Information We Collect Directly From You. The information we collect from you depends on how you use our Site, App, and Services.
Information We Collect Automatically. We automatically collect information about your use of our Site and Apps through cookies, web beacons, and other technologies, including technologies designed for mobile apps. To the extent permitted by applicable law, we combine this information with other information we collect about you, including your personal information. Please see the section “Cookies and Other Tracking Mechanisms” below for more information.
We use your information, including your personal information, for the following purposes:
We may share your information, including personal information, as follows:
Where required by applicable laws, we will put in place appropriate security measures and/or request these third parties have in place security measures to protect your personal information.
We also disclose information in the following circumstances:
Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Site and App, while others are used to enable a faster log-in process or to allow us to track your activities at our Site and App.
Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Site who disable cookies will be able to browse certain areas of the Site, but some features may not function.
Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web or mobile application pages. We may use clear GIFs (aka web beacons, web bugs or pixel tags), in connection with our Site and App to, among other things, track the activities of Site visitors and App users, help us manage content, and compile statistics about usage of our Site and Apps. We and our service providers also use clear GIFs in HTML emails to our customers to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Do Not Track. Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies); you also may opt out of targeted advertising by following the instructions in the Ad Networks section.
We may disclose certain information (such as your email address) to Facebook Custom Audiences (for more information on Facebook Custom Audience go here or to opt-out, go to the Facebook ad preferences page)—so that we can better target ads and content to you and others with similar interests on other websites or media (“Custom Audiences”). We may also work with other ad networks and marketing platforms that enable us and other participants to target ads to Custom Audiences submitted by us and others. You may also control how Facebook and other ad networks display certain ads to you, as explained further in their respective privacy policies or by using the opt-outs described below.
Users in the United States may opt out of many ad networks. For example, you may go to the Digital Advertising Alliance (“DAA”) Consumer Choice Page for information about opting out of interest-based advertising and their choices regarding having information used by DAA companies. You may also go to the Network Advertising Initiative (“NAI”) Consumer Opt-Out Page for information about opting out of interest-based advertising and their choices regarding having information used by NAI members. If you are in the EU, you may opt out of certain ad network cookies that we and other websites may use for targeted advertising through the European Interactive Digital Advertising Alliance (EDAA) Your Online Choices Page or www.aboutads.info. Users in Australia may opt out of certain ad networks by going to the Your Online Choices Page for information about opting-out of interest-based advertising and choices available from participating organizations. Users in Canada should go to the Digital Advertising Alliance Canada (“DAAC”) AdChoices Page for information about opting out of interest-based advertising and the choices available from DAAC members.
Opting out from one or more companies listed on the DAA Consumer Choice Page, the NAI Consumer Opt-Out Page, or a country- or region-specific consumer choice website will opt you out from those companies’ delivery of interest-based content or ads to you, but it does not mean you will no longer receive any advertising through our Site or on other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing (i.e., contextually based ads). Also, if your browsers are configured to reject cookies when you opt out on a consumer choice website, your opt out may not be effective.
Our Site and Apps may contain links to unaffiliated entities’ websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those websites. We are not responsible for the information practices of such websites.
We have implemented reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security.
You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
You may review and modify personal information that you have submitted by logging into your account and updating your profile information. You may also update your information by visiting your Orangetheory Fitness studio. Please note that copies of information that you have updated, modified, or deleted may remain viewable in cached and archived pages of the Site or App for a period of time.
If you are a resident of the European Union, please see the Additional Information for EU Individuals section below for additional information on accessing your information and other legal rights available to you under European Union law. Residents of countries outside of the United States or European Union should see the Additional Information for Individuals Outside the United States section below.
In accordance with applicable law, we will send periodic promotional communications to you. You may opt-out of such communications by following the opt-out instructions contained in the communication, or if you have opted-in to our promotional text messages, replying STOP. We will process opt-out requests in accordance with applicable law. If you opt-out of receiving promotional communications about recommendations or other information we think may interest you, we may still send you communications about your account or any services you have requested or received from us. App users may enable or disable push notifications by adjusting their App or device settings.
Our franchisees also send their own marketing communications in accordance with applicable law. If you no longer wish to receive marketing communications from our franchisees, you will need to separately opt-out of the respective franchisee’s marketing communications. We do not control, and are not responsible for, the promotional communications sent by our franchisees.
Our Site, Apps, and services are not designed for children under the age of 13. If we discover that a child under the age of 13 has provided us with personal information, we will delete such information from our systems.
If you have questions about the privacy aspects of our Services or would like to make a complaint, please contact us at firstname.lastname@example.org or by contacting your local studio.
You may also have rights under applicable laws to lodge a complaint with your country’s supervisory authority in relation to how we collect, use or disclose your personal information.
