”) provides you with essential details regarding the privacy practices of Athletes’ Performance, Inc. and its subsidiaries (collectively “EXOS”, “our”, “we”, or “us”) in support of the users (“Participants”, “you”, or “your”) of wellness programs, a Facility, Services, and EXOS Products (“EXOS Offerings”) that are managed, cared for, or provided by EXOS.

This Policy describes how we collect, use, and store (“Process” or “Processing”) all forms of your information (“Information”) through our products and Services, as defined below. The “Services” include, but are not limited to, the provisioning of: (i) employees of EXOS (or in some cases, independent contractors) (“EXOS Staff”), (ii) any software and equipment developed by EXOS, which generally does not include any third party vendor software (e.g. Journey, OPS, ESD, Kiosk, Circuit, Performance Quotient, etc.) (“EXOS Products”), (iii) solutions related to managing worksite and community fitness centers, (iv) wellness and fitness programs, (v) physical therapy solutions, (vi) elite and professional athletics training and military training, and/or (vii) remedial exercises as agreed upon by you, either directly with EXOS or via contractual obligation as agreed upon by your employer, community center, or representative (“Client”).

When you access and utilize the EXOS Offerings you agree to the Terms and Conditions of this Policy.

 

Our Commitment to You

EXOS is committed to protecting all Information we Process. EXOS will deploy reasonable safeguards aligned with industry standards in order to maintain the security and privacy of all Participants. EXOS Staff are trained annually to address protection of Personal Information, and we strive to continually protect our Clients’ and Participants’ Information, while helping our Participants achieve their fitness goals. EXOS will continue to practice privacy by design to ensure only the necessary Information is being collected and/or transmitted.

Please note, this Policy does not address the privacy practices of third-parties, including those incorporated through the Services. Please review the privacy policies of any third-parties before you disclose information to them. Through your use of any of the EXOS Offerings you consent to these practices when directed to the Policy.

 

Changes to the Policy
In the event we make material changes involving your Personal Information, as determined in the reasonable discretion of EXOS, or we have added new categories of Personal Information into our Information Processing activities, we will update this Policy. We will not materially reduce your rights under this Policy without notifying you.

We may periodically change this Policy without notification to keep pace with new technologies, industry practices, regulatory requirements, and similar reasons. This will be reflected through the date after “Last Modified” at the beginning of this Policy. These changes may include our annual review, additional provisions, or capabilities that do not affect the scope of Processing or categories of Information collected.


If you do not agree to such revised Policy at such time, please refrain from using EXOS Offerings, and contact us to close any account you may have created.



Categories of Personal Information
We collect two types of Information: (i) Information that identifies a single individual or is associated with an identifiable individual (e.g. name, postal address, telephone number, email address) (“Personal Information”), and (ii) aggregated or de-identified Information that cannot reasonably identify a single individual (e.g. demographic information (e.g. your age or gender) and other statistical Information) (“Non-Personal Information”). EXOS does not knowingly collect Personal Information from individuals under the age of thirteen (note that the minimum age may vary based on country/region and local law). If we become aware that an individual under the age of thirteen has provided Personal Information, we will take all reasonable steps to remove such Personal Information or obtain the appropriate consents.

Personal Information we collect or obtain includes, but is not limited to, the following:

  • Name;
  • Telephone number;
  • Email address;
  • Date of birth;
  • Geographic location;
  • Gender;
  • Password;
  • Badge ID number;
  • Emergency contact name;
  • Emergency telephone number;
  • Age;
  • Postal address;
  • Height;
  • Injury history;
  • Training history;
  • Training goals;
  • Heart rate threshold or cap;
  • Weight;
  • Body composition;
  • Body mass index;
  • Initial fitness level;
  • Physical assessment scores (VO2 score rating & functional movement screen score);
  • Nutrition assessment results;
  • Motivation assessment results;
  • Physical activity readiness information;
  • Date and time of visit;
  • Workout data (date, duration, heart rate, and power generated);
  • Your self-reported answers to questions (e.g. purpose for visiting, current wellness);
  • Other information either desirable or necessary to provide quality Services;
  • Use of a Service; and
  • Communication preferences.

Aggregate, Non-Personal Information we collect or obtain includes, but is not limited to:

  • Number of registered members at each fitness location where Participants of fitness and wellness programs take place (“Facility”);
  • Types of Services and equipment;
  • Fitness outcome data;
  • Usage data based on hours of operation; and
  • Client/customer survey scores.

