Last Updated January 1, 2023
This Privacy Policy (“Privacy Policy”) describes how Therabody, Inc. and its subsidiaries (collectively, “Therabody” or “us” or “we”) collects, uses, discloses, or otherwise processes information that relates to you. This Privacy Policy applies to Personal Information (as defined below) that Therabody collects both online and offline, including when you visit our websites, any other applications or services that link to this Privacy Policy, or when you otherwise communicate directly with us (collectively, the “Services”). When you access or use the Services, certain information, including your Personal Information, may be collected, transferred, processed, stored, and in certain circumstances, disclosed as described in this Privacy Policy. This Privacy Policy is intended to be read together with our Terms of Service. This Privacy Policy complies with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this Privacy Policy. Capitalized terms used but not defined in this Privacy Policy have the definitions provided in our Terms of Service.
BY USING OUR SERVICES OR OTHERWISE PROVIDING US WITH YOUR PERSONAL INFORMATION, YOU EXPRESSLY CONSENT TO THE INFORMATION HANDLING PRACTICES DESCRIBED IN THIS PRIVACY POLICY AND YOU ACKNOWLEDGE AND CONFIRM THAT YOU HAVE PERMISSION TO PROVIDE US WITH ALL PERSONAL INFORMATION PROVIDED. IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY OR OUR TERMS OF SERVICE, PLEASE DO NOT ACCESS OR USE THE SERVICES.
If you have any questions or comments about this Privacy Policy or our privacy practices, please contact us at privacy@therabody.com.
1. INFORMATION WE COLLECT
The sections below explain the categories of Personal Information we collect and process, as well as the sources of information and reasons to do so. "Personal Information" is any information that relates to or can be used to identify you. The categories of Personal Information we collect depend on how you interact with us and our Services, as well as the requirements of applicable law. For example, we may collect different information from you depending on which of our Services you use or the capacity in which you use our Services or visit Therabody-operated websites and applications. Some of the information is collected through your interactions with the Services or third-party websites and applications. We collect such data using technologies like Cookies and other tracking technologies, error reports, and usage data collected when you interact with our Services. Some of the information is collected from your use of, and interactions with, us and others on Social Media (as defined below).
1.1 PERSONAL INFORMATION
We collect information when you provide it to us directly, such as when you register for a website or app account, submit product reviews or other content to our Services, or in connection with the use of our Services, or place an order with us.
By providing us with the Personal Information of another person, you represent that you have obtained permission from such person to share such information with us and for us to use such information as set forth in this Privacy Policy.
The categories of Personal Information that we have collected from users, including information that we have collected in the last twelve (12) months, are listed below. We obtain these categories of Personal Information with the methods described in more detail below.
- Basic Identifying Information, such as your name, physical address, email address, phone number, contact preferences, or other similar identifiers.
- Demographic Information, such as your gender (to allow us to better communicate with you).
- Payment information, such as payment type, bank account number, credit or debit card number and expiration date.
- Account and Commercial Information, including contact information, products or services you have purchased, returned, exchanged, or considered, communication preferences, your account onboarding answers, account credentials, items in your online shopping cart and those saved for future purchases, product reviews, and preferences about your content. Account and Commercial Information also includes the information you voluntarily submit when signing up for an account or our Services.
- Customer Records such as other paper and electronic customer records containing personal information, such as name, signature, physical characteristics or description, address, telephone number.
- Characteristics of Protected Classifications under California or federal law such as characteristics of protected classifications under California or federal law such as race, color, sex, age, religion, national origin, and disability in accordance with our hiring and humar resources practices.
- Biometric Information such as physiological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including facial recognition (subject to applicable laws and where relevant to the Services we provide to you).
- Health Information, including information you choose to provide regarding physical or medical conditions, medications, and other concerns in connection with Therabody Reset and retail services solely as necessary to safely administer treatments.
- Preferences and Feedback, such as your stated interests and information about Therabody products you own; feedback on product satisfaction and performance, and overall site experience; and information relating to your motivations for purchases.
- Communications that we exchange with you, such as when you contact us through the Website or Services for customer support, via social media or otherwise. If you engage with our chat functionality, we may maintain a record of your conversation for training and customer service purposes.
