Last Modified February 28, 2020
1. Types of Information We Collect
a. Personal Information; Anonymous Information. We collect both Personal Information and Anonymous Information about our users. “Personal Information” is information that can be used to contact or identify you or individuals about whom you enter information as part of your activities on our Services, such as first name, last name, date of birth, gender, e-mail address, phone number, street address, location, mobile device information, including mobile network, manufacturer and provider information, username and/or e-mail address in combination with a password or security questions and answers, account numbers or credit/debit card numbers, even without a security code, access code, or password if the account could be accessed without such information, comments, check-in and check-out times, information you record about the length and types of fitness activities you engage in while at a Gym, as well as information that is linked to the forgoing information. “Anonymous Information” or de-identified information is information that cannot reasonably be used to contact or identify you and is not linked to information that can be used to do so. It includes passively collected information about your activities on the Services such as usage data, to the extent that information is not linked to your Personal Information.
b. “Aggregated Anonymous Information” is the combination of your Anonymous Information with the Anonymous Information of other users. Aggregated Anonymous Information does not allow you to be identified or contacted.
c. “Non-Personally Identifyable Information. Through your use of the Services, we may also collect certain non-personally identifiable information from you (“NPII”). NPII is not associated with you as an individual. It is measured anonymously and only in the aggregate.
d. Cookies; Pixel Tags.We may also use tools such as cookies and pixel tags to gather information as well. “Cookies” are small pieces of information that a website sends to your device while you are viewing the Website. We use both session Cookies (which expire once you close your web browser), persistent Cookies (which stay on your device until you delete them) and third-party Cookies (which are placed by a website from a domain other than ours) to provide you with a more personal and interactive experience. Persistent Cookies can be removed by following web browser help file directions. "Pixel Tags" (sometimes called "web beacons" or "clear gifs") are a snippet of code that collects information about a visitor’s behavior on a website, and then sends the information back to the originating platform to be processed and reported.
e. Unique Device Identifiers. Users can access and browse the Website and download the Mobile App without disclosing Personal Information, although, like most service providers, we passively collect certain information from your devices, such as your IP address, browser information, unique device identifier (“UDID”) and/or your mobile manufacturer, network provider and operating system as you use the Website.
f. User-Provided Information. We collect information that you provide directly to us when you engage in the following:
- When you enter your email address into the Services
- When you register an account with FLEXIT or update or change your account information
- When you use the Services including when you check-in and check-out of each Gym
- When you record information about the length of your fitness sessions at a Gym and what exercises, activities and/or Gym Benefits you engaged in or used while at a Gym
- When you communicate with FLEXIT via e-mail, telephone, or other methods
- When you participate in promotions offered or made available by us
- When you complete a survey for, submit information to, or request information from, FLEXIT
- When you purchase products from FLEXIT (such as through our Mobile App)
i. Geolocation. If you access the Website or Mobile App through a desktop or mobile device, we may access, collect, monitor and/or remotely store geo-location data.
j. Third-Parties. We may also obtain information from other sources and combine that with information we collect directly. For example, we may collect information about you from third parties, including but not limited to identity verification services, fraud detection service providers, credit bureaus, mailing list providers and publicly available sources. If you create or log into your account through a social media site, we will have access to certain information from that site, such as your name, account information and friends lists, in accordance with the authorization procedures determined by such social media site.
We use third-party services, such as Google Analytics, Google AdWords, Facebook Pixel, DoubleClick and Twitter Conversion Tracking, to track and analyze online behavior of our Users. These services may help inform, optimize, target and serve ads based your visits to our Website. We do this to better understand how you use the Services, with a view to offering improvements for all Users, and to tailor our business and marketing activities accordingly. If you would like to opt out of Google Analytics, please download and install the browser plugin at http://tools.google.com/dlpage/gaoptout?hl=en. Users can also opt out of third party interest based advertising by visiting the Network Advertising Initiative’s deactivation website at www.networkadvertising.org/choices/.
