Privacy Policy

PRIVACY NOTICE

Last updated March 18, 2019

Thank you for choosing to be part of our community at eFit.Software, doing business as eFit.Software ("eFit.Software", "we", "us", "our"). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice, or our practices with regards to your personal information, please contact us at support@efit.software.

When you visit our website https://efit.health (the "Website"), and more generally, use any of our services (the "Services", which include the Website), we appreciate that you are trusting us with your personal information. We take your privacy very seriously. In this privacy notice, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. We hope you take some time to read through it carefully, as it is important. If there are any terms in this privacy notice that you do not agree with, please discontinue use of our Services immediately.

This privacy notice applies to all information collected through our Services (which, as described above, includes our Website), as well as, any related services, sales, marketing or events.

Please read this privacy notice carefully as it will help you understand what we do with the information that we collect.

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?

2. HOW DO WE USE YOUR INFORMATION?

3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?

4. WHO WILL YOUR INFORMATION BE SHARED WITH?

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

6. HOW LONG DO WE KEEP YOUR INFORMATION?

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

8. WHAT ARE YOUR PRIVACY RIGHTS?

9. CONTROLS FOR DO-NOT-TRACK FEATURES

10. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

11. DO WE MAKE UPDATES TO THIS NOTICE?

12. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

13. HOW CAN YOU REVIEW, UPDATE OR DELETE THE DATA WE COLLECT FROM YOU?

Definitions

For purposes of this Privacy Policy:

"Customer" means a purchaser of the Services.

"EULA" means the End-User License Agreement for the Services.

"Educator" means an instructor, tutor, teacher, professor, school, school district, college, university or other education institution or education agency that adopts or uses the Services in an educational setting. Educator includes a parent instructing a student at home.

"Institution" means a school, school district, college, university or other education institution or education agency that adopts and uses the Services.

"Personal Information" means information personally identifiable to a particular User. Personal Information may include Account Data and Course Data described below and your e-mail address, name, home or work address or telephone number. Site also collects anonymous demographic information, which is not unique to you, such as your ZIP code, age, gender, preferences, interests and favorites.

"Secondary Student User" means a User who is a student in a secondary education setting.

"Services" mean the Sites educational products and services that link to this Privacy Policy.

"User" means a student, instructor or school administrator, who is an end-user of the Services.

"Youth User" means a User who is not considered old enough under applicable law to accept and consent to the Privacy Policy.

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Website, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Website or otherwise when you contact us.

The personal information that we collect depends on the context of your interactions with us and the Website, the choices you make and the products and features you use. The personal information we collect may include the following:

Personal Information Provided by You. We collect names; email addresses; usernames; passwords; contact or authentication data; additional information. to help improve your experience or enable certain features of the sites, you may choose to provide us with additional information, like your logs for food, gender, height, weight, activity, weight, sleep, or water.; course data. course data means educational data collected, generated or processed through use of the sites in connection with educational coursework. course data includes assignments, student coursework, responses to interactive exercises, assignments, scores, grades and instructor comments. sites collects and processes course data in order to provide the services to users, educators and institutions for educational purposes. if you contact us, we collect the information you submit such as your name, contact information, and message.; and other similar information.

Payment Data. We may collect data necessary to process your payment if you make purchases, such as your payment instrument number (such as a credit card number), and the security code associated with your payment instrument. All payment data is stored by PayPal. You may find their privacy notice link(s) here: https://www.paypal.com/us/webapps/mpp/ua/privacy-full.

All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.

Children. We do not knowingly collect personal data online from children under 13 (note that the minimum age may vary based on country/region, and on local law). If you become aware that a child has provided us with personal data without parental consent, please contact us using the information provided at the end of this policy. If we become aware that a child under 13 has provided us with personal data without parental consent, we will take steps to remove the data and cancel the child's account.

All Personal Information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such Personal Information.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Website.

We automatically collect certain information when you visit, use or navigate the Website. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Website and other technical information. This information is primarily needed to maintain the security and operation of our Website, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies.

The information we collect includes:

Log and Usage Data. Log and usage data is service-related, diagnostic, usage and performance information our servers automatically collect when you access or use our Website and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type and settings and information about your activity in the Website (such as the date/time stamps associated with your usage, pages and files viewed, searches and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called 'crash dumps') and hardware settings).

Device Data. We collect device data such as information about your computer, phone, tablet or other device you use to access the Website. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model Internet service provider and/or mobile carrier, operating system and system configuration information.

