Obvus Solutions Inc.

EFFECTIVE DATE: October 12, 2018

Obvus Solutions Inc., (“Obvus,” “we,” “us,” or “our”) values your privacy. In this Privacy Policy (“Policy”), we describe how we collect, use, and disclose information that we obtain about visitors to our website, www.obvus.me (the “Site”), users of our device (the “Device”) and online health management system (the “System”), users of our mobile applications (the “App” or “Apps”). The Site, Device, System and App collectively known as the ObVus Ecosystem (the “Ecosystem”) and the services available through our Site, System and App, and how we use and disclose that information. This Policy does not apply to third party health collaborators’ (the “minderPro”) collection, use, and disclosure of your information, except as described in this policy with regard to data sharing and change of a minderPro.

By visiting the Ecosystem, you acknowledge that your personal information will be handled as described in this Policy. Your use of the Ecosystem, and any dispute over privacy, is subject to this Policy and our Terms of Use, including its applicable limitations on damages and the resolution of disputes. The Terms of Use are incorporated by reference into this Policy.

1. The Information We Collect About You
2. How We Use Your Information
3. How We Share Your Information
4. Our Use of Cookies and Other Tracking Mechanisms
5. Third-Party Links
6. Security of Your Personal Information
7. Access to Your Personal Information
8. What Choices Do I Have Regarding Promotional Emails?
9. Children Under 13
10. Contact Us
11. Changes to this Policy
12. Additional Information for EU Individuals

We collect information about you directly from you and from third parties, as well as automatically through your use of our Site, System and App.

Information We Collect Directly From You. The information we collect from you depends on how you use our Site, App, and Services.

• To Sign Up for a Demo, Newsletter, to learn more or Contact. To sign up for a demo, newsletter or to receive a contact from Obvus, you must provide us with your name, email address, and phone number.
• When You Express Interest in becoming a minderPro. If you express interest in becoming a minderPro, we will collect your name, physical address, email address, phone number, information about your profession, and any other information you provide to us with your submission.
• When You Express Interest in clinical studies. If you express interest in becoming a minderPro, we will collect your name, physical address, email address, phone number, information about your profession, and any other information you provide to us with your submission.

Information We Collect from Social Networking Sites. You may log into your online account or our Apps through Facebook. If you log in to your account or link your account to your Facebook profile, you must enter your Facebook email address and password. We will ask that you grant us permission to: (i) access your Facebook basic profile information (this includes your name, profile picture, gender, networks, user IDs, list of friends, date of birth, email address, and any other information you have set to public on your Facebook account), (ii) post to your wall; and (iii) access posts in your newsfeed. If you allow us to have access to this information, then we will have access to this information even if you have chosen not to make that information public through Facebook.

We store the information that we receive from Facebook with other information that we collect from you or receive about you. Any third-party social networking site controls the information it collects from you. For information about how a social networking site may use and disclose your information, including any information you make public, please consult the social network’s privacy policy. We have no control over how any third-party site uses or discloses the personal information it collects about you.

Information We Collect Automatically. We automatically collect information about your use of our Ecosystem through cookies, web beacons, and other technologies, including technologies designed for mobile apps. To the extent permitted by applicable law, we combine this information with other information we collect about you, including your personal information. Please see the section “Cookies and Other Tracking Mechanisms” below for more information.

Site:

• domain name;
• your browser type and operating system;
• web pages you view on the Site; links you click on the Site; your IP address;
• the length of time you visit our Site and or use our Services; and
• the referring URL, or the webpage that led you to our Site.  

System:

• domain name;
• your browser type and operating system;
• web pages you view on the System; links you click on the System; your IP address;
• the length of time you visit our System and or use our Services; and

Device:

• certain physical and physiological information is automatically monitored and collected through the Device, such as your: activity level, movements, heart rate, and sleep information and patterns, and we may calculate your fitness information, trends and progress.

