Privacy policy

Effective Date: January 1, 2023

Your privacy is very important to us. At OOMPH Fitness Inc., our mission is to always deliver fun, challenging and EMPOWERING fitness experiences and we want you to know how we collect and use the data that you provide to us over the course of your fitness journey with us.  This privacy notice (the “Privacy Policy”) for OOMPH Fitness Inc. (referred to as “OOMPH”, “Company”, “we”, “us” or “our”), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:

  •         Visit our website at https://oomphfitness.com (“Website”), or any website of ours that links to this Privacy Policy
  •         Using or otherwise accessing our OOMPH mobile application (“Mobile App”)
  •         Engage with us in other related ways, including any sales, marketing or events or otherwise connect with us

We encourage you to read this Privacy Policy carefully as well as our Terms of Service (referred to throughout as our “Terms”).  We may change this Privacy Policy from time to time, and changes are effective upon posting.  If you do not agree to the terms of this Privacy Policy, please discontinue your use of the Website and or Mobile App.

BY USING THE SERVICES, YOU CONSENT TO THE COLLECTION, USE AND TRANSFER OF YOUR PERSONAL DATA FOR PROCESSING AS DESCRIBED IN THIS PRIVACY POLICY.

Questions or Comments

We welcome questions and comments about this Privacy Policy and our privacy practices.  Reading this Privacy Policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or comments, please contact us at support@oomphfitness.com.

Contents

  1.       What Information Does OOMPH Collect?
  2.       How Does OOMPH Process Your Information?
  3.       What Legal Reasons Do We Rely on To Process Your Information?
  4.       How Is Your Information Shared?
  5.       Is Your Information Transferred Internationally?
  6.       How Do We Protect Your Information?
  7.       How Long Do We Keep Your Information?
  8.       Do We Collect Information from Minors?
  9.       How Do We Handle Your Social Logins?
  10.       Do We Use Cookies and Similar Technologies?
  11.       What Are Your Privacy Rights?
  12.       Do We Make Updates to this Privacy Policy?
  13.       Do California Residents Have Specific Rights?
  14.       How Can You Contact Us About This Privacy Policy?

1.  What Information Does OOMPH Collect?

Each time you provide or transmit information to us via the Website or Mobile App, OOMPH may obtain and collect personally identifiable information about you, including, but not limited to, your name, email address, and any other information that may be used to identify you. We may also collect information about your IP address, browser type, cookie identifiers, Internet Service Provider, referring and exit page, operating system, clickstream data, the type of mobile device you use, your mobile device's unique device ID, and your mobile operating system (“Internet Activity Data”). We may track information regarding your use of our Website or Mobile App, including but not limited to, which workouts you have completed and timestamps associated with your use of our services. We also track and analyze non-identifying and aggregate usage and volume statistical information from our visitors and customers.  There are also several opportunities for you to share information about yourself and your activities with OOMPH.  For example:

Account, Profile, Activity and Use Information

We collect basic account information such as your name, email address, phone number, date of birth, weight, gender, username and password that you may select in connection with establishing an account on our Services.  We use your contact information so we can respond to your support requests and comments.  Profile, activity and use information is collected about you when you choose to upload a picture, complete or post an activity (including date, duration, calories burned and perceived exertion) or otherwise use the Services.

Sensitive Information 

We do not process sensitive information.

Content You Share

We gather information from the photos, posts, comments and other content you share on the Services.

Contacts Information

You can choose to add your contacts’ information by connecting your contacts from your mobile device to OOMPH. If you choose to share your contacts with OOMPH, OOMPH will, in accordance with your instructions, access and store your contacts’ information in order to identify connections and help you connect with them. Learn more about how we collect information about your contacts, how we use that information, and the controls available to you.

Wearable or other Connected Devices

We also collect Personal Data, including Fitness and Wellness Data, when you connect a device that is equipped with the Services, such as heart rate monitors, activity trackers, and other devices or wearables that integrate with the Services (such as an Apple Watch).

Health Information

OOMPH may collect or infer health information.  Certain health information may be inferred from sources such as heart rate or other measurements, including weight or other indicators. Before you can upload health information to OOMPH, you must give your explicit consent to the processing of that health information by OOMPH. You can withdraw your consent to OOMPH processing your health information at any time.

Apple HealthKit Data

You can choose to connect and share your information with HealthKit and your HealthKit information with OOMPH. The information you provide to HealthKit is then governed by the Apple Terms and Conditions and Privacy Policy. The unique information you choose to send from HealthKit is not used by OOMPH for marketing and advertising or transferred by OOMPH to third parties for marketing and advertising.