This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Site and App. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Site and App and, where required to do so under applicable law, we will obtain your consent to such changes
In some jurisdictions, you may have additional rights, and we have certain obligations with respect to your personal information, which will vary based on your jurisdiction of residency. Below we have identified certain of these rights that may be available under your country’s laws. If you are a resident of the European Union, please see the Additional Information for EU Individuals section below.
Access and Correction. Upon written request and verification of your identity, you may have the right to access the personal information about you under our control, information about the ways in which that information is being used and a description of the individuals and organizations to whom that information has been disclosed. We will make the information available within any legally required timeframe or provide written notice where additional time is required to fulfil the request.
In some situations we may not be able to provide access to certain personal information. This may be the case where, for example, disclosure would reveal personal information about another individual, the personal information is protected by a legal privilege, the information was collected for the purpose of an investigation or where disclosure of the information would reveal confidential commercial information that, if disclosed, could harm our competitive position. We may also be prevented by law from providing access to certain personal information. When an access request is refused, we will notify you about such refusal.
We will make a reasonable effort to ensure that personal information we are using or disclosing is accurate and complete. In most cases, we rely on you to ensure that your information is current, complete and accurate. If you demonstrate the inaccuracy or incompleteness of personal information, we will amend the information as required.
Withdraw consent. Where you have provided us with your consent, for example, for direct marketing purposes, you have the right to withdraw your consent to our processing of your personal information at any time. However, in the event of such withdrawal, we or our franchisees (as applicable) may not be able to offer our services to you.
De-registration of account. In certain jurisdictions, you have the right to request for de-registration of your account (if you have registered for an account to access our services).
Retention. We retain your personal information for as long as necessary to provide our services to you, to fulfil the purposes described in this Policy and/or our business purposes, or as permitted or required by law, regulation, or internal policy.
Cross-border Transfer of Personal Information. We generally maintain servers and systems in the United States hosted by service providers. Our franchisees in your country of residence may transfer personal information to us in the United States, and we also may subcontract the processing of your information to, or otherwise share your information with, other parties in the United States or countries other than your country of residence. As a result, where the personal information that we collect through or in connection with the Site, App, or our services, or is provided to us by our franchisees, is transferred to and processed in the United States or anywhere else outside your country of residence, we will take steps to ensure that the information receives the same level of protection as if it remained within your country of residence. In some cases, when we share your information, the person or entity to whom we share the information may be overseas or may store your information overseas and may not be required to protect the information in a way that provides comparable safeguards to those which apply domestically to your information. Where this is the case and to the extent required by law, we will seek your authorisation before sharing such information. You therefore acknowledge that your personal information may be processed and stored in foreign jurisdictions and that governments, courts, law enforcement or government or regulatory agencies in the United States and elsewhere may be able to access or obtain disclosure of your personal information under a lawful order or otherwise through the laws of the foreign jurisdiction, irrespective of the safeguards we have put in place for the protection of your personal information.
The information we collect through the Services is controlled by Ultimate Fitness Group, LLC, which is headquartered in the United States at 6000 Broken Sound Parkway NW, Suite 200, Boca Raton, Florida 33487, USA. For personal information collected at an Orangetheory Fitness studio owned by one of our franchisees, the relevant franchisee will be the data controller; to exercise any of your rights with one of our franchisees, please contact the respective franchisee by visiting your local studio or following the contact information for the local studio on the Site. As the franchisor, Ultimate can access the personal information you provide to our franchisees, and where we use that personal information for our own purposes, we will be an independent controller.
The Legal Bases for Using Your Personal Information. We collect your information as a data controller when we have a legal basis to do so. The following legal bases pertain to our collection of data:
Retention of Your Personal Information. We retain your personal information for as long as necessary to provide our services to you, to fulfil the purposes described in this Policy and/or our business purposes, or as required by law, regulation, or internal policy.
Special Categories of Personal Information. We require an additional legal basis to process special categories of personal information which includes your health data (which may be inferred from your weight and height, performance during workouts, from your heartbeat when you use one of our OTbeat heart rate monitors and your voluntary participation in body scans, or when we ask you to provide to us with your health information, such as health conditions that you disclose to us when completing a membership agreement), which shall be one of the following:
Processing of Information from Children Between the Ages of 14 and 17. Where a child in the EU between the ages of 14 and 17 provides us with personal information through the Services and our processing is based on consent as a legal basis, we will obtain the consent of the child’s respective parent or guardian. The parent or guardian has the right to withdraw such consent provided on behalf of their child at any time.
Your Legal Rights. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, when Ultimate acts as a data controller, European Union individuals have certain rights in relation to their personal information:
Right to access, correct, and delete your personal information: You have the right to request access to the personal information that we hold about you and: (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.
You also have the right to request that we delete your information.