App:

• mobile device ID; device name and model; operating system type, name, and version;
• language information;
• activities within the App; and the length of time that you are logged into our App;
• location information. With your permission, we will collect location information from your mobile device to help you identify minderPros located in your area. You may turn off this feature through the location settings on your mobile device.

2. HOW WE USE YOUR INFORMATION

We use your information, including your personal information, for the following purposes:

• To provide our services to you, to communicate with you about your use of our services, to respond to your inquiries, to fulfill your orders, and for other customer service purposes.
• To tailor the content and information that we may send or display to you, to offer location customization, and to offer personalized help and instructions, and to otherwise personalize your experiences while using the Ecosystem.
• For marketing and promotional purposes. For example, we use your information, such as your email address, to send you news and newsletters, special offers, and promotions, or to otherwise contact you about products, services, workout sessions, or other information we think may interest you. We use your information (typically in the aggregate) to assist us in advertising the ObVus brand on third party websites and in evaluating the success of our adverting campaigns through third party channels (including our online targeted advertising and offline promotional campaigns).
• To better understand how users access and use our Ecosystem, both on an aggregated and individualized basis, in order to improve our Ecosystem and respond to user desires and preferences, and for other research and analytical purposes.
• To administer surveys and questionnaires, such as for market research or member satisfaction purposes.
• To develop our minderPro network. For example, if you inquire about becoming a minderPro, we will use your information to assess your suitability.
• To enable our minderPros to provide services to patients in their independently owned and operated offices, clinics or practices. In addition, if a minderPro leaves our system, we will assist with facilitating the transition to a new minderPro, including ensuring that the respective patient’s personal information is transitioned to the new minderPro to ensure the patient continues to receive services.
• To comply with legal obligations, as part of our general business operations, and for other business administration purposes.

Where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our Terms of Use or this Privacy Policy.

We may share your information, including personal information, as follows:

• minderPro Network. If we collect information from you from the purchase of a Device we will share that information with your a MinderPro. If you request a contact with a minderPro in your area, we will provide that information to a local minderPro.
• Affiliates. We may disclose the information we collect from you to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your personally identifiable information will be subject to this Policy.
• Service Providers. We disclose the information we collect from you to third party vendors, service providers, contractors or agents who perform functions on our behalf.

We also disclose information in the following circumstances:

• Business Transfers. If (i) we or our affiliates are or may be acquired by, merged with, or invested in by another company, or (ii) if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company. As part of the business transfer process, we will share certain of your personal information with lenders, auditors, and third party advisors, including attorneys and consultants.
• In Response to Legal Process. We also may disclose the information we collect from you in order to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.
• To Protect Us and Others. We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Policy, or as evidence in litigation in which Ultimate is involved.
• Aggregate and De-Identified Information. We may share aggregate, de-identified, or anonymized information about users and members with third parties for marketing, advertising, research, or similar purposes.

We and our third party service providers use cookies and other tracking mechanisms to track information about your use of our Site and App. We may combine this information with other personal information we collect from you (and our third party service providers may do so on our behalf).

Cookies.  Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Site and App, while others are used to enable a faster log-in process or to allow us to track your activities at our Site and App.

Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Site who disable cookies will be able to browse certain areas of the Site, but some features may not function.

Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web or mobile application pages. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our Site and App to, among other things, track the activities of Site visitors and App users, help us manage content, and compile statistics about usage of our Site and Apps. We and our third party service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.

Third Party Analytics. We use automated devices and applications, such as Google Analytics, to evaluate usage of our Site, and to the extent permitted, our Apps. We also may use other analytic means to evaluate our Site and Apps. We use these tools to help us improve our Site’s and Apps’ performance and user experiences. These entities may use cookies and other tracking technologies, such as web beacons or local storage objects (LSOs), to perform their services. To learn more about Google’s privacy practices, please review the Google Privacy Policy at https://www.google.com/policies/privacy/. You can also download the Google Analytics Opt-out Browser Add-on to prevent their data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout.