When you interact with FLEXIT through social media networks, such as when you follow us, share content or contact us through Facebook, Twitter, Instagram, YouTube, Snapchat or other sites, we may receive information about you, including your profile information, picture, user ID associated with the social media account, friends list, and any other information you permit the social media network to share with third parties. The data we receive is dependent upon your privacy settings with the social network in question.
2. How We Use Your Information
a. Personal Information. We may use your Personal Information for the following representative purposes:
- Review and process your submissions to promotions
- Provide, maintain, and improve our Services
- Perform internal operations, including to prevent fraud and abuse, to identify and fix problems with the Service, to conduct data analysis, testing, and research, and to monitor and analyze usage and activity trends;
- Send you communications, including information about Products, services, promotions, news, other information related to the Services; and
- Perform internal operations, processing services, maintain user accounts, resolve disputes, establish, exercise, and defend legal claims, prevent and identify fraud, verify your identity and authenticate users
- Analyze, benchmark and conduct research on user data and interactions with the Services and Products
- Provide the materials, goods and/or services we offer and/or that you request
- Identify your preferences, so we can notify you of new or additional classes, products, services, and/or promotions that might be of interest to you
- Improve our Services, customer service, and overall Website experience by aggregating and analyzing our customer data
- Analyze the use of our Products and Services and information about visitors to the Website to enhance our marketing efforts
- Communicate with you by e-mail, text message, app notifications, or other means about our company, our products, or other information that we believe may be of interest to you
- Send you notices of a transactional, administrative or relationship nature, or as required by law
b. Anonymous Information. We may use Anonymous Information for the following representative purposes:
- Perform internal operations on the Services
- Improve the Services and customize the user experience
- Aggregate the information collected via Cookies and Pixels to use in statistical analysis to help us track trends and analyze patterns
c. Both Personal Information and Anonymous Information. We may use a combination of Personal Information and Anonymous Information that we collect to target and measure the performance of advertisements to Users both on and off of the Website and/or Mobile App on our own and through different ad networks and exchanges, using the following data, whether separately or combined: (i) data from advertising technologies such as Cookies, Pixels, web beacons, ad tags and device identifiers; (ii) User-provided information; (iii) data from your use of the Services; (iv) information from others (e.g., advertising partners, publishers and data aggregators); and (v) social media platforms.
3. Lawful Processing; Legitimate Interests.
- Performing a contract with you, or to take steps at your request prior to contracting with you
- Protecting your vital interests or the interests of another person
- Complying with our legal obligations
- Pursuing our legitimate interests, including without limitation:
- Providing, improving and customizing our Services;
- Administration of our operations;
- Understanding how our Services are being used;
- Exploring ways to develop and grow;
- Ensuring the safety and security of our Users, employees and others;
- Enhancing protection against fraud, spam, harassment, intellectual property infringement, crime and security risks; and
- Meeting our obligations and enforcing our legal rights
4. How We Share and Disclose Personal Information
5. Use of Non-Personally Identifiable Information.
a. We use NPII to maintain and administer the Website, analyze trends, gather demographic information and comply with applicable law. We may share Aggregated Anonymous Information with third-parties. We may share this information with others without express notice to you or consent from you, and we may exploit, use and disclose your NPII without limitation of any kind. We authorize certain service providers to utilize NPII for their business purposes and in accordance with their privacy policies, such as to report on usage or industry trends to their customer base.
c. We may also use Pixel Tags, which help us analyze users’ online behavior and measure the effectiveness of the Website and our advertising and marketing. Pixel Tags or Clear gif files are tiny graphics with a unique label that work in a similar way to cookies and are used to monitor the user’s online activities. In contrast to cookies that are saved on a user’s computer hard disk, clear gif files are embedded invisibly in websites and are about as big as the full stop at the end of this sentence. Where appropriate, we may combine the information collected by such Pixel Tags with the Personal Information of our customers. We may also use other analytical tools to evaluate site performance through the use of aggregated data, which contain no Personal Information. We work with service providers that help us track, collect, and analyze this information.