In Short: We may collect limited data from public databases, and other outside sources. We may obtain information about you from other sources, such as public databases, as well as from other third parties. Examples of the information we receive from other sources include: activity tracking portals such as Fitbit, Google Fit, Apple, Garmin, etc.

2. HOW DO WE USE YOUR INFORMATION?

In Short: We process your information for purposes based on legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and/or your consent.

We use personal information collected via our Website for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. We indicate the specific processing grounds we rely on next to each purpose listed below.

We use the information we collect or receive:

To facilitate account creation and logon process. If you choose to link your account with us to a third-party account (such as your Google or Facebook account), we use the information you allowed us to collect from those third parties to facilitate account creation and logon process for the performance of the contract.

To post testimonials. We post testimonials on our Website that may contain personal information. Prior to posting a testimonial, we will obtain your consent to use your name and the content of the testimonial. If you wish to update, or delete your testimonial, please contact us at support@efit.health and be sure to include your name, testimonial location, and contact information.

Request feedback. We may use your information to request feedback and to contact you about your use of our Website.

To enable user-to-user communications. We may use your information in order to enable user-to-user communications with each user's consent.

To manage user accounts. We may use your information for the purposes of managing our account and keeping it in working order.

To send administrative information to you. We may use your personal information to send you product, service and new feature information and/or information about changes to our terms, conditions, and policies.

To protect our Services. We may use your information as part of our efforts to keep our Website safe and secure (for example, for fraud monitoring and prevention).

To enforce our terms, conditions and policies for business purposes, to comply with legal and regulatory requirements or in connection with our contract.

To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.

Fulfill and manage your orders. We may use your information to fulfill and manage your orders, payments, returns, and exchanges made through the Website.

Administer prize draws and competitions. We may use your information to administer prize draws and competitions when you elect to participate in our competitions.

To deliver and facilitate delivery of services to the user. We may use your information to provide you with the requested service.

To respond to user inquiries/offer support to users. We may use your information to respond to your inquiries and solve any potential issues you might have with the use of our Services.

Educators and Institutions Sites uses the Personal Information to deliver the Services for educational purposes. In delivering the Services, Sites may provide and disclose Personal Information to the User 's Educator and Institution and as otherwise directed by the Institution or the Educator. Educators and Institutions may export grade book information and other Course Data from the Services for the purpose of maintaining educational records.

Evaluation Sites may use and disclose Personal Information, as requested or authorized by an Institution or by an applicable governmental educational agency or authority, for administrative, audit and evaluation purposes, such as to evaluate the educational efficacy and effectiveness of the Services.

Improper Conduct Sites may use and disclose Personal Information of a User to the User 's Educator, Institution, law enforcement and other regulatory officials for the purpose of investigating and addressing suspected illegal conduct, misappropriation of password access, academic dishonesty or misconduct or any other conduct prohibited by law, the EULA or a User 's Educator, Institution or other applicable regulatory authority.

Communications and User Feedback Sites may communicate with Users by email to provide updates and information about the Services and to request User evaluation and feedback about the Services. Sites will provide Users with a means to express email preferences or unsubscribe to emails in accordance with applicable law. Sites will only send transactional and operational emails permitted by applicable law to Users who have expressed a preference not to receive email.
Marketing and Advertising Sites will not use Personal Information of any User for marketing purposes.

No Sale of Personal Information Sites does not sell or rent User Personal Information.

Some laws require us to explain our lawful reason for processing your personal information. We process personal information about you on the basis that it is:
- provided by you and necessary for the delivery of services you requested.
- in our or a third parties ' legitimate interests.
- to inform you of other products or services available from Site.
- to contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.
- to deliver customized content within Site to customers whose behavior indicates that they are interested in a particular subject area.
- to determine what Site services are the most popular.
- for internal research and development purposes and to improve, test and enhance the features and functions of our Sites and services.
- to enforce our terms and conditions.
- to protect our rights, privacy, safety, networks, systems and property, or those of other persons.
- for the prevention, detection or investigation of a crime or other breach of law or requirement, loss prevention or fraud.
- to comply with requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, including where they are outside your country of residence.
- in order to exercise our rights, and to defend ourselves from claims and to comply with laws and regulations that apply to us or third parties with whom we work.
- in order to participate in, or be the subject of, any sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
You have the right to opt out of receiving information about products or services available from Site, or from being contacted via surveys to conduct research. You are also welcomed to contact us for further information on the legal grounds that we rely on in relation to any specific processing of your personal information.

