Effective date: 28 January 2020
We offer a variety of products and services including online sales, mobile device apps, desktop computer software, and a web app. We refer to all of these products, together with our other services and websites as “Services” in this policy.
This policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you. If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business.
1.1 Cross-Border Information Transfers
You acknowledge (a) that you are accessing a Site that is based in the United States, (b) that you are providing personal information to a company in the United States, and (c) that Concept2 must adhere to laws of the United States. You agree that personal information collected on our Site may be stored and processed in the United States or any other country in which Concept2, its affiliates, partners, service providers, or agents maintain facilities, and while in such jurisdictions may be subject to access pursuant to the laws of those jurisdictions.
1.2 What Information We Collect About You
1.2.1 Information You Provide to Us
We may collect the following information about you when you input it into the Services or otherwise provide it directly to us, and may process or otherwise make inferences from this information:
- Personal identifiers, such as a real name, alias, postal address, unique personal identifier, IP address, email address, or account name;
- Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with an internet web site, application, or advertisement;
- Geolocation data;
- Audio/video data;
- Professional or employment-related information; and
- Biometric information, such as heart rate data.
We also collect the following specific information that you provide to us by using our Services:
Account and profile information: We collect information about you when you register for an account, create a profile, set preferences, sign up for or make purchases through the Services. This may include personal information about you such as your name, address, phone number, email address, payment and billing information, as well as certain related information like your company name and website name, when you register for an account to access or utilize one or more of our Services.
Content you provide to us through our Services: The Services include the Concept2 Logbook, the Concept2 Utility, the ErgData app and any other software services developed by Concept2. Content we collect and store includes data related to your height, weight, heart rate, specific physical activities, and similar types of information relating to physiological condition and activity. We collect this data in order to provide the Services and to tailor features, products, event information and Services to your interests and goals.
Content you provide through our websites: The Services include our websites owned or operated by us. We collect other content that you submit to these websites, which include social media or social networking websites operated by us. For example, you provide content to us when you provide feedback or when you participate in any interactive features, reviews, surveys, contests, promotions, sweepstakes, activities or events.
Information you provide to us through our support channels: The Services also include our customer support, where you may choose to submit information related to a problem, question or suggestion related to our Products or Services. Whether you contact us over email, through a web form, over social media, using live chat, by calling or speaking to one of our representatives directly, you will be asked to provide contact information, a description of your reason for contact us, along with documents, screenshots or other information that will help us take care of your issue.
Information you provide when you sign up for marketing or promotional materials: We collect information from you when you sign up to receive marketing information about or related to our Products and Services. Information we collect may include your email address, name, location, and communication preferences.
Payment and billing information: We collect certain billing and payment information when you make a purchase on our online shops or when you contact us directly. Concept2 does not retain or store credit card information. A third-party intermediary is used to manage credit card processing. This intermediary is not permitted to store, retain, or use your billing information for any purpose except for credit card processing on our behalf.
1.2.2 Information We Collect Automatically When You Use the Services
We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services.
Your use of the Services: We keep track of certain aggregate information about you and your use when you interact with or visit any of the Services. While this data may be derived from your personal data, it is not considered personal data in law because it does not directly or indirectly reveal your identity. This information includes the features you use, the links you click on, search terms and files you view.
Device and connection information: We collect information about your computer, phone, tablet or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. How much of this information we collect depends on the type and settings of the device you use to access the Services.
1.2.3 Third Party Embeds
Some of the content that you see displayed on Concept2 is not hosted by Concept2; it is embedded, or hosted by a third party and displayed on a Concept2 page. For example, YouTube videos, Facebook posts or Twitter tweets. These files may send data to the hosted site just as if you were visiting that site directly (for example, when you load a Concept2 page with a YouTube video embedded in it, that video appears because of a pointer to files hosted by YouTube, and in turn YouTube receives data about your activity, such as your IP address and how much of the video you watch). Concept2 does not provide or transfer any data we collect about you to the third party during such interactions.
1.3 How We Use the Information We Collect
To provide the Services: We use the information about you to provide the Services to you. This includes: processing transactions, authenticating your account when you log in, providing customer support and operating and maintaining the Services.