d. Cookies, Pixel Tags, and/or other analytical tools that we may use on the Website may collect information about your visit, including the pages you view, the features you use, the links you click, and other actions you take in connection with the Website. This information may include your computer's Internet protocol (IP) address, your browser type, your operating system, date and time information, and other technical information about your computer. We may also track certain information about the identity of the Website you visited immediately before coming to the Website. Cookies, pixel tags, and/or other analytical tools in our e-mails may also be used to track your interactions with those messages, such as when you receive, open, or click a link in an e-mail message from us. We may also work with businesses that use tracking technologies to deliver advertisements on our behalf across the Internet. These companies may collect information about your visits to the Website and your interaction with our advertising and other communications, but no Personal Information is shared with them.
f. The Services may contain links to and/or enables certain third-party functionalities to enhance your experience on the Website and/or the Mobile App, including social plug-ins, tools and APIs. Prior to using any third party functionalities (e.g., Facebook “Like” button) on the Website, you should consult the privacy notice of the third party providers of such functionalities (e.g., Facebook), as we have no control over information that is submitted to, or collected by, such third parties, or how they may use the information. The privacy policies and data practices of such third parties may significantly differ from ours, and we make no representation or warranty whatsoever about their policies and practices. Your communications and interactions with such third parties are solely between you and them and are at your own risk.
6. Data Retention
b. Where we are processing Personal Information based on our legitimate interests, we generally will retain the data for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of the data subjects.
c. Where we are processing Personal Information based on your consent, we generally will retain the information for the period of time necessary to carry out the processing activities to which you consented, subject to your right, under certain circumstances, to have certain of your Personal Information erased (see Section 8, Deleting, Changing & Updating Your Personal Information).
d. Where we are processing Personal Information based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.
c. Ad Industry Opt-Outs. You can opt out of Internet-based and mobile advertising on your mobile device by visiting TRUSTe’s Ad Preference Manager, currently available at https://preferences-mgr.truste.com/. You may can opt out of receiving online behavioral or internet based advertising by using the tools located at the Digital Advertising Alliance’s consumer choice page, currently available at http://www.aboutads.info/choices/or the Network Advertising Initiative (NAI) opt out tool currently available at http://www.networkadvertising.org/choices/. When using the ad industry opt out tools, note that: (a) if you opt-out we may still collect some data about your online activity for operational purposes (such as fraud prevention), but it will not be used by us for the purpose of targeting ads to you; (b) if you use multiple browsers or devices you may need to execute this opt out on each browser or device; and (c) other ad companies’ opt-outs may function differently than our opt-out, and we have no control over the practices of any third parties. We do not make any representations or warranties about such opt-out services. Such services are independent from us, and we have no control over, or responsibility for their performance.
8. Deleting, Changing & Updating Your Personal Information
a. You may correct, update or revise your Personal Information that is inaccurate or request that we delete your Personal Information from our system. In certain cases, you may also have a right to: (i) to restrict or limit the ways in which we use your Personal Information; (ii) to object to the processing of your Personal Information; and (iii) to obtain a copy of your Personal Information in an easily accessible format.
c. To submit a request, please send an e-mail message to privacy@FlexIt.fit. We do not want to take any action regarding your Personal Information at the direction of someone other than you and may therefore ask you for information verifying your identity.
9. European Economic Area (“EEA”) Users
a. Data Transfers. For Users using our Services from within the EEA, we may need to transfer your Personal Information to countries outside the EEA, including to the USA because we are headquartered there. In cases where we do transfer your Personal Information to countries outside the EEA, we will take reasonable steps in accordance with applicable privacy and data protection requirements.
b. Complaints. If you have any complaints regarding our privacy practices, you have the right to make a complaint with your national data protection authority (i.e., supervisory authority), but we hope that you will contact us first at privacy@FlexIt.fit to provide us with an opportunity to address your concern, Attn: Privacy Office, FlexIt, Inc., 500 7th Ave, Floor 8, New York City, NY 10018.
