FFECTIVE: JANUARY 1, 2020; AMENDED AND RESTATED OCTOBER 30, 2020 AND APRIL 20, 2021
Please note that, depending on where you’re resident, certain parts of this Policy may or may not apply to you, which we make clear in the relevant sections. This is particularly relevant to residents in California, the European Union and the United Kingdom.
All of TRX’s websites and mobile apps, as well as the products or services offered through such platforms or at events or TRX training classes or TRX education courses are collectively referred to in the Policy as the “Services”. Unless otherwise noted, our Services are provided by TRXperience, LLC or Fitness Anywhere LLC in the United States and Canada, by Fitness Anywhere UK Limited in the United Kingdom, by TRX Training Co. Ltd. in Japan, and by TRXperience LLC or Fitness Anywhere LLC everywhere else. If you are located in the European Union, your data controller is Fitness Anywhere LLC to the extent that it is processing your Personal Data as permitted in this Policy. If you are located in the United Kingdom, your data controller is Fitness Anywhere UK Limited.
Your Personal Data
When we refer to “you” or “your” in this Policy we mean any individual who is a visitor or unregistered guest of any of our Services, who interacts or uses Services, attends any of our digital or in-person events, who holds an account or creates a profile for any Services offered by TRX or uses them, who receives any survey, questionnaire, application, or other form of Personal Data request from TRX via email or any other way, or any individual who comments on, reviews, or who otherwise posts any content generated by the individual on any of our Services (or TRX’s social media networks which then may be shared with or accessed by the Services).
“Personal Data” as used in the Policy means information that can be used to identify you, directly or indirectly, alone or together with other information. This includes things such as your full name, email address, phone number, precise geographic location, “Device IDs” (as defined below), certain cookie and network identifiers, your user ID and password personal to your customer billing information and data and “Health-Related Information” (as defined below).
We may also create anonymous data from Personal Data by excluding personally identifiable data components (such as your name, email address, telephone number, or IDs) that makes the data personally identifiable to you, through one or more secure methods of data anonymization. Our use of anonymized data is not subject to this Policy.
BY USING THE SERVICES, WHERE YOU ARE RESIDENT IN A COUNTRY OTHER THAN WITHIN THE EU OR THE UK, YOU CONSENT TO THE COLLECTION, USE, AND TRANSFER OF YOUR PERSONAL DATA FOR PROCESSING AS PROVIDED FOR IN THIS POLICY. IF YOU ARE AN EU OR UK RESIDENT, PLEASE SEE SECTION 5 BELOW FOR AN EXPLANATION OF THE LEGAL BASES ON WHICH WE RELY TO PROCESS YOUR PERSONAL DATA.
1. HOW DO WE COLLECT PERSONAL DATA?
We may collect Personal Data in any situation where you may voluntarily provide us such Personal Data, when using or interacting with Services, (e.g., when using Services during any digital, live or on-demand, classes whether or not through our subscription services, when purchasing products, when attending in-person events, as well as, in a number of other ways) which include:
- If you choose to register with us and create a user account (“User Profile”) and when you do we may ask you to provide information about yourself such as your name, location, email, and create a personalized username and password as well as provide an image or avatar. However, only your name, email and creation of a username and password is required to set up a User Profile, the rest of the information is optional. If you make a payment to TRX you are required to provide your billing details, a name, address, email address and financial information corresponding to your selected method of payment (e.g., a credit card number and expiration date or other payment information). If you provide a billing address, we will regard that as the location of the account holder to determine which TRX entity with whom you contract.
- Once your User Profile is created, anytime you log in to use Services, we will collect additional information (which may include achievements, milestones or other indications) and add it to your User Profile, such as the total number of classes taken, the dates you took classes, which classes you take, your followers and who you are following. You acknowledge that your User Profile information may be personal to you, and by creating an account and providing such information through the use of Services, you allow others, including TRX, to identify you and therefore you may not be anonymous.
