PRIVACY & SECURITY POLICY
Effective as of November 1, 2020
Privacy and security of your personal information are very important to us. This Privacy & Security Policy describes how we, Zentastic! LLC, a limited liability company governed by the laws of the State of Delaware, USA (“Company,” ”we," “our,” or “us”), collect, store, use, and disclose personal information (as defined below) of users of the website https://ZentasticFit.com and any mobile application associated with it (collectively, “Platform”).
We may amend this Privacy & Security Policy from time to time. We will post any changes to this Privacy & Security Policy here so that you always know what information we gather, how we might use that information, and whether we will disclose that information to anyone. Please refer back to this Privacy & Security Policy on a regular basis. By using the Platform, you acknowledge that you accept the practices and policies outlined in this Privacy & Security Policy and you hereby consent that we will collect, store, use, and disclose your personal information as outlined in this Privacy & Security Policy. If you do not agree with any practices in this Privacy & Security Policy, please stop using the Platform.
PERSONAL INFORMATION COLLECTED THROUGH PLATFORM
“Personal information,” also known as personal data or personally identifiable information, is any information related to an identifiable person. When you sign up for an Account on the Platform and/or make a purchase, we may collect the following personal information from you: first name, last name, entity name, age, height, weight, medical history, health screening information, profile photo, email address, email address associated with PayPal account, billing address, IP address, Service location, and any personal information that you provide voluntarily.
We may also collect and store copies of your certificates, diplomas, licenses or other qualification documents entitling you to provide professional services in your field of your expertise. Uploading an introductory video and other video content for Instructors will be encouraged, but not obligatory.
NON-PERSONAL OR AGGREGATE INFORMATION WE MAY COLLECT
We may collect data which is non-personal, anonymous, or pseudonymous, including, but not limited to, body mass index, time zone you are in, schedule availability, background check results, fitness level, information on how you first heard about us, browser type, other fitness preferences, browsing history, number of logins, page views, language settings, and time/date of login.
PURPOSES FOR WHICH WE USE INFORMATION ABOUT YOU
We only use information about you to support your experience throughout the Platform or to communicate with you about Services. In particular, we collect information about you to:
- recognize you as a registered user of the Platform;
- verify your identity;
- verify your qualifications/certificates/licenses (for Instructors);
- verify background check (for Team Leaders and Instructors);
- process your orders;
- respond to your inquiries or requests;
- display your name in chats and forums;
- send you newsletters and information about the Platform and Services;
- conduct market research;
- allow our partners and vendors (including payment processing and email marketing companies) to help us run our business smoothly;
- comply with all applicable laws or if we are required by law or by a court order to do so;
- analyse non-personal or aggregate information for Platform improvement; or
- transfer information in connection with the sale or merger or change of control of Company.
We reserve the right to use and disclose non-personal information and anonymous aggregate statistics for any purpose and to any third party at our sole discretion.
Social login is a form of single sign-on using existing information from a social media service such as Facebook, Twitter, Instagram or Google, to sign in and register on a third-party website. We offer you an option to register and sign in on our Platform using your social media accounts from Facebook and Google. If you choose to register and sign in on our Platform using any of your social media accounts, we may have access to certain information about you. The profile Information we receive may vary depending on the social media service concerned, but will often include your name, e-mail address, friends list, profile picture as well as other information you choose to make public. We will use the information we receive only for the purposes that are described in this Privacy & Security Policy. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media services. These social media services may collect your personal information and monitor your activity on the Platform. Please refer to their respective privacy policies to learn more about their data collection, storage and usage policies.
FEEDBACK & REVIEWS
If you leave any feedback, review, or suggestion (collectively, “Feedback”) on the Platform or in an email to us, you hereby assign to Company all rights in the Feedback and agree that Company shall have the right to use such Feedback and related information in any manner it deems appropriate. We will treat any Feedback you provide to us as non-confidential and non-proprietary. You agree that you will not submit to us any information or ideas that you consider to be confidential or proprietary.
We may sell, transfer or otherwise share some or all of our assets, including your personal information, in connection with a merger, acquisition, reorganization, bankruptcy, or sale of assets.
SHARING YOUR INFORMATION WITH OUR PARTNERS & VENDORS
From time to time, we will share your personal information with our partners and vendors to process your orders or help us run the Platform.
We only make these business-purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. We may disclose personal information for business purposes to the following categories of third parties:
- Marketing Campaigns, Direct Marketing, Behavioural Marketing and Lead Generation
- Cloud Computing or Hosting Services
- Content Optimization
- Invoice, Billing, Payment
- Retargeting Platforms
- Web and Mobile Analytics
A “cookie” is a small data file transmitted from a website to your device’s hard drive. Cookies are usually defined in one of two ways, and we may use both of them: (1) session cookies, which do not stay on your device after you close your browser; and (2) persistent cookies, which remain on your device until you delete them or they expire.
