Effective date: 4 March 2019
We offer a variety of products and services including online sales, mobile device apps, desktop computer software, and a web app. We refer to all of these products, together with our other services and websites as “Services” in this policy.
This policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you. If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business.
1.1 CROSS-BORDER INFORMATION TRANSFERS
You acknowledge (a) that you are accessing a Site that is based in the United States, (b) that you are providing personal information to a company in the United States, and (c) that Concept2 must adhere to laws of the United States. You agree that personal information collected on our Site may be stored and processed in the United States or any other country in which Concept2, its affiliates, partners, service providers, or agents maintain facilities, and while in such jurisdictions may be subject to access pursuant to the laws of those jurisdictions.
1.2 WHAT INFORMATION WE COLLECT ABOUT YOU
We collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below.
1.2.1 Information You Provide to Us
We collect information about you when you input it into the Services or otherwise provide it directly to us.
Account and profile information: We collect information about you when you register for an account, create a profile, set preferences, sign up for or make purchases through the Services. This may include personal information about you such as your name, address, phone number, email address, payment and billing information, as well as certain related information like your company name and website name, when you register for an account to access or utilize one or more of our Services.
Content you provide to us through our Services:The Services include the Concept2 Logbook, the Concept2 Utility, the ErgData app and any other software services developed by Concept2. Content we collect and store includes data related to your height, weight, heart rate, specific physical activities, and similar types of information relating to physiological condition and activity. We collect this data in order to provide the Services and to tailor features, products, event information and Services to your interests and goals.
Content you provide through our websites: The Services include our websites owned or operated by us. We collect other content that you submit to these websites, which include social media or social networking websites operated by us. For example, you provide content to us when you provide feedback or when you participate in any interactive features, reviews, surveys, contests, promotions, sweepstakes, activities or events.
Information you provide to us through our support channels: The Services also include our customer support, where you may choose to submit information related to a problem, question or suggestion related to our Products or Services. Whether you contact us over email, through a web form, over social media, using live chat, by calling or speaking to one of our representatives directly, you will be asked to provide contact information, a description of your reason for contact us, along with documents, screenshots or other information that will help us take care of your issue.
Information you provide when you sign up for marketing or promotional materials: We collect information from you when you sign up to receive marketing information about or related to our Products and Services. Information we collect may include your email address, name, location, and communication preferences.
Payment and billing information: We collect certain billing and payment information when you make a purchase on our online shops or when you contact us directly. Concept2 does not retain or store credit card information. A third-party intermediary is used to manage credit card processing. This intermediary is not permitted to store, retain, or use your billing information for any purpose except for credit card processing on our behalf.
1.2.2 Information we collect automatically when you use the Services
We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services.
Your use of the Services: We keep track of certain aggregate information about you and your use when you interact with or visit any of the Services. While this data may be derived from your personal data, it is not considered personal data in law because it does not directly or indirectly reveal your identity. This information includes the features you use, the links you click on, search terms and files you view.
Device and connection information: We collect information about your computer, phone, tablet or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. How much of this information we collect depends on the type and settings of the device you use to access the Services.
1.3 HOW WE USE THE INFORMATION WE COLLECT
To provide the Services: We use the information about you to provide the Services to you. This includes: processing transactions, authenticating your account when you log in, providing customer support and operating and maintaining the Services.
To communicate with you about the Services: We use your contact information to send transactional communications to you via email and within the Services. For example, we will send a purchase confirmation, notify you of software updates, send you technical updates or contact you about your account.
To market or promote the Services: You will receive marketing communications from us if you have opted in to receive such communications. You may opt in to such communications as part of account creation, registration, participation in a sweepstakes or promotion, during a phone call or while visiting our websites. You can control whether you receive these communications as described below under "Opt out of marketing communications."
For customer support purposes: We use your information to resolve technical issues you encounter, to respond to your requests for assistance, and to repair and improve the Services.