- We may collect other information from you as a result of your use of Services, such as attendance history or purchase history, events, products or other services you purchase or participate in through Services. Additionally, you have the option of providing and/or storing additional information as may be specified on the applicable TRX Services. For example, if you register with one of TRX’s apps or other Services, then such additional information may include the collection of a limited amount of fitness, physical activity, and health-related information from you that you may provide in connection with creating a User Profile with us (collectively, “Health-Related Information”). This Health-Related Information (such as whether you are pregnant, suffer from a heart condition, dizziness, high blood pressure, and knee or back problems) helps you determine your eligibility to participate in training programs that may be accessed through the corresponding TRX app. If you participate in such training programs, we may also obtain certain measurements, height, weight and age from you. Your calories burned, distance traveled and heart rate may be obtained from your mobile device. We may also receive Health-Related Information and other related data from the Apple HealthKit API. We may associate this information with other Personal Data that you have provided in order to improve and provide Services and as otherwise described in this Policy.
- We may collect Personal Data from you when you choose to participate in promotions, contests, sweepstakes or loyalty programs that we may offer from time to time (either on a TRX standalone basis or in conjunction with our business partners as part of collaborative co-branded promotional or marketing activities), or when you request to receive user or technical support or otherwise communicate with us.
- From time to time, we (or third parties acting on our behalf) may contact you to participate in research, surveys or beta testing or to provide reviews and testimonials. If you decide to participate, you may be asked to provide certain information, which may include Personal Data. All information collected from your participation in our research, surveys, reviews or testimonial process, or beta testing is provided by you voluntarily. We may use such information to improve our products or Services or for internal business purposes, in any manner consistent with this Policy.
- When you access the Services from your own devices (whether your own computer or mobile phone, tablet, or other devices), then we may collect certain identifying information of your device such as the IP address, UUID (for mobile devices), operating system version, device type, system and performance information, the files viewed on our Services (e.g., HTML pages, graphics, etc.), and browser type (collectively, “Device IDs”). We may use your Device ID or User Profile to provide a tailored experience for you. In addition, the Device ID information may be collected in order to determine the aggregate number of unique devices using a particular Service, to track total usage, analyze data, and communicate with you more effectively. We may combine your Device ID with information from third parties or with other Personal Data to provide you with a better experience and to improve the quality of our Services. We do not share any Personal Data with third parties in association with your Device ID or your other Personal Data.
- Visitors or unregistered guest users are only required to provide as much information as is reasonably necessary to complete any transaction which they have initiated through the Services, including an email address, billing, and shipping information. Unregistered guest users’ shipping information will be stored and may be used for purposes outside of completing the transaction for which it was provided, such as communicating specials, new products or new services (unless you opt out of such communications).
- We may capture visual image, name, likeness and voice recording (e.g., via photographs and/or video, collectively “Capture”) if you participate in any of our live in-person or digital live or on-demand classes or events through Services and/or call our support or sales team members; provided that, we would only do so with notice to you and with your knowledge. If you participate in a live or on-demand digital class or event through Services, you may deactivate any such Capture as a participant if you turn off your audio or video recording device on the device from which you access Services (e.g., whether on your own computer or mobile phone, tablet, or other device). We may use and store such Capture or use and store support and sales calls to help resolve user questions, for quality purposes, to improve our products and services, for internal business purposes and as required by law.
- We may offer publicly accessible blogs, social media pages, produce or service review pages, privacy messages, video chat or community forums. You should be aware that, when you disclose information about yourself on TRX’s blogs, social media pages, product or service review pages, private messages, community forums, and within video chat sessions, digital live or one-demand classes, TRX will collect the information you provide in such submissions, including any Personal Data. If you choose to submit content, including reviews, to any public area of Services or in any public area operated by third parties, such content will be considered “public” and will not be subject to the privacy protections provided in this Policy.
- We will be using browser session data to store your shopping cart on any TRX website where products or Services may be purchased, as well as, your session data while you browse these websites. Your session data will be stored only for that browser session. However, if you have logged into your TRX website account as registered user, then your activities will be saved by browser session and stored on the server with a session ID.
- We do monitor the use of the Services by collecting aggregate information. No Personal Data is collected in this process. Typically, such information comprises user statistics, traffic patterns, sales, and site usage. This information is used for our business optimization and assessment purposes, including to improve usability, performance and effectiveness of the Services.
