Effective Date: January 1, 2023
- Using or otherwise accessing our OOMPH mobile application (“Mobile App”)
- Engage with us in other related ways, including any sales, marketing or events or otherwise connect with us
Questions or Comments
- What Information Does OOMPH Collect?
- How Does OOMPH Process Your Information?
- What Legal Reasons Do We Rely on To Process Your Information?
- How Is Your Information Shared?
- Is Your Information Transferred Internationally?
- How Do We Protect Your Information?
- How Long Do We Keep Your Information?
- Do We Collect Information from Minors?
- How Do We Handle Your Social Logins?
- What Are Your Privacy Rights?
- Do California Residents Have Specific Rights?
1. What Information Does OOMPH Collect?
Each time you provide or transmit information to us via the Website or Mobile App, OOMPH may obtain and collect personally identifiable information about you, including, but not limited to, your name, email address, and any other information that may be used to identify you. We may also collect information about your IP address, browser type, cookie identifiers, Internet Service Provider, referring and exit page, operating system, clickstream data, the type of mobile device you use, your mobile device's unique device ID, and your mobile operating system (“Internet Activity Data”). We may track information regarding your use of our Website or Mobile App, including but not limited to, which workouts you have completed and timestamps associated with your use of our services. We also track and analyze non-identifying and aggregate usage and volume statistical information from our visitors and customers. There are also several opportunities for you to share information about yourself and your activities with OOMPH. For example:
Account, Profile, Activity and Use Information
We collect basic account information such as your name, email address, phone number, date of birth, weight, gender, username and password that you may select in connection with establishing an account on our Services. We use your contact information so we can respond to your support requests and comments. Profile, activity and use information is collected about you when you choose to upload a picture, complete or post an activity (including date, duration, calories burned and perceived exertion) or otherwise use the Services.
We do not process sensitive information.
Content You Share
We gather information from the photos, posts, comments and other content you share on the Services.
You can choose to add your contacts’ information by connecting your contacts from your mobile device to OOMPH. If you choose to share your contacts with OOMPH, OOMPH will, in accordance with your instructions, access and store your contacts’ information in order to identify connections and help you connect with them. Learn more about how we collect information about your contacts, how we use that information, and the controls available to you.
Wearable or other Connected Devices
We also collect Personal Data, including Fitness and Wellness Data, when you connect a device that is equipped with the Services, such as heart rate monitors, activity trackers, and other devices or wearables that integrate with the Services (such as an Apple Watch).
OOMPH may collect or infer health information. Certain health information may be inferred from sources such as heart rate or other measurements, including weight or other indicators. Before you can upload health information to OOMPH, you must give your explicit consent to the processing of that health information by OOMPH. You can withdraw your consent to OOMPH processing your health information at any time.
Apple HealthKit Data
When you make a payment on OOMPH, you may provide payment information such as your credit card or other payment details. We use Payment Card Industry compliant third-party payment services and we do not store your credit card information.
For payment processing we also use the services of Stripe Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA (“Stripe”). For this purpose, payment information is transmitted to servers of Stripe in the United States. We also use the services of Chargebee Inc., 340 S. Lemon Avenue, Suite #1537, Walnut, California 91789, USA (“Chargebee”) for billing and processing payments. For this purpose, payment information is transmitted to servers of Chargebee in the United States.
The EU Commission has issued an adequacy decision (No. 2016/1250) for data transmissions to the United States, according to which companies that meet certain criteria guarantee an adequate level of protection, also known as “EU-US Privacy Shield”. These companies are included in the so-called Privacy Shield List. Stripe is one of the companies listed there. The data transmission to Stripe in connection with handling payments is based on Art. 45 and 28 GDPR. Chargebee is also one of the companies listed in the Privacy Shield List. Hence, the transmission of data to Chargebee in connection with processing payments and billing is based on Art. 45 and 28 GDPR. The legal basis for the processing of payment data is Art. 6 (1) (b) GDPR, because this is necessary for carrying out the contract concluded with you.
We collect information from your browser, computer, or mobile device, which provide us with technical information when you access or use the Services. This technical information includes device and network information, cookies, log files and analytics information. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services.
