If you do not consent to the collection, use, and disclosure of your personal information in accordance with this policy, please do not access or use any of the What Waist Services.
- Non-Personal Data (“NPD”) is information that is in no way personally identifiable.
- Personal data (“PD”) comprises any information relating to an identified or identifiable natural person (“data subject”). PD is in many ways the same as Personally Identifiable Information (“PII”). However, PD is broader in scope and covers more data.
- An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, any identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, demographic, genetic, mental, economic, cultural or social identity of that natural person.
- A “Visitor” is someone who merely browses our website.
- A “Member” is someone who has registered with us to access our content, use our services, or buy our products.
- The term “User” is a collective identifier that refers to either a Visitor or a Member.
When using our Digital Properties and submitting PD to us, you may have certain rights under the General Data Protection Regulation (“GDPR”) and other laws. Depending on the legal basis for processing your PD, you may have some (or all) of the following rights:
Right to be informed. You have the right to be informed about the personal data we collect from you, and how we process it.
Right of access. You have the right to: [i] obtain confirmation that your personal data is being processed and [ii] access your personal data.
Right to breach notification
In the event of a breach of our database or website we will notify you within 72 hours of first becoming aware of the breach.
Right to rectification. You have the right to have your personal data corrected if it is inaccurate or incomplete.
Right to erasure (right to be forgotten). You have the right to request the removal or deletion of your personal data if there is no compelling reason for us to continue processing it.
Right to restrict processing. You have a right to “block” or restrict the processing of your personal data. When your personal data is restricted, we are permitted to store your data, but not to process it further.
Right to data portability. You have the right to request and obtain your personal data that you provided to us. We will send your data to you within 30 days of your request.
Right to object. You have the right to object to us processing your personal data.
Automated individual decision-making and profiling. You will have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Filing a complaint with supervisory authorities. You have the right to file a complaint with supervisory authorities if your information has not been processed in compliance with the General Data Protection Regulation. If the supervisory authorities fail to address your complaint properly, you may have the right to a judicial remedy.
Privacy by Design
You have the right Privacy by design defined as the inclusion of data protection from the onset of the designing of systems, rather than an addition. We will hold and process only the data absolutely necessary for the completion of its duties (data minimization), as well as limiting the access to personal data to those needing to act out the processing.
For details about your rights under the GDPR, visit https://goo.gl/F41vAV
How We Use Your Personal Information
We use the PD we collect about you to provide you with the services, products, and information you request, administer your membership and respond to inquiries and questions, deliver a more relevant and curated experience with What Waist and our Digital Properties, and to satisfy our other business purposes and needs. We use your PD for these purposes because we have a legitimate business interest in providing services to our members, guests, and other interested individuals that is not overridden by your interests, rights, and freedoms to protect personal data about you.
In particular, we may use your personal data in connection with:
Your goals and objectives. We collect and use your PD to learn more about you, record your progress, and otherwise help you achieve your stated goals and objectives. Collecting your PD in this context is a fundamental element of our contractual relationship with you and, most importantly, allows us to assist you as efficiently and effectively as possible.
Membership administration. We process your personal data as necessary to perform our contractual relationship with you as a member or recipient of certain ancillary services such as personal training, including by providing you with administrative and operational communications, announcements, and information such as information regarding changes to facility hours, billing notifications, and appointment reminders. We reserve the right to use any contact information held on file (including e-mail, mailing address, and mobile phone number) to communicate with you in relation to administering your membership.
Promotional and marketing communications. We use your PD to provide special offers, promotions, and information about What Waist and our service offerings to you. We may also use your PD to determine if you are eligible for certain offers. We may also send you newsletters and information about products, services, and promotions of our business partners and affiliates that we believe you may find of interest.
If you do not wish to receive any marketing e-mails, you can opt-out of future mailings by clicking on the unsubscribe link located on the bottom of the relevant email. If you are a Member and have established an account on our Digital Properties, you can also unsubscribe at any time by logging in and adjusting your communications preferences. If you are a Member, please note that even if you opt-out of receiving promotional e-mails that you will continue to receive administrative and operational communications regarding your membership, such as billing notices or facility closures.
Personalized experience. If you are a Member, we may use your PD to deliver a more relevant and curated experience to you, including by recommending services or content we believe that you will enjoy as part of our effort to provide a personalized experience, we may combine personal data collected through our Digital Properties with other information that we have collected from you in the course of your relationship with What Waist.