- In some instances, we may collect aggregate data through cookies and similar files. The majority of browser applications accept cookies and similar files, but you can usually change the browser settings to prevent this or, if you are resident in the EU or the UK, you will be given the option whether or not to allow these cookies. However, if you do turn off these cookies, some functionality of the Services may be impaired or lost, particularly any customization features of the Services. Cookies help us customize your content experience (for example to store your password so you do not have to re-enter it each time you access your account on a TRX app) and to learn which areas of the Services are useful and which areas need improvement.
We also do allow certain Google Analytics features on our Services provided by Google, Inc. (“Google”) that are used as part of our display advertising (such as banners or other ad formats that include text, videos, images, flash, and etc.) and subsequent retargeting ads. The Google Analytics features provides us with information on account status and performance monitoring, audience summaries, active users, user explorer, analytics audience, visitor quality, conversion probability, comparison reports, demographics and interests and user flow report. Information generated by a cookie (including your IP address) may be transmitted and stored on Google’s servers in the United States. Google will use this information to evaluate the use of this website by visitors, create reports about such use and to provide other services relating to activities on this website and the use of the internet in general. Google may also provide this information to third parties if it is required by the law or if such third parties process this information for Google. You may opt out of certain types of Google Analytics tracking (or preempt your participation in Google Analytics) by contacting Google directly through its customer ad support feature and/or downloading the Google Analytics opt-out browser add-on. Alternatively, to opt out of being tracked by Google Analytics across all websites please visit: https://tools.google.com/dlpage/gaoptout. For detailed information about Google Analytics and Google’s handling of personal data, please see www.google.com/policies/privacy/partners and http://www.google.com/intl/en/privacy/privacy-policy.html. Again, you may always remove or disable cookies via your own browser’s settings.
- If you arrive at any of TRX’s Services from an external source (such as “refer a friend” promotions), we record information about the source that referred you to us. We collect your Personal Data from third parties if you give permission to those third parties to share your information with us or where you have made that information publicly available online.
- Our Services may provide links to third-party websites that are outside of our control and not covered by the Policy (e.g. Instagram, Facebook, Twitter, etc.). We encourage you to review the privacy policies posted on these (and all) websites and corresponding apps to learn about these third parties’ policies and practices with respect to your Personal Data.
Any improper collection or misuse of Personal Data provided to TRX may be a violation of the Policy and should be reported to firstname.lastname@example.org or to our toll-free phone number or mailing address as provided in Section 8 below.
2. HOW DOES TRX USE PERSONAL DATA?
Whether you access any of the Services either as a visitor or unregistered guest, or as a registered user, your Personal Data is used to generally manage your user information and accounts, respond to questions, comments or other requests, provide the transaction, product or Service, allow you to register or give you access to Services, including products, content, or other services you may purchase or request or personalize your Services. If you choose to create a User Profile, we may additionally use your Personal Data to contact you to remind you about products or Services which remain in your shopping cart or to obtain product or Service feedback or reviews.
Other ways we may use your Personal Data include:
- We may disclose your Personal Data internally within TRX and with other companies that are affiliated with or controlled by TRX in order to provide and improve the Services, for marketing purposes, develop new products and Services, ensure quality control, or other legitimate business interests (including fraud prevention or compliance with legal obligations). We may also share your Personal Data with our select business partners with whom we are engaging in collaborative co-branded promotional or marketing programs. We invite you to visit the website of such business partners to understand the nature and extent of their use of any disclosed Personal Data. In the event you believe any use of Personal Data by such business partners is problematic, we ask that you contact us at email@example.com.
- We may use Personal Data to provide you with materials about offers, products and Services that may be of interest, including new content or services or for other purposes disclosed at the time that you provide your Personal Data or otherwise with your consent. TRX may provide you with these materials by phone, postal mail, text or email, as permitted by laws. We may require your consent to send these communications to you as required by applicable laws.