Site does not process, collect, or use sensitive personal information, such as race, religion, or political affiliations, for any reason.
Affiliates and Contractors Sites may disclose Personal Information to affiliated Sites companies and other companies and organizations who perform work for Sites under contract and are obligated to protect the privacy of Personal Information consistent with this Privacy Policy. All such third parties are prohibited from using your personal information except to provide these services to eFit Software, and they are required to maintain the confidentiality of your information, in compliance with applicable law.

Other Circumstances Sites also may disclose or use Personal Information: (a) with the User 's consent (or, if a Youth User, with the consent of the Youth User 's parent); (b) in response to a subpoena, court order or legal process, to the extent permitted or required by law; (c) as required by law; (d) to protect the security and safety of the User and other persons, data, assets and systems, consistent with applicable law; (e) in connection with a sale, joint venture or other transfer of some or all of its company or its assets, subject to the commitment of the acquiring entity to comply with this Privacy Policy; (f) to investigate or address actual or suspected fraud or other illegal activities; or (g) in order to exercise its legal rights, including enforcement of the EULA or any applicable contract with the User or the User 's Educator or Institution.

FERPA Data collected by Sites may include personally identifiable information from education records that are subject to the Family Educational Rights and Privacy Act, "FERPA", ("FERPA Records"). To the extent that Student Data includes FERPA Records, you designate Sites as a "School Official" (as that term is used in FERPA and its implementing regulations) under the direct control of the school with regard to the use and maintenance of the FERPA Records and Sites agrees to comply with FERPA.

Student Information Sites collects and maintains information about its student Users (Student Information) in order to fulfill legitimate educational interests. Sites complies with the Family Education Rights and Privacy Act of 1974 (FERPA) when collecting, maintaining, and disclosing student records. Sites Users have rights regarding their records, including the right to inspect, review, and request the amendment of incorrect records. Users Information is collected from a variety of sources, including but not limited to application materials submitted to Sites, faculty records, and through the learning management system student portal. Student Information generally includes the following: Demographic information including name, email address, date of birth; Student education records including grades and class enrollments; Consumer Health information, including heart rate if opted-in, number of steps, number of calories burned, nutritional consumption and; System usernames and passwords.

Sites use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?

In Short: We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations.

We may process or share your data that we hold based on the following legal basis:

Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.

Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.

Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfill the terms of our contract.

Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).

Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.

More specifically, we may need to process your data or share your personal information in the following situations:

Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

Vendors, Consultants and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: payment processing, data analysis, email delivery, hosting services, customer service and marketing efforts. We may allow selected third parties to use tracking technology on the Website, which will enable them to collect data on our behalf about how you interact with our Website over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content, pages or features, and better understand online activity. Unless described in this notice, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes.

4. WHO WILL YOUR INFORMATION BE SHARED WITH?

In Short: We only share information with the following third parties.

We only share and disclose your information with the following third parties. If we have processed your data based on your consent and you wish to revoke your consent, please contact us using the contact details provided in the section below titled "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?".

Functionality and Infrastructure Optimization

Termly.io

Invoice and Billing

PayPal

User Account Registration and Authentication

Google OAuth 2.0

Web and Mobile Analytics

Google Analytics

Website Testing

Cloudflare

Allow Users to Share Activity Data

Fitbit, Google Fit, Apple, MyFitnessPal

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

6. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than twelve (12) months past the start of idle period of the user's account.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Website is at your own risk. You should only access the Website within a secure environment.

8. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: You may review, change, or terminate your account at any time.

If you are a resident in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you are a resident in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.

If you have questions or comments about your privacy rights, you may email us at support@efit.health.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:

Log into your account settings and update your user account.

If you have added consent to access your Fitbit data, you can revoke this consent at any time in your Fitbit account settings (https://www.fitbit.com/user/profile/apps).

If you have added consent to access your Google Fit data, you can revoke this consent at any time in your Google Fit account settings as described here: https://support.google.com/accounts/answer/6098255

eFit.Software's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with applicable legal requirements.

9. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

10. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.

California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with the Website, you have the right to request removal of unwanted data that you publicly post on the Website. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Website, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g. backups, etc.).

11. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

12. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may contact our Data Protection Officer (DPO), Tim Mousel, by email at support@efit.health, by phone at 832-654-3819, or by post to:

eFit.Software

Tim Mousel

9011 White Laurel Ln

Cypress, TX 77433

United States

13. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information, please submit a request form by clicking here.