Payment Information

When you make a payment on OOMPH, you may provide payment information such as your credit card or other payment details. We use Payment Card Industry compliant third-party payment services and we do not store your credit card information.

The host of our online store (Shopify Inc.) provides us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases, and the general Shopify application. By using services provided by Shopify Inc. you agree to their terms and conditions, which are available at https://www.shopify.com/legal/terms, including their privacy policy.

For payment processing we also use the services of Stripe Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA (“Stripe”). For this purpose, payment information is transmitted to servers of Stripe in the United States.  We also use the services of Chargebee Inc., 340 S. Lemon Avenue, Suite #1537, Walnut, California 91789, USA (“Chargebee”) for billing and processing payments. For this purpose, payment information is transmitted to servers of Chargebee in the United States.

The EU Commission has issued an adequacy decision (No. 2016/1250) for data transmissions to the United States, according to which companies that meet certain criteria guarantee an adequate level of protection, also known as “EU-US Privacy Shield”. These companies are included in the so-called Privacy Shield List. Stripe is one of the companies listed there. The data transmission to Stripe in connection with handling payments is based on Art. 45 and 28 GDPR. Chargebee is also one of the companies listed in the Privacy Shield List. Hence, the transmission of data to Chargebee in connection with processing payments and billing is based on Art. 45 and 28 GDPR. The legal basis for the processing of payment data is Art. 6 (1) (b) GDPR, because this is necessary for carrying out the contract concluded with you.

Technical Information

We collect information from your browser, computer, or mobile device, which provide us with technical information when you access or use the Services. This technical information includes device and network information, cookies, log files and analytics information.  Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services.

Social Media Login Data

We may provide you with the option to register with us using your existing third-party account, e.g. Facebook, Google or Apple. If you choose to register in this way, we collect the information that you agreed to make available to OOMPH (e.g. name, email address, profile information, preferences). See details in the Section called "How Do We Handle Your Social Logins?" below.

2.  How Does OOMPH Process Your Information?

OOMPH uses the information we collect and receive as described below:

To Provide the Services

We process the information we collect and we receive to provide the Services, including providing you with the ability to record your activities and analyze your performance.  For example, to compare your past efforts, and (with your consent) we use your heart information to provide you with useful performance analysis.  We also provide the ability to interact with other athletes.  For example, to share your activities and progress to achieving workout belts.

To Facilitate Account Creation and Authentication

We process your information so you can create and log in to your account, as well as keep your account in working order.

To Customize the Services

We use the information we collect about you to customize your experience. For example, we may suggest work out programs that may interest you or new features that you may want to try.

To Improve the Services

We use the information we collect to identify usage trends to better understand how our Services are being used so we can improve them.

To Protect You and the Services

We use the information we collect when necessary to protect our members and enforce our Terms of Service.

To Send You Communications

We may process your information for our marketing purposes, if that is in accordance with your marketing preferences.  You can opt out of our marketing and push communications at any time. 

To Fulfill and Manage your Orders

We may process your information to fulfill and manage your orders, subscriptions, payments, returns and exchanges made through our Services.

To Request Feedback

We may process your information to request feedback about your use of our Services.

 

3.  What Legal Reasons Do We Rely on To Process Your Information?

We only process your information when we believe it is necessary and we have a valid legal reason to do so under applicable law, such as to comply with laws, protect your rights or to fulfill our legitimate business interests.

General Data Protection Regulation (GDPR) and UK GDPR

If you are located in the EU or UK this section applies to you.  The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.

Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services.

Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms.

 

4.  How Is Your Information Shared?

We may share your information in specific situations described in the section and/or with the following groups of third parties.

Vendors, Consultants and Other Third-Party Providers

We may share your information with third-party service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. They are committed to protect the data they hold on our behalf and will not share your personal information with any organization apart from us.  Please note, we do not share text messaging originator opt-in data and consent information with any third parties.  The categories of third parties that we may share your information are as follows:

  •         Ad Networks
  •         Affiliate Marketing Programs
  •         Communication & Collaboration Tools
  •         Data Analytics Services
  •         Data Storage Service Providers
  •         Order Fulfillment Service Providers
  •         Payment Processors
  •         Performance Monitoring Tools
  •         Product Engineering & Design Tools
  •         Retargeting Platforms
  •         Sales & Marketing Tools
  •         Social Networks
  •         User Account Registration & Authentication Services
  •         Website Hosting Service Providers

 

Business Transfers

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

Affiliates

We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy.