For safety and security: We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies.
For legitimate business interests and legal rights: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, or when we need to comply with a legal or regulatory obligation, we may use information about you.
Legal bases for processing (for EEA users): If you are an individual in the European Economic Area (“EEA”), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:
- We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests) (a) for research and development, (b) to market and promote the Services or (c) to protect our legal rights and interests;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
1.4 THIRD PARTIES AND CONCEPT2
We share information with third parties that help us operate, provide, improve, integrate, customize, support and market our Services.
Service providers: We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual and physical infrastructure, order processing, payment processing and analysis, which may require them to access or use information about you. For example, we use a service provider for sending bulk emails, such as our newsletter or software notifications. If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your information.
Community forums: We offer publicly accessible discussion forums, activity trackers and rankings as part of our Services, such as the Concept2 Forums and the Concept2 Online Logbook. You should be aware that information you provide on these websites, including profile information, may be viewed and collected by any member of the community who views these sites, based on the information sharing settings you have selected in your preferences. We urge you to consider the sensitivity of any information you post in these public settings when you use these Services.
To request removal of your information from publicly accessible websites that are part of our Services, please contact us as provided below. If we are unable to remove some or all of your information, we will notify you and explain why.
Third party widgets or code: Some of our services contain widgets, such as our “Support” and “Chat” features. These widgets may collect your IP address, browsing behavior, location, and may set a cookie to enable that feature to function correctly.
1.5 INFORMATION STORAGE AND SECURITY
We store your data using data service providers in the United States.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user places an order to maintain the safety of your personal information.
All credit card payment transactions are processed through PayTrace, a gateway provider, and are not stored or processed on our servers.
We have reasonable and appropriate physical, electronic, and administrative measures in place to safeguard the security of your personal information. However, when you communicate with customer service via email or chat on our websites, these communications may not be encrypted. For that reason, we ask that you do not share sensitive information via these communication channels.
We have put in place procedures to deal with any suspected personal data breach and in the case of a breach will notify you and, where we are legally required to do so, any applicable regulator.
1.6 DATA RETENTION
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, accounting, or reporting requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.
In some circumstances you can ask us to delete your data: see “Delete your information” below for further information.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
1.7 YOUR CHOICES
You have the right to:
- Request a copy of your personal information.
- Object to our use of your personal information (including for marketing purposes).
- Update and correct your personal information.
- Request the deletion or restriction of your personal information.
- Request your personal information in a structured, electronic format.
Below, we describe the tools and processes for making these requests.
You can exercise some of the choices by logging into the Services and using settings available within the Services or your account. For all other requests, you may contact us as provided in the Contact Us section below to request assistance. We may request specific information from you to confirm your identity.
Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete personal information which we are permitted by law or have compelling legitimate interests to retain. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.
Access and update your personal information: Some of our Services give you the ability to access, correct and update information about yourself from within the Service. For example, you can log in, access and edit your Logbook profile and your online purchase Account settings.
Deactivate your accounts: If you no longer wish to use our Services, we may be able to deactivate your Services account. Contact us as provided in the Contact Us section below to request assistance.
Delete your personal information: Some of the Services give the ability to delete certain information about yourself from within the Service. For example, you can remove content that contains fitness activity information and remove certain profile information. Please note, however, that we may need to retain certain personal information for record keeping purposes, to complete transactions or to comply with our legal obligations.
Object to use of your information: You may object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal information which override your rights and freedoms.
Request restriction of processing of your personal information: This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request that we stop using your personal information: In some cases, you may ask us to stop accessing, storing, using and otherwise processing your personal information where you believe we don't have the appropriate rights to do so. For example, if you believe a Services account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this policy. Where you gave us consent to use your personal information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time.
When you make such requests, we may need time to process your request. If there is delay or dispute as to whether we have the right to continue using your personal information, we will restrict any further use of your personal information until the request is honored or the dispute is resolved.