- We may use Personal Data to create non-identifiable information that we may use alone or in the aggregate with information obtained from other sources, in order to help us improve our existing products and Services or develop new products and Services. From time to time, TRX may perform research (online and offline) via surveys. We may engage third party service providers to conduct surveys on our behalf. All survey responses are voluntary, and the information collected will be used for research and reporting purposes to help us better serve individuals by learning more about their needs and the quality of the products and services we provide. The survey responses may be utilized to determine the effectiveness of our Services, various types of communications, advertising campaigns and/or promotional activities. If an individual participates in a survey, the information given will be used along with that of other study participants. We may share anonymous individual and aggregate data for research and analysis purposes.
- Individuals who provide us with Personal Data, or whose Personal Data we obtain from third parties, may, as permitted by law, receive periodic emails, newsletters, mailings, text messages or phone calls from us with information on TRX’s or our business partners’ products and services or upcoming special offers/events that we believe may be of interest. We offer the option to decline these communications at no cost to the individual by following the instructions in Section 5 below. We may require your consent to send these communications to you as required by applicable laws.
- We may disclose your Personal Data with our business partners, service providers, vendors, authorized distributors, agents, or contractors in order to provide a requested service or transaction, or to process information on our behalf (collectively, “Data Processors”). For example, if we need to ship something to you, we must share your name and address with a shipping company. We require that these Data Processors agree to process Personal Data based on our instructions and in compliance with prevailing privacy laws and any other appropriate confidentiality and security measures.
- We also may share non-personal, aggregate information regarding customer demographics, traffic patterns, sales, and site usage with our Data Processors or other thirty party internet advertisers or content publishers. We may transact some services or offer access to content in collaboration with these Data Processors or other third parties. Personal Data that you provide to those Data Processors or other third parties may be sent to us so that we can deliver the requested product, content, or service.
- Personal Data may also be accessed by third party applications, such as gadgets or extensions, through Services. Any Personal Data when you enable such a third party application is processed under this Policy. Any information collected by a third party application provider is governed by their privacy policies.
- We may disclose your Personal Data with our social media network providers and any comments, statuses, updates, likes, tweets, and etc. that you voluntarily share with us through our social media networks may appear on our Services in the scrolling bar or other designated area that shows activity on our pages or profiles.
- We may from time to time contact individuals based on Personal Data that you may provide us that will be used for “refer a friend” or similar “email to a friend” promotions. You must have the consent of those individuals whose Personal Data or other information you are providing to us. By submitting the Personal Data or other information of such individuals, you confirm that you have that individual’s prior consent: (a) to his/her Personal Data (such as their name and email address) being disclosed to us, and (b) to our contacting them. TRX reserves the right to disclose that we have obtained the individual’s Personal Data or other information from you and that we are contacting them because you have told us they may be interested in our Services and have provided us with their name and email address. You are solely responsible for any personal messages you submit to the individual. You must not submit any message containing content that is illegal, obscene, indecent, offensive, blasphemous, defamatory or otherwise inappropriate.
- In order to accommodate changes in our business, we may sell our company or buy other companies or assets, including any Personal Data or related information collected through our Services as outlined in this Policy. If we sell substantially all of our assets, customer information, including Personal Data, will be one of the assets transferred to the acquirer and that entity and its affiliates may use your Personal Data under the terms of their own privacy policies, which may differ from this Policy.
Except in connection with our obligations to comply with any Legal Requirements, we will not purposely share any Health-Related Information (including your data from the Apple HealthKit API) with any third parties for marketing and advertising purposes or for any other purpose without your prior consent.
Please note that TRX has not sold any Personal Data during the past 12 months.
3. WHAT ABOUT A CHILD'S PERSONAL DATA?
Our Services do not target and are not intended to attract minors under the age of 13. We do not knowingly collect information from or about minors under the age of 13. If you become aware that a minor has provided us with Personal Data without parental consent, please contact us at firstname.lastname@example.org or at the toll-free phone number or mailing address provided in Section 8 below. If we become aware that a minor under 13 has provided us with Personal Data without parental consent, we will take immediate steps to remove such Personal Data and cancel the child’s account without notice.
We do not sell the personal information of minors under 16 years of age and would not in any event do so without affirmative authorization.
EU and UK Residents
Please be aware that in order to maintain our compliance with the GDPR Laws (see Section 5 – EU and UK Residents below), we will not process the Personal Data of any child who is below the age of 16 years unless we receive the express consent of the parent or authorized guardian of the child. In order to comply with the foregoing, we will make reasonable efforts, inquiries, or other contact with you in order to verify the age of the child and the person who is properly vested with the authority to provide consent on behalf of the child. In the event we cannot verify the age of the child or the parent/guardian’s capacity to provide consent, we will not process the Personal Data of the child and cancel the applicable account without notice.
4. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We only retain the Personal Data collected from you for as long as your account is active or otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law. We will retain and use information as necessary to comply with Legal Requirements, to resolve disputes, and/or enforce our agreements as follows:
- Any backups of the contents of closed or deleted accounts may be kept for three (3) months after date of closure or deletion
- Billing information is retained for a period of seven (7) years as of their provision to us
We reserve the right to make adjustments to the above periods that may result as a result of any orders, laws, or regulations issued by any governmental, legislative, or regulatory body with jurisdiction over us.
5. WHAT RIGHTS DO YOU HAVE TO YOUR PERSONAL DATA?
You may contact us any time at email@example.com (or at our toll-free phone number or mailing address provided in Section 8 below) to request any of the following:
- View or access what Personal Data we have about you, if any
- Change or correct any Personal Data we have about you
- Request us to disclose or delete any Personal Data we have about you
- Express any concern you have about our use of your Personal Data
If you are a resident of the State of California, you have certain rights under the California Consumer Privacy Act of 2018 (the “CCPA”), which includes a list of the categories of Personal Data that TRX has collected about consumers in the preceding 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of Personal Data we collected about you.
- The categories of sources for the Personal Data we collected about you.
- Our business or commercial purpose for collecting that Personal Data.
- The categories of third parties with whom we share that Personal Data.
- The specific pieces of Personal Data we collected about you.
For your general information, the following is a list of each category of Personal Data collected by TRX from its consumers:
- Identifiers and protected legal characteristics (such as name, alias, postal address, email address, social security number, IP address, account name, gender, age, national origin, religion, race, color, creed, disability, status of citizenship, etc.)
- Commercial information (such as records of products or services purchased or considered, or other purchasing or consuming histories or tendencies).
- Biometric information (such as physiological or behavioral information that we may obtain from or about consumers to offer relevant product or exercise/training information)
- Usage, internet activity and inferences about personal preferences and attributes (such as information on your interactions with our site and our company, e.g. via cookies).
- Geolocation data (such as physical location, generally).
You have the right to request the deletion of your Personal Data, except where:
- TRX has the need to retain the personal information in order to provide goods or services to you;
- Detect or resolve security or functionality-related issues;
- Comply with the law;
- Conduct research in the public interest;
- Safeguard the right to free speech; or
- Carry out any actions for internal purposes that the consumer might reasonably expect.
You have the right not to receive discriminatory treatment by TRX for the exercise of your privacy rights conferred by the CCPA. Unless permitted by the CCPA, we will not:
- Deny you goods or services;
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Provide you a different level or quality of goods or services;
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates or quality level so long the financial incentives we offer reasonably relate to the value of your Personal Data and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
For requests received under the CCPA, we will confirm receipt of your request within 10 days. After confirming receipt of your request, we will respond to your request to exercise these rights within it is a request to delete Personal Data in California, within 45 days or as may otherwise be allowed under the CCPA.
EU and UK Residents
If you are a resident of a member nation of the European Union or the United Kingdom, we wish to confirm for you the legal basis on which we process your Personal Data as required by the European General Data Protection Regulation (“EU GDPR”) and the United Kingdom General Data Protection Regulation (“UK GDPR”), together the “GDPR laws”. We only will use and process your Personal for the following lawful reasons:
When it is necessary to process a transaction on your behalf or to perform under a contract, including to enter into a contract with you. For example, if you purchase products from us, we will send you emails related to your order.
When we have a legitimate business interest. For example, when we email you about products we have available that are related to your order with us or for analytics purposes. The purposes for using Personal Data outlined in Section 2 – How does TRX use Personal Data are processed on the basis of our legitimate interests, unless it is to provide you with the Services (in which case the above legal basis applies) or it is specifically stated in that section that we require consent or it is a Legal Requirement.
- When it is necessary for compliance with a legal obligation to which we are subject. For example, to prevent fraud or to comply with a request you make pursuant to your rights under the GDPR Laws.
- When it is necessary in order to protect vital interests. For example, if we have to recall a product for safety reasons or if there is an emergency during the performance of our Services to you and you are not able to give your consent.
As a resident of a member nation of the European Union or the United Kingdom, we also provide you with the following rights as required by the GDPR Laws:
Right to Access of Personal Data: You may request confirmation regarding the purposes for which we have processed your Personal Data, as well as, access relevant information on that processing and what Personal Data is involved.
Right to Receive Personal Data: You may request to receive the Personal Data that you have provided to us in a secure, portable manner or request that we transmit your Personal Data directly to a data controller that you identify to us. We will do this if it is technologically possible, otherwise we will provide the Personal Data directly to you.
Right to Request Restriction of the Processing of Personal Data and Right to Withdraw Consent: You may request that we restrict our processing of Personal Data in certain situations such as when there is a discrepancy or mistake involving your Personal Data, or when you may oppose the deletion of your Personal Data, and instead, request an appropriate restriction on our use of your Personal Data. You also retain the right at any time to withdraw your consent to any processing of your Personal Data for purposes where you had previously consented (such as receiving direct marketing emails from us).
Right to Object to Processing: You have the right to object to our processing of Personal Data in any situation where our processing is unlawful, or which may subject your personal freedoms, interests, or rights to prejudicial and irreparable harm; provided, however, that if Legal Requirements or other compelling legitimate business grounds apply in such circumstances, then these may override the impact of prejudicial and irreparable harm to your personal freedoms, interests, or rights and we may still process your Personal Data as needed.
Right to Have Corrections Made to Personal Data: You have the right to request any lawful change or correction to Personal Data that you have provided to us.
Right to Deletion of Personal Data: You have the right to ask us to delete your Personal Data to the full extent permitted by law and any Legal Requirements to which we are bound.
We will confirm receipt of your request within 10 days and provide information about how we will process the request. After confirming receipt of your request, we will respond to your request to exercise these rights within a reasonable time (and in all cases within one month of receiving a request). In order to exercise any of these rights, please contact us at firstname.lastname@example.org or at our toll-free phone number or mailing address as provided in Section 8 of this Policy.
6. WHAT IS TRX’s COMMITMENT TO THE PROTECTION OF PERSONAL DATA?
We implement appropriate technical and organizational safeguards to protect against unauthorized or unlawful processing of Personal Data and against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data. We are committed to testing, monitoring, and maintaining records related to data security and access controls impacting our Systems that are aligned with industry best practices and commensurate with the size of transactions and collection of Personal Data that we process and transfer. While we cannot fully eliminate security risks associated with the storage, transfer, and transmission of Personal Data, we will endeavor to remain educated and retain the internal and external resource expertise in order to adapt and modify our data protection practices as required by evolving global data security and cyber threats, terrorism, and fraudulent or malicious programs. Unfortunately, no measures can be guaranteed to provide 100% security. Accordingly, we cannot guarantee the security of your information. In some cases, the weakness of a username / password combination, selected by our users may be so weak as to allow third-parties to breach our security using one of multiple cyber-piracy tools. This may result in improper access to your Personal Data for which TRX cannot be held liable for. TRX will also not disclose or use the username / password combination outside of the TRX Services. Users must demonstrate and offer compelling evidence of any claimed financial harm resulting from a violation of privacy before joining any action or class action suit to allow TRX a right to reimburse for any proven harm.
International Data Transfers
TRX Privacy Shield Information for EU/Swiss Residents
If you reside in a member country of the EU, the UK or Switzerland, TRX does self-certify that it complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, “Privacy Shield”) as set out by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland. TRX has self-certified that it adheres to the Privacy Shield Principles of notice, choice, onward transfer (including our Data Processors or other third parties as permitted in this Policy), security, data integrity, access, and enforcement. To learn more about the Privacy Shield program, and to view TRX’s certification, please visit: https://www.privacyshield.gov/list.