To communicate with you about the Services: We use your contact information to send transactional communications to you via email and within the Services. For example, we will send a purchase confirmation, notify you of software updates, send you technical updates or contact you about your account.
To market or promote the Services: You will receive marketing communications from us if you have opted in to receive such communications. You may opt in to such communications as part of account creation, registration, participation in a sweepstakes or promotion, during a phone call or while visiting our websites. You can control whether you receive these communications as described below under "Opt out of marketing communications."
For customer support purposes: We use your information to resolve technical issues you encounter, to respond to your requests for assistance, and to repair and improve the Services.
For safety and security: We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies.
For legitimate business interests and legal rights: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, or when we need to comply with a legal or regulatory obligation, we may use information about you.
Legal bases for processing (for EEA users): If you are an individual in the European Economic Area (“EEA”), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:
- We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests) (a) for research and development, (b) to market and promote the Services or (c) to protect our legal rights and interests;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
1.4 Third Parties and Concept2
We share information with third parties that help us operate, provide, improve, integrate, customize, support and market our Services.
Service providers: We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual and physical infrastructure, order processing, payment processing and analysis, which may require them to access or use information about you. For example, we use a service provider for sending bulk emails, such as our newsletter or software notifications. If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your information.
Community forums: We offer publicly accessible discussion forums, activity trackers and rankings as part of our Services, such as the Concept2 Forums and the Concept2 Online Logbook. You should be aware that information you provide on these websites, including profile information, may be viewed and collected by any member of the community who views these sites, based on the information sharing settings you have selected in your preferences. We urge you to consider the sensitivity of any information you post in these public settings when you use these Services.
To request removal of your information from publicly accessible websites that are part of our Services, please contact us as provided below. If we are unable to remove some or all of your information, we will notify you and explain why.
Third party widgets or code: Some of our services contain widgets, such as our “Support” and “Chat” features. These widgets may collect your IP address, browsing behavior, location, and may set a cookie to enable that feature to function correctly.
1.5 Information Storage and Security
We store your data using data service providers in the United States.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user places an order to maintain the safety of your personal information.
All credit card payment transactions are processed through PayTrace, a gateway provider, and are not stored or processed on our servers.
We have reasonable and appropriate physical, electronic, and administrative measures in place to safeguard the security of your personal information. However, when you communicate with customer service via email or chat on our websites, these communications may not be encrypted. For that reason, we ask that you do not share sensitive information via these communication channels.
We have put in place procedures to deal with any suspected personal data breach and in the case of a breach will notify you and, where we are legally required to do so, any applicable regulator.
1.6 Data Retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, accounting, or reporting requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.
In some circumstances you can ask us to delete your data: see “Delete your information” below for further information.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
1.7 Your Rights
You have the right to:
- Request that we disclose to you the following information that covering the 12-month period preceding your request:
- The categories and sources of personal information we collected about you.
- The specific personal information we collected about you.
- The commercial purposes for collecting or selling (if applicable) the personal information about you.
- The categories of Personal Information about you that we shared or disclosed, and the categories of third parties with whom we shared or to whom we disclosed such information about you, if applicable.
- Object to our use of your personal information (including for marketing purposes).
- Update and correct your personal information.
- Request the deletion or restriction of your personal information.
- Request your personal information in a structured, electronic format.
Below, we describe the tools and processes for making these requests.
You can exercise some of the choices by logging into the Services and using settings available within the Services or your account.
Access and update your personal information: Some of our Services give you the ability to access, correct and update information about yourself from within the Service. For example, you can log in, access and edit your Logbook profile and your online purchase Account settings.
Deactivate your accounts: If you no longer wish to use our Services, we may be able to deactivate your Services account. Contact us as provided in the Contact Us section below to request assistance.
Delete your personal information: Some of the Services give the ability to delete certain information about yourself from within the Service. For example, you can remove content that contains fitness activity information and remove certain profile information. Please note, however, that we may need to retain certain personal information for record keeping purposes, to complete transactions or to comply with our legal obligations.
Object to use of your information: You may object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal information which override your rights and freedoms.