Social Media Login Data
We may provide you with the option to register with us using your existing third-party account, e.g. Facebook, Google or Apple. If you choose to register in this way, we collect the information that you agreed to make available to OOMPH (e.g. name, email address, profile information, preferences). See details in the Section called "How Do We Handle Your Social Logins?" below.
2. How Does OOMPH Process Your Information?
OOMPH uses the information we collect and receive as described below:
To Provide the Services
We process the information we collect and we receive to provide the Services, including providing you with the ability to record your activities and analyze your performance. For example, to compare your past efforts, and (with your consent) we use your heart information to provide you with useful performance analysis. We also provide the ability to interact with other athletes. For example, to share your activities and progress to achieving workout belts.
To Facilitate Account Creation and Authentication
We process your information so you can create and log in to your account, as well as keep your account in working order.
To Customize the Services
We use the information we collect about you to customize your experience. For example, we may suggest work out programs that may interest you or new features that you may want to try.
To Improve the Services
We use the information we collect to identify usage trends to better understand how our Services are being used so we can improve them.
To Protect You and the Services
We use the information we collect when necessary to protect our members and enforce our Terms of Service.
To Send You Communications
We may process your information for our marketing purposes, if that is in accordance with your marketing preferences. You can opt out of our marketing and push communications at any time.
To Fulfill and Manage your Orders
We may process your information to fulfill and manage your orders, subscriptions, payments, returns and exchanges made through our Services.
To Request Feedback
We may process your information to request feedback about your use of our Services.
3. What Legal Reasons Do We Rely on To Process Your Information?
We only process your information when we believe it is necessary and we have a valid legal reason to do so under applicable law, such as to comply with laws, protect your rights or to fulfill our legitimate business interests.
General Data Protection Regulation (GDPR) and UK GDPR
If you are located in the EU or UK this section applies to you. The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services.
Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms.
4. How Is Your Information Shared?
We may share your information in specific situations described in the section and/or with the following groups of third parties.
Vendors, Consultants and Other Third-Party Providers
We may share your information with third-party service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. They are committed to protect the data they hold on our behalf and will not share your personal information with any organization apart from us. Please note, we do not share text messaging originator opt-in data and consent information with any third parties. The categories of third parties that we may share your information are as follows:
- Ad Networks
- Affiliate Marketing Programs
- Communication & Collaboration Tools
- Data Analytics Services
- Data Storage Service Providers
- Order Fulfillment Service Providers
- Payment Processors
- Performance Monitoring Tools
- Product Engineering & Design Tools
- Retargeting Platforms
- Sales & Marketing Tools
- Social Networks
- User Account Registration & Authentication Services
- Website Hosting Service Providers
We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
We may share your information with our business partners to offer you certain products or services.
5. Is Your Information Transferred Internationally?
We may transfer, store, and process your information in countries other than your own. Our servers are located in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information, in the United States and other countries other than the country in which you initially provided your data.
6. How Do We Protect Your Information?
We protect your information by implementing and maintaining a system of organizational and technical security measures that are designed to protect the security of any personal information we process against accidental, unlawful or unauthorized destruction, loss, alteration, access disclosure or use. We employ reasonable protections for your information that are appropriate to its sensitivity. The Services use industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of personal information. In addition, OOMPH’s secure servers protect this information using advanced firewall technology. You should only access the Services within a secure environment.
Despite such efforts, however, please note that no organization can fully eliminate risks or guarantee the security of personal information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of information about you at any time, and we bear no liability for uses or disclosures of personal information or other data arising in connection with the theft of the information or other malicious actions.
7. How Long Do We Keep Your Information?
We retain information as long as it is necessary to provide the Services to you and others, subject to any legal obligations to further retain such information. Information associated with your account will generally be kept until it is no longer necessary to provide the Services or until your account is deleted.
To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process it, and whether we can achieve those purposes through other means.
We also consider the periods for which we might need to retain personal data in order to meet our legal obligations, or to deal with complaints and queries, and to protect our legal rights in the event of a claim being made.
In general, this means that we will likely keep your Personal Data for as long as your User Account is open. Following closure of your User Account, however, we may still retain a limited portion of your Personal Data so that we can maintain a continuous relationship with you if and when we are in contact with you again, and to comply with our internal processes and any legal obligations.
