OOMPH is committed to protecting our customer privacy and takes its responsibility regarding the security of customer information and data very seriously. We will be clear and transparent about the information we are collecting and what we will do with that information or data.
This Policy sets out the following:
- What personal data we collect and process about you in connection with your relationship with us as a customer and through your use of our website, apps, mobile applications, and online services;
- Where we obtain the data from;
- What we do with that data;
- How we store the data;
- The persons to which we transfer or disclose personal data;
- How we deal with your data protection rights;
- How we comply with the data protection rules.
- That personal data is collected and processed in accordance with applicable data protection laws.
“OOMPH” (referred to as “we”, “us”, “our” or “OOMPH”) in this policy primarily refers to OOMPH Fitness Inc., the main operating company of the OOMPH group, and, where appropriate, to other companies in the OOMPH group or other entities over which OOMPH exercises management control. OOMPH is the “data controller” of all personal data that is collected and used about OOMPH customers for the purposes of privacy and data protection laws, principles and regulations which may apply in your country.
WHAT PERSONAL INFORMATION DOES OOMPH FITNESS INC. COLLECT?
Personal data means any information relating to you which allows us to identify you, such as your name, phone number, social media name or ‘handle’, postal address, email address, details of products or services you have purchased, payment details and information about your access to our website. We may collect personal data from you (either directly or indirectly, through our third party partners or providers) in a number of ways.
Specifically, we may collect the following categories of personal data:
- Name, home address, e-mail address, telephone number, credit/debit card or other payment details;
- Information such as nationality, place and date of birth, and gender;
- Medical conditions or requirements;
- Information you provide about yourself and any preferences in your account;
- Information about your purchases of products and services from us or our partners;
- Information about your use of our website or app;
- Communications with us or directed to us via letters, emails, chat services, calls, and social media; and
- Location, including real-time geographic location of your computer or device through GPS, Bluetooth and your IP address, along with crowd-sourced Wi-Fi hotspot and cell-tower locations, but only if you use location-based features and turn on the location services settings on your device or computer.
Personal details including about your physical or mental health are considered “sensitive” personal data under applicable data protection laws. We will process any such data only if you have given your explicit consent, or it is necessary (for instance if you request special assistance), or you have deliberately made it public.
WHAT DOES OOMPH FITNESS INC. USE YOUR PERSONAL DATA FOR, WHY, AND FOR HOW LONG
Your data may be used for the following purposes:
- Provide products and services you request: we use the information you give us to perform the services for which you have signed up;
- Credit or other payment card verification/screening; and payment information for accounting, billing and audit purposes and to detect or prevent any fraudulent activities;
- Security, health, administrative, crime prevention/detection: we may pass your information to government authorities or enforcement bodies for compliance with legal requirements;
- Customer service communications: we use your data to manage our relationship with you as our customer and to improve our services and enhance your experience with us;
- Provide tailored services: we use your data to provide information we believe is of interest to you, prior to, during, and after your interactions with us, and to personalise the services we offer to you, such as special offers.
We will only process your personal data where we have a legal basis to do so, which will depend on the reasons for which we have collected and need to use your personal data. In most cases we will need to process your personal data so that we can enter into our contract and fulfil the provision or delivery of goods or services to you.
We may also process your personal data for one or more of the following reasons:
• To comply with a legal obligation;
• Where you have consented to our using your personal data (eg. for marketing related uses);
• To protect your vital interests or those of another person (eg. in case of a medical emergency);
• If it is in our legitimate interests to do so (eg. for administrative purposes).
Only children above a certain age (generally 16 years or older, but varying from country to country) can provide their own consent. For children under this age, the knowledge and consent of the parents or legal guardians is required.
We will not retain your data for longer than is necessary to fulfil the purpose for which it is being processed. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process it, and whether we can achieve those purposes through other means.
We also consider the periods for which we might need to retain personal data in order to meet our legal obligations, or to deal with complaints and queries, and to protect our legal rights in the event of a claim being made.