Business purposes. We use PD for our legitimate business purposes, including to operate, evaluate, and improve our business and services; develop new businesses, services, and solutions; perform market research; advertise and market our business, services, and solutions; determine the effectiveness of our advertising and marketing; analyze our business, services, solutions, and Digital Properties; and improve the administration and security of our Digital Properties.
We may also use your PD to help us prevent fraud, claims, and other liabilities; comply with or enforce applicable legal requirements; comply with industry standards or regulations; and comply with our terms, conditions, and policies. We use PD for these purposes when it is necessary to protect, exercise, or defend our legal rights, or when we are required to do so by a law that applies to us.
Information We Collect and How We Collect It
We may collect personal data from you when you visit our facilities and use What Waist Services. The personal data you provide directly to us through your interactions with What Waist and the What Waist Services will typically be apparent from the context in which you provide that information. What Waist may also automatically collect certain personal data and information you while you are interacting with What Waist.
We automatically receive information from your web browser or mobile device. This information includes the name of the website from which you entered our website, if any, as well as the name of the website you’ll visit when you leave our website. This information also includes the IP address of your computer and the proxy server you use to access the Internet, your Internet service provider’s name, your web browser type, the type of mobile device, your computer operating system, and data about your browsing activity when using our website. We use all of this information to analyze trends among our users to help improve our website and, ultimately, your user experience with our Digital Properties and What Waist Services.
If you do not provide us with enough PD, such as a name or e-mail address, we may not be able to provide you with all our products and services. However, you can access some parts of our website without giving us your PD (for example, when you visit the home page of our website).
Examples of specific information we may collect about you include:
Contact information. We collect your name and other contact information, such as e-mail address, mobile or other phone numbers, mailing address, and postal code when you fill out a contact form, inquire about our business and membership opportunities, register to use What Waist as a guest or with a trial membership, sign up for our mailing lists, newsletters, or enter any sweepstakes or contest we may offer.
Communications and surveys. We will also collect any information you provide to us in your communications with us, including through e-mails you send us, exchanges with personnel at What Waist facilities, and through social media. On occasion, we will ask members and other individuals to provide feedback by completing a survey, and we will collect any information you choose to provide in completing such a survey.
Membership and facility usage information. If you are a Member, we will collect information about how you use and interact with the What Waist Services, including facility check-in and check-out dates and times, workouts you log, classes you book, and information provided when you purchase or schedule personal training sessions and/or spa treatments.
Demographic and fitness information. We will collect certain demographic information, including your date of birth, age, gender identity, as well as the name of your employer, when you join or visit What Waist. In addition, as a What Waist Member, we may collect certain personal data that you provide on our intake and registration forms regarding your fitness and health, including, but not limited to, height, weight, body measurements, performance metrics, current and past injuries and surgeries, nutritional information, and fitness goals, such as when you complete a fitness assessment or participate in personal training or spa treatments. We may also collect certain personal data that is developed by our personnel, such as training session logs and notes taken by personal trainers and other What Waist staff. As a Member, you may also be photographed and your image recorded via CCTV video footage. We may also collect certain biometric data for identification and account authentication purposes.
Digital account registration. If you are a Member and establish an account with us, we will collect your username, password, membership account preferences, and a profile picture. If you have established an online account with us, you may log in to it to review and update your information and preferences.
Transaction information. Information related to your purchase(s) of goods and services with What Waist, such as your credit/debit card information, billing address, the goods and services purchased, and other related transaction information will be required to complete transactions with us. Of particular note is that although information such as credit card number, expiry date, and CVC/CVV are required, this payment information is sent directly to our payment processor. What Waist receives a random electronic token over an encrypted connection from our payment processor that confirms that a transaction has been completed. We do not receive, nor do we store, a copy of your payment/card information.
Social media and third-party apps. If you link your social media profiles and accounts to any of our Digital Properties or otherwise interact with What Waist through social media networks (e.g., by clicking a Facebook “like” button) or “check-in” to a club through social media, information may be made available to, and collected by What Waist through those social media profiles and accounts. In addition, if you elect to connect any third-party fitness devices or apps to the Digital Properties to utilize certain features and functionalities, we may collect information about you from such third-party apps.
Usage information. We may automatically collect certain information about how you use and interact with the Digital Properties and What Waist facilities, such as the time and duration of your visit, search query terms you may enter, and the pages, features and content you access and how you interact with those pages, features and content.
Technical information. When you use the Digital Properties, we may automatically collect information about your Internet connection, browser, or computer/device, including IP address or device ID, browser type, operating system information, time zone, click stream information, page response times, and download errors.