Do Not Track. Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies); you also may opt-out of targeted advertising by following the instructions in the Third-Party Ad Networks section.

Third-Party Ad Networks. We use third parties such as network advertisers to serve advertisements on third-party websites or other media (e.g., social networking platforms). This enables us and these third parties to target advertisements to you for products and services in which you might be interested. Third-party ad network providers, advertisers, sponsors and/or traffic measurement services may use cookies, JavaScript, web beacons (including clear GIFs), Flash LSOs and other tracking technologies to measure the effectiveness of their ads and to personalize advertising content to you. These third-party cookies and other technologies are governed by each third party’s specific privacy policy, not this one. We may provide these third-party advertisers with information, including personal information, about you.

Users in the United States may opt out of many third-party ad networks. For example, you may go to the Digital Advertising Alliance (“DAA”) Consumer Choice Page for information about opting out of interest-based advertising and their choices regarding having information used by DAA companies. You may also go to the Network Advertising Initiative (“NAI”) Consumer Opt-Out Page for information about opting out of interest-based advertising and their choices regarding having information used by NAI members. If you are in the EU, you may opt-out of certain third party cookies that we and other websites may use for targeted advertising through the European Interactive Digital Advertising Alliance (EDAA) Your Online Choices Page or www.aboutads.info.

Opting out from one or more companies listed on the DAA Consumer Choice Page or the NAI Consumer Opt-Out Page will opt you out from those companies’ delivery of interest-based content or ads to you, but it does not mean you will no longer receive any advertising through our Site or on other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing (i.e., contextually based ads). Also, if your browsers are configured to reject cookies when you opt out on the DAA or NAI websites, your opt out may not be effective. Additional information is available on the DAA’s website at www.aboutads.info or the NAI’s website at www.networkadvertising.org.

Our Site and Apps may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third party websites. We are not responsible for the information practices of such third party websites.

We have implemented reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security.

You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

You may modify personal information that you have submitted by logging into your account and updating your profile information. You may also update your information by visiting your minderPro. Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the Ecosystem for a period of time.

If you are a resident of the European Union, please see the Additional Information for EU Individuals section below for additional information on accessing your information and other legal rights available to you under European Union law.

In accordance with applicable law, we will send periodic promotional emails to you. You may opt-out of promotional communications by following the opt-out instructions contained in the email. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving promotional emails about recommendations or other information we think may interest you, we may still send you emails about your account or any services you have requested or received from us.

Our franchisees also send their own marketing emails in accordance with applicable law. If you no longer wish to receive marketing emails from our franchisees, you will need to separately opt-out of the respective franchisee’s marketing emails. We do not control, and are not responsible for, the promotional emails sent by our franchisees.

Our Site, Apps, and services are not designed for children under the age of 13. If we discover that a child under the age of 13 has provided us with personal information, we will delete such information from our systems.

If you have questions about the privacy aspects of our Services or would like to make a complaint, please contact us at privacy@obvus.me or by contacting your local studio.

This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Site and App. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Site and App.

The information we collect through the Services is controlled by ObVus Solutions Inc., which is headquartered in the United States at 12235 Gorham Ave., Los Angeles, California 90049, USA. For personal information collected by a minderPro, the minderPro will be the data controller; to exercise any of your rights with a minderPro, please contact the respective minderPro. As a patient, ObVus can access the personal information that you provide to our minderPros, and where we use that personal information for our own purposes, we will be an independent controller.

The Legal Bases for Using Your Personal Information. We collect your information as a data controller when we have a legal basis to do so. The following legal bases pertain to our collection of data:

• Our use of your personal information is in our legitimate interest as a commercial organization (for example in order to make improvements to our products and services and to provide you with information you request); you have a right to object to processing as explained in the section below entitled Your Legal Rights;
• Our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you (for example, to facilitate your participation a trial class that you have requested, where we use your personal information to respond to your customer service requests, to provide our services through our Site or Apps); and/or
• Our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have (for example, where we are required to disclose personal information to a court or tax authority).
• Our use of your personal information is in accordance with your consent (for example, when you consent to sharing your personal information with a third party for their own marketing).
• Our use is necessary to protect your vital interests (for example, if you are injured during a workout)
  If you would like to find out more about the legal bases on which we process personal information, please see Appendix A at the end of this policy or contact us using the details below.