Cookies we use:
Type of cookie
What it does
Cookies necessary for essential website purposes
These cookies are essential to provide you with the Platform and any services available through this website and to use some of its features, such as access to secure areas. Without these cookies, services you have asked for, like transactional pages and secure login accounts, would not be possible.
Functionality cookies record information about choices you’ve made and allow us to tailor the Platform to you. These cookies mean that when you continue to use or come back to the website, we can provide you with our services as you have asked for them to be provided.
These cookies allow us to:
We use performance/analytics cookies to analyze how the Platform is accessed, used, or is performing in order to provide you with a better user experience and to maintain, operate and continually improve the Platform .
We use Google Analytics, which is a web analytics tool that helps us understand how users engage with the Platform. Like many services, Google Analytics uses first-party cookies to track user interactions, as in our case, where they are used to collect information about how users use our site. This information is used to compile reports and to help us improve the Platform. The reports disclose website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit the Platform. For more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
These cookies allow us to:
Advertising and Targeting Cookies
As you use the Platform, you will notice that it features advertising. We allow third-party companies, including advertising companies, to place cookies on the Platform.
These cookies enable such companies to track your activity across various sites where they display ads and record your activities so they can show ads that they consider relevant to you as you browse the Internet.
Cookies also allow us and third parties to know whether you have seen an ad or a type of ad, and how long it has been since you’ve last seen it. This information is used for frequency capping purposes, to help tailor the ads you see, and to measure the effectiveness of ads.
We can use information from one device to help personalize your experience on another device.
Social Media Cookies
On some pages of the Platform, third parties that provide applications through the Platform will set their own cookies in order to track the success of their applications or customize applications for you. Because of how cookies work, we cannot access these cookies, nor can the third parties access the data in cookies used by us. Some pages of the Platform will also contain embedded content, such as video content from YouTube, and these sites will set their own cookies.
These cookies are used when you share an article using a social media sharing button on our Website (e.g., Facebook, Instagram, Twitter, or Google Plus) as the social network that has created the button will record that you have done this. If you are logged in to your account with the third party, the third party will be able to link information about you with your actions via cookies.
MINORS (CHILDREN) POLICY
HOW LONG WE KEEP YOUR INFORMATION
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy & Security Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements) or up until such time when you withdraw your consent for processing it. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
The data centers where we store your information are located in the United States. Please keep in mind that the data protection and privacy laws of the United States may not be as comprehensive as the laws in your country. For example, personal data transferred to the United States may be subject to lawful access requests by federal and state authorities in the United States. By providing your personal information, you consent to any transfer of your data and processing in accordance with this Privacy & Security Policy.
The security of your information is very important to us. We apply reasonable security measures and comply with the industry standards to protect your personal information (including, preventing the loss, misuse, unauthorized access, disclosure, alteration and destruction of your personal information). All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions will be encrypted using SSL technology. The server's firewall is configured to prevent unauthorized access, and activity is automatically monitored to detect and ban malicious activity.
Please be aware, however, that despite our efforts, no security measures are impenetrable. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Thus, while we strive to protect your personal information, we cannot ensure and do not warrant the security of any information you transmit to us.
When you use your login credentials on our Platform, you are solely responsible for keeping them confidential. Do not share them with anyone. If you believe your password has been misused, please contact us immediately. You are also responsible for the security of your personal devices and for making sure they are protected against unauthorized access.
THIRD-PARTY ADVERTISING & LINKS
Occasionally, at our discretion, we may include or offer third-party ads on our Platform. These third-party ads may contain links that would lead to third-party websites. We have no responsibility or liability for the content and activities of these linked sites and we encourage you to read their privacy policies before buying any product or service from them. Nonetheless, we seek to protect the integrity of our Platform and welcome any feedback about these third-party websites.
Moreover, we may allow third-party companies to serve ads and/or collect certain anonymous information when you access the Platform. These companies may use non-personally identifiable information (e.g., click stream information, browser type, time and date, subject of advertisements clicked or scrolled over) during your visits to our Platform in order to provide advertisements about goods and services likely to be of greater interest to you. These companies typically use a cookie or third-party web beacon to collect this information. To learn more about this behavioral advertising practice, or to opt out of this type of advertising, visit the website of Network Advertising Initiative or “NAI”. Please keep in mind that opt out does not apply to advertising from non-NAI members. We are not an NAI member, and do not represent that the Platform fully complies with all NAI standards.
WE DO NOT RESPOND TO DO NOT TRACK SIGNALS
Your browser may have a DNT option which allows you to signal to websites, and web applications and services, that you do not want your online activities tracked. However, our Platform does not respond to and does not support the Do Not Track (DNT) header request field at this time.