In general, when we collect PD about you, you are asked to affirmatively provide the information or take some action, such as in registering an account. Other information you affirmatively provide, such as about your preferences (e.g., your training focus and goals and past training experience), and demographic information (e.g., gender identity or age) is generally maintained along with personal information. You can choose not to provide any information that is affirmatively requested of you, however, this may limit your ability to use What Waist Services.
In addition to collecting information via our Website, we may collect information from you in other ways that include, but are not limited to, telephone calls, e-mail exchanges, and completion of our client intake process. This information may include PD and other information, such as your name, billing address, mailing address, e-mail address, home and mobile telephone numbers, and participation in events and promotions that we may offer from time to time. This information may be matched with and stored in connection with PD provided or collected via our Website.
Generally, you control the amount and type of information that you provide to us when using our Website. However, in some instances, we require that you provide us with certain information so that we can provide you with services and products. If you do not provide us with enough information, we may not be able to provide you with our services including, without limitation, setting up an account on our site, making reservations for services, and completing transactions.
We collect your PD in the following ways:
- Automatic information. We automatically receive information from your web browser or mobile device. This information includes the name of the website from which you entered our Website, if any, as well as the name of the website you visit when you leave our Website. This information also includes the IP address of your computer and the proxy server you use to access the Internet, your Internet service provider’s name, your web browser type, the type of mobile device, your computer operating system, and data about your browsing activity when using our Website. We use this information to analyze trends among our users and to help us improve our Website.
- When entering and using our Digital Properties. When you enter and use our Website and agree to accept cookies, some of these cookies may contain your PD.
- At user and member registration. When you register as a user or member, we collect your name, e-mail address, and other information as requested.
- When buying products or services. If you buy products or services from us, we collect your first and last name, e-mail address, physical address, credit card or other payment information, phone number, and other information required to complete the transaction.
- Mobile application. If we provide a mobile application you may have to provide PD to use it.
- Online forms and surveys. Our Website may use online forms, including surveys. The information you enter into these online forms or surveys may contain PD.
- Collecting your location information. When you use our services, we, or third parties who provide services to/for us, may collect and process information about your actual physical location. We use several technologies, like GPS and IP tracking, to determine your location. These technologies may also provide us with information about nearby cell towers, Wi-Fi access points, and other devices.
- Premium features. Our Website may offer premium features and we may charge for their use. To the extent that we charge you for the use of these premium features, we will need to collect PD to complete a purchase transaction to enable them for your use.
Cookies are widely used by website owners to make their website work, or work more efficiently, as well as to provide reporting information. Cookies set by the website owner (in this case, What Waist) are called “first-party cookies.” Cookies set by parties other than the website owner are called “third-party cookies.” Third-party cookies enable third party features or functionality to be provided on or through the website (e.g., such as advertising, interactive content, and analytics). The parties that set these third-party cookies can recognize your computer when it visits the website in question and when it visits certain other websites.
- Strictly necessary cookies. These cookies are necessary for the proper functioning of our Website, such as displaying content, logging in, validating your session, responding to your request for services, and other functions.
- Performance cookies. These cookies collect information about the use of the website, such as pages visited, traffic sources, users’ interests, content management, and other website measurements.
- Functional cookies. These cookies enable a website to remember a user’s choices, such as their language, user name, and other personal choices while using the website. They can also be used to deliver services, such as letting a user make a blog post, listen to audio, or watch videos on the website.
- Media cookies. These cookies can be used to improve a website’s performance and provide special features and content. These media cookies may be placed by us, but they may also be placed by third parties who provide services to us.
- Advertising or targeting cookies. These cookies are usually placed and used by advertising companies to develop a profile of your browsing interests and serve advertisements on other websites that are related to your interests.
- Session cookies. These cookies allow websites to link the actions of a user during a browser session. They may be used for a variety of purposes, such as remembering what a user has put in their shopping cart as they browse a website. Session cookies also permit users to be recognized as they navigate a website so that any item or page changes they make are remembered from page to page. Session cookies expire after a browser session and, as such, they are not stored.
- Persistent cookies. These cookies are stored on a user’s device in between browser sessions, which allows the user’s preferences or actions across a site (or, in some cases, across different sites) to be remembered. Persistent cookies may be used for a variety of purposes, including remembering users’ choices and preferences when using a website or to target advertising to them.
Web beacons (also known as “clear gifs,” “pixel tags,” or “web bugs”) are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users or to access cookies. Unlike cookies which are stored on a user’s computer hard drive, web beacons are embedded invisibly on the web pages (or in e-mail) and are about the size of the period at the end of this sentence.
We may use web beacons to collect general information about your use of our Website and your use of special promotions or newsletters. Web beacons allow us to count users who have visited certain pages of our Website and to understand usage patterns. We also may receive an anonymous identification number if you navigate to our site from an online advertisement displayed on a third-party website.
Google and Facebook Specific Cookies
More specifically, some (or all) of the following may apply to our Website from time-to-time:
- Google Analytics privacy notice. Our Website may use Google Analytics to collect information about the use of our Digital Properties. Google Analytics collects information from users such as age, gender identity, interests, how often they visit our Website, what pages they visit, and what other websites they have visited before navigating to our Website. We use the information we obtain from Google Analytics to analyze our Website traffic, remarket our products and services to users, improve our marketing, improve our advertising, and generally improve our Website. Google Analytics collects only the IP address assigned to you on the date you visit our Website, not your name or other identifying information. We do not combine the information collected using Google Analytics with PD. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit our Website, the cookie cannot be used by anyone but Google. Google also uses specific identifiers to help collect information about the use of our Website. For more information on how Google collects and processes your data, visit https://www.google.com/policies/privacy/partners/ You can prevent Google Analytics from using your information by opting out at this link: https://tools.google.com/dlpage/gaoptout/
Communications and E-mails
When we communicate with you about our Website, we will use the e-mail address you provided when you registered as a Member or User. We may also send you e-mails with promotional information about our Website or offers from us or our affiliates unless you have opted out of receiving such information. You can change your contact preferences at any time through your account or by sending us an e-mail with your request to: Contact@whatwaist.com
Sharing Information with Affiliates and Other Third Parties
We do not sell, rent, or otherwise provide your PD to third parties for marketing purposes. However, for data aggregation purposes we may use your NPD, which might be sold to other parties at our discretion. Any such data aggregation would not contain any of your PD. We may provide your PD to third-party service providers we hire to provide services to/for us. These third-party service providers may include, without limitation: payment processors; web analytics companies (like Google Analytics); data management services companies; help desk providers; shopping cart and e-mail service providers; shipping and mailing companies; call centers; accountants; law firms; and auditors.
Legally Required Releases of Information
We may be legally required to disclose your PD if such disclosure is: [i] required by subpoena, law, or another legal process; [ii] necessary to assist law enforcement officials or government enforcement agencies; [iii] necessary to investigate violations of or otherwise enforce our Terms and Conditions; [iv] necessary to protect us from legal action or claims from third parties, including you and/or other users or members; or [v] necessary to protect the legal rights, personal/real property, or personal safety of our company, users, employees, and/or affiliates.
Disclosures to Successors
Community Discussion Boards
Retaining and Destroying Your PD
We retain information that we collect from you (including your PD) only for as long as we need it for legal, business, or tax purposes. Your information may be retained in electronic form and/or paper form. When your information is no longer needed, we will erase, delete or otherwise destroy it. You have the right to request that we delete any PD we have about you. If you want access to your PD, are requesting to know what PD we have collected about you, or are requesting that we delete your PD, we ask that you send us an e-mail with your request to: firstname.lastname@example.org. However, we may keep your PD as needed to enforce our agreements and to comply with any legal obligations.
Revoking Your Consent and Opting Out of Sharing Your Information
You have the right to revoke your consent for us to use your PD at any time. Such an opt-out will not affect disclosures otherwise permitted by law including, without limitation: [i] disclosures to affiliates and business partners; [ii] disclosures to third-party service providers that provide certain services for our business, such as credit card processing, computer system services, shipping, data management, or promotional services; [iii] disclosures to third parties as necessary to fulfill your requests; [iv] disclosures to governmental agencies or law enforcement departments, or as otherwise required to be made under applicable law; [v] previously completed disclosures to third parties; or [vi] disclosures to third parties in connection with subsequent contests or promotions you may choose to enter, or third-party offers you may choose to accept. If you want to revoke your consent for us to use your PD, we ask that you send us an e-mail with your request to: Contact@whatwaist.com
Access to Your Personal Information
Your rights to access your PD are not absolute. We may deny access to your PD when:
- Denial of access is required or authorized by law;
- When granting you access would have an unreasonable impact on the privacy of others unless the requested information is severable from the personal information of other people and/or members; and
- To protect What Waist’s confidential commercial information.
Protecting the Privacy Rights of Third Parties
If any postings you make on our Website contain information about third parties, you must make sure you have permission to include that information in your posting. While we are not legally liable for the actions of our users, we will remove any postings about which we are notified, if such postings violate the privacy rights of others.
Do Not Track Settings
Some web browsers have settings that enable you to request that our Website not track your movement within our Website. Our Website may not obey such settings when transmitted to and detected by our Website. You can turn off tracking features and other security settings in your browser by referring to your browser’s user manual.
Links to Other Websites
Our Website may contain links to or otherwise enable you to connect with other sites, social media platforms, or apps such as Facebook, Instagram, Twitter, YouTube, and Apple (collectively “Third-Party Sites”). We have no responsibility for these websites and we provide links to these websites solely for your convenience. You acknowledge that your use of and access to any other websites are solely at your risk.
To the maximum extent permitted by law, we are not responsible for the privacy practices or the collection or use of your personal data from any Third-Party Sites.
Protecting Children’s Privacy
Even though our Website is not designed for use by anyone under 16 years of age, we realize that a child under 16 years of age may attempt to access our Website. We have no intent to collect, nor will we ever knowingly collect PD from children under 16 years of age. If we discover that a child under 16 years of age is accessing our Website, we will delete his/her information within a reasonable period of time. If you are a parent or guardian and believe that your child is using our Website, please contact us immediately so that this situation may be handled in an appropriate and timely manner. Please understand that, if you contact us under such circumstances, we may ask for proof of identification from you to prevent malicious removal of account information before we remove any information about any user/member. You acknowledge that we do not verify the age of our users nor do we have any liability to do so.
Our E-mail Policy
You can always opt-out of receiving further e-mail correspondence from us or our affiliates. We will not sell, rent, or trade your e-mail address to any unaffiliated third party without your permission except in the sale or transfer of our business, or if our company files for bankruptcy.
Our Security Policy
Our Website uses industry-standard encryption and authentication tools to protect the security of your PD. We, and the third parties who provide services for us, also maintain technical and physical safeguards to protect your PD. If we collect your credit card information through our Website or through third parties who provide services to/for us, to process/complete a transaction, we, or third parties who provide services to/for us, will encrypt your PD and your credit card information before it travels over the Internet using industry-standard technology for conducting secure online transactions. Unfortunately, no firm, including What Waist, can ever guarantee secure transmission of data across the Internet, nor can any firm, including What Waist, guarantee against the loss or misuse of your PD. Consequently, we strongly urge you to protect any password you may have for our Website and to not share it with anyone. You should always log out of our Website and end your browsing session when you finish using our Website, especially if you are sharing or using a computer in a public place.
Use of Your Credit Card
You may have to provide a credit card to buy products and services through our Website. We use third-party billing services and have no control over these services. Additionally, we use commercially reasonable efforts to make sure your credit card number is kept strictly confidential by using only third-party billing services that use industry-standard encryption technology to protect your credit card number from unauthorized use. However, you understand and agree that we are in no way responsible for any misuse of your credit card number.
Wherever we transfer, process, or store your PD, we will take commercially reasonable steps to protect it. We will use the information we collect from you in accordance with this policy. By using our Website or services, you agree to the transfers of your PD described in this section. Also, PD you post on our Website for publication may be available worldwide via the Internet. We cannot prevent the use or misuse of such information by others.
Your California Privacy Rights
The following section pertains to the rights of individuals or households in California (“California consumers”).
Civil Code Section 1798.83
Rights under the California Consumer Privacy Act (CCPA)
After January 1, 2020, the CCPA (California Civil Code Section 1798.100 et seq.) will provide California consumers with additional rights regarding Personal Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly with a particular consumer or household. The categories of Personal Information we collect are generally described above but differ for individual consumers depending on the Services used by such consumers.
Under the CCPA, qualifying California consumers may have the following rights:
Right to Know and Right to Delete
A California consumer has the right to request that we disclose what Personal Information we collect, use, disclose and sell. A California consumer also has the right to submit requests to delete Personal Information.
When we receive a request to know or delete from a California consumer, we will confirm receipt of the request within 10 days and provide information about how we will process the request, including our verification process. We will respond to such requests within 45 days.
Right for Disclosure of Information
A California consumer may also submit requests that we disclose specific types or categories of Personal Information that we collect.
Under certain circumstances, we will not provide such information, including where the disclosure creates a substantial, articulable and unreasonable risk to the security of that Personal Information, customers’ account with us, or the security of our systems or networks. We also will not disclose California consumers’ social security numbers, driver’s license numbers or other government-issued identification numbers, financial account numbers, any health insurance or medical identification numbers, or account passwords and security questions and answers.
If you are a California consumer and would like to make any requests under the CCPA, please direct them as follows:
Sharing Information with Affiliates and Other Third Parties