10. California Privacy Rights
a. Shine the Light. Pursuant to California Civil Code Section 1798.83, also known as the "Shine The Light" law, California residents have the right to request in writing from businesses with whom they have an established business relationship: (i) a list of the categories of Personal Information, such as name, address, e-mail address, and the type of services provided to that individual, that a business has disclosed to third-parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes, and (ii) the names and addresses of all such third-parties. We do not share Personal Information with third-parties for those parties’ direct marketing. To request the above information, California residents can e-mail us at privacy@FlexIt.fit or write to us at FlexIt, Inc., Attn: Privacy Office, 500 7th Ave, Floor 8, New York City, NY 10018. Please note that, under California law, a business is only required to respond to such a request twice in any calendar year.
b. Requesting Access to or Deletion of Personal Information. If you are a California resident, you have the right, subject to certain exceptions defined in the California Consumer Privacy Act (“CCPA”) and other applicable laws and regulations, to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months.
In order to verify your request, you will need to provide us with sufficient information to identify you individually so that we can comply with you request, including the name you provided to us when you created your account(s) (i.e. your legal first, last name or variants thereof, e.g. nicknames, aliases, titles (“Mr.”, “Mrs.”, “Dr.”, “Jr.”, etc.), the e-mail address(es) you use to correspond with us and any other e-mail addresses you have used with us in the past, phone number, and date of birth.
To make an information access and/or deletion request you may contact us by e-mail at privacy@FlexIt.fit.
c. Non-Discrimination. We will not discriminate against you for exercising any of your rights under California law, including:
- Deny you goods or services
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties
- Provide you a different level or quality of goods or services
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services
This Website is not directed to or intended for children under 13 years of age. We do not knowingly solicit, collect or maintain information from those we actually know are under 13, and no part of our Website is targeted to attract anyone under 13. We also do not send e-mail correspondence to anyone who advises that they are under the age of 13. If we later obtain actual knowledge that a User is under 13 years of age we will take steps to remove that User’s Personal Information from our systems. If you are the parent or guardian of a child whom you believe has disclosed Personal Information to us, please contact us at privacy@FlexIt.fit or write to us at FlexIt, Inc., Attn: Privacy Office, 500 7th Ave, Floor 8, New York City, NY 10018so that we may delete and remove such information from our system.
12. Security; Legally Required Disclosures
a. Security. We strive to keep your Personal Information private and safe. We take commercially reasonable physical, electronic and administrative steps to maintain the security of Personal Information collected, including limiting the number of people who have physical access to database servers, as well as employing electronic security systems and password protections that guard against unauthorized access. In addition, it is our policy to never send your credit card number via e-mail. Any payment transactions will be encrypted. We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored Personal Information or "Personal Information" (as defined in applicable state statutes on security breach notification) to you via e-mail, text or conspicuous posting on the Website in the most expedient time possible and without unreasonable delay, insofar as it is consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. Your consent to such purpose remains valid after termination of our relationship with you.
Unfortunately, despite our best efforts, the transmission of data over the Internet cannot be guaranteed to be 100% secure. While we will use reasonable means to ensure the security of information you transmit through the Website, any transmission of Personal Information by you is at your own risk. We cannot guarantee that such information will not be intercepted by third-parties and we shall not be liable for any breach of the security of your Personal Information resulting from causes or events that are beyond our control, including, without limitation, your own act or omission, corruption of storage media, defects in third party data security products or services, power failures, natural phenomena, riots, acts of vandalism, hacking, sabotage, or terrorism, and we are not responsible for circumvention of any privacy settings or security measures contained on the Website.
b. Legally Required Disclosures. We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored "Personal Information" (as defined in applicable state statutes on security breach notification) to you via e-mail and/or conspicuous posting on the Website in the most expedient time possible and without unreasonable delay, insofar as it is consistent with (i) the legitimate needs of law enforcement; or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
13. Third-Party Websites
15. Contact Us