YOUR RIGHTS UNDER GDPR
The European General Data Protection Regulation (“GDPR”) is a regulation in EU law on data protection and privacy for all natural persons accessing the Internet from the European Union and the European Economic Area, whatever their nationality or place of residence is. It also addresses the transfer of personal data outside the EU and EEA areas. Regardless of the country in which such information is stored, we will process your personal data in accordance with this Privacy & Security Policy.
If you are accessing and using the Platform from the European Union and the European Economic Area, you have the following rights with regard to your personal information:
- the right to be informed about what kind of information about you is collected, stored, processed and disclosed by us (that is why we have compiled this Privacy & Security Policy for you);
- the right of access (you can request us to provide you verbally or in writing with the type of information we store about you and we have a month to respond to your request);
- the right to rectify (amend/correct) any personal information about you that is inaccurate;
- the right to erasure (some conditions apply, see Data Retention section below);
- the right to restrict processing your personal information; however, if you restrict us from processing a part of your personal information that is essential to our provision of the Platform and Services, you may be asked to terminate your Account and stop using the Platform;
- the right to data portability (the right to data portability allows users of the Platform to obtain and reuse their personal information for their own purposes across different services; you may request us to transmit your personal information directly from our servers to another company’s servers and we will do so if it is technically feasible);
- the right to object (for example, you have an absolute right to stop us from using your personal information for direct marketing – read our opt-out instructions below; you may express your objection verbally or in writing and we have a month to respond to any such objection; we might still continue processing your personal information if we are able to show that we have a compelling reason for doing so); and
- the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or that affects you significantly.
If you would like to exercise any of the above rights, please send an email to: support@ZentasticFit.com
We represent and warrant that your personal information is:
- processed lawfully, fairly and transparently;
- collected only for specific legitimate purposes;
- collection of personal data is adequate, relevant and limited to what is necessary;
- accurate and kept up to date (with your help);
- stored only as long as is necessary; and
- is secure and kept in confidence.
Data Retention: Generally, your personal information will be erased when (i) it is no longer needed for its original processing purpose, (ii) you withdraw your consent for us to store by deleting your Account, (iii) there is no preferential justified reason for the processing of your personal information and you object to our processing of your personal information, or (iv) erasure of your personal information is required in order to fulfil a statutory obligation under the EU law or the right of the EU Member States. Therefore, we will make sure your personal information will be erased under all of the abovementioned circumstances. You may request us to erase your personal information verbally or in writing and we have one (1) month to respond to any such request.
Data Breach Notification: Should there be a personal data breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we will notify you and appropriate supervisory authority without undue delay and, where feasible, not later than seventy-two (72) hours after having become aware of it.
YOUR RIGHTS UNDER CCPA
The California Consumer Privacy Act (“CCPA”) is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information of California residents. CCPA provides California residents with five core rights to data privacy and an effective way to control their personal information.
If you are a California resident, you have the following rights with regard to your personal information:
- the right to know what personal information is being collected about you;
- the right to know whether your personal information is sold or disclosed and to whom;
- the right to say no to the sale of personal information (“the right to opt out”); we have created a Do Not Sell My Personal Information webpage that provides you with more details on this matter.;
- the right to access your personal information (under CCPA, a business may provide personal information to a consumer at any time, but shall not be required to provide personal information to a consumer more than twice in a 12-month period); and
- the right to equal service and price, even if you exercise your privacy rights.
Additionally, a California consumer has the right to request that a business delete any personal information about the consumer which the business has collected from the consumer. However, a business or a service provider shall not be required to comply with a consumer’s request to delete the consumer’s personal information if it is necessary for the business or service provider to maintain the consumer’s personal information in order to:
- complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer;
- detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
- debug to identify and repair errors that impair existing intended functionality;
- exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
- comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code;
- engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent;
- enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business;
- comply with a legal obligation; or
- otherwise use the consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.
Conflict resolution under CCPA: Prior to initiating any action against a business for statutory damages on an individual or class-wide basis, a California consumer shall provide a business 30 days’ written notice identifying the specific provisions of this title the consumer alleges have been or are being violated. In the event a cure is possible, if within the thirty (30) days the business actually cures the noticed violation and provides the consumer an express written statement that the violations have been cured and that no further violations shall occur, no action for individual statutory damages or class-wide statutory damages may be initiated against the business. Contact us should you need to exercise any of your rights under CCPA.
MARKETING EMAILS, OTHER COMMUNICATIONS & OPT-OUT OPTION
HOW TO LEARN WHAT INFORMATION WE STORE ABOUT YOU
You have a right to learn what personal information about you is kept by us by submitting a request to our email address support@ZentasticFit.com. You can modify or remove information about you that is stored by us by logging into your Account and changing your information from your Account settings or by writing us to the same email address.
Mailing Address: 6750 Westown Pkwy, Ste. 200, PMB 375, West Des Moines, IA 50266 United States