- Audio and Visual Information, such as photos, videos and other information or user-generated content that you upload on our website(s) or app(s), or provide via social media or otherwise provide in connection with using our Services, as well as associated metadata, and your voice and likeness as captured in photographs, video, or audio recordings, including when you visit Therabody retail and Reset locations.
- Any other information you may choose to provide, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.
Please note that some of the personal information we process, including any personal information concerning your health, is considered special or sensitive personal data. Therabody only collects sensitive personal information, as defined by applicable privacy laws, for the purposes allowed by law or with your consent. We do not collect or process sensitive personal information for the purpose of inferring characteristics about you.
Personal Information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
We may also collect Personal Information from third parties, such as Social Media, Payment Processors, product vendors, and other partners. Our collection of this information allows us to provide you with our products and services, establish, maintain, and support your user account on the Services, and communicate with you in accordance with our Terms of Service.
1.2 Automatically Collected Usage and Device Information
Similar to other websites, we use tracking technologies to automatically collect certain technical information from your web browser, mobile, or other device when you visit the Services. This data may include, but is not limited to, your IP address, browser type and language, referring/exit pages and URLs, other browser history, platform type, number of clicks, landing pages, the pages you requested and viewed, the amount of time spent on particular pages, and the date and time of your visits. Our collection of this data, described in more detail below, allows us to provide more personalized high-quality services to you and to track usage of the Services.
A. Cookies. We automatically derive and collect certain data based on your interactions with us on the Services using cookies and similar technologies (collectively, “Cookies”). Our collection of data through Cookies includes information about your browser and Services usage patterns, which may include your IP address, browser type, browser language, referring/exit pages and URLs, pages viewed, links clicked, whether you opened an email, and information about the device you use to access the Services. Our collection of this information allows us to improve your user experience in various ways, such as to personalize our display of the Services to you, to “remember” whether or not you are signed in, and to provide better technical support to you. We use Cookies and local storage to capture commercial information for products viewed or added to your shopping cart as well. Cookies will also help us determine if the shopping cart is abandoned.
Please note: If you restrict, disable or block any or all Cookies from your web browser or mobile or other device, the Services may not operate properly, and you may not have access to certain services or parts of the Services. We shall not be liable for any interruption in, or inability to use, the Services or our services or degraded functioning thereof, where such are caused by your settings and choices regarding Cookies.
B. Pixels (aka web beacons/web bugs/java script). We may use Pixels to automatically record certain technical information about your interactions with us when you visit the Services or otherwise engage with us, to help deliver Cookies on our Services, or count users who have visited the Services or used our services. We may also include web beacons in our promotional e-mail messages or newsletters to determine whether you open or act on them for statistical purposes. “Pixels” are tiny graphics (about the size of a period at the end of a sentence) with unique identifiers used to track certain online actions, movements and related information of Services users. Unlike Cookies, which are stored on a user’s computer hard drive, Pixels are embedded invisibly on web pages or in HTML-based emails. The data we receive through Pixels allows us to effectively promote the Services to various populations of users, and to optimize external advertisements about the Services that appear on third-party websites.
1.3 Information from Other Sources
We may obtain both personal and non-personal information about you from other third-party sources, including, but not limited to, business partners, contractors, suppliers, and other third parties. For example, we may receive your Personal Information from advertising networks, media monitoring companies and publicly available sources. We, and the third parties we engage, may combine information we collect from you over time, and across the Services, with collect with publicly available information and information we receive from our business partners and other third parties. This helps us improve the information’s overall accuracy and completeness, and also helps us better tailor our interactions with you.
1.4 Location Information
We collect your address information, e.g., shipping and billing address, when you set up your account and order our products. We also collect and use information about your general location (e.g., your state of residence) and can infer your approximate location based on your IP address in order to track our general Services usage or to tailor any pertinent aspects of your user experience to the region where you are located. If you access or use any of Therabody’s location-based services, such as by enabling GPS-based activity tracking through our Services, Therabody may process the approximate or precise location of your device while the service is active. This data may be obtained via your device's service provider network ID, GPS, and/or Wi-Fi data. Therabody does not process such location data without first obtaining your consent. You may disable such location processing at any time using your device's location permission settings.