We are not required to comply with your request to erase personal information if the processing of your personal information is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.
Right to restrict the processing of your personal information: You have the right to restrict the use of your personal information when (i) you contest the accuracy of the data; (ii) the use is unlawful but you do not want us to erase the data; (iii) we no longer need the personal information for the relevant purposes, but we require it for the establishment, exercise, or defense of legal claims; or (iv) you have objected to our personal information use where such use is justified on our legitimate interests and we must verify as to whether we have a compelling interest to continue to use your data.
We can continue to use your personal information following a request for restriction, where:
Right to data portability: To the extent that we process your information (i) based on your consent or under a contract; and (ii) through automated means, you have the right to receive such personal information in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller.
Right to object to the processing of your personal information: You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction: You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the EEA.
Right to lodge a complaint with your local supervisory authority: You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
How to Exercise Your Rights: If you would like to exercise any of the rights described above, please send us a request at email@example.com. In your message, please indicate the right you would like to exercise and the information that you would like to access, review, correct, or delete.
We may ask you for additional information to confirm your identity and for security purposes before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
We may not always be able to fully address your request, for example if it would affect the duty of confidentiality we owe to others or if we are legally entitled to deal with the request in a different way.
Cross-border Transfer of Information. We generally maintain servers and systems in the United States hosted by service providers. Our European Union franchisees may transfer personal information to us in the United States, and we also may subcontract the processing of your information to, or otherwise share your information with, other parties in the United States or countries other than your country of residence. As a result, where the personal information that we collect through or in connection with the Site, App, or our services, or is provided to us by our franchisees, is transferred to and processed in the United States or anywhere else outside the European Economic Area (EEA) for the purposes described above, we will take steps to ensure that the information receives the same level of protection as if it remained within the EEA, including entering into data transfer agreements, using the EU Commission approved Standard Contractual Clauses, or by relying on approved certification schemes. You may have a right to details of the mechanisms under which your data is transferred outside the EEA.
Under the CCPA, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.
Categories of Personal Information that We Collect, Disclose, and Sell
California Residents’ Rights
California law grants California residents certain rights and imposes restrictions on particular business practices as set forth below.
Right to Opt-out. California residents have the right to opt-out of our “Sale” of their personal information. California defines the term “Sale” broadly, and includes, our selling, renting, releasing, disclosing, disseminating, making available, transferring or otherwise communicating (collectively a “Sale”) California residents’ personal information to another business or third party for monetary or other valuable consideration. Please note that while some of our sharing of personal information may be a “Sale” as defined by CCPA, we do not sell personal information for monetary compensation. California residents may exercise their right to opt-out the Sale of their personal information by completing our CCPA rights request form at https://orangetheoryfitness.truyo.com/consumer/request_form or by contacting us at 888-413-1505 (toll free).
Right to Opt-In. We do not sell personal information about residents who we know are younger than 16 years old without opt-in consent.
Notice at Collection. We are required to notify California residents, at or before the point of collection of their personal information, the categories of personal information collected and the purposes for which such information is used.
Verifiable Requests to Delete, and Requests to Know. Subject to certain exceptions, California residents have the right to make the following requests, at no charge, up to twice every 12 months:
Right of Deletion: California residents have the right to request deletion of their personal information that we have collected about them, subject to certain exemptions, and to have such personal information deleted, except where necessary for any of a list of exempt purposes.
Right to Know – Right to a Copy: California residents have the right to request a copy of the specific pieces of personal information that we have collected about them in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance.
Right to Know – Right to Information: California residents have the right to request that we provide them certain information about how we have handled their personal information in the prior 12 months, including the:
Submitting Requests. Requests to exercise the Right of Deletion, Right to a Copy, and / or the Right to Information may be submitted by California residents on our CCPA rights request form at https://orangetheoryfitness.truyo.com/consumer/request_form, as well as by contacting us at 888-413-1505 (toll free). We will respond to verifiable requests received from California consumers as required by law.
Right to Non-Discrimination, and Incentives. The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA and imposes requirements on any financial incentives offered to California residents related to their personal information.
Discrimination: Businesses may not discriminate against residents who exercise their rights under CCPA. Discrimination may exist where a business denies or provides a different level or quality of goods or services, or charges (or suggests that it will charge) different prices or rates or impose penalties on residents who exercise their CCPA rights, unless doing so is reasonably related to the value provided to the business by the residents’ data.
Disclosure of Incentives: If businesses offer any financial incentives for the collection, sale or deletion of California residents’ personal information, residents have the right to be notified of any financial incentives offers and their material terms, the right not be included in such offers without prior informed opt-in consent, and the right to be able to opt-out of such offers at any time. Businesses may not offer unjust, unreasonable, coercive or usurious financial incentives. We do not offer any financial incentives at this time.
Consent language for Singapore