When we no longer need your personal data, we will securely delete or destroy it. We will also consider if and how we can minimize over time the personal data that we use, and if we can fully anonymise your personal data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.
8. Do We Collect Information from Minors?
We do not knowingly solicit data from children under 18 years of age. By using the Services, you represent that you are at least 18 years of age. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.
9. How Do We Handle Your Social Logins?
11. What Are Your Privacy Rights?
Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
Opting Out of Marketing and Promotional Communications
If you opt in, you will receive text messages from OOMPH. You can opt-out of receiving OOMPH text messages by texting STOP to the number from which you received the message. We will send you one final message to confirm that you have been unsubscribed, and will process your request within a reasonable time after receipt, in accordance with applicable laws. If you experience any issues with text messages from OOMPH, text HELP to the number from which you received the message or email our Support team at email@example.com.
We maintain “do-not-call” and “do-not-mail” lists as mandated by law. We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists within the timescales required by law.
Push Notifications: If you opt-in on your device, OOMPH may occasionally send you push notifications through our Mobile App with updates, achievements and other notices that may be of interest to you. You may at any time opt-out from receiving these types of communications by changing the settings on your device.
At any time, you can review or change the information in your account or terminate your account. Simply log in to your account settings and update your user account.
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.
13. Do California Residents Have Specific Rights?
If you are a resident of California, we must adhere to certain rights and obligations regarding your personal information.
What Categories of Personal Information Do We Collect?
We have collected the following categories of personal information in the past twelve (12) months:
How We Obtain It
Examples: Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name.
Directly from you or linked third party accounts.
B. Personal information categories listed in the California Customer Records statute
Examples: Name, contact information, education, employment, employment history, and financial information.
Directly from you and your devices.
C. Protected classification characteristics under California or federal law
Examples: Gender and date of birth.
Directly from you and your devices
D. Commercial information
Examples: Transaction information, purchase history, financial details, and payment information.
Directly from you and your devices
E. Biometric information
Examples: Physical characteristics such as weight and height, and photographs identifying your facial features, to the extent you choose to enter these on the Platform.
Directly from you and your devices
F. Internet or other similar network activity
Examples: Information about your use of the Platform and your IP address, including information collected automatically through cookies.
Directly from you and your devices.
G. Geo-location data
Examples: Where the IP address of your computer or device is used to determine your geographic location so that we can customise your experience on the Platform (e.g. language settings).
Directly from you and your device(s).
H. Sensory Data
Examples: Audio, electronic, visual, thermal, olfactory, or similar information (e.g., your photos and audio where you have selected particular services or features on the Platform).
Directly from you, where you have selected particular services or features on the Platform.
I. Inferences drawn from other Personal Data
Examples: Information you provide about yourself and any preferences in your User Account, communications with us or directed to us via letters, emails, chat services, calls, and social media, fitness activity data provided by you on the Platform or generated through your use of the OOMPH App, including activity data generated by the devices that you connect to the OOMPH App where you have selected particular services or features on the Platform and contacts information.
Directly from you and your devices.
Request to Exercise Your Rights
RIGHT TO KNOW - Under the CCPA, you have a right to request information about our collection, use, and disclosure of your personal information over the prior 12 months, and ask that we provide you with the following information:
- Categories of and specific pieces of personal information we have collected about you.
- Categories of sources from which we collect personal information.
- Purposes for collecting, using, or selling personal information.
- Categories of third parties with which we share personal information.
- Categories of personal information disclosed about you for a business purpose.
- If applicable, categories of personal information sold about you and the categories of third parties to which the personal information was sold, by category or categories of personal information for each third party to which the personal information was sold.
RIGHT TO DELETE - You also have a right to request that we delete personal information, subject to certain exceptions.
EXERCISING YOUR RIGHTS - You may exercise your right to know and your right to delete by emailing us at firstname.lastname@example.org. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.
REQUEST POLICIES - We currently do not collect household data. If all the members of a household make a Right to Know or Right to Delete request, we will respond as if the requests are individual requests. You may make a verifiable consumer request related to your personal information twice per 12-month period. We will not discriminate against you for exercising any of your rights under the CCPA. You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.