Under the Privacy Shield’s “Onward Transfer Principle”, we may remain liable for the processing of Personal Data of EU, UK or Swiss residents that we transfer to our Data Processors or other third party service providers or agents. In certain situations, we may be also required to disclose Personal Data in order to comply with lawful requests from public authorities, including to meet national security or law enforcement purposes.
To the extent human resources data is transferred by us from the EU, UK or Switzerland in the context of an employment relationship, TRX commits to cooperate with European Union data protection authorities (DPAs), the United Kingdom Information Commissioner (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to the transfer of such human resources data transferred from the EU, UK and/or Switzerland.
In order to ensure compliance with the Privacy Shield, we must designate an independent recourse mechanism, so that the complaints or disputes of residents of the EU, UK and Switzerland may be investigated and resolved at no cost to such residents. We have selected the International Centre for Dispute Resolution, which is the international division of the American Arbitration Association (“ICDR-AAA”), to resolve any disputes or complaints that residents of the EU, UK and Switzerland may raise about this Policy or our violation of applicable laws, rules, or regulations in the handling of Personal Data. For more information on the ICDR-AAA and how to file complaints, please visit: https://www.icdr.org/privacyshield. We also would like to inform you that if your dispute or complaint is not resolved either directly with us or through the ICDR-AAA, then under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Additionally, as required by the Privacy Shield, we must inform all residents of the EU, UK and Switzerland that we are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Please contact us with any concerns or questions regarding our compliance with the Privacy Shield in any of the manners provided in Section 8 of this Policy.
TRX Anti-Spam Efforts
In accordance with Canadian Anti-Spam Legislation (CASL) S.C. 2010, c. 23, the process of account set-up is considered an express opt-in of solicitation efforts and users understand the identity of senders is inherently made clear via the branded services offered. TRX endeavors to offer in Canada single-click opt-out modes to unsubscribe to any promotional message. Such procedure is also in effect in Europe under Directive 2002/58/EC and 2003/58/EC – Amended 68/151/EEC. Such procedure is also in effect in Europe under the Spam Act of 2003. The user also acknowledges that it has been notified in advance that since TRX is an international corporation, recipients in Australia may receive Commercial Communications outside of the hours set by the Spam Act.
7. HOW WILL YOU KNOW OF CHANGES TO THE POLICY?
The most recent version of this Policy was updated on April 20, 2021. We may change the Policy from time to time, and will otherwise review, update and republish as may be required by applicable law. In circumstances where a change will materially change the way in which we collect or use your Personal Data, we will send a notice of this change to all of our then-current registered account holders in advance of implementing such changes.
8. HOW CAN YOU CONTACT US IN ORDER TO EXERCISE YOUR RIGHTS OR MAKE ANY INQUIRIES OR COMPLAINTS?
If you wish to exercise any of your rights regarding your Personal Data as outlined in this Policy, or if have any questions or complaints about the Policy, please contact us by email at email@example.com. You may also contact us by mail at:
Fitness Anywhere LLC
1990 N. California Blvd.
Suite 20 PMB 1058
Walnut Creek, CA 94596
Only you, or a person authorized by you to act on your behalf, may make requests or exercise rights related to your Personal Data. Parents or guardians may also make a request on behalf of their minor child.
We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make a request and confirm the Personal Data relates to you. Thus, the request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and describe your request with sufficient detail that allows us to properly understand, evaluate and respond to it.
Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account. We will only use Personal Data provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Under the CCPA, California residents may only make a request for access twice within a 12-month period.
Complaints will be resolved internally in accordance with our complaint procedures. If you live in the European Union, United Kingdom or Switzerland and efforts to resolve the matter internally are unsatisfactory, the complaint may be submitted to the ICDR-AAA which has been selected as the independent recourse mechanism to resolve complaints and disputes relating to treatment of Personal Data originating from residents of the European Union, United Kingdom or Switzerland under this Policy.
We encourage you to contact us directly and allow us to work with you to address your concerns. Nevertheless, you have the right to lodge a complaint with a competent data protection supervisory authority, in particular in the EU member country where you reside, work or the place of the alleged complaint, or the United Kingdom’s Information Commissioner’s Office if you are a UK resident. You have the right to do so if you consider that our collection, processing, or transfer of Personal Data relating to you violates applicable privacy or data protection laws.