1.5 User Contributions
You also may provide information to be published or displayed (hereinafter, “posted”) on public areas of the Services or transmitted to other users of the Services or third parties, including, for example, third party websites and services like Social Media that are integrated into or linked to the Services (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. We cannot control the actions of other users of the Services or third parties with whom you may choose to share your User Contributions. Such third parties may have their own policies and terms that apply to your User Contributions, and we are not responsible for any third party’s policies or terms. We cannot and do not guarantee that unauthorized persons will not view your User Contributions.
1.6 Social Media
If you interact with us or our other users regarding Therabody and its products and services on social media, including but not limited to Facebook®, Instagram®, TikTok®, YouTube®, and LinkedIn® (collectively, “Social Media”): (a) the Personal Information that you submit by and through such Social Media can be read, collected or used by us (depending on your Social Media privacy settings) as described in this Privacy Policy, and (b) where Therabody responds to any interaction with you on Social Media, your account name/handle may be viewable by any and all members or users of Therabody’s Social Media accounts. We are not responsible for the Personal Information that you choose to submit or link on any Social Media. Social Media operates independently from Therabody, and we are not responsible for Social Media interfaces or privacy or security practices. We encourage you to review the privacy policies and settings of any Social Media with which you interact to help you understand their privacy practices. If you have questions about the security and privacy settings of any Social Media that you use, please refer to the applicable privacy notices or policies.
2. THIRD PARTY ANALYTICS PROVIDERS
We also use Google Analytics, Facebook Pixel, and other third-party analytics providers (“Analytics Providers”) to collect information about Services usage and the users of the Services. Analytics Providers use Cookies in order to collect demographic and interest-level information and usage information from users that visit the Services, including information about the pages where users enter and exit the Services and what pages users view on the Services, time spent, browser, operating system, and IP address. Cookies allow Analytics Providers to recognize a user when a user visits the Services and when the user visits other websites. Analytics Providers use the information they collect from the Services and other websites to share with us and other website operators’ information about users including age range, gender, geographic regions, general interests, and details about devices used to visit the Services and other websites and purchase items. For more information regarding our Analytics Providers’ use of Cookies, collection and use of information, and how to opt-out of tracking, see:
- Google: Google’s Privacy Policy is available at https://policies.google.com/privacy?hl=en. Google Analytics Opt-out Browser Add-on is available at https://tools.google.com/dlpage/gaoptout.
- Facebook: Facebook’s Privacy Policy and information regarding opt-out settings is available at https://www.facebook.com/about/privacy/previous.
3. EXTERNAL LINKS
The Services contains links to third party websites and services, including links to Social Media. We are not responsible for any of the content or features or functionality of other linked websites or services. We are also not responsible for the privacy practices and the terms and conditions of use for any external websites or services. The linked websites and services may collect Personal Information from you that is not subject to our control. The data collection practices of linked third party websites and services will be governed by that third party’s privacy policy and Terms of Service.
4. HOW WE USE YOUR INFORMATION
4.1 General
Unless we have your consent, we will only use the Personal Information we collect from and about you for the purposes described in this Privacy Policy and when applicable law allows or requires us to do so. We may use or disclose the Personal Information identified above for one or more of the following business purposes (“Business Purpose”):
- To fulfill or meet the reason you provided the information (e.g., to send you product and service information).
- To provide certain features or functionalities on the Services.
- For marketing and promotions, including to check your eligibility for competitions and to contact you in the event that you win.
- To create, maintain, customize, and secure your account with us.
- Maintain a record of the Services you use on our Website and monitor and analyze trends, usage and activities in connection with our Website and Services.
- Identify you on the Website or across the Internet so that we can advertise our Services to you and personalize our ads to you.
- To provide you with support, to communicate with you and respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your experience and to deliver content and product and service offerings, products, and services relevant to your interests, including offers and advertisements through third-party sites, and via email (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our Services, services, databases, other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our Services and services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- Comply with legal requirements, contractual obligations, industry standards, and other uses as anticipated within the context of our ongoing business relationship with you.
- Administer entries into sweepstakes, contests, promotions or surveys.
