HighQFitness Privacy Policy
Last modified: November 19, 2024
At HighQFitness, LLC (“HighQFitness”), our mission is to use data from you and, in fact, our entire community to help optimize the path you can take to reach your health and fitness goals. We want you to know how we collect and use the data that you provide to us over the course of that journey. HighQFitness is the highqfitness.com website (“Website”) and HighQFitness mobile applications (“Mobile App”) (which we collectively refer to in this Privacy Policy as the “Services”). We encourage you to read this Privacy Policy as well as our Terms of Use (referred to throughout as our “Terms”).
WHAT IS PERSONAL DATA AND OTHER RELATED TERMS USED IN THIS PRIVACY POLICY?
In this Privacy Policy we use the following terms:
‘personal data’ (“personal information”) with respect to EEA residents means any information relating to an identified or identifiable natural person (‘data subject’); with respect to US residents personal data refers to any data that identifies, relates to, or could reasonably be linked to you or your household, directly or indirectly;
‘data subject’ is an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
While using our app you are considered to be a data subject.
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by European Union or Member State law;
We are the controller of your personal data. You may find more information about us in Chapter 3 of this Privacy Policy.
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
“CCPA” refers to California Consumer Privacy Act as of 2018 with any further amendments;
‘GDPR’ means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
"Business", for the purpose of the CCPA refers to the legal entity that collects consumers' personal information and determines the purposes and means of the processing of consumers' personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers' personal information, that does business in the State of California;
"Consumer", for the purpose of the means a natural person who is a California resident. A resident, as defined in the law, includes (1) every individual who is in the USA for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose.
“Health and Fitness Data” includes data you provide related to your fitness activity, fitness goals, fitness level, dietary habits, dietary restrictions, lifestyle (e.g., sleeping habits), life events, height, weight, measurements, heart rate, sleep data, BMI, biometric data, and similar types of data relating to physiological condition, and activity
2. WHAT KIND OF PERSONAL DATA DO WE COLLECT, WHY AND ON WHAT BASIS?
Type of personal data | Category of personal data under CCPA | The purpose of collection and processing | Legal basis for processing |
---|
Type of Personal Data | Category of Personal Data under CCPA | The Purpose of Collection and Processing | Legal Basis for Processing |
---|---|---|---|
Name, photo, username, password, gender, email address, date of birth, physical address, sport activity | Category A: Identifiers | Profile creation/use of Services |
Article 6 I lit. a GDPR - the data subject has given consent to the processing of his or her personal data for one or more specific purposes - serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6 I lit. b GDPR - processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. |
Geolocation | Category G: Geolocation data | Profile creation/use of Services | |
Payment information | Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | Profile creation/use of Services | |
Gender | Category C: Protected classification characteristics under California or federal law | Profile creation/use of Services | |
Fitness activity, fitness goals, fitness level, dietary habits, dietary restrictions, lifestyle (e.g., sleeping habits), life events, BMI | Use of Services |
Article 6 I lit. a GDPR - the data subject has given consent to the processing of his or her personal data for one or more specific purposes - serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6 I lit. b GDPR - processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. |
|
Biometric data, including height, weight, measurements, heart rate | Category E: Biometric information | Use of Services | |
Sleep data, and similar types of data relating to physiological condition, and activity, emotional wellness (“health data”) | Category E: Biometric information Category K: Inferences drawn from other personal information |
Use of Services | Article 9 II lit. a - the data subject has given explicit consent to the processing of those personal data for one or more specified purposes |
Email address | Category A: Identifiers | Marketing purposes | Article 6 I lit. a GDPR - the data subject has given consent to the processing of his or her personal data for one or more specific purposes - serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. |
Social media details | Category A: Identifiers | Special offers | Article 6 I lit. a GDPR - the data subject has given consent to the processing of his or her personal data for one or more specific purposes - serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. |
Please note that we do not use your biometric data for the purposes of uniquely identifying you as a natural person.
How can I provide my consent?
By accepting this Privacy Policy, you provide us with your consent to collect and process your personal data (whenever we use consent as a basis for collection/processing). In occasions where we need your explicit consent for processing special categories of personal data, we will ask you to confirm it actively (by ticking “I agree” box or in any similar way).[1] If you decide to provide us with the special categories of your personal data yourself, we will count that as granting us your explicit consent for personal data collection/processing (this will apply only to cases where the sharing of personal data is voluntary and not required for the proper operation of our Services).
We may also use the following as a basis for collection/processing of your personal data:
If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR - processing is necessary for compliance with a legal obligation to which the controller is subject.
In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR - processing is necessary in order to protect the vital interests of the data subject or of another natural person.
Finally, processing operations could be based on Art. 6 I lit. f GDPR - processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller.
Please note that our app is not intended to offer any services directly to children. We do not knowingly collect information from children. However, if you are under the age of 16 and want to get in touch with us, please, send us a written consent from your parents or guardians to process your personal information.