Business Partners

We may share your information with our business partners to offer you certain products or services.

 

5.  Is Your Information Transferred Internationally?

We may transfer, store, and process your information in countries other than your own.  Our servers are located in the United States.  If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information, in the United States and other countries other than the country in which you initially provided your data.

While countries outside the EU, EEA and the UK do not always have strong data privacy laws, we take measures to protect your Personal Data as described in this Privacy Policy and in compliance with applicable Data Privacy Law. We also require all third-party data recipients (including our service providers) to process your information in a secure manner and in accordance with the GDPR and other applicable Data Privacy Law (e.g., through the signing of the EU Standard Contractual Clauses). If you have further questions about this or would like to request to view copies of the applicable safeguards (where required), please contact us using the contact details in the Section called “How Can You Contact Us About This Privacy Policy?” below.

 

6.  How Do We Protect Your Information?

We protect your information by implementing and maintaining a system of organizational and technical security measures that are designed to protect the security of any personal information we process against accidental, unlawful or unauthorized destruction, loss, alteration, access disclosure or use.  We employ reasonable protections for your information that are appropriate to its sensitivity.  The Services use industry standard Secure Sockets Layer (SSL) technology to allow for the encryption of personal information.  In addition, OOMPH’s secure servers protect this information using advanced firewall technology.  You should only access the Services within a secure environment.

Despite such efforts, however, please note that no organization can fully eliminate risks or guarantee the security of personal information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of information about you at any time, and we bear no liability for uses or disclosures of personal information or other data arising in connection with the theft of the information or other malicious actions.

 

7.  How Long Do We Keep Your Information?

We retain information as long as it is necessary to provide the Services to you and others, subject to any legal obligations to further retain such information. Information associated with your account will generally be kept until it is no longer necessary to provide the Services or until your account is deleted.

To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process it, and whether we can achieve those purposes through other means.

We also consider the periods for which we might need to retain personal data in order to meet our legal obligations, or to deal with complaints and queries, and to protect our legal rights in the event of a claim being made.

In general, this means that we will likely keep your Personal Data for as long as your User Account is open. Following closure of your User Account, however, we may still retain a limited portion of your Personal Data so that we can maintain a continuous relationship with you if and when we are in contact with you again, and to comply with our internal processes and any legal obligations.

When we no longer need your personal data, we will securely delete or destroy it. We will also consider if and how we can minimize over time the personal data that we use, and if we can fully anonymise your personal data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.

 

8.  Do We Collect Information from Minors?

We do not knowingly solicit data from children under 18 years of age. By using the Services, you represent that you are at least 18 years of age. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.

 

9.  How Do We Handle Your Social Logins?

Our Services offer you the ability to register and log in using your third-party social media account details (like your Facebook login). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such a social media platform.  We will use the information we receive only for the purposes that are described in this Privacy Policy or that are otherwise made clear to you on the relevant Services.

 

10.  Do We Use Cookies and Similar Technologies?

We use cookies and similar tracking technologies (such as web beacons, pixels and device identifiers) and social media widgets (collectively "Cookies") to collect and use personal information about you, including for analytics purposes and to serve you interest-based advertising. For further information about the types of Cookies we use, why, and how you can control Cookies, please see our Cookies Policy.

 

11.  What Are Your Privacy Rights?

In some regions, such as the European Economic Area (EEA), United Kingdom (UK), and Canada, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time. You can make such a request by contacting us using the contact details in the Section called “How Can You Contact Us About This Privacy Policy?” below.  We will consider and act upon any request in accordance with applicable data protection laws.

Consent

If we have collected and process your personal information with your, then you can withdraw your consent at any time by using settings on the OOMPH Mobile App (as applicable), via settings on your device or by contacting us using the details provided in the Section called “How Can You Contact Us About This Privacy Policy?” below.

Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Opting Out of Marketing and Promotional Communications

You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us using the contact details in the Section called “How Can You Contact Us About This Privacy Policy?” below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you transaction-related emails regarding products or services you have requested. service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.

If you opt in, you will receive text messages from OOMPH.  You can opt-out of receiving OOMPH text messages by texting STOP to the number from which you received the message. We will send you one final message to confirm that you have been unsubscribed, and will process your request within a reasonable time after receipt, in accordance with applicable laws. If you experience any issues with text messages from OOMPH, text HELP to the number from which you received the message or email our Support team at support@oomphfitness.com.