- Send marketing communications (including emails and text (SMS) messages) about our websites and apps, Services, offers and events, and identify when emails and messages sent to you have been received.
- Make certain inferences regarding your preferences, characteristics, predispositions, behavior, attitudes, intelligence, abilities and aptitude.
- If you sign up for our text messaging program, Cookies may be used to personalize your experience (e.g. send you personalized text messages such as shopping cart reminders).
- To prevent illegal activity, fraud, and abuse.
- As described to you when collecting your Personal Information.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our users is among the assets transferred or liquidated.
4.2 Account-Related Emails
When you create an account with us and provide us with your email we may, subject to applicable law, use your email address to send you Services-related notices (including any notices required by law, in lieu of communication by postal mail), updates, news, and marketing messages. For example, when you register, you will receive a welcome email. If the Services or our services are temporarily unavailable, we may also send you an email.
Email communications you receive from us will generally provide an unsubscribe link or instructions allowing you to opt out of receiving future emails or to change your contact preferences. If you have an account with us, you can also change your contact preferences by updating your contact information within your account settings. Please remember that even if you opt out of receiving marketing e-mails, we may still send you important service information related to your account and the Services. If you correspond with us by email, we may retain the content of your email messages, your email address, and our responses.
4.3 Advertising
We do use third party service providers to serve advertisements or collect data on our behalf across the internet and on this Services (“Advertisers”). Some of these Advertisers may collect your Personal Information about your Services visits and your interactions with our products and services to tailor marketing messages on the Services or other sites, or to trigger real-time interactions, customize the Services, or enhance your profile. Advertisers may use Cookies, Pixels and other technologies to collect your Personal Information, measure the effectiveness of their advertisements, and personalize the advertisements on the Services. Some of these Advertisers may collect your Personal Information that you share on the Services via a web form automatically and prior to your submission of the Personal Information (i.e., before you click, “Submit”). Advertisers may be able to use information from your Services visits to send marketing messages to you in a way that could personally identify you. The information collected by Advertisers may include your IP address, email addresses and other user and device level information. For example, when Advertisers send advertisements and links that appear on the Services directly to your browser, they automatically receive your IP address. Please keep in mind that your browser settings may not permit you to control Advertisers’ technologies, and this Privacy Policy does not apply to, and we cannot control the activities of, Advertisers. If you would like more information about Advertisers’ practices, please see http://optout.aboutads.info/#!/.
4.4 Non-Personally Identifiable Information
We may use non-personally identifiable information, such as anonymized or aggregated Services usage data, in any manner that does not identify individual users for the purpose of improving the operation and management of the Services, including to develop new features, functionality, and services, to conduct internal research, to better understand Services usage patterns, to resolve disputes, to troubleshoot problems, to fulfill user requests, or for security and compliance purposes. Any non-personally identifiable information that is combined with Personal Information will be treated by us as Personal Information.
4.5 Payment Processors
If you purchase or pay for products or services via the Services, the transaction may be handled by our service providers or third party vendor(s) responsible for processing your payment (“Payment Processors”). These entities have their own privacy policies and those terms will apply to you. Please be sure to review them at the links provided during payment processing.
5. OUR INFORMATION SHARING PRACTICES
When we disclose Personal Information for a Business Purpose, we enter into a contract that describes the purpose and requires the recipient to keep that Personal Information confidential and use only for performance of the contract, and not for any other purpose. We share your information, including any Personal Information, in the circumstances described below.
5.1 Disclosures of Personal Information in the Last Twelve Months
In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a Business Purpose, as more fully described in Section 4:
- Category A: Identifiers.
- Category B: California Customer Records personal information categories.
- Category C: Protected classification characteristics under California or federal law.
- Category D: Commercial information.
- Category E: Biometric Information
- Category F: Internet or other similar network activity.
- Category G: Geolocation data.
- Category H: Sensory Data
- Category K: Inferences drawn from other personal information.
We disclose your Personal Information for a Business Purpose to the following categories of third parties:
- Social Media Platforms and Other Applications that you use to log on to our website/app or are otherwise connected to our Services. In some cases, we disclose Personal Information to social media platforms in order to show you more relevant ads on those platforms and to support our advertising and marketing efforts.
