Your Privacy Matters
Last modified: 7/10/2018
Please check back here regularly for updates. We will also provide you with an email notification of any changes if you have a user account with us. A summary of the changes can be found here.
12. Age Restrictions
1. DATA CONTROLLER
Exsurgo provides Services to users throughout the world, but stores all of your data in the United States. Exsurgo’s data controller is:
810 Gonzalez Dr
San Francisco, CA 94132
Questions, comments and complaints about Exsurgo’s data practices can be submitted to Exsurgo by emailing firstname.lastname@example.org.
Regardless of your location, Exsurgo is the only controller of your personal data. All your data is located within the United States and none of it is transferred outside of the United States.
2. THE DATA WE COLLECT FROM YOU
In order for you to utilize our Services, including but not limited to, creating a user account and using our services, we collect the following data from you:
2.1 Data You Provide
• Account Creation: Exsurgo collects certain personal data from you when you create or update your account and/or sign-up for the Services. This may include personal information such as your full legal name, age, physical address, country and/or region, email address, gender, birthday, payment information (for in-app purchases) and phone number, as well a photograph. To add certain content such as pictures to your account, you may grant us to access your device, including its camera or photo album.
• Correspondence with Exsurgo: Exsurgo may collect personal data from you if you contact us for customer service purposes and to resolve any issues or answering any questions you may have. In addition, if you participate in any surveys, we may also be collecting your insights into our products and Services, as well as responses to any questions or prompts included in such surveys.
• In-App Purchases: If you make purchases through our Services, you will be required to provide your payment information, which may include your credit card information.
2.2 Data We Automatically Collect When You Use the Services
When you access or use our Services, we automatically collect data about your use of the Services, including:
· Log Data: Whenever you use our Services, we collect data automatically that your browser sends to us that is called Log Data. This Log Data may include data such as your computer’s Internet Protocol (“IP”) address, browser version, pages of our website you visit, the time and date of your visit, the time spent on those pages, and other statistics.
· Device Data: We collect and store data about the computer or mobile device you use to access our Services, including your mobile device's unique ID number (e.g., IMEI, AD ID), your geographic location, the hardware model, operating system and version.
· Email Data: Email messages we send to you may contain code that enables our database to track your usage of the e-mails, including whether the e-mail was opened and what links (if any) were clicked.
· Usage Data: We may collect data about your participation and actions within our Services, such as the exercises, , exercise metrics, how you browse the Services, terms you have searched for, people with whom you communicate with, comments left and related insights. It can also include the various functions and features that you use, the connections you make, and any search you perform.
3. HOW WE USE YOUR DATA
We use the data that we have about you to personalize our Services so that they can be more relevant and useful to you and others. We collect, store and use your personal data to provide our Services to you as follows:
3.1 Account Administration
Your personal data is necessary to allow you to utilize the basic functionality of the Services, which includes: (i) creating and updating your user account; (ii) verifying your identity; (iii) providing you notices about your account; (iv) notifying you about changes to our Services; (v) providing customer support, such as responding to emails, questions, comments, requests and/or complaints sent by you to Exsurgo; (vi) performing internal operations necessary to provide our Services, including to troubleshoot software bugs and operational problems; (vii) investigating or addressing claims or disputes relating to your use of the Services, or as otherwise allowed by applicable law, or as requested by regulators, government entities, and official inquiries; (viii) storing information about your preferences so that we may customize our Services according to your individual interests; and (ix) recognizing you when you return to our Services.
3.2 Company Communications
We will contact you through email, notices posted on our websites or applications, messages to your account, and other ways through our Services. We will send you messages about the availability of our Services, security, or other service-related issues. We also send messages about how to use the Services, network updates, reminders, and promotional messages. You may change your communication preferences at any time. However, please be aware that you cannot opt-out of receiving service messages from us, including service announcements, security alerts, update notices, or other administrative messages.
3.3 Marketing & Advertising Communications; Mailing Lists
We may send emails to you for marketing and advertising purposes, such as newsletters, new product offerings, special discounts, event notifications, and special third-party offers. However, if you do provide any data considered to be a “special category” of data, we will not use such data for any marketing and/or advertising purposes. In addition, in no event will we share information that personally identifies you directly with any marketers and/or advertisers. You may opt-out of receiving promotional emails and other promotional communications from us at any time via the opt-out links provided in such communications or by e-mailing email@example.com.
We may periodically contact you to conduct voluntary user surveys. We encourage our users to participate in such surveys because they provide us with important information regarding the improvement of the Services offered by Exsurgo. We do not link the survey responses to your name or email address, and all responses are anonymous.
3.5 Development of the Services
We use the data we receive, including feedback, to: (i) monitor and analyze trends; (ii) further develop our Services in order to provide you and others with a better, more intuitive and personalized experience; (iii) drive membership growth and engagement on our Services; (iv) to speed up your searches; and (v) to estimate our audience size and usage patterns.
We use your data to help provide the Services to you, specifically including to recommend performances for you to watch, to further develop and personalize the Services, to be able to communicate with you, to conduct surveys, and to send you marketing communications. You have a right to opt-out of any marketing communications by clicking the link in the email to unsubscribe or by emailing us directly at firstname.lastname@example.org.
4. WHO WE SHARE YOUR DATA WITH
4.1 With Other Users
As our Services primarily consist of monitoring your performance of exercises with Exsurgo hardware, you can choose to share with friends, teammates, coaches, or other individuals. Sharing of this data is at the discretion of the user through the mobile application and website.
4.2 With Third Party Service Providers
We share the data we collect from you, including aggregated together with non-personally identifiable information data, with third party service providers. This may include:
· Quality and support entities, such as ZenDesk
· Marketing and public relations entities, such as Adjust
· Analytics, engineering and technical service providers, such Amazon Web Service; and
· Consultants, lawyers, accountants and other professional service providers.
4.3 With Investigators, Governmental Bodies, Authorities or Law Enforcement Agencies
4.4 With Potential Buyers or Investors
We may share your data with others in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restricting, financing, or acquisition of all or a portion of our business by or into any another company, or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by Exsurgo about its users is among the assets transferred.
4.5 With Other Parties You Consent To
4.6 With Marketers and Advertisers
Exsurgo may share your data with third parties for marketing or advertisement purposes, including for interest-based advertising and direct marketing campaigns where we use third party companies to serve you targeted advertisements and marketing campaigns based on the data we collect from you. For more information on the means through which we collect some of this data, as well as for your rights related to the control of such data, please see the Section entitled Policy on Cookies and Similar Technologies. You may opt out of this at any time by using the unsubscribe feature in any marketing email you receive or by emailing email@example.com.
We may share your data with any third parties who help us provide our Services. We may also share your data when we believe it is required by law or to help protect the rights and safety of Exsurgo, you or others. We may also share your data when our business is sold to others or subject to any change in ownership as well as to any other third parties to whom you expressly consent to sharing such data with. Currently, we share your data with marketers, but you reserve the right to opt out of any such direct marketing by using the unsubscribe feature in any marketing emails or by emailing firstname.lastname@example.org.
5. HOW LONG WE RETAIN YOUR DATA
Exsurgo only retains user profile and other data as long as you have a user account and utilize the Services. You may request deletion of your account at any time by emailing Exsurgo at email@example.com and making such request. Upon receipt of a request to delete your account, Exsurgo will delete your account as soon as reasonably possible after such request is received.
In addition, since we are subject to compliance with different laws in place around the world relating to regulatory, tax, insurance or other requirements in the field in which it operates, Exsurgo will maintain certain data related to the foregoing in its backup or data logs for seven (7) years. Thereafter, Exsurgo will delete such data in accordance with applicable laws. However, note that in no event will Exsurgo restore your data back to production systems unless absolutely necessary in rare instances, such as to recover from a serious security breach or natural disaster, and even in such an instance all necessary steps will be taken to immediately erase the primary instance of the data and to honor your original request. All backup archives are protected with strong encryption.
We maintain your personal data as long as you have an active user account. We can delete your user account upon request, but will still be required to maintain certain personal data to comply with legal obligations for a period of seven (7) years after removal of your account, which may be stored in encrypted backups and data logs.
6. YOUR RIGHTS RELATING TO THE USE OF YOUR DATA
We at Exsurgo want you to have complete control of your data, and therefore, you always have the right to:
· Access any of your personal data we hold about you;
· Review and/or edit your personal data;
· Ask us to erase any personal data we hold about you;
· Ask us to not use your personal data for direct-marketing purposes;
· Restrict the way we process your personal data;
· Have your personal data provided to a third-party provider of services;
· Withdraw your consent at any time for any instances where you provided your consent;
· Have a copy of any personal data we hold about you; and
· Object to our processing of your personal data.
You may review or edit your profile as you wish by logging into your Exsurgo account. If you would like to have us delete your account information, please email us at firstname.lastname@example.org. If your account is deleted, you will no longer be able to use the Services. We will use commercially reasonable efforts to honor your request; however, certain data may persist internally or for our administrative purposes subject to the records retention policy discussed in Section 5.
You can access, update and/or delete your personal data by visiting your account, or by emailing us at email@example.com. You have many choices about how your data is collected, used and shared and we will help facilitate any of those choices you wish to pursue. Even if you delete your account, however, certain personal data may be kept for record retention purposes as previously discussed in Section 5.
7. HOW WE SECURE YOUR DATA
We encrypt the data you enter on our Services in order to protect its security during the transmission of data. When storing data, we protect its security by encryption and pseudonymization of critical data. All of your personal data is stored in a virtual private cloud that requires a PEM certificate to access through a VPN, with such access restricted to Exsurgo employees, contractors and agents who need that information in order to process it and who are subject to strict contractual confidentiality obligations whereby they may be disciplined if they fail to comply with such confidentiality obligations.
We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable customer data. Our security procedures require us in some cases to request proof of identity before disclosing personal data to you. To protect against unauthorized access to your account and data, we implement session management and login expiration mechanisms. As an additional safety measure, be sure to sign off when you finish using your account and your computer.
Although we use reasonable organizational, technical and administrative measures to protect your personal data, it is unfortunately true that no data transmission over the Internet can be guaranteed to be 100% secure. Consequently, please note that while we do our best to protect your personal data, we cannot fully guarantee the security of any personal data you transfer over the Internet. Any transmission of personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained in our Services.
If you believe that your interaction with us is no longer secure or that your account has been otherwise compromised, please contact us immediately at firstname.lastname@example.org.
Our data transmissions are secured through encryption, and we also monitor for and try to prevent security breaches. However, no data transmissions over the Internet can ever be guaranteed to be 100% secured. Please use the security features available through our Services and do not hesitate to email us at email@example.com if you believe your account security has been compromised.
8. SPECIAL INFORMATION FOR INDIVIDUALS LOCATED IN THE EUROPEAN ECONOMIC AREA
Beginning May 25, 2018, the processing of personal data of users within the European Economic Area (EEA) is subject to the EU General Data Protection Regulation (“GDPR”). This section summarizes Exsurgo’s grounds for processing personal data under the GDPR, and the rights of such users as it relates to Exsurgo’s handling of personal data.
A. EU User Rights
If you are located within the EEA, you have the following rights with respect to how Exsurgo handles your data:
· Requesting Explanations of What Data of Yours Exsurgo Stores and How It Is Used - You have the right to request an explanation of the data that Exsurgo has about you and how Exsurgo uses that data.
· Requesting Copies of Your Data - You have the right to receive a copy of the data that Exsurgo collects about you if collected on the basis of consent or because Exsurgo requires the data to provide the Services that you request.
- Requesting Correction to Your Data - If Exsurgo has data about you that you believe is inaccurate, you have the right to request correction of your data.
- Requesting Your Data to be Deleted - You may request deletion of your user account at any time by emailing us at firstname.lastname@example.org. We may retain certain data about you as required by law and for legitimate business purposes permitted by law, which is further discussed in Section 5.
- Requesting Your Data to be Transferred: Upon your request, we will transfer your data to a third party.
- Filing an Objection or Complaint – Users in the EAA have the right to object to Exsurgo’s processing of personal data, including for marketing purposes based on profiling and/or automated decision making. Exsurgo may continue to process your data notwithstanding the objection to the extent permitted under GDPR. Users in the EAA also have the right to file a complaint relating to Exsurgo’s handling of your personal data with their local Data Protection Authority (“DPA”). To find the best DPA to contact and lodge your complaint, please visit http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm. You may also submit complaints or objections directly to Exsurgo by emailing email@example.com
B. Legal Basis for Processing Your Data
The GDPR requires that companies processing the personal data of EEA users do so on the basis of specific legal grounds. As such, Exsurgo will only process your personal data in the following situations:
· The Processing is Necessary to Perform Our Contract with You. Exsurgo must collect and use certain data in order to provide its Services that you have contracted with Exsurgo for. This includes user data that is necessary to establish and maintain your account, and exercise data. Collection and use of this data is a requirement for using Exsurgo’s Services.
· The Processing is Necessary for Exsurgo’s Legitimate Interests. Exsurgo collects and uses personal data to the extent necessary for its legitimate interests, which includes: (i) to provide customer support; (ii) to optimize our Service and develop new services; (iii) for research and analytical purposes; and (iv) to provide you notices about changes to our Services.
- Your Explicit Consent is Given. Exsurgo may collect and use your data on the basis of your consent. For example, we rely on your consent for us to use your personal information to send you marketing information (such as our newsletters and promotional offers) by email, SMS, or telephone. You may revoke your consent at any time. If you revoke your consent, you will not be able to use any part of our Services that requires collection or use of the data we collected or used on the basis of your consent.
You have a right to: (i) requesting explanations of what data of yours Exsurgo stores and how it is used; (ii) request copies of your personal data; (iii) request your data to be deleted; (iv) file a complaint about the use of your data; or (v) request your data to be transferred. Our legal basis for collecting, using and sharing your data include consent, contract and legitimate interest. If the legal basis is consent, then you may withdraw your consent at any time. If you wish to exercise any of your rights relating to control of your data, please email us at firstname.lastname@example.org.