We maintain “do-not-call” and “do-not-mail” lists as mandated by law. We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists within the timescales required by law.

Push Notifications: If you opt-in on your device, OOMPH may occasionally send you push notifications through our Mobile App with updates, achievements and other notices that may be of interest to you. You may at any time opt-out from receiving these types of communications by changing the settings on your device.

Account Information

At any time, you can review or change the information in your account or terminate your account.  Simply log in to your account settings and update your user account.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

 

12.  Do We Make Updates to this Privacy Policy?

Yes, we will update this Privacy Policy as necessary to stay compliant with relevant laws.  We may revise and update this Privacy Policy at any time at our sole discretion by posting an updated Privacy Policy on the Platform. All such changes to the Privacy Policy are effective immediately when posted to the Platform and apply to all access to and use of the Platform thereafter.  The updated version will be indicated by an updated "Revised" date. We recommend that you visit our website regularly to keep up to date with any changes. We also try to let you know about major changes to our Privacy Policy (for example by putting a notice up on our website).

 

13. Do California Residents Have Specific Rights?

If you are a resident of California, you are granted specific rights regarding access to your personal information.  The California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact details in the Section called “How Can You Contact Us About This Privacy Policy?” below.

If you are a resident of California, we must adhere to certain rights and obligations regarding your personal information.

What Categories of Personal Information Do We Collect?

We have collected the following categories of personal information in the past twelve (12) months:

Category

How We Obtain It

Collected

A.      Identifiers

Examples: Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name.

Directly from you or linked third party accounts.

YES

B.      Personal information categories listed in the California Customer Records statute

Examples: Name, contact information, education, employment, employment history, and financial information.

Directly from you and your devices.

YES

C.      Protected classification characteristics under California or federal law

 

Examples: Gender and date of birth.

Directly from you and your devices

YES

D.      Commercial information

 

Examples: Transaction information, purchase history, financial details, and payment information.

Directly from you and your devices

YES

E.       Biometric information  

 

Examples: Physical characteristics such as weight and height, and photographs identifying your facial features, to the extent you choose to enter these on the Platform.

Directly from you and your devices

YES

F.       Internet or other similar network activity

 

Examples: Information about your use of the Platform and your IP address, including information collected automatically through cookies.

Directly from you and your devices.

YES

G.      Geo-location data

Examples: Where the IP address of your computer or device is used to determine your geographic location so that we can customise your experience on the Platform (e.g. language settings).

Directly from you and your device(s).

YES

H.      Sensory Data

Examples: Audio, electronic, visual, thermal, olfactory, or similar information (e.g., your photos and audio where you have selected particular services or features on the Platform).

Directly from you, where you have selected particular services or features on the Platform.

YES

I.        Inferences drawn from other Personal Data

 

Examples: Information you provide about yourself and any preferences in your User Account, communications with us or directed to us via letters, emails, chat services, calls, and social media, fitness activity data provided by you on the Platform or generated through your use of the OOMPH App, including activity data generated by the devices that you connect to the OOMPH App where you have selected particular services or features on the Platform and contacts information.

Directly from you and your devices.

YES

 

Request to Exercise Your Rights

RIGHT TO KNOW - Under the CCPA, you have a right to request information about our collection, use, and disclosure of your personal information over the prior 12 months, and ask that we provide you with the following information:

  1.       Categories of and specific pieces of personal information we have collected about you.
  2.       Categories of sources from which we collect personal information.
  3.       Purposes for collecting, using, or selling personal information.
  4.       Categories of third parties with which we share personal information.
  5.       Categories of personal information disclosed about you for a business purpose.
  6.       If applicable, categories of personal information sold about you and the categories of third parties to which the personal information was sold, by category or categories of personal information for each third party to which the personal information was sold.

RIGHT TO DELETE - You also have a right to request that we delete personal information, subject to certain exceptions.

EXERCISING YOUR RIGHTS - You may exercise your right to know and your right to delete by emailing us at support@oomphfitness.com. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.

REQUEST POLICIES - We currently do not collect household data. If all the members of a household make a Right to Know or Right to Delete request, we will respond as if the requests are individual requests. You may make a verifiable consumer request related to your personal information twice per 12-month period. We will not discriminate against you for exercising any of your rights under the CCPA. You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.

14.  How Can You Contact Us About This Privacy Policy?

Questions or comments about this Privacy Policy or if you wish to exercise your rights related to your Personal Data, please contact the OOMPH team at the following email address: support@oomphfitness.com.