- Analytics Providers to ensure site functionality and enable data-driven business decisions.
- Merchant Partners and Payment Processors to fulfill your orders. We also disclose your information to our payment processors in order to complete your transaction(s) and process your payment(s).
- Affiliated persons or third-party service providers assisting us in the operation, management, improvement, research and analysis of the Services. Affiliated persons or our third party service providers may augment, extend, and combine non-personally identifiable information with data from additional third party sources in order to assist us with the above. Use of information by affiliated persons and third party service providers will be subject to this Privacy Policy or an agreement that is at least as restrictive as this Privacy Policy.
- Our marketing and advertising partners may send you marketing communications, serve you ads tailored to your interests, or tailor ads that may be served to you on our Website or through our Services, as well as on other websites and on social media networks.
- You may see our ads on other websites because we participate in advertising networks. Ad networks allow us to target our advertising to users through demographic, behavioral and contextual means. These networks track your online activities over time by collecting information through automated means, including the use of Cookies. The ad networks use this information to show you advertisements that are tailored to your individual interests. The information that our ad network vendors collect includes information about your visits to our Website and other websites, as well as pages you have viewed and the actions you have taken on our websites.
- Individuals or Entities as we believe to be necessary or appropriate (i) under applicable law, which may include laws outside your country of residence; (ii) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; (iii) to enforce our Terms of Use or other agreements; (iv) in the event we reorganize, sell, merge, transfer, assign or otherwise dispose all or a portion of our business or assets, and, in each case, any due diligence relating thereto; and (v) to protect our rights, privacy, safety, or property and/or that of you or others.
- Other Vendors, Consultants and other Service Providers acting on Therabody’s behalf.
In no situation do we disclose your Personal Information in exchange for money. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
5.2 Legal Requirements
We reserve the right to disclose all information collected via the Services, internally, to affiliates, or to third parties, for any lawful purpose or to prevent harm to us or others. For example, and without limitation, in our discretion, we may disclose information to government regulators, law enforcement authorities or alleged victims of identity theft. We will notify you in the event of a government or legal request for your information unless otherwise prohibited by law.
5.3 Organizational Transitions
If we should ever transfer or restructure the operational ownership of the Services, such as through a merger with another entity or a reorganization of all or a part of our operational responsibilities or assets, we may disclose, transfer, assign our rights, and/or delegate our duties to your information without notice and consent, including to prospective or actual recipient or acquiring entities. Should this occur, we will require any third party receiving your Personal Information as described under this subsection to be contractually required to provide the same level of privacy compliance as provided by us under this Privacy Policy.
5.4 Disclaimer
We cannot ensure that all of your Personal Information will be disclosed only in the ways described in this Privacy Policy. For example, third parties may unlawfully intercept or access transmissions or private communications, or users may abuse or misuse your Personal Information that they collect from the Services. Even with the most rigorous information security standards, no transmission of data over the internet can be 100% secure.
6. YOUR CHOICE AND OPTIONS RELATING TO OUR COLLECTION
You can choose not to provide Personal Information. You may always decline to provide your Personal Information to us. Registering for an account is not required to access some of our online content. If you decide to register, you can choose to provide information that does not reasonably identify you to others by selecting a username that is not related to your actual name. You can also decline to provide any optional information in your account. If you choose not to provide certain Personal Information to us, some of your experiences may be affected (for example, we cannot send you our newsletter if you do not provide your email address).
Below are rights and choices you may have with respect to your Personal Information. Please note that some of the rights may vary depending on your country or state of residence.
6.1 You May Decline Other Requests
We use your Personal Information as needed for the purposes for which it was collected or where you have consented to our use of such information. If you do not wish to provide information to us or do not wish to consent to the uses described in this Privacy Policy, please do not use the Services, set up an account, or supply the requested information to us.
6.2 Right to Access Specific Information and Data Portability Right
Depending on your state of residence in the U.S., you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. If you are a resident of Canada, you have the right to request access to your personal information, to have your personal information rectified if it is inaccurate, incomplete or out of date, and to withdraw your consent to our collection, use, and disclosure of your personal information (including or use or sharing of your personal information for marketing or other secondary purposes). These rights may be limited in some circumstances by applicable law.
