We take the protection of the data that we hold about you very seriously and we will do everything possible to ensure that data is collected, stored, processed, maintained, cleansed and retained in accordance with the highest data protection and privacy standards, including the General Data Protection Regulation (“GDPR”) on and from May 25, 2018 (“Data Protection Legislation”).
What type of information we collect?
When you open a FITSTATS Wellness account as a student/participant, teacher, administrator or health practitioner, we will collect certain information about you which may include your name, date of birth, gender, email address, telephone number, and names of the affiliated organizations that you are a member of (“User Data”). If you are a student/participant, we will also collect data provided by you or entered by your teachers, coaches, administrators and health professionals about daily wellness, physical activity sessions, illnesses, injuries, etc. (“Performance Data”). You may also choose to provide us with other information on your online user profile.
We only collect information that you and our customers allow us to collect, that you allow through your consent, or that our customers want us to process from their athletes. Generally, this information about you is related to your physical activity, health data and fitness data. The information is controlled by our customers/schools, collected by them through the use of our products, and is processed and used by us as described below. We use and process the information in this fashion as it is necessary in order to perform our end of the contracts we have with our customers/schools. In addition, we will be obtaining your specific consent to use the information in this manner.
Customers and their internal (non-student/participants) representatives and personnel
We only collect the following information: name, contact details and information related to our professional work with you. Our legal basis for the collection, use, and processing of this information is that we collect, use, and process the information types listed above to perform our legitimate business of maintaining necessary employee, contractor, and applicant information for the operations of our company.
Suppliers, consultants and contractors
We only collect the following information: name, contact details, account and payment arrangements, and information related to and reasonably required for our professional work with you. Our legal basis for the collection, use, and processing of this information is that we collect, use, and process the information listed above to perform our legitimate business of maintaining necessary employee, contractor, and applicant information for the operations of our company.
How we do collect the information?
We collect the information when you directly use our products or services. Either yourself or someone else acting on your behalf can enter information about you into the software.
Where possible we however always try to collect your personal information directly from you.
Regardless of how your personal information is collected – whether it is directly from you, from your interactions with us or from third parties – we will deal with your personal information in accordance with this policy.
Why do we collect the information?
We collect the information for three purposes:
Providing and Maintaining the Services That Relate to this Product (“Services”)
We use the information for fulfilling our contractual terms as product and service providers to your club or team and for product development and enhancement. For example, by allowing teachers, administrators and health professionals to administer health monitoring programs, provide quality instruction, manage assessment data and manage health and medical records.
Improving and Developing the Services
We also use the information we collect to improve the Services and to develop new ones. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; conduct research and surveys; and develop new features and Services.
Communicating with You
We use your information when needed to send you notifications and respond to you when you contact us. We also use your information to promote new features that we think you would be interested in. You can control marketing communications and most Service notifications by using your notification preferences in account settings or via the “Unsubscribe” link in an email. We use your information to provide customer service or assistance to you or to our customers about their instances of our products and Services.
Our Disclosure of Your Information
If you are a student/participant, the information you decide to share will be viewable with the owner of the FITSTATS Wellness account, as well as all teachers, administrators and health professionals linked to your account. student/participant users can only access their own data.
If you are a system administrator, health professional, or account owner user, the information you decide to share will be viewable by the account owner and system administrators only.
If you are a teacher or a school manager user, the information you decide to share will be viewable by the account owner, system administrators and other teachers linked to the same schools as you.
We do not share, lend or sell personally identifiable data with any third party. We may however share your personal information with the police and other law enforcement agencies for the purposes of crime prevention or detection. If we disclose your information, we ask the organization to demonstrate that the data will assist in the prevention or detection of crime, or that FITSTATS is legally obliged to disclose it. This is done on a strictly case by case basis and through a tightly controlled process to ensure we comply with Data Protection Legislation
Third parties with whom we may partner to provide certain features on our site or to display advertising based upon your Web browsing activity use Local Storage Objects (LSOs) such as HTML 5 to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs. We may partner with a third party to either display advertising on our Web site or to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests.
We do not store credit card or other payment method information on the site. We use a third-party provider (“Freshbooks”) to deliver and process invoices, and third-party providers (“Stripe” and “Freshbooks”) to process credit card payments. Please consult the Data Protection Policy of each provider for more details about their data protection measures.
Our payment processors have the sole and complete responsibility for the storage of credit card and payment information.
Forum and Blog
Legal Requests and Business Transitions; Emergencies.
We may disclose your personal information (a) to any governmental authority as part of an investigation to determine our compliance with any applicable law, rule, or regulation (including privacy laws, rules, and regulations), (b) in response to a court order, subpoena, discovery request, or other lawful judicial or administrative proceeding, (c) as otherwise required under any applicable law, rule, or regulation, and (d) in good faith, to protect or defend the rights or property of FITSTATS Wellness and other users and (e) if FITSTATS Wellness is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
Your Use of Other Persons’ Information
In order to facilitate the services provided by the Site, the Site allows you in certain circumstances to give other Users limited access to the personal information of other persons. For example, if you are an Account Owner, an Administrator, a School Manager, you may use the Site to give access to a staff member to the personal information of your students/participant.
Protecting your information
To ensure a maximal security of data traveling from you to our server and from the server to you, we use the latest Transport layer security (TLS) protocol, which provides bidirectional encrypted communication security between client/server. The encryption process protects your information, by scrambling it before it is sent to us from your device or computer. Once FITSTATS Wellness receives your transmission, we make commercially reasonable efforts to ensure its security on our system.
All information uploaded by FITSTATS Wellness users (files, pictures, etc.) on our server is encrypted at rest.
Data Storage Location
If you access the service from the app.fitstatswellness.com domain and related mobile apps, all the information collected will be transmitted to and stored on servers located in the United States of America.
Two-factor authentication is a mechanism that requires users to provide two different means of identification when logging in. All non-student/participant users (teachers, managers, medical and administrators users) can add this additional layer of security to their account by enabling Two-factor authentication in their profile. When two-factor authentication is enabled, users will be required to log in with their password and a random numeric code generated by the Google Authenticator application which is available for iPhone, Android, and BlackBerry. Two-factor authentication is set up on a per-user basis.
Other Information Collectors
Correcting and Updating Your Personal Information
To review, delete and update your personal information to ensure it is accurate, you may login into your account to make the changes, or you may contact us at email@example.com and:
Provide us with enough information to identify you and;
Specify the information that is incorrect and what it should be replaced with.
You can export a copy of your personal data for you to reuse for your own purposes across different services by using the Application various export and Log & stats options. You may also exercise this right at any time by contacting us at firstname.lastname@example.org.
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Once you deactivate your account, any data that we collect from you will be deleted in accordance with timescales set out below:
User Data :
This information is deleted three years after account deactivation by a user or following a 365 days period of inactivity.
This information is anonymized after the 365 period referred to above.
We may retain anonymized data for research and product and service development purposes.
Right to be forgotten
In certain circumstances you can request us to delete all information we hold which identifies you. You can make this request at any time by emailing email@example.com but please note we may be compelled to maintain your information due to specific legislative or regulatory requirements.
Additional Policy Information
Service and marketing messages
If you are currently receiving service messages or marketing communications from FITSTATS and no longer wish to do so, you may revoke your consent to receiving such emails by clicking the Unsubscribe link, found at the bottom of every email, or by contacting firstname.lastname@example.org.
With your prior written consent we may post your testimonial along with your name and photo. If you want your testimonial removed please contact us at privacy[at]fitstatswellness.com.
Social Media Features
We may update this privacy statement to reflect changes to our information practices. We will notify you by means of a notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
Complaints and contacts
It is our goal to make our privacy practices easy to understand. If you have any concerns or complaints in relation to how FITSTATS collects and/or processes your personal data, you should contact the FITSTATS data protection officer at the address below: email@example.com
FITSTATS Technologies, Inc.
75 Brydges St. Moncton, NB
APPLIES TO USERS OF FITSTATS WELLNESS IN THE UNITED STATES OF AMERICA
In the course of performing our contractual obligations and our various corporate functions and activities, FITSTATS Wellness collects some health information from students/participants via the FITSTATS Platform and related applications. The US legislation, Health Insurance Portability and Accountability Act (1996) (“HIPPA”) introduces a number of rules that businesses must comply with in relation to the collection of protected health information. To the extent that FITSTATS Wellness collects public health information (“PHI”) of athletes in the USA, it will be mindful of the following requirements of HIPPA (“US Activities”).In relation to the collection of PHI through our US Activities we will be mindful of the principles articulated in the body of this document. We have processes in place to ensure HIPPA compliance including:
We have safeguards to protect the privacy of health information and set limits on the use and disclosure of this information.
We provide individuals with the ability to access information about their health and request corrections where appropriate.
We ensure that appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.
We have appropriate technical and non-technical safeguards to secure electronic PHI.
In the event of a breach of PHI, unless a risk assessment demonstrates that the there is a low probability that the health information has been compromised, we will notify the individual whose information is involved (as soon as possible and within 72 hours).
We have appointed a privacy officer and an incident response team.
Our employees are adequately trained about the use and disclosure of PHI and how to safeguard it appropriately.