Retention of Your Personal Information. We retain your personal information for as long as necessary to provide our services to you, to fulfil the purposes described in this Policy and/or our business purposes, or as required by law, regulation, or internal policy.

Special Categories of Personal Information. We require an additional legal basis to process special categories of personal information which includes your health data (when you use one of our Minder devices, or when we ask you to provide to us with your health information, such as health conditions that you disclose to us when completing a minderPro agreement), which shall be one of the following:

• You have provided explicit consent;
• The processing is necessary to protect your vital interests or those of another person where you are physically or legally incapable of giving consent (for example in exceptional situations such as a medical emergency); or
• The processing is necessary for the establishment, exercise, or defense of legal claims.
• Profiling. We may analyze members’ workout habits and activities, interests, and preferences in order to provide our services, such as to customize workouts, and for our marketing purposes.

Processing of Information from Children Between the Ages of 14 and 17. Where a child in the EU between the ages of 14 and 17 provides us with personal information through the Services and our processing is based on consent as a legal basis, we will obtain the consent of the child’s respective parent or guardian. The parent or guardian has the right to withdraw such consent provided on behalf of their child at any time.

Your Legal Rights. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, when Ultimate acts as a data controller, European Union individuals have certain rights in relation to their personal information:

Right to access, correct, and delete your personal information: You have the right to request access to the personal information that we hold about you and: (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.

You also have the right to request that we delete your information.

We are not required to comply with your request to erase personal information if the processing of your personal information is necessary for compliance with a legal obligation or for the establishment, exercise, or defence of legal claims.

Right to restrict the processing of your personal information: You have the right to restrict the use of your personal information when (i) you contest the accuracy of the data; (ii) the use is unlawful but you do not want us to erase the data; (iii) we no longer need the personal information for the relevant purposes, but we require it for the establishment, exercise, or defense of legal claims; or (iv) you have objected to our personal information use where such use is justified on our legitimate interests and we must verify as to whether we have a compelling interest to continue to use your data.

We can continue to use your personal information following a request for restriction, where:

• we have your consent; or
• to establish, exercise or defend legal claims; or
• to protect the rights of another natural or legal person.

Right to data portability: To the extent that we process your information (i) based on your consent or under a contract; and (ii) through automated means, you have the right to receive such personal information in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller.

Right to object to the processing of your personal information: You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction: You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the EEA.

Right to lodge a complaint with your local supervisory authority: You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

How to Exercise Your Rights: If you would like to exercise any of the rights described above, please send us a request at privacy@orangetheoryfitness.com. In your message, please indicate the right you would like to exercise and the information that you would like to access, review, correct, or delete.

We may ask you for additional information to confirm your identity and for security purposes before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

We may not always be able to fully address your request, for example if it would affect the duty of confidentiality we owe to others or if we are legally entitled to deal with the request in a different way.

Cross-border Transfer of Information.  We generally maintain servers and systems in the United States hosted by third party service providers. Our European Union franchisees may transfer personal information to us in the United States, and we also may subcontract the processing of your information to, or otherwise share your information with, other third parties in the United States or countries other than your country of residence. As a result, where the personal information that we collect through or in connection with the Site, App, or our services, or is provided to us by our franchisees, is transferred to and processed in the United States or anywhere else outside the European Economic Area (EEA) for the purposes described above, we will take steps to ensure that the information receives the same level of protection as if it remained within the EEA, including entering into data transfer agreements, using the EU Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the EU - US Privacy Shield. You may have a right to details of the mechanisms under which your data is transferred outside the EEA.