Request the transfer of your personal information to you or to a third party: We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated personal information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Opt out of marketing communications: You may opt out of marketing communications from us by using the unsubscribe link provided at the bottom of every email or by contacting us as provided below and requesting that your contact information be removed from our promotional email lists.
Even after you opt out of marketing communications, you will continue to receive transactional notifications from us regarding our Services.
Interest-based advertising: We may work with third-party advertising companies that collect and use information about your online activities across sites over time, in order to deliver more relevant advertising when you are using the Concept2 Services and elsewhere on the Internet. This practice is known as interest-based advertising. You may visit www.aboutads.info to learn more and to opt out of this type of advertising by companies participating in the Digital Advertising Alliance self-regulatory program. We do not operate or control this site, and are not responsible for the opt-out choices available there. Note that electing to opt out will not stop advertising from appearing in your browser or applications. It may make the ads you see less relevant to your interests. If you delete, block or otherwise restrict cookies or use a different computer or Internet browser, you may need to renew your opt-out choice.
Links to Third Parties and Social Media
Our websites and App may contain links to third-party online properties. Such third parties have their own policies that govern their collection, use, and disclosure of information. We suggest that you read their privacy policies to learn about their practices.
Social media provides tools that many of our customers use and enjoy, and we include links to various social media platforms on our websites. If you interact with these social media tools through our websites, your experience on those social media sites will be governed by the privacy and other policies of those sites. So, the privacy settings you have chosen on those sites will determine the degree to which your information is made public. We encourage you to choose your privacy settings on those sites accordingly.
The online Concept2 Services are specifically marketed to and available to individuals over the age of 13.
Please see our COPPA Policy for additional information.
1.9 INVESTIGATORY AND ENFORCEMENT POWERS
Concept2 is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
1.9.1 Sensitive Personal Information
We may collect the following sensitive EEA personal data: data regarding your height, weight, heart rate, specific physical activities, and similar types of information relating to physiological condition and activity. We collect this data in order to provide the Services and to tailor features, products, event information and Services to your interests and goals. When we collect sensitive EEA Personal Data, we will obtain your opt-in consent for the collection and use of such information, including if we disclose your sensitive EEA personal data to third parties, or before we use your sensitive EEA personal data for a different purpose than we collected it for or than you later authorized.
1.9.2 Onward Transfers
We are responsible for the processing of information about you we receive from the EU and Switzerland and onward transfers to a third party acting as an agent on our behalf. For such onward transfers, we remain liable if third-party agents that we engage to process such information about you on our behalf do so in a manner inconsistent with the our requirements, unless we prove that we are not responsible for the event giving rise to the damage.
To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov. Once we have completed the certification process and been certified, you will be able to see our certification page at this location.
1.9.4 Contact and Dispute Resolution
We encourage you to contact us in the United States or our EU Representative as provided in the Contact Us section below should you have an EU General Data Protection Regulation (GDPR)-related or general privacy-related complaint. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your EEA personal data within 45 days of receiving your complaint. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge). Through this third-party dispute resolution provider, we have also committed to cooperating and complying with the information and advice provided by an informal panel of data protection authorities in the European Economic Area and/or the Swiss Federal Data Protection and Information Commissioner (as applicable) in relation to unresolved complaints. You may also contact your local data protection authority within the European Economic Area or Switzerland (as applicable) for unresolved complaints.
1.9.5 Binding arbitration
You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your compliant directly with Concept2 and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see US Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration).
1.11 CONTACT US
105 Industrial Park Dr.
Morrisville, VT 05661
EU Representative for EEA residents
Full name of legal entity: Concept 2 Limited.
Full name of data privacy manager: Rebecca Nowell
Email address: email@example.com
Postal address: Unit C8, Queens Drive Industrial Estate, Crossgate Drive Nottingham NG2 1LW.
Toll-free Phone (US & Canada): 800.245.5676