When we no longer need your personal data, we will securely delete or destroy it. We will also consider if and how we can minimize over time the personal data that we use, and if we can anonymise your personal data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.
SECURITY OF YOUR PERSONAL DATA
We follow strict security procedures in the storage and disclosure of your personal data, and to protect it against accidental loss, destruction or damage. The data you provide to us is protected using SSL (Secure Socket Layer) technology. SSL is the industry standard method of encrypting personal information and credit card details so that they can be securely transferred over the Internet.
SHARING YOUR PERSONAL DATA
Your personal data may be shared with other companies within the OOMPH group.
- Government authorities, law enforcement bodies and regulators for compliance with legal requirements;
- Other companies, contractors or agents to provide services to you including delivery, marketing, support ticket providers, or marketing platform providers, communications, legal services, debt collection, administration services, customer services, information technology providers, credit card or other payment methods to conduct transactions;
- Legal and other professional advisers, law courts and law enforcement bodies in countries in which we operate, in order to enforce our legal rights in relation to our contract with you;
- Our trusted third party ancillary partners (identified on our website), who many offer products and services on or through our website. If you choose to purchase products or services offered on our websites by third parties, you may be a customer of both OOMPH and these third parties, and we and our partners may collect and share information about you, such as your contact details and your billing information. We are not responsible for third parties’ use of your personal data where such use is permitted for their own purposes. You should consult their privacy policies for further information.
- Business Transfers: In some cases, we may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that are transferred. Moreover, if OOMPH Fitness Inc., or substantially all of its assets were acquired, or in the unlikely event that OOMPH Fitness Inc. goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of OOMPH Fitness Inc. may continue to use your personal information as set forth in this policy.
Protection of OOMPH Fitness Inc. and Others: We may release personal information when we believe in good faith that release is necessary to comply with the law; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of OOMPH Fitness Inc., our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
With Your Consent: Except as set forth above, you will be notified when your personal information may be shared with third parties, and will be able to prevent the sharing of this information.
INTERNATIONAL DATA TRANSFER
OOMPH operates businesses in multiple jurisdictions, some of which are not located in the European Union or European Economic Area (EEA). While countries outside the EEA do not always have strong data protection laws, we require all services providers to process your information in a secure manner and in accordance with EU and other applicable laws on privacy and data protection.
COOKIES AND SITE TRACKING
We may collect data from other sources which may not always be obvious, such as through the use of “cookies”. We may also gather information from both online and offline data providers. This information could include internet browsing behaviour, demographic data or interest-based data.
A cookie is a small text file stored on your computer that contains information that helps the website to identify and track the visitor. Cookies do no harm to your computer, consist only of text, cannot contain viruses, and occupy virtually no space on your hard drive.
Two types of cookies are used: "Session Cookies", and cookies that are saved permanently on your computer. The first type of cookie commonly used is "Session Cookies". During the time you visit the website, our web server assigns your browser a unique identifier string so as not to confuse you with other visitors. A "Session Cookie" is never stored permanently on your computer and disappears when you close your browser. To use some of our websites without troubles you need to have cookies enabled.
The second type of cookie saves a file permanently on your computer. This type of cookie is used to track how visitors move around on the website. This is only used to offer visitors better services and support. The text files can be deleted. On this website we use this type of cookie to keep track of your shopping cart and to keep statistics of our visitors. The information stored on your computer is only a unique number, without any connection to personal information.
Here is a list of cookies that we currently use. We have listed them here so you that you can choose if you want to opt-out of cookies or not:
• _session_id, unique token, sessional, allows Shopify to store information about your session (referrer, landing page, etc.)
• _shopify_visit, no data held, persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
• _shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, counts the number of visits to a store by a single customer.
• _cart_, unique token, persistent for 2 weeks, stores information about the contents of your cart.
• _secure_session_id, unique token, sessional storefront_digest, unique token, indefinite; if the shop has a password, this is used to determine if the current visitor has access.