3. WHO COLLECTS YOUR PERSONAL DATA?
The controller of the personal data within the meaning of the General Data Protection Regulation and the Business within the meaning of CCPA is:
HighQFitness LLC
ATTN: Privacy
2066 Navajo Trail
Lafayette, CO 80026
Ph: 484-620-3179
If you have any questions, comments, or concerns about how we handle your Personal Data, then you may contact us through privacy@highqfitness.com.
You may always reach us by sending an electronic message to our email or via phone call. For any of these, you should use the contact information above.
2. HOW DO WE COLLECT YOUR PERSONAL DATA?
When you register for an account or interact with our Services
When you input Health and Fitness Data within our Services or use our Services that collect or ingest data from mobile device sensors
When you use or interact with a wearable or other connected device
When you use a wearable or connected device or product, we may also collect certain information about the device or product such as serial number, Bluetooth address, UPC, or other device- or purchase-related information. We may also collect the information, such as heart rate, movements completed, produced by those devices.
When you communicate with us or sign up for promotional materials
If you consent to receive promotional materials, we may use your personal data and other information to communicate with you about the HighQFitness Services you have purchased or used; provide you with promotional messages and personalized advertising; to notify you of other features; to notify you of contests, challenges, sweepstakes, and other promotions; to notify you of Services we think may be of interest to you; and, for other marketing purposes. You will be able to manage your communication preferences in your account settings.
Please note that regardless of your email settings, we may send you Messages pertaining to the performance of our Services, such as revision of our Terms or this Privacy Policy or other formal communications relating to Services you have purchased or use.
When you participate in special activities, offers, or programs
This includes Personal Data, such as name, address, email address, telephone number and age and other information that may be appropriate in order to participate in the research activities or initiatives. If you win a promotion, we also may need to collect certain tax information, waivers and releases, depending on the prize.
We may also launch surveys that ask you to answer questions about a range of topics from Personal Data to brand and product preferences. Promotions or surveys may be run by a HighQFitness service provider or co-branded with one of our business partners. In such instances, Personal Data may be collected directly by and/or shared with HighQFitness, the service provider, and/or business partner, including for marketing purposes. Each Promotion or survey that treats your Personal Data in a way that differs from this Privacy Policy will identify the privacy policy governing that collection of information in connection with that Promotion or survey.
When you engage with our online communities or advertising
This includes when you click on advertisements, interact with our social media pages, submit content, or otherwise enter information into comment fields, blogs, or community forums sponsored by or affiliated with HighQFitness.
When you access third party products and services
When you connect with us through social media
When we collect data from third parties or publicly-available sources
When we aggregate or centralize data
Share content or achievements; or invite friends
With your permission, we access your contacts to enable you to share content or achievements, including videos, with friends or other members, and to invite friends to use the Services.
When we provide you geographically relevant Services, offers, or advertising
When you ask us to customize our Services
When we comply with Legal Requirements or Obligations, Law Enforcement, and for Public Safety Purposes
3. CAN WE SHARE YOUR PERSONAL DATA?
We may share your personal information in the following situations:
Operation and Improvement of Services and User Experience
Internally to relevant departments within HighQFitness, in order to provide and improve Services, for marketing purposes, and for advertising.
To Service Providers and Vendors
With business partners, marketing partners, and vendors to provide, improve, and personalize the Services.
Notice for Apple Users
For Apple users, our iOS mobile apps share personal data with third parties as described in this Privacy Policy. We take measures to ensure such third parties provide privacy protections identical to or equal to those required under this Privacy Policy and apple’s developer guidelines.
To Social Network Providers
With social network providers when we use social network widgets, buttons, or plug-ins in our Services.
To other HighQFitness Registered Users
With other users of the Services in the context of specific features that are social in nature. Additionally, any information you post or disclose in our community forums (e.g., Facebook, sponsored pages on the HighQFitness Blog) is public.
For Advertising and Marketing
With advertising and marketing partners for advertising and marketing purposes on HighQFitness’ behalf and on behalf of third parties, including but not limited to Facebook.
For Certain Analytics and Improvement
With certain companies for purposes of analytics and improvement of the Services.
For Interest-Based Advertising
With companies involved in interest-based advertising, including web, mobile app and other advertising. This advertising consists of HighQFitness and third party ads that are personalized and displayed on our sites and apps and through other channels. For more information on how data is disclosed for advertising see interest-based advertising.
For Legal Compliance, Law Enforcement, and Public Safety Purposes
With law enforcement, government or regulatory bodies, lawful authorities, or other authorized third parties in order to comply with laws, regulations, court orders, or other legal obligations or to assist in an investigation, to protect and defend our rights and property, or the rights or safety of third parties, to enforce our Terms of Use, this Privacy Policy, or agreements with third parties, or for crime-prevention purposes.
In the event of an actual or contemplated sale.
With prospective or actual purchasers, investors, or successor entities in connection with a contemplated reorganization or an actual reorganization of our business, in connection with financing, a sale, or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction, pursuant to assurances of sufficient data handling practices and safeguards.
Please note that in no case do we sell your personal data. As defined in the CCPA, "sell" and "sale" mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to a third party for valuable consideration. T
If you are located outside of the United States, please be aware that personal data we collect will be processed and stored in the United States (the data protection and privacy laws in the United States may offer a lower level of protections than in your country/region).
By using our Services and submitting your personal data, you agree to the transfer, storage, and/or processing of your personal data in the United States. Where and as required, we will seek your explicit consent as outlined in this Privacy Policy.
If we decide to transfer your data to other countries or international organizations, we will obtain your consent for the transfer to be made and we will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the applicable laws.
If you are an EEA resident, we will transfer your data to another country (outside EEA) only if it is ensured that the recipient of the data guarantees an adequate level of data protection and that there are no other interests worthy of protection against the data transfer.
4. HOW LONG DO WE STORE YOUR PERSONAL DATA?
We delete your personal data as soon as they are no longer needed for the purposes pursued with the collection and processing and as far as no legal storage obligations stand in the way.
We will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
Please note that we may also retain anonymized versions of your personal data for our internal statistics and research purposes. In such a case we are not obliged to comply with any applicable privacy laws with the respect to such anonymized data.
5. DO WE USE COOKIES IN OUR APP?
Cookies are small text files that are sent from a web server to your browser and stored on your device's hard drive. This makes it possible to recognize you when you visit the app again.
We don’t use any type of cookies in our Services.
6. WHAT ARE YOUR RIGHTS WITH RESPECT TO PROTECTION OF YOUR PERSONAL DATA?
Your rights concerning your personal data depend on the applicable law. Thus, this section is divided into 2 subsections for the residents of US and EEA respectively.
FOR US RESIDENTS:
The right to notice. You have the right to be notified which categories of personal data are being collected and the purposes for which the personal data is being used.
The right to request. Under CCPA, you have the right to request that we disclose information to you about our collection, use, sale, disclosure for business purposes and share of personal information. Once we receive and confirm your request, we will disclose to you:
o The categories of personal information we collected about you
o The categories of sources for the personal information we collected about you
o Our business or commercial purpose for collecting or selling that personal information
o The categories of third parties with whom we share that personal information
o The specific pieces of personal information we collected about you
o If we sold your personal information or disclosed Your personal information for a business purpose, we will disclose to you the categories of personal information categories sold and the categories of personal information categories disclosed
The right to say no to the sale of Personal Data (opt-out). You have the right to direct us to not sell your personal information. To submit an opt-out request please contact us.
The right to delete Personal Data. You have the right to request the deletion of your Personal Data, subject to certain exceptions. Once we receive and confirm your request, we will delete (and direct our Service Providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our Service Providers to:
o Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
o Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
o Debug products to identify and repair errors that impair existing intended functionality.
o Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
o Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
o Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
o Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
o Comply with a legal obligation.
o Make other internal and lawful uses of that information that are compatible with the context in which you provided it
The right not to be discriminated against. you have the right not to be discriminated against for exercising any of your consumer's rights, including by:
o Denying goods or services to you
o Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties
o Providing a different level or quality of goods or services to you
o Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services
FOR EEA RESIDENTS:
The right to be informed - that’s an obligation on us to inform you how we use your personal data (and that’s what we’re doing in this Privacy Notice)
Right of access - The Controller offers you access to your personal data we process. This means you can contact us and request from us a confirmation whether or not your personal data are being processed and if so, you have the right to request access to your data, which we will provide to you in the form of a so-called "registry" (stating, in particular, purposes, categories of personal data, categories of recipients of personal data, storage periods or criteria for determining storage periods).
Right to rectification - You have the right to have inaccurate personal data we have stored about you rectified.
Right to erasure - You may also ask us to erase your personal data from our systems. We will comply with such requests unless we have a legitimate ground to not delete your personal data.
Right to restriction of processing - You may request us to restrict certain processing of your personal data. If you restrict certain processing of your personal data, this may lead to fewer possibilities to use our Services and app.
Right to data portability - You have the right to receive your personal data from us in a structured, commonly used and machine-readable format in order to transmit the personal data to another controller.
Right to object - that’s a right for you to object to us processing your personal data (for example, if you object to us processing your data for direct marketing).
Rights in relation to automated decision-making and profiling - that’s a right you have for us to be transparent about any profiling we do, or any automated decision-making.
Right to withdraw Consent — that’s the right to revoke any consent you may have previously given us at any time, if we have collected and processed your personal information with your consent. Withdrawing your consent will not affect the lawfulness of any processing we conducted with your consent prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
How to use your rights - You may exercise your rights above in writing by sending an email to the contact details in How to Contact Us. You will not have to pay a fee to exercise any of your rights unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We may require confirmation of your identity depending on your request. We respond to all requests we receive from individuals wishing to exercise their data rights in accordance with applicable data protection laws.
7. CAN THIS PRIVACY POLICY BE AMENDED?
Yes.
We may amend this Privacy Policy from time to time. The new version will come into force upon its publishing in our app. You may always find out whether our privacy policy was amended by checking the “last modified” legend on the top of the page.