Under CCPA you have a right to request that we disclose certain information to you about our collection and use of your Personal Information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of Personal Information that we have collected about you.
- The categories of sources for the Personal Information that we have collected about you.
- Our business or commercial purpose for collecting or making available that Personal Information.
- The categories of third parties with whom we share that Personal Information.
- The specific pieces of Personal Information that we have collected about you (also called a data portability request).
- If we disclosed your Personal Information for a Business Purpose, the Business Purpose for which such Personal Information was disclosed, and the Personal Information categories that each category of recipient obtained.
To exercise your right to access specific personal information and your data portability right, please fill out this form.
6.3 Right to Delete Your Account and Personal Information
Certain states provide individuals with data rights. You may have the right under applicable laws, including CCPA, to request that we delete any of your Personal Information that we have collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) or vendor(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation or legal order.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
To get your personal information deleted from our system at any time, you need to contact our company by filling out and submitting this form.
6.4 Right to Opt-Out
Certain states provide individuals with data rights. If you are a resident of any such states and you would like to minimize sharing of your information with third parties for marketing purposes, please fill out this form.
If you are a California resident and would like to exercise one of your rights, you may also contact us at Privacy Hotline 1-866-I-OPT-OUT (1-866-467-8688) and enter our Service Code 990# and select 1.
If you are 16 years of age or older, you may have the right under certain state laws to direct us not to make your Personal Information available for valuable consideration at any time (the “right to opt-out”). We do not make available the Personal Information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in may opt-out at any time.
6.5 Exercising Your Rights
Depending on your state of residence in the U.S., you may designate an authorized agent to submit a request on your behalf to access or delete your personal information. To do so, you must: (1) provide that authorized agent written and signed permission to submit such request; and (2) verify your own identity directly with us. Please note, we may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf.
If you have been designated as an authorized agent to submit a request on behalf of another customer, you must make the appropriate selection when you submit a form..
The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We will respond to verifiable requests received as required by law. Any disclosures we provide will only cover the twelve (12) month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Depending on your state or country of residence, you may be able to appeal our decision to your request regarding your personal information. To do so, please contact us. We respond to all appeal requests as soon as we reasonably can, and no later than legally required. If you are a resident of Canada, you may have the right to complain to a privacy commissioner about our decision with respect to your request.
6.6 Non-Discrimination
We will not discriminate against you for exercising any of your privacy rights. Unless permitted by the applicable law, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by applicable state law that can result in different prices, rates, or quality levels. Any permitted financial incentive we offer will reasonably relate to your Personal Information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
6.7 Online Tracking Choices
Most web browsers are initially set up to accept Cookies, but you can reset your browser to refuse Cookies or to indicate when a Cookie is being sent. However, some features and services of the Services (particularly those that require sign-in) may not function properly if your Cookies are disabled. Similarly, if you choose to delete session objects from the Services, you may not be able to access or use all or part of the Services or benefit from some or all of the information or features and services offered.
Some web browsers incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have the user’s online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about that browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many website operations, including the Services, do not respond to DNT signals.
7 ACCESSING AND UPDATING YOUR PERSONAL INFORMATION
We do not review for accuracy or update your information regularly, but encourage you to access, review and update your Personal Information at any time. To request a copy of your Personal Information and data or for assistance regarding canceling your account, or deleting your Personal Information, please fill out this form. We will respond to your request as soon as reasonably possible after verifying your authority to make such requests. Your requests for Personal Information deletion are subject to Section 6 of this Privacy Policy above and we will delete your Personal Information within a reasonable time.
8 SAFETY AND INFORMATION SECURITY MEASURES
8.1 Security
We use certain physical, managerial, and technical safeguards designed to preserve the security of your information that we maintain in connection with your use of the Services. For example, we encrypt all data with secure sockets layer (SSL) or similar technologies when we transmit your data. This, however, does not guarantee that your information may not be accessed, disclosed, altered, or destroyed by any breach of our physical, technical or managerial safeguards. You should take steps to protect against unauthorized access to your password, phone, computer, and other devices by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords, or for any activity on your account via unauthorized password activity. In the event that any of your Personal Information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and will notify you, as appropriate, in accordance with pertinent laws and regulations.