If we do ask for your personal information for a secondary purpose such as marketing and you are an individual in the European Economic Area (EEA), we will either ask you directly for your express consent, or provide you with an opportunity to say no. If after you opt-in, you change your mind, you may withdraw your consent for us to contact you for the continued collection, use or disclosure of your information, at any time, by contacting us or by using the unsubscribe link within any of our emails. If you are outside of the European Economic Area (EEA), you may withdraw your consent for us to contact you for the continued collection, use or disclosure of your information, at any time, by contacting us or by using the unsubscribe link within any of our emails.
We use tracking software to monitor customer traffic patterns and site usage to help us develop the design and layout of websites. This software does not enable us to capture any of your data.
DATA PROTECTION OFFICER
We have appointed a Data Protection Officer (“DPO”) to oversee compliance with this policy. You have the right to make a complaint at any time to a supervisory authority. The data protection supervisory authority for you depends upon the country or geographical area in which you are located.
YOUR DATA PROTECTION RIGHTS
Under certain circumstances, by law you have the right to:
- Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see e. below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
- Withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes to which you originally agreed, unless we have another proper and legitimate basis for doing so.
If you want to exercise any of these rights, then please contact our DPO by email at email@example.com.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly completely unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
CONDITIONS OF USE
THIRD PARTY APPLICATIONS/WEBSITES
WHAT PERSONAL INFORMATION CAN I ACCESS?
OOMPH Fitness Inc. allows you to access the following information about you for the purpose of viewing, and in certain situations, updating that information. This list may change in the event the Application changes.
- Account and user profile information
- User e-mail address, if applicable
- Facebook profile information, if applicable
- User preferences
- Application specific data
OOMPH Fitness Inc. integrates with Apple’s Healthkit integration to track the following PHR (Personal Health Record) Data; duration, steps taken, calories and distance, and exercise type. PHR data is app-based Personal Health Record information. This data is passed through to Healthkit for the purpose of providing real time metric feedback to the user about their workouts, wellbeing and training program.
The Healthkit data that we collect is classified as Personal Identifiable Information (PII) and Non- Personal Identifiable Information (NPII) For Clarification purposes:
- PII is any PHR Data that connects to you as an individual such as names, health conditions, and other identifiers. Any additional PHR data that is PII will fall under this scope
- NPII is PHR Data that is 1) grouped so it does not connect to you as an individual and 2) has names and other identifiers removed or altered.
OOMPH Fitness Inc. WILL NOT release Healthkit PII or non PII to any person, company or other entity for any reason, including but not limited to:
- Marketing and Advertising
- Medical and pharmaceutical research
- Reporting about our company and or customer activity
- Your insurer and employer
Your Personal Data is only collected by us from your direct use with the OOMPH app, and if you granted both our app and Apple’s HealthKit permission. If you close or transfer your profile with us, we no longer collect any PHR data.
CAN CHILDREN USE THE APPLICATION?
Our site and the services available through OOMPH Fitness Inc. are not intended for children under the age of 13. OOMPH Fitness Inc. does not knowingly or specifically collect information about children under the age of 13 and believes that children of any age should get their parents’ consent before giving out any personal information. We encourage you to participate in your child’s web experience.
QUESTIONS OR CONCERNS
If you have any questions or concerns regarding privacy on our Website, please email us a detailed message at firstname.lastname@example.org. We will make every effort to resolve your concerns.
OOMPH Fitness Inc. and its trainers are not a licensed medical care provider and represents that it has no expertise in diagnosing, examining, or treating medical conditions of any kind, or in determining the effect of any specific exercise on a medical condition.
You should understand that when participating in any exercise or exercise program, there is the possibility of physical injury. If you engage in this exercise or exercise program, you agree that you do so at your own risk, are voluntarily participating in these activities, assume all risk of injury to yourself, and agree to release and discharge OOMPH Fitness Inc. and its trainers from any and all claims or causes of action, known or unknown, arising out of OOMPH Fitness Inc.’s negligence.