Request restriction of processing of your personal information: This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request that we stop using your personal information: In some cases, you may ask us to stop accessing, storing, using and otherwise processing your personal information where you believe we don't have the appropriate rights to do so. For example, if you believe a Services account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this policy. Where you gave us consent to use your personal information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time.
When you make such requests, we may need time to process your request. If there is delay or dispute as to whether we have the right to continue using your personal information, we will restrict any further use of your personal information until the request is honored or the dispute is resolved.
Request the transfer of your personal information to you or to a third party: We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated personal information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Opt out of marketing communications: You may opt out of marketing communications from us by using the unsubscribe link provided at the bottom of every email or by contacting us as provided below and requesting that your contact information be removed from our promotional email lists.
Even after you opt out of marketing communications, you will continue to receive transactional notifications from us regarding our Services.
Interest-based advertising: We may work with third-party advertising companies that collect and use information about your online activities across sites over time, in order to deliver more relevant advertising when you are using the Concept2 Services and elsewhere on the Internet. This practice is known as interest-based advertising. You may visit www.aboutads.info to learn more and to opt out of this type of advertising by companies participating in the Digital Advertising Alliance self-regulatory program. We do not operate or control this site, and are not responsible for the opt-out choices available there. Note that electing to opt out will not stop advertising from appearing in your browser or applications. It may make the ads you see less relevant to your interests. If you delete, block or otherwise restrict cookies or use a different computer or Internet browser, you may need to renew your opt-out choice.
Links to Third Parties and Social Media
Our websites and App may contain links to third-party online properties. Such third parties have their own policies that govern their collection, use, and disclosure of information. We suggest that you read their privacy policies to learn about their practices.
Social media provides tools that many of our customers use and enjoy, and we include links to various social media platforms on our websites. If you interact with these social media tools through our websites, your experience on those social media sites will be governed by the privacy and other policies of those sites. So, the privacy settings you have chosen on those sites will determine the degree to which your information is made public. We encourage you to choose your privacy settings on those sites accordingly.
All Other Requests
For all other requests, you may contact us as provided in the Contact Us section below to request assistance. We may request specific information from you to confirm your identity.
Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete personal information which we are permitted by law or have compelling legitimate interests to retain. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.
If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed. In addition, we reserve the right to retain information that we are permitted by law to retain.
The online Concept2 Services are specifically marketed to and available to individuals over the age of 13.
Please see our COPPA Policy for additional information.
1.9 Privacy Shield Notice
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
1.9.1 Sensitive Personal Information
We may collect the following sensitive EEA personal data: data regarding your height, weight, heart rate, specific physical activities, and similar types of information relating to physiological condition and activity. We collect this data in order to provide the Services and to tailor features, products, event information and Services to your interests and goals. When we collect sensitive EEA Personal Data, we will obtain your opt-in consent for the collection and use of such information, including if we disclose your sensitive EEA personal data to third parties, or before we use your sensitive EEA personal data for a different purpose than we collected it for or than you later authorized.
1.9.2 Onward Transfers
Under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, we are responsible for the processing of information about you we receive from the EU and Switzerland and onward transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for such onward transfers and remain liable in accordance with the Privacy Shield Principles if third-party agents that we engage to process such information about you on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov.
1.9.4 Contact and Dispute Resolution
In compliance with the Privacy Shield Principles, Concept2, Inc. commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Concept2 at:
Email address: firstname.lastname@example.org
Concept2, Inc. has further committed to refer unresolved Privacy Shield complaints to the International Centre for Dispute Resolution (ICDR), the international division of the American Arbitration Association, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of the ICDR are provided at no cost to you.
1.9.5 Binding arbitration
You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your compliant directly with Concept2 and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see US Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration).
1.11 Contact Us
Email (for Privacy Concerns): email@example.com
California Residents, please include “CCPA Privacy Request” in the subject line.
Email (for General Contact): firstname.lastname@example.org
105 Industrial Park Dr.
Morrisville, VT 05661
EU Representative for EEA residents
Full name of legal entity: Concept 2 Limited.
Full name of data privacy manager: Rebecca Nowell
Email address: email@example.com
Postal address: Unit C8, Queens Drive Industrial Estate, Crossgate Drive Nottingham NG2 1LW.
Toll-free Phone (US & Canada): 800.245.5676