8.2 Storage
We or our third party hosting providers store Personal Information in operating environments that are safeguarded against public or unauthorized access and protected from internal access with physical and technical security measures. While these measures are helpful to safeguard your Personal Information after we receive it, no transmission of data over the internet is 100% secure.
9 NOTICE TO USERS OUTSIDE THE UNITED STATES
Please be aware that we are headquartered in the United States. The Services are governed by United States law. If you are using any of our products or services from outside of the United States, your information may be transferred to, stored, and processed in the United States where our servers may be located. The United States might not offer the same level of privacy protection as the country where you reside or are a citizen. BY USING THE SERVICES, COMMUNICATING WITH US VIA MAIL, EMAIL OR TELEPHONE, OR OTHERWISE PROVIDING INFORMATION TO US, YOU CONSENT TO THE TRANSFER TO, AND PROCESSING OF, YOUR INFORMATION IN THE UNITED STATES.
10 THE GENERAL DATA PROTECTION REGULATION ("GDPR")
Residents of the European Economic Area (“EEA”) may be entitled to rights under the GDPR. If you qualify, these rights are summarized below.
If you request to exercise your rights under the GDPR, we may require verification of your identity before we respond to any such request. If you are entitled to these rights, you may exercise the following rights with respect to your Personal Information that we collect and store:
- the right to withdraw consent to data processing at any time;
- the right of access to your Personal Information;
- the right to request a copy of your Personal Information;
- the right to correct any inaccuracies in t your Personal Information;
- the right to erase your Personal Information;
- the right to data portability, meaning to request a transfer of your Personal Information from us to any other person or entity as chosen by you;
- the right to request restriction of the processing of your Personal Information; and
- the right to object to processing of your Personal Information.
You may exercise these rights free of charge. These rights will be exercisable subject to limitations as provided for by the GDPR. To exercise your right to the above-listed rights, please fill out this form. If you are an EEA resident, you have the right to lodge a complaint with a Data Protection Authority about how we process your Personal Information at the following website: https://edpb.europa.eu/about-edpb/board/members_en.
11 CALIFORNIA SHINE THE LIGHT LAW
California Civil Code § 1798.83 permits users who are California residents to obtain from us once a year, free of charge, a list of third parties to whom we have disclosed Personal Information (if any) for direct marketing purposes in the preceding calendar year. If you are a California resident and you wish to make such a request, please send an e-mail with “California Privacy Rights” in the subject line to privacy@therabody.com. In your request, please attest to the fact that you are a California resident and provide a current California address. We will reply to valid requests by sending a response to the email address or physical address from which you submitted your request. Please note that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing and the relevant details required by the Shine the Light law will be included in our response.
12 CALIFORNIA MINORS
While the Services is not intended for anyone under the age of 18, if you are a California resident who is under age 18 and you are unable to remove publicly-available content that you have submitted to us, you may request removal by contacting us at: privacy@therabody.com. When requesting removal, you must specify the information you want removed and provide us with specific information, such as the URL for each page where the information was entered, so that we can find it. We are not required to remove any content or information that: (1) federal or state law requires us or a third party to maintain; (2) was not posted by you; (3) is anonymized so that you cannot be identified; (4) you do not follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the content or information. Removal of your information from the Services does not ensure complete or comprehensive removal of that information from our systems or the systems of our service providers. We are not required to delete information posted by you; our obligations under California law are satisfied so long as we anonymize the information or render it invisible to other users and the public.
13 CHANGES TO THIS PRIVACY POLICY
We encourage you to periodically review this Privacy Policy, as we may change our Privacy Policy from time to time, in which case we will post the updated Privacy Policy on our Services. If we make any changes to this Privacy Policy that materially affect our practices with regard to the Personal Information we have previously collected from you, we will endeavor to provide you with notice in advance of such change, such as by changing the effective date of the Privacy Policy or notifying you at your email address of record. Your continued use of the Services following a change in this Privacy Policy represents consent to the updated Privacy Policy to the fullest extent permitted by law.
14 PRIVACY QUESTIONS AND CONTACT INFORMATION
If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your information described in this Privacy Policy, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
E-mail: privacy@therabody.com