(If you are a CA resident, this statement includes your California Privacy Rights)
ExerciseRewards.com is an Internet-based personal health improvement resource. It provides interactive tools and features that are designed to help individuals track their fitness activities and achieve fitness goals while earning points toward rewards. ExerciseRewards.com is provided by American Specialty Health Fitness, Inc. (“ASH Fitness”), a subsidiary of American Specialty Health Incorporated (“ASH”).
ExerciseRewards.com values its users and respects their privacy and is committed to using personal information responsibly.
For the purposes of this Privacy Statement the terms “we” and “our” refer to ASH and ASH Fitness, and the terms “member” or “you” mean an authorized user of ExerciseRewards.com.
ExerciseRewards.com will not release, sell, rent, or trade your personal information to any third party without your permission, except when we believe in good faith that the law requires it, or to protect our own rights and properties, or as outlined in this Privacy Statement.
You should read and familiarize yourself with this Privacy Statement and with ExerciseRewards.com Terms & Conditions. By using ExerciseRewards.com, you acknowledge and consent to our collection, processing and use of your information as described in this Privacy Statement. For any questions about this Privacy Statement, please contact us directly. ExerciseRewards.com will respond to any questions within 10 business days from the date of receipt. Contact ExerciseRewards.com directly through any means noted at the end of this Privacy Statement. If information practices change, ExerciseRewards.com will post the revised policy on ExerciseRewards.com and/or will notify users through direