Updated: February 1, 2016
- If there are any changes to this Policy, we will post them on the website and send you an email to the Subscriber address listed on your account. Any changes will be effective as of the date we post them on the website or send the email (whichever is later). You may object to any changes within 20 days after they are posted, in which case none of the proposed changes will be effective with respect to information that we have already collected from you, but will apply only to information we collect in the future. If you object to changes in our Policy, we will have to terminate your account.
- EFFECTIVE DATE
- This Policy is effective with respect to any data that we have collected, or collect, about and/or from you, including your End Users, in keeping with our General Terms of Service.
- TYPES OF INFORMATION WE COLLECT
- Subscriber Data. We collect and store information that is created, inputted, submitted, posted, transmitted, stored or displayed by you or your End Users in the process of using our Services. This information may include personal information or other sensitive information that you or your End Users choose to include. Collectively, we refer to this information as “Subscriber Data.” All Subscriber Data is subject to this Policy as well as our technical safeguards as described in our Security Policy and the General Terms of Service.
- Cookies. When you become a Subscriber and access or use the ClubReady System, we store "cookies," which are strings of code, on your computer. We use those cookies to collect information about when you visit our website, when you use the Services or log into the ClubReady System, your browser type and version, your operating system, and other similar information. You may turn off cookies that have been placed on your computer by following the instructions on your browser. However, if you block our cookies, it may be more difficult (and maybe even impossible) to use the ClubReady System or Services.
- Web Beacons, Tags and Scripts. Web beacons (single pixel gifs), tags and scripts may be used in our website, Service or in emails. These assist us in delivering cookies, counting visits to our website, understanding usage and campaign effectiveness and determining whether an email has been opened or acted upon. We may receive reports based on the use of these technologies by our service providers on an individual and aggregated basis.
- Local Storage Objects (LSOs). We use LSOs, such as HTML5, to store content information and preferences. Various browsers may offer their own management tools for removing HTML5 LSOs. Third parties with whom we partner to provide certain features on our website or within the ClubReady System may use LSOs such as HTML5 and Flash to collect and store information.
- Log Files, IP Addresses and Information About Your Computer and Mobile Devices. When you visit or leave our Services (whether as a Subscriber or a visitor) by clicking a hyperlink or when you view a third party site that includes our plugin or cookies (or similar technology), we automatically receive the URL of the site from which you came or the one to which you are directed. We also receive the internet protocol (IP) address of your computer or the proxy server that you use to access the web, your computer operating system details, you type of web browser, your mobile device (including your mobile device identifier provided by your mobile device operating system), your mobile operating system (if you are accessing the ClubReady System using a mobile device), and the name of your ISP or your mobile carrier. We may also receive location data passed to us from third party services or GPS-enabled devices that you have set up, which we use for fraud prevention and security purposes. Most mobile devices allow you to prevent real time location data being sent to us, and of course we will honor your settings.
- Analytics Information. We collect analytics information when you use the ClubReady System, our website and Services to help us improve them. The analytics information we collect may include elements of Subscriber Data related to the function you or the End User is performing. As such, the analytics information we collect may include personal information or sensitive business information.
- Communications with Us. When you send an email or other communication to us, including sending ClubReady support requests, we may collect the personal information that you provide us and may use it in order to process your inquiries, respond to your requests and improve the ClubReady System or our Services. You or your End Users may receive occasional marketing communications regarding ClubReady’s products and services, including products and services offered by our third party vendors. You can always opt-out of receiving marketing communications from us by following the “unsubscribe” instructions included in our marketing communications.
- Public Forum Posts. Our website and the ClubReady System may offer publicly accessible blogs or community forums. You should be aware that any information provided in these areas might be read, collected and used by others who access them. To request removal of your personal information from our community forum, please contact us at firstname.lastname@example.org.
- Subscriber Testimonials. From time to time, we post Subscriber testimonials on our website that may contain some personal information. We will obtain the Subscriber’s consent beforehand to post their name and testimonial. If a Subscriber wishes to update or delete their testimonial, please contact us at email@example.com.
- Aggregated Data. We do aggregate information related to the use of the ClubReady System or Services and publish this information, segmented by Subscriber, geography and other metrics, to provide qualitative insights on customer support metrics and other relevant insights.
- HOW WE USE THE INFORMATION WE COLLECT
- We may use and disclose Subscriber Data, or related information, to:
- Provide, operate, maintain, analyze, improve and promote our Services and tailor our Services to our Subscribers’ needs;
- Enable you and your End Users to access and use our Services;
- Process and complete transactions, and send you related information, including purchase confirmations and invoices;
- Communicate with you, including responding to your comments, questions, and requests; providing customer service and support;
- Provide you with information about services, features, surveys, newsletters, offers, promotions, contests and events;
- Provide other news or information about us and our select partners; and sending you technical notices, updates, security alerts, and support and administrative messages;
- Monitor and analyze trends, usage, and activities in connection with our Services;
- Investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities;
- Bill and collect money owed to us;
- Meet legal requirements, like complying with court orders and valid subpoenas;
- Prosecute and defend court, arbitration or similar proceedings;
- Provide you with marketing information or other services offered by third parties which may be of interest to you; and
- For other purposes about which we notify you.
- SHARING OF INFORMATION
- Third Party Service Providers. We share information, including Subscriber Data, with our third-party service providers (such as merchant service providers, credit card companies, managed hosting providers, sub-processors/onward transfer of Subscriber Data, and technology partners) to provide the necessary hardware, software, networking, storage, and other services that we use to operate our Services and maintain a high quality user experience. These third party service providers may use the Subscriber Data that we share with them for their marketing purposes, and you consent to receiving such solicitations.
- Other Services. You may choose to make use of “Other Services” in conjunction with our Services. “Other Services” are third party products, applications, services, software, networks, systems, directories, websites, databases and information which our Service links to, or which you may connect to or enable in conjunction with ClubReady Services, including without limitation, Other Services which may be integrated directly into your ClubReady account or the ClubReady System, to which you grant access privileges. When access is granted, certain Subscriber Data associated with your account may be shared with the third party, including personal information. ClubReady does not control the policies or procedures of these Other Services, even though the Other Services may be available through our Service. This Policy does not cover the collection or use of information, including Subscriber Data, by Other Services, and we urge you to consider the privacy policies governing these Other Services.
- Affiliates; Subsidiaries; Subcontractors. We may share information, including your Subscriber Data, with any ClubReady affiliate, subsidiary or third-party vendor for purposes of providing our Services, and for any other reason stated in this Policy.
- Consent. We may share your information, including Subscriber Data, with third parties when we have your consent to do so.
- Opt-Out. If you would like to opt-out from receiving marketing-based communications from ClubReady, or a third-party vendor to whom ClubReady has provided your Subscriber Data, you may do so by following the unsubscribe instructions included in the email.
- SUBSCRIBER DATA RETENTION.
- We retain your Subscriber Data while your ClubReady account is active as needed to provide you with Services and access to the ClubReady System. We may retain your Subscriber Data after you have closed your account if retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes between End Users or third parties, prevent fraud and abuse, or enforce this Policy and our General Terms of Service. We may retain personal information, for a limited period of time, if requested by law enforcement. ClubReady’s Customer Service may retain information for as long as is necessary to provide support and support-related reporting, but we will usually delete Subscriber Data after 30 days consistent with our General Terms of Service.
- EU AND SWISS SAFE HARBOR FRAMEWORK.
- ClubReady complies with the EU and Swiss Safe Harbor Framework as set forth in the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. ClubReady has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement.
- CHILDREN’S ONLINE PROTECTION PRIVACY ACT
- ClubReady does not knowingly collect any personal information from children under the age of 13. If you are under the age of 13, please do not submit any personal information through the ClubReady System or our Services. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce this Policy by instructing their children never to provide personal information through our Services without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to us through the ClubReady System or our Services, please contact us, and we will use commercially reasonable efforts to delete that information. Subscribers are responsible for establishing policies for and compliance with applicable laws for the collection of personal information in connection with the use of our Services.
- SUBSCRIBERS IN CALIFORNIA
- For California Subscribers or End Users, ClubReady does not distribute your Subscriber Data to outside parties without your consent. As part of the California Online Privacy Protection Act, all users of our site may make any changes to their information at any time by logging into their control panel and going to the 'My Profile' page. California Civil Code Section 1798.83, known as the “Shine The Light” law, permits a Subscriber or their End Users who are California residents to request and obtain from us a list of what personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge.
- SECURITY BREACH NOTICE
- If a security breach causes an unauthorized intrusion into the ClubReady System that materially affects you or your End User accounts, ClubReady will notify you as soon as possible and report on the actions taken in response.
- BUSINESS TRANSACTIONS
- ClubReady may assign or transfer this Policy, and your Subscriber Data and account information, including any End User Data, to any person or entity that acquires all of our or substantially all of our business, stock or assets of, or with whom we merge.
- CONTACT US
- If you have questions regarding this Policy or about the privacy practices at ClubReady, please contact us by email at firstname.lastname@example.org, or at:
- ATTN: Legal Department
333 Ozark Trail Dr.
St. Louis, MO 63011
Updated: February 1, 2016
At ClubReady, LLC, which includes its subsidiaries and affiliates like CR Payments, LLC and Gym HQ, LLC (collectively, “ClubReady,” “we,” “us,” or “our”), the security of Subscriber Data is a high priority. We maintain the ClubReady System, and all associated data, systems, hardware and software, with technical, administrative, and physical safeguards in place to protect against the loss, unauthorized access, destruction, misuse, modification, and improper disclosure of your Subscriber Data, including End User Data. Despite these safeguards, it’s important that you understanding no computer system or information can even be fully protected against every possible hazard; so long as there are hackers, there are risks. While ClubReady cannot guarantee that its systems or your information will be safe, we are committed to providing reasonable and industry-accepted security controls to protect the ClubReady System and Subscriber Data.
BY ACCESSING, VIEWING OR USING ALL OR ANY PART OF THE CLUBREADY SYSTEM, YOU ARE ACCEPTING THIS POLICY AND THE ENTIERE AGREEMENT. IF YOU DO NOT AGREE, YOU ARE NOT PERMITTED TO ACESS OR USE THE CLUBREADY SYSTEM AND YOUR UNAUTHORIZED USE MAY BE DEEMED A VIOLATION OF LAW.
- BEST PRACTICES FOR YOU TO TAKE TO PROTECT CARDHOLDER DATA AND OTHER END USER DATA
- We recommend these practices to minimize the risk of a Cardholder Data breach, or a breach of other personal information related to your End Users. Please take steps to do the following:
- Maintain updated anti-virus software on all workstations engaged in credit card processing and remove any programs that the anti-virus software flags as potentially malicious.
- Restrict permission to install software on those computers to your business owner and/or trusted senior staff.
- Maintain up-to-date versions of operating systems (e.g., Microsoft Windows or Macintosh OS) and web browsers (e.g., Internet Explorer, Chrome, Safari or Firefox), with all security updates and patches installed.
- Ensure that every individual that logs into the ClubReady System has a unique username and password that is known only by that individual.
- Only store credit card account numbers in encrypted credit card fields designed for that purpose.
- Destroy any hard copy documents that have Cardholder Data written on them.
- Follow the Payment Card Industry Data Security Standard (“PCI DSS”), if you accept Visa, MasterCard, American Express, or Discover credit cards for payment.
- Please do not do the following:
- Share your account or password;
- Record Cardholder Data in notes, contact logs, or other unencrypted text fields within the ClubReady System;
- Record Cardholder Data in any locally installed software program, unless that program and your computer network meet all PCI requirements; or
- Email End User’s credit card numbers, ask End Users to email credit card numbers to you, or record credit card track data.
- STEPS CLUBREADY IS TAKING TO PROTECT YOUR SUBSCRIBER DATA
- PCI Compliance. ClubReady complies with standards set forth by the PCI Security Standards Council to protect Cardholder Data. ClubReady encrypts all stored credit card numbers, we enable restricted firewalls to protect stored data, and we use 128-bit SSL certificates to encrypt data during transfer between the web browser and ClubReady’s database. Approved Scanning Vendor (“ASV”) delivers accurate vulnerability scanning and actionable reporting which enables the ClubReady Network Operations Center to quickly rank risks and gauge compliance against PCI-DSS Standards. Daily Vulnerability Assessments monitor the ClubReady network perimeter against daily threats to help protect you and us from hackers, data breaches, adware, spyware, pop-ups, browser exploits, and phishing attempts.
- Training and Education. ClubReady makes sure that its employees and staff recognize the importance of personal information protection, and the protection of your Subscriber Data. We have established internal rules and policies related to the access and use of Subscriber Data, and encourage you to do the same with your employees and staff. Our rules and policies are continually assessed, maintained and enforced.
- Personnel Security Measures. ClubReady’s technical or management personnel with access to Subscriber Data are subject to background checks prior to hiring, and must sign non-disclosure and data security agreements that protect both ClubReady and Subscriber Data.
- Following Laws and Industry Best Practices. ClubReady complies with all applicable laws, as well as accepted industry best practices, when dealing with your Subscriber Data.
- RISK OF LOSS
- ClubReady’s responsibility to protect your Subscriber Data, including Cardholder Data, applies only after such information is encrypted and received by ClubReady’s server(s). You remain responsible for the proper handling and protection of Cardholder Data until such Cardholder Data is encrypted and received by our server(s). Your ability to successfully do this depends on the degree to which you are able to successfully implement the best practices described above and comply with all PCI guidelines.
- CHANGES TO THE SECURITY POLICY
- ClubReady reserves the right to change this Security Policy. ClubReady will provide notification of the material changes to this Security Policy through a notification on its website, or via email at least thirty (30) business days prior to the change taking effect.
- CONTACT US
- If you have any questions regarding this Security Policy, please contact us by email at email@example.com, or by postal mail at:
- ATTN: Legal Department
333 Ozark Trail Dr.
St. Louis, MO 63011