How We Use Personal Information

We collect Information from you for the following reasons and use the Information for the following purposes:

  • To develop customized training programs based on Participant’s personal history and condition that will track Participant’s progress towards each Participant's fitness goals and needs;
  • To customize Participants' experiences;
  • To provide Services which you have requested from us;
  • To track the effectiveness of the EXOS system;
  • To analyze, improve, customize, and advertise use of EXOS Offerings;
  • To provide you with notifications related to your use of any of the Services offered in connection with a Service;
  • To track the use of a Facility;
  • To develop, customize, enhance, or provide advertising for EXOS Offerings;
  • To demonstrate EXOS’ performance under any agreement established to represent a Participant in the provision of Services that includes, but is not limited to, health and wellness programs, worksite fitness centers, community fitness centers, elite and professional athletic training, military training, physical therapy, and direct fitness center participation (“Agreement”); and
  • For those who have opted-in or visited our public facing website (ex. www.teamexos.com): to send you targeted communications, publications, news, and information about events, special offers, promotions, benefits, and to administer contests, promotions, surveys, and/or sweepstakes.

 

EXOS routinely de-identifies Personal Information and uses such Non-Personal Information for:

  • Improving EXOS’ and our partners’ services and/or EXOS Offerings;
  • The development of new EXOS Products or Services; and
  • The analysis of EXOS Products and Services to improve upon EXOS Products and Services.

 

Information Retention and Your Data
Upon the termination of an Agreement between a Client and EXOS, all associated EXOS Products will be decommissioned, and EXOS will stop the collection of Information. EXOS will retain certain instances of Information, including Non-Personal Information.

 

For individuals located in the European Economic Area (the “EEA”), Personal Information collected on a legal basis (e.g. consent, contractual requirements, or due to legal reasons), can be retained for audits, to verify that our internal processes function as intended and are compliant with legal, regulatory, or contractual requirements, to maintain our contractual obligations, and for fraud and security monitoring purposes.

 

As a Participant, you have the ability to access, correct, obtain, opt-out, amend, delete, and stop the Processing of your Personal Information, subject to some limitations. In order to do so, please contact us at PrivacyOfficer@teamexos.com.

 

Disclosure of Personal Information
Except as set forth in this Policy or as specifically agreed to by you, we will not disclose any of your Personal Information. EXOS may disclose Personal Information (to the extent permitted by applicable law):

  • To a person who, in the reasonable judgment of EXOS, is seeking the Information as an authorized Client of the Participant;
  • In situations where sharing or disclosing your Information is required to perform the Services or fulfill an Agreement between EXOS and a Client;
  • To any other entity that acquires all or a portion of our organization by merger, reorganization, operation of law, or a sale of some or all of EXOS' assets;
  • To disclose or release your Information by a court or other government authority of competent jurisdiction; and
  • To third-parties that are utilized in connection of the furtherance of the Services (e.g. vendors, service providers, and/or sub-processors).

 

We will disclose Non-Personal Information for improving EXOS’, and our partners’, services and/or products, the development of new EXOS Products or Services, and the analysis of EXOS Products and Services to improve upon EXOS Products and Services.

 

 

Cross-Border Transfers
This section addresses any authorized transfer outside of the EEA, which consists of the EU Member States, Iceland, Liechtenstein, and Norway. We may share your Personal Information with our affiliates or to third-party service providers to assist us with Processing or storing your Personal Information, but only in accordance with the Information Processing and contractual requirements of our Clients. Where we are sharing your Personal Information with a third-party vendor, we take steps to ensure that they use appropriate safeguards to protect your Personal Information. For any transfers outside of the EEA and UK countries, we ensure model contract clauses, as established by applicable law, between the parties transferring data have been established to ensure adequate technical safeguards. We also may disclose your Personal Information (to the extent permitted by applicable law) limited to the amount necessary in situations where the Client has requested Services that require sharing or disclosing your Information and where you have authorized such sharing or disclosure (e.g. providing you with calendar events, sending you newsletters and communications, providing you with education courses, and for other marketing purposes).

 

 

Third Party Sub-Processors
The following is an inexhaustive list of current third-party vendors that may either directly or indirectly collect Information from you in their capacity as a processor of EXOS. All applicable third-party vendors, as part of the solution to the Services being provided, are required (i) to complete a Data Processing Agreement that establishes model contract clauses (Commission Decision 2010/87/EU), and (ii) to ensure appropriate safeguards are in place to protect your Personal Information. Please review the relevant privacy policies of the appropriate third-party below for further Information on how each third-party handles your Personal Information.

 

List of EXOS’ Sub-Processors (Non-Exhaustive)

Third Party Name

Purpose

Location

Category of Data

Amazon Web Services

Data Hosting

United States and Ireland

Participant Data
Coaches Data (encrypted)

Rsync.NET

Back-up Hosting

United States and Switzerland

Backup System Infrastructure

Google (Google LLC)

Analytics

United States

Analytics and reporting of Non-Personal Information

WPEngine

Web Hosting

United States

Hosting of EXOS Public Facing Website

Hubspot

Opt-in Marketing

United States

Teamexos.com Website Visitors

Wistia Media Player

Marketing

United States

Teamexos.com Website Visitors

Send Grid

Email distribution

United States

Email content

 

 

Legal Basis for Data Processing

We maintain our legal basis to process your Information through your consent and as described in our Agreement to our Clients. We maintain the most prudent requirements when providing EXOS Offerings to you. The requirements include:

 

  • Fulfillment of all Participants’ rights to access, rectification, portability, objection/opt-out, withdrawal of consent, and erasure/deletion;
  • EXOS properly maintaining the option for you to opt-out of EXOS marketing via EXOS Products;
  • Your ability to automatically opt-out of Information collection using our self-service options on EXOS Products;
  • Fulfillment of your individual requests within thirty (30) days of notification; and
  • Processing of your Information only as described to you under this Policy or as specifically agreed to by you.

 

Contact Us
We are committed to resolving complaints about your privacy and our collection or use of your Personal Information. All Participants with inquiries, opt-out requests, or complaints regarding this Policy, or the collection, Processing, or use of your Personal Information should first contact the Privacy Officer.

 

You always have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how we Process your Personal Information.

 

For any questions regarding opt-out requests, complaints, or the collection, Processing, or use of your Personal Information, please refer to the below contact information:

 

EXOS Data Protection Officer

Email:

PrivacyOfficer@teamexos.com

Toll-Free Number:

+1 888-723-6334

U.S. Domestic Number:

+1 623-201-1433

Mailing Address:

EXOS
Attention: EXOS Privacy Officer
2629 E. Rose Garden Lane, Phoenix, AZ 85050, USA

In-Person

You can contact the manager staff at the Facility to which you are a Participant of. They will contact the EXOS Privacy Officer on your behalf.

 

 

Opt-out Request Instructions

If you wish to opt-out, there are two available options. Within the EXOS Product, Journey, there is a self-service tool for any Participant to perform the opt-out request, provide re-verification, and choose if you would like a file for portability. In the event that the Participant is unable to use the self-service portal, a request can be submitted to the Privacyofficer@teamexos.com. In such an event, we will respond, verify your account, determine if you would like a file for portability, and ensure you understand that by proceeding further you will be unable to use the EXOS Products, but you will still be able to use the Facility.

 

Authorized Agent Requests

If you utilize an authorized agent or a representative on your behalf to submit an opt-out request, we must obtain verifiable proof that the authorized agent represents you. The authorized agent can submit the opt-out request by emailing PrivacyOfficer@teamexos.com. We will respond, verify your account and authorized agent, and provide further instructions on completing an opt-out request. We recommend only using an authorized agent, when you no longer have access to your email account registered with EXOS Products, as this may require additional steps to verify your representative.

 

 

Cookie Statement
Last Modified: November 1, 2019

Cookie Statement

This Cookie Statement applies to EXOS websites, EXOS Products, and Services, and explains how we use cookies in the operation of such Services.

 

Definition of Cookies

"Cookies" are small pieces of information that are stored by your web browser's software on your computer's hard drive or temporarily in your computer's memory. The use of cookies is an industry standard and can enhance the user experience and your access to Information on a website or other online system operated by us. Cookies are used on most major websites. Cookies may enable us to recognize you and personalize your viewing experience on a website or other online experience we operate.

 

Website and Application Analytics

EXOS Products administered via web application use Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google uses cookies to help the website analyze how Participants use the EXOS web-based Services (“Web-Services”). The Information generated by the cookie about your use of the Web-Services will be transmitted to and stored by Google on servers in the United States. In case of activation of the IP anonymization, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union, as well as for other parties to the agreement in the EEA. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. Google will use this information for the purpose of evaluating your use of the Web-Services, compiling reports on Web-Services activity for Web-Services operators, and providing other services relating to Web-Service activity and internet usage to the Web-Services provider. Google will not associate your IP address with any other data held by Google. You may refuse the use of these cookies by selecting the appropriate settings on your browser as discussed in this Policy. However, please note that if you do this, you may not be able to use the full functionality of the Web-Services. Furthermore, you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB.

 

You can refuse the use of Google Analytics by clicking on the following link. An opt-out cookie will be set on the computer, which prevents the future collection of your data when visiting: Disable Google Analytics.

 

Further information concerning the terms and conditions of use and data privacy can be found at http://www.google.com/analytics/terms/gb.html or at https://www.google.de/intl/en_uk/policies/.