9. INTERNATIONAL DATA TRANSFERS
The personal data we collect may be transferred to, and processed and stored in, countries outside of the jurisdiction you are located in. For example, if you are located in a country with the EEA, your personal data may be processed in the United States. All international transfers of your personal data are made:
· To a country or territory ensuring an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data as determined by the European Commission;
· To a third party that is a member of a compliance scheme recognized as offering adequate protection for the rights and freedoms of data subjects as determined by the European Commission; or
· Pursuant to appropriate safeguards, such as the Standard Contractual Clauses (processors) approved by European Commission Decision C(2010)593 or any subsequent version thereof released by the European Commission or the EU-U.S. Privacy Shield.
If you wish to enquire further about these safeguards used, please send us an email at email@example.com.
All of our data is processed in the United States. Your data is safely transferred in accordance with all applicable laws.
10. POLICY ON COOKIES AND SIMILAR TECHNOLOGIES
A. What are cookies?
B. What are cookies used for?
Some examples of what these tracking technologies are used for by Exsurgo may include:
· Authenticating users;
· Remembering user preferences and settings;
· Determining the popularity of certain content;
· Analyzing traffic to our Services; and
· Generally reviewing and understanding the behaviors of people who have an interest in or utilize our Services.
C. How long will cookies stay on my device?
The length of time a cookie will stay on your computer or mobile device depends on whether it is a "persistent" or "session" cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your computer or mobile device until they expire or are deleted.
D. Who Does the Cookies Belong To?
E. Types of Cookies Use.
The cookies we use generally fall into one of the following categories:
· Technical/Required – These cookies are essential for our Services to function properly. Like other cookies we use, technical cookies may be either first-party cookies or third-party cookies.
· Preferences – We use these cookies to remember your settings and preferences. For example, we may use these cookies to remember your language preferences.
· Performance – We use these cookies to collect data about how you interact with our Services and to help us improve them. For example, we may use these cookies to determine if you have interacted with a certain web page.
· Analytics – We use these cookies to help us understand and improve our Services. For example, we can use these cookies to learn more about which features are the most popular with our users and where we may need to make improvements.
F. How to Control Cookies or Other Collection Mechanisms
You have the right to choose whether or not to accept cookies. However, please be advised that if you set your browser to disable cookies or other tracking technologies, you may not be able to access certain parts of our Services or the functionality of certain aspects of the Services may be limited. In addition, you have other choices with respect to how cookies are used:
· Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. To do so, please follow the instructions provided by your browser that are usually located within the "Help" or “Preferences” menu. Some third parties also provide the ability to refuse their cookies directly by clicking on an opt-out link.
· Removing or rejecting browser cookies does not necessarily affect third-party flash cookies that may be used by us or our partners in connection with our Services. To delete or disable flash cookies please visit Adobe’s website located at https://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html. For further information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, you can visit http://youradchoices.com/ and www.youronlinechoices.eu for EU visitors.
· For mobile users, you should have controls on your device that enables you to choose whether to allow cookies. For information on controlling your mobile choices, you can visit www.networkadvertising.org/mobile-choices.
· To help control or block certain ads in mobile applications, you may choose to download and utilize the DAA mobile app, http://youradchoices.com/appchoices.
G. Web Beacons
In addition to cookies, pages of our website or emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Exsurgo, for example, to count users who have visited those pages or emails and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
We use tracking technologies such as cookies and web beacons to help provide the Services to you. If you wish to not utilize cookies, then you can opt out of such usages. However, if you do decide to opt out, then certain aspects of the Services and/or their functionality may be limited or unusable.
11. LINKS TO THIRD PARTY SITES
We may have links that take you to sites other than ours. If you click on one of those links, you will be bound by that website’s privacy policies.
12. AGE RESTRICTIONS
Our Services are not intended for individuals under 13 years of age. No one under age 13 may provide any data to or on the Services. We do not knowingly collect personal data from individuals under 13. If you are under 13, do not use or provide any data on our website or on or through any of Services or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal data from a person under age 13 without verification of parental consent, we will delete that information. If you believe we might have any data from or about a person under the age of 13, please contact us at firstname.lastname@example.org.
Our Services are not for individuals under the age of 13.
14. CALIFORNIA RESIDENTS
If you are a California resident, you can request a notice disclosing the categories of your personal data we have shared with third parties for direct marketing purposes for each calendar year. To request a copy, please email email@example.com, and we will respond to you as soon as reasonable possible. Prior to providing any such documentation, we may ask you to provide proof to confirm your identity.
California residents have a right to know what personal data we have shared with third parties for direct marketing purposes. Please contact us at firstname.lastname@example.org to request a copy.
15. HOW TO CONTACT US
Please contact us at email@example.com with any questions, comments or concerns you may have.