EGYM Privacy Policy
EGYM Privacy Policy
Last updated: Dec 13, 2024
1. Introduction
EGYM provides fitness-related services to consumers and to gyms, health centers, physio practices, fitness facilities, corporate clients, and similar companies (collectively, "Fitness Partners"). This Privacy Policy describes EGYM’s practices regarding information we collect about consumers, and the choices available to consumers regarding such information. Unless otherwise stated, “information” or “personal information” means information relating to an identified or identifiable consumer.
If you are a resident of California, Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Nevada, Oregon, Texas, Utah, Virginia, or Washington, please see your region-specific terms at the end of this Privacy Policy.
For details about EGYM, including our contact details, see the Contact Us section below.
2. Scope
This Privacy Policy applies to information EGYM collects through the following services (collectively, the “Service”):
- EGYM- branded websites, including www.egym.com, and www.egym-wellpass.com/us ("EGYM Sites");
- White label Fitness Partner-branded websites operated by EGYM that post a link to this Privacy Policy (“Fitness Partner Branded Sites”) (EGYM Sites and Fitness Partner Branded Sites are collectively the “Sites”);
- EGYM-branded apps, including the EGYM Fitness App, the EGYM Wellpass App, and the EGYM Trainer App (“EGYM Apps”);
- White label Fitness Partner-branded apps operated by EGYM that post a link to this Privacy Policy (“Fitness Partner Branded Apps”) (EGYM Apps and Fitness Partner Branded Apps are collectively the “Apps”);
- EGYM-branded fitness and body tracking equipment as well as equipment from third party manufacturers that use EGYM operated software ("EGYM Equipment");
- EGYM user accounts created through the Sites, Apps, or Equipment ("EGYM Accounts"); and
- any other online services operated by EGYM that post a link to this Privacy Policy.
Please note that your use of the Service is subject to our applicable terms of use. Click here for terms governing our fitness-related products and services. Click here for terms governing our Wellpass offering.
This Privacy Policy does not apply to:
- the practices of third parties that we do not control (see the “Third Parties” section);
- information processed by EGYM as a processor or service provider on behalf of Fitness Partners (see the “Information from Fitness Partners” section); information collected in the context of your current or prior employment with EGYM; or
- information that has been anonymized, or to the extent permitted by law, deidentified.
This Privacy Policy covers our US services. For data practices regarding non-US services, see the EEA Privacy Policy. To the extent we receive information from the EEA, the United Kingdom, or Switzerland, we will treat the information in accordance with the disclosures in the “International Transfer and Data Privacy Framework” section.
3. Collection
This section describes the information we collect and how we collect it.
Information we collect directly from consumers
Information you provide
When you use the Service, you may be asked to provide information to us, such as when you subscribe to our emails, enter a promotion or competition we sponsor, or contact support. The categories of information we collect include:
- Contact identifiers, including your name, email address, postal address, and telephone number.
- Characteristics or demographics, including your age, date of birth, and gender.
- Commercial or transactions information, including records of products or services you purchased, obtained, or considered.
- Content, including communications or feedback you send to us, for example to report a problem or to submit queries, concerns, or comments regarding services or content.
- Account credentials, including your log-in and password details.
- Payment information, including your payment instrument number (such as a credit or debit card number), expiration date, and security code as necessary to process your payments and details of any transactions you make. This information is processed by our payment processors.
- Profile information, including information you include in your profile (such as your photo and a personal description) or otherwise make public.
- Professional, employment, or education-related information, including employment details if you send us a CV, resume, or other details of your employment history in connection with an advertised job vacancy or a general inquiry regarding employment opportunities with us.
- Referral contact identifiers: Your stored contacts are only accessed if you use the "refer a friend" function within an App to populate a text message to inform certain of your contacts that you are using the App.
Please do not provide any information that we do not request.
Information we automatically collect
When you use the Service, we and third parties we work with automatically collect information from the browser or device you use. The categories of information we automatically collect include:
- Device identifiers, including the device's IP address and Ad Id.
- Device information, including the device's operating software and browser (e.g., type, version, configuration), internet service provider, and regional and language settings and time zone.
- Internet activity, including information about features used, pages visited, emails and ads viewed, products and services viewed and purchased, date and time of browsing, and referring and exiting pages.
- Non-precise location data, such as location derived from an IP address or data that indicates a city or postal code level.
This information is automatically collected through cookies and other tracking technologies incorporated into our Service, as described below:
- Cookies. Cookies are small data files stored to your web browser that act as a unique tag to identify your browser. There are two types of cookies: session and persistent cookies. Session cookies exist only during an online session and disappear from your device when you close your browser. Persistent cookies remain on your device after you have closed your browser and may remain on your device for extended periods of time.
- Pixels. Pixels (also known as "web beacons") are small pieces of code embedded in web pages, emails, and advertisements that send information to a server. There are various types of pixels, including image pixels (which are small graphic images) and JavaScript pixels (which contain JavaScript code). Pixels are often used in combination with cookies. When you access a service that contains a pixel, the pixel may permit us or another party to drop or read cookies on your browser, or collect other information about your browser or device.
- App technologies. App technologies are technologies included in apps that are not browser-based like cookies. For example, the Apps include third party SDKs, which are pieces of code released by third parties that provide certain functionality. App technologies may permit us or a third party to collect information from your browser or device.
We use these tracking technologies for a variety of purposes, including to help make the Service work, personalize your browsing experience, prevent fraud and assist with security, perform measurement and analytics, and provide advertising (including targeted advertising).
We also collect precise location data from your use of the Apps with your consent. We use precise location data for purposes such as verifying your location, locating gyms in your area, and delivering or restricting relevant content based on your location.
To exercise choice around tracking technologies, see the "Your Privacy Choices" section below.
Information relating to your fitness and workouts
When you use the Service, you may be asked to provide information to us relating to your fitness and workouts. The categories of information we collect include:
- Bookings and attendance, including your Fitness Partner bookings, attendance, check-ins, membership ID, barcode, photo, membership type, and favorite locations.
- Training data, including your training targets, training experience and exercises, preferred training days, weights used, training challenges, and preferred equipment.
- Physical characteristics, including your height, body weight, and target heart rate.
In addition, the Service may allow you to collect metrics relating to your fitness and workouts. The categories of metrics we collect include:
- Training session data, including your running speeds, weights used, and workout intensity.
- Physical characteristics exercise data, including your heart rate, weight, and posture.
We only obtain these metrics at your direction and/or with your consent. Metrics may be collected through sensors integrated within the Service or where you link the Service to third party fitness trackers, wearables, and devices.
Information we collect from Fitness Partners
As part of our provision of services to Fitness Partners, we may collect information about you from Fitness Partners. For example, a Fitness Partner to which you belong or schedule a booking may disclose to us your contact identifiers, characteristics or demographics, commercial or transactions information, bookings and attendance, training data, physical characteristics, training session data, and physical characteristics exercise data. Also, we may receive information about you if you are an employee of a Fitness Partner involved in our Wellpass offering.
Our processing of information received from Fitness Partners is governed by the terms of our agreements with those Fitness Partners. To the extent we process information as a processor or service provider on behalf of a Fitness Partner, the processing of your information is subject to Fitness Partner’s privacy policy and not this Privacy Policy. To the extent we process information as a controller, business, or third party, the processing of your information is subject to this Privacy Policy.
If you wish to exercise choice around how a Fitness Partner processes your information, please contact the Fitness Partner directly. We are not responsible for Fitness Partner data practices, and you should carefully review their policies.
Information we collect in the Business-to-Business Context
If you engage with us in a business-to-business context, we may collect business contact data about you. This information is not subject to this Privacy Policy except as required by applicable law.
Information we collect from Other Sources
We also collect information from other sources. The categories of other sources from which we collect information include:
- Third party fitness trackers, wearables, and devices that you link with our Service.
- Social Networks with which you interact. For example, when you engage with our content on social media (such as through our brand page or direct message), we may collect information such as your contact identifiers and any comments you provide. We may also receive additional information from the social media platform that you have authorized the platform to disclose to us. If you publicly reference our Service on social media (such as by tagging us or using a hashtag associated with us in a post), we may use your reference on or in connection with our Service.
- Third party vendors and related parties we work with in connection with receiving analytics, advertising, security, and fraud prevention services.
- Partners that offer co-branded services, sell or distribute our products, or engage in joint marketing activities.
- Publicly available sources, including data in the public domain.
Information We Infer
We infer new information from other information we collect to generate information about your likely preferences or other characteristics.
Sensitive Information
To the extent any of the categories of information we collect are sensitive categories of information under applicable law, such as consumer health data, we process such information only for the limited purposes permitted by applicable law. See our Consumer Health Data Privacy Policy for specific disclosures regarding consumer health data.
4. Purposes for Collection and Use
We collect and use information in accordance with the practices described in this Privacy Policy. Our purposes for collecting and using information include:
- Providing services. We collect and use information to provide services to you, including to operate the Service, establish and maintain your account, and provide support.
- Personalizing your experience. We collect and use information to personalize your experience and show you content we believe you will find interesting. For example, we analyze your training data and training session data to give you feedback on your progress.
- Communications. We collect and use information to communicate with you about updates, security alerts, changes to policies, and other transactional messages. We also collect and use information to personalize and deliver marketing communications to you. Communications may be by email, and, where you opt-in, push notification.
- Analytics. We collect and use information to understand trends, usage, and activities, for example through surveys you respond to and tracking technologies that we incorporate into the Service (such as Google Analytics).
- Advertising. We work with agencies, ad networks, technology providers, and other third parties to place ads about our products and services on other websites and services. For example, we place ads through Google and Meta that you may view on their platforms as well as on other websites and services. These ads incorporate tracking technologies to help serve the ads, measure their performance, detect ad fraud, limit the frequency of ads shown, and provide insights. If you visit our Service after seeing an ad on a third party service, tracking technologies on our Service help us attribute conversions and determine how effectively we use our ad budgets. Some of the advertising we engage in may be “targeted advertising,” which is the practice of showing you more relevant or personalized ads based on your activity collected over time and across non-affiliated services. Targeted advertising often involves us incorporating third party tracking technology into our Service.
- Security and enforcement. We collect and use information to prevent, detect, investigate, and address fraud, breach of policies or terms, or threats or harm.
- Improvement. We collect and use information for research and development purposes, including to improve our services, train our models and algorithms, and make business and marketing decisions.
- Potential employment. We collect and use information to evaluate you for employment opportunities with us.
- At your direction or with your consent. We use information for additional purposes where you direct us to use it in a certain way or with notice and your consent, such as when you link third party fitness trackers, wearables, and devices with our Service.
Notwithstanding the above, we may use information that does not identify you (including information that has been aggregated or deidentified) for any purpose except as prohibited by applicable law. Where we deidentify information, we commit to maintain and use the deidentified information in deidentified form and not attempt to reidentify it. For details on your choices regarding how we use information about you, please see the "Your Privacy Choices" section below.
5. Disclosure
We disclose information about you in accordance with the practices described in this Privacy Policy. The categories of persons to whom we disclose information include:
- Service Providers. We disclose information to our agents, contractors, and other service providers that process the information on our behalf for business purposes. Service providers assist us with services such as processing transactions, fulfilling requests for information, receiving and sending communications, updating marketing lists, analyzing data, advertising, website hosting, and providing support services. To the extent required by law, our service providers are contractually prohibited from using your information for any purpose other than performing the services for us, although we may permit them to use information that does not identify you (including information that has been aggregated or deidentified) for any purpose except as prohibited by applicable law.
- Third Party Vendors and Related Parties. Some of the third parties we work with to perform services act as our service providers in some contexts, but in other contexts independently control the purposes and means of processing your information. For example, we disclose information to ad networks, technology providers, and other third parties that help provide targeted advertising, but may also use information for their own purposes. For these third parties, we encourage you to familiarize yourself with and consult their policies and terms of use. Affiliates. We disclose information to our affiliates and related entities, including where they act as our service providers subject to this Privacy Policy or use the information in accordance with their own privacy policies.
- Fitness Partners. We disclose information to Fitness Partners in connection with our relationship to them. For example, if you schedule a booking with a Fitness Partner, we will disclose information to them to facilitate the booking. As another example, if you work with a trainer employed by a Fitness Partner, that trainer may receive access to training data in order to analyze the training and make recommendations in light of their observations and, where required, to make personal recommendations allowing for the further optimization of personal fitness goals. If you are an employee of a Fitness Partner involved in our Wellpass offering, we may disclose information to the Fitness Partner in connection with your use of the offering, including your check-ins or when you make a referral. We also disclose information to Fitness Partners in order to provide services, respond to questions and comments, comply with requests, market and advertise , and otherwise comply with applicable law.
- Partners. We disclose information to our partners in connection with offering co-branded services, selling or distributing our products, or engaging in joint marketing activities.
- Promotions. When you voluntarily enter a sweepstakes, contest, or other promotion, we disclose information as set out in the official rules that govern the promotion as well as for administrative purposes and as required by law (e.g., on a winners list). By entering a promotion, you agree to the official rules that govern that promotion, and may, except where prohibited by applicable law, allow the sponsor and/or other parties to use your name, voice and/or likeness in advertising or marketing materials.
- Merger or Acquisition. We disclose information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.
- To Other Users and the Public. If you have an EGYM Account, you may be able to share certain information about your account activity with other Service users. For example, you may be able to share your name, photo, activity points, ranking and progress in challenges, when and what workout you completed, and overview of workouts, such as calories burned and miles ran. You may also be able to comment on other user workouts. You may change your settings at any time through your EGYM Account as further set out in the "Your Privacy Choices" section below. Please think carefully before making information public as you are solely responsible for any information you make public. Once you have posted information, you may not be able to edit or delete such information, subject to any rights you have under applicable law.
- To Protect Rights and Safety. We disclose information to comply with the law or if we believe that such action is necessary to prevent fraud or cybercrime, enforce our Terms, or protect the Service or the rights, property or personal safety of any person. We must disclose information about you in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- Facilitating Requests. We disclose information at your request or direction, such as to link third party fitness trackers, wearables, and devices with our Service.
- With your Consent. We disclose information with notice to you and your consent.
Notwithstanding the above, we may disclose information that does not identify you (including information that has been aggregated or deidentified) except as prohibited by applicable law. For details on your choices regarding how we disclose information about you, please see the "Your Privacy Choices" section below.
6. Third Parties
We may link to or offer parts of our Service through websites and services controlled by third parties. In addition, we may integrate technologies, including those disclosed in the " Collection " section above, controlled by third parties. Except where third parties act as our service providers, they, and not us, control the purposes and means of processing any information they collect from you, and you should contact them directly to address any concerns you have about their processing. Third party data practices are subject to their own policies and disclosures, including what information they collect, your choices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.
7. Automated Decisionmaking Technologies
Some of the information we collect may be processed through technologies that use computation to execute decisions, including those derived from machine learning, statistics, or artificial intelligence (“automated decisionmaking technologies”). Specifically, if you choose to generate a personalized training plan through the Service, we may process your age, gender, measurements (like e.g. body weight, body height, body composition, etc.) and work out experience through automated decisionmaking technologies that use physical or biological identification or profiling to generate the training plan. This information may also be used for purposes of training the automated decisionmaking technologies. For details on your choice regarding the use of your personal information to train these automated decision making technologies, please see the "Your Privacy Choices" section below.
8. Your Privacy Choices
This section describes the choices available to you regarding your information.
Region-Specific Choice
Some regions provide additional rights by law for you to exercise choice, as described in our region-specific terms. See the applicable region-specific terms for details.
EGYM Account
If you hold an EGYM account with us, you may access, update, and remove certain information that you have voluntarily submitted to us through your account settings. We will address your request in accordance with our data retention practices.
If you have linked your EGYM Account with any Equipment or third party fitness trackers, wearables, or devices, you can unlink such Equipment or devices through your device and/or account settings. Please note that unlinking your accounts will not affect any information previously disclosed through the linking. We are not responsible for the data practices of any third parties, and we recommend that you carefully review their privacy policies and terms of use.
Browser and Device Controls
- Cookies and pixels. You may be able to manage cookies through your browser settings. When you manage cookies, pixels associated with such cookies may also be impacted. Please note that cookie management only applies to our website. If you use multiple browsers, you will need to instruct each browser separately. If you delete or reset your cookies, you will need to reconfigure your settings. Your ability to limit cookies is subject to your browser settings and limitations.
- App technologies. For some platforms (like Apple iOS), we will only receive access to your device's Ad ID if you provide consent. You can reset your device's Ad ID through your device settings, which is designed to limit how the prior Ad ID can be used. You can also stop collection of information within an app by uninstalling the app.
- Precise location technologies. You can stop collection of precise location data within an app through your device settings or by uninstalling the app.
- Preference Signals. Your browser or extension may allow you to automatically transmit Do Not Track and other preference signals. Except as required by law, we do not respond to preference signals.
- Third party opt-out tools. Some third parties we work with offer their own opt-out tools related to information collected through cookies and pixels. To opt out of your information being used by Google Analytics, please visit https://tools.google.com/dlpage/gaoptout. We are not responsible for the effectiveness of any third party opt-out tools.
- Industry opt-out tools for targeted advertising. Some of the third parties we work with are part of the National Advertising Initiative or follow the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising, which offer their own opt-out tools for targeted advertising. For details, visit https://www.networkadvertising.org/choices/ and https://youradchoices.com/control. We are not responsible for the effectiveness of any third party opt-out tools.
Communications
If you request information material offered free-of-charge (e.g. white paper, guidelines) from us, participate in a free webinar or request similar free services, we process the e-mail address you provide in the relevant form also for the purpose of informing you about our range of products and services, updates/news and offerings. Apart from that and where required by law in the applicable jurisdiction, we will obtain opt-in consent prior to sending you promotional emails.
For all jurisdictions, you can unsubscribe from our promotional emails, including our newsletters, at any time by following the instructions as provided in our emails to click on the unsubscribe link or emailing us at privacy@egym.com. Please note that your opt-out is limited to the email address used, will only affect the subscription you indicate, and will not affect non-promotional communications, such as those about your account, transactions, servicing, or EGYM's ongoing business relations.
You can also opt-out of receiving push notifications from us by adjusting your device settings or uninstalling the app.
Sharing Activity
If you have an EGYM Account, you may change at any time how you share certain information about your account activity with other Service users through your account settings. Please note EGYM is not responsible for any public information shared by you prior to limiting your settings.
9. Children
Our Service is not designed for users under 16 and we do not knowingly collect personal information (as defined by the U.S. Children's Privacy Protection Act or "COPPA") from children under 16. If you are a parent or guardian and believe we have collected personal information from your child, please contact us as set out in the "Contact Us" section below. We will delete the personal information in accordance with COPPA.
10. Security
We have security measures in place designed to safeguard information about you against loss, destruction, misuse, or unauthorized access or disclosure. For example, we periodically review our internal security measures and policies, and implement measures designed to restrict unauthorized personnel from accessing information about you. Nevertheless, you should bear in mind that transmission of information over the internet is never entirely secure, and we cannot guarantee the security of information about you.
11. Retention
We retain information for the length of time that is reasonably necessary for the purpose for which it was collected, and as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.
12. International Transfer and Data Privacy Framework
The information we collect pursuant to this Privacy Policy is governed by U.S. law. Information collected about you may be transferred to and processed in the U.S. and other jurisdictions, including the EEA. These jurisdictions may have data protection laws different from those of your country of residence. Your use of the Service or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of information about you in the U.S. and other jurisdictions as set out in this Privacy Policy. If your information is collected in the EEA, the United Kingdom, or Switzerland, we will transfer your information subject to appropriate safeguards, such as Standard Contractual Clauses or the Data Privacy Framework.
EGYM complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. EGYM has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. EGYM has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles, the UK Extension, and/or the Swiss-U.S. DPF Principles, the Principles will govern. The Federal Trade Commission has jurisdiction over EGYM's compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
EGYM's responsibility for personal data it receives in reliance on the DPF and subsequent transfers of that personal data to third parties is detailed in the DPF Principles. Where EGYM relies on the DPF Principles for onward transfers from the EU, UK, and Switzerland, including the onward transfer liability provisions, EGYM remains responsible under the Principles for third-party agents processing personal data on its behalf.
You have the right to ask us not to disclose your personal data to a third party (except where the third party is acting as an agent to perform tasks on our behalf and under our instruction) or purposes materially different than for which the personal data was originally collected or subsequently authorized by you. We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please email us as set out in the “Contact Us” section below.
For inquiries or complaints regarding our compliance with the DPF, or to exercise your rights, please contact us as set out in the "Contact Us" section below. If we are unable to resolve your complaint directly, you may submit your complaint at no cost to you to JAMS, an alternative dispute resolution provider based in the United States, at https://www.jamsadr.com/DPF-Dispute-Resolution. In the event there are residual complaints that have not been resolved by JAMS, or any other means, you may seek a non-monetary remedy through binding arbitration to be provided to you in accordance with the Data Privacy Framework.
To learn more about the DPF and to view our certification, please visit https://www.dataprivacyframework.gov/.
13. Changes to this Privacy Policy
We reserve the right to change this Privacy Policy from time to time. Any changes will be effective immediately upon posting of the revised Privacy Policy on the Service. Your continued use of our Service indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide you additional notice, such as to your email address or a prominent notice on the Service.
14. Contact Us
The controller under this Privacy Policy is:
EGYM, Inc.
1920 17th Street
Suite B
Denver, CO 80202, USA
United States
If you have any questions about this Privacy Policy, please contact us:
By email: privacy@egym.com
By mail: at the postal address above with Attention: Privacy Compliance
This Privacy Policy has been designed to be accessible to people with disabilities. If you experience any difficulties accessing the information here, please contact us privacy@egym.com.
14. California
Notice at Collection.
For residents of California, a t or before the time of collection of your personal information, you have a right to receive notice of our data practices. Our data practices are as follows:
- Collection. The categories of personal information we have collected in the past 12 months and the categories of sources from which the personal information is collected are set out in the “Collection” section above.
- Purpose. The specific business and commercial purposes for collecting and using personal information are set out in the “Purposes for Collection and Use” section above.
- Disclosure. The categories of persons to whom personal information is disclosed, including service providers for business purposes, are set out in the “Disclosure” section above. We disclose the categories of personal information listed in the “Collection” section above to third parties for business purposes.
- Sales and Shares. Some of our disclosures of personal information may be considered a "sale" or "share" as those terms are defined under California privacy law. A "sale" is broadly defined to include a disclosure for something of value, and a "share" is broadly defined to include a disclosure for cross-context behavioral advertising. We collect, sell, or share the following categories of personal information for commercial purposes: contact identifiers, characteristics or demographics, commercial or transactions information, user-generated content, device identifiers, device information, internet activity, non-precise geolocation data, and inferences drawn from any of the above. The categories of third parties to whom we sell or share your personal information include, where applicable, vendors and other parties involved in cross-context behavioral advertising. We do not knowingly sell or share the personal information of minors under 16 years old who are California residents.
- Sensitive Data. Some of the personal information we collect may be considered sensitive personal information under California privacy law. We collect, use, and disclose such sensitive personal information only for the permissible business purposes for sensitive personal information under California privacy law or without the purpose of inferring characteristics about consumers. We do not sell or share sensitive personal information.
- Retention. For the criteria used to determine the period of time personal information will be retained, see the “Retention” section above.
Right to Know, Correct, and Delete.
You have the following rights under California privacy law:
- The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which personal information is collected, the business or commercial purposes for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you.
- The right to correct inaccurate personal information that we maintain about you.
- The right to delete personal information we have collected from you.
These rights are verifiable rights, meaning that we need to verify your identity before fulfilling them. To exercise any of these rights, please submit a request through our form here or call our toll free number at 720 900 2526. If you have an account with us, we may require you to use the account to submit the request. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days and respond to your request within 45 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request.
Right to Opt-Out of Sales and Shares.
To the extent we sell or share your personal information as those terms are defined under California privacy law, you have the right to opt-out of the sale or sharing of your personal information to third parties. To exercise this right, click on "Cookie Settings" below or turn on a recognized opt-out preference signal, such as Global Privacy Control, in your browser or extension. Please note that when you submit an opt-out through either method we do not know who you are within our systems, and your opt-out will apply only to personal information collected from tracking technologies on the specific browser from which you opt-out. If you delete or reset your cookies, or use a different browser or device, you will need to reconfigure your settings. If you want the opt-out to apply to personal information we have about you in our systems, such as your email address, please also submit request through our form here (specifying the right you wish to exercise).
Right to Opt-Out of Automated Decisionmaking Technologies
To the extent we engage in the use of automated decisionmaking technologies, you have the right to opt-out. To exercise this right, please submit a request through our form here or call our toll free number at 720 900 2526. Please note that opting-out may prevent you from using certain services, including the creation of personalized workout plans.
Shine the Light.
California's "Shine the Light" law permits customers who are California residents to request certain details about how certain types of their personal information are shared with third parties and, in some cases, affiliates, for those third parties' and affiliates' own direct marketing purposes. To exercise a request, please write us at the email or postal address set out in the "Contact Us" section above and specify that you are making a "California Shine the Light Request." We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.
Minors.
If you are a California resident under 18 years old and registered to use the Service, you can ask us to remove any content or information you have posted on the Service. To make a request, email us at privacy@egym.com with "California Under 18 Content Removal Request" in the subject line, and tell us what you want removed. We will make reasonable good faith efforts to remove the post from prospective public view, although we cannot ensure the complete or comprehensive removal of the content and may retain the content in accordance with our retention practices.
Additional Details.
You have the right not to receive discriminatory treatment by us for the exercise of any your rights. You have the right to designate an authorized agent to submit requests on your behalf. Except for opt-out requests, we will require written proof of the agent's permission to do so and may verify your identity directly. To the extent permitted by law, all requests must be submitted through the designated methods listed above. Your rights are subject to exceptions and our retention practices.
14. Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia
Data Practices.
Residents of Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, Ner Jersey, Oregon, Texas, Utah, and Virginia have a right to receive notice of our data practices. Our practices regarding the collection, use, disclosure, and retention of your personal data are set out in the main Privacy Policy above.
Some of our disclosures of personal data may be considered a “sale” under applicable law, which may include a disclosure for something of value. We also may process your personal data for purposes of targeted advertising. We do not process personal data for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers.
Some of the personal data we collect may be considered sensitive personal data under applicable law. To the extent we collect sensitive personal data, we collect it with your consent.
Data Subject Requests.
You may have the following rights under applicable law:
- To confirm whether or not we are processing your personal data, and in some regions, to confirm the categories of personal data we have processed
- To access your personal data
- To correct inaccuracies in your personal data
- To delete your personal data
- To obtain a copy of your personal data that you previously provided to us in a portable and readily usable format
If you are an Oregon resident, you also have the right to rReceive a list of the specific third parties to which we have disclosed personal data.
If you are a Delaware resident, you also have the right to obtain a list of third parties to which we have disclosed your personal data.
These rights are verifiable rights, meaning that we need to verify your identity before fulfilling them. To exercise any of these rights, please submit a request through our form here or call our toll free number at 720 900 2526. We will respond to your request within 45 days. If you have an account with us, we may require you to use the account to submit the request. We may require specific information from you to help us confirm your identity and process your request. If we are unable to verify your identity, we may deny your request.
Right to Opt-Out of Sales and Targeted Advertising.
You also may have the right to opt-out of the processing of personal data for purposes of targeted advertising or the sale of personal data. To exercise this right, click on "Cookie Settings" below or turn on a recognized opt-out preference signal, such as Global Privacy Control, in your browser or extension. Please note that when you submit an opt-out through either method we do not know who you are within our systems, and your opt-out will apply only to personal data collected from tracking technologies on the specific browser from which you opt-out. If you delete or reset your cookies, or use a different browser or device, you will need to reconfigure your settings. If you want the opt-out to apply to personal data we have about you in our systems, such as your email address, please also submit request through our form here (specifying the right you wish to exercise).
Right to Revoke Consent.
You have the right to revoke consent previously given to us for the processing of your personal data. To revoke consent, write us at the email or postal address set out in the "Contact Us" section above and specify the consent you wish to withdraw. If you withdraw consent, you may not be able to receive certain services related to that consent.
Additional Details.
You have the right not to receive discriminatory treatment by us for the exercise of any your rights. You have the right to designate an authorized agent to submit requests on your behalf. Except for opt-out requests, we will require written proof of the agent's permission to do so and may verify your identity directly. To the extent permitted by law, all requests must be submitted through the designated methods listed above. Your rights are subject to exceptions and our retention practices.
Appeals.
If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at privacy@egym.com and specifying your wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows:
- For Colorado residents: https://coag.gov/file-complaint/
- For Connecticut residents: https://www.dir.ct.gov/ag/complaint/
- For Delaware residents: https://attorneygeneral.delaware.gov/fraud/cmu/complaint/
- For Iowa residents: https://www.iowaattorneygeneral.gov/for-consumers/file-a-consumer-complaint/complaint-form
- For Montana residents: https://dojmt.gov/consumer/
- For Nebraska residents: https://www.nebraska.gov/apps-ago-complaints/
- For New Hampshire residents: https://www.doj.nh.gov/citizens/consumer-protection-antitrust-bureau/consumer-complaints
- For New Jersey residents: https://www.njconsumeraffairs.gov/Pages/Consumer-Complaints.aspx
- For Oregon residents: https://justice.oregon.gov/consumercomplaints/
- For Texas residents: https://oag.my.salesforce-sites.com/CPDOnlineForm
- For Montana residents: https://dojmt.gov/consumer/
- For Virginia residents: https://www.oag.state.va.us/consumercomplaintform
15. Nevada and Washington
Nevada residents have the right to opt-out of sale of their information. To make a request, please write us at the email or postal address set out in the “Contact Us” section above and specify that you are making a “Nevada Opt-Out of Sale Request.” Your rights are subject to exceptions and our retention practices.
See our Consumer Health Data Privacy Policy for specific disclosures regarding consumer health data subject to Washington law, Nevada law, or other applicable state consumer health privacy law.