 

For more information about Google analytic cookies, please see Google's help pages and privacy policy:

  • https://policies.google.com/privacy?hl=en
  • https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

 

Cookie and Pixel Tracking Policy

When you browse Web-Services, a temporary cookie might be placed on your computer that helps us collect Information to help us better understand your interests and to better serve you. Once you have given us your consent to the use of cookies, we store a cookie on your computer or device to remember this for next time. The cookies will expire periodically. If you wish to withdraw your consent at any time, you will need to delete your cookies using your internet browser settings.


Types of Cookies

We use Cookies to provide, protect, and improve our EXOS Products and Services, such as by personalizing content, offering and measuring advertisements, understanding Participant behavior, and providing a safer experience. We describe below the various types of Cookies we use and the purposes they perform. Please note that the specific Cookies we may use vary depending on the specific Web-Services.

 

Essential Cookies

These Cookies are strictly necessary to provide you with our Web-Services, and to enable essential features, such as providing shopping cart or live chat functionality. If you disable these Cookies, we will not be able to fulfill your requests.

 

Performance and Functionality of Cookies

These Cookies collect Information about how you use our Web-Services and allow us to remember the choices you make while browsing. The Information these Cookies collect allows us to optimize our Web-Services and make them easier for you to use, and it does not personally identify you. If you disable or opt-out of these Cookies, you may not be able to use certain features of our Web-Services, and it may reduce the support or Information that we can provide you.

 

Analytics and Customization Cookies

EXOS utilizes these Cookies to collect Information we use in aggregate form to help us understand how our Web-Services are performing, how effective our marketing campaigns are, and to help us customize our Web-Services. If you disable or opt-out of these Cookies, you may not be able to use certain features of our Web-Services, and it may reduce the support or Information that we can provide you.

 

Advertising Cookies

EXOS utilizes these Cookies to collect Information about your browsing or shopping history. Additionally, these Cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that advertisements are properly displayed, and in some cases, selecting advertisements that are based on your interests. We may share this Information with third-parties to help create and deliver advertising personalized to you and your interests. If you disable or opt-out of these Cookies, you may not be able to use certain features of our Web-Services, and it may reduce the support or Information that we can provide you.

 

Social Networking Cookies

EXOS utilizes these Cookies to enable you to share pages and content on our Web-Services through third-party social networking and other websites. These Cookies may also be used for advertising purposes.

 

Use of Cookies

We use Cookies for a variety of purposes like recognizing Participant access (or logon) privileges to Web-Services or other online systems operated by us (such as to store usernames and other Information supplied at registration) and tracking usage and traffic patterns. Although most web browsers are initially set up to accept Cookies, you may be able to decline the placement of a Cookie on your hard drive by using the appropriate feature(s) of your web browser software (if available) to delete the Cookies. Please note, however, that certain areas or features of the Web-Services or other online system operated by us may not function properly if your web browser does not accept Cookies.

 

In addition to using Cookies, a Web-Services or other online system operated by any of us may employ "pixel tracking", a common process which may be used in connection with advertisements and/or internal tracking. Pixel tracking involves the use of pixel tags that are not visible to the Participant and consist of a few lines of computer code. Pixel tracking allows us to compile aggregate and specific usage statistics. A "pixel tag" is an invisible tag placed on certain pages of websites that is used to track a Participant's activity for the purposes of the Service. We may access these pixel tags to identify Participant activity. If you utilize the Web-Services or other online system operated by us, and we link you to another website, we may also be able to determine that you were sent to and/or transacted with a third-party website. Your Information may be compiled in aggregate for use in our marketing and research.

 

Cookies Placed by Third Parties

You may also encounter Cookies on our public-facing website (e.g. www.teamexos.com). We may also allow third-parties to place Cookies on our public-facing websites to track Information about your online activities and/or across third-party sites or online services, including to send you targeted advertisements based on that Information, which may include the remarketing of Web-Services that you have viewed on our websites and on third-party websites.

 

This Cookie Statement does not apply to the Cookies, applications, technologies, or websites that are owned by and/or operated by third-parties, or such third-parties’ practices, even if they use or access our technology to store or collect Information. To understand how third-parties use Cookies, please review their privacy policies.

 

Third-Party

Controlling and Opting-Out of Cookies

Your browser or device may offer settings that allow you to choose whether browser Cookies are set, and ability to delete them. For more Information about these controls and to exercise your cookie preferences, visit your browser or devices’ help material.

 

Do Not Track

Some browsers include the ability to transmit "Do Not Track" signals. We do not Process or respond to “Do Not Track” signals. Instead, we adhere to the standards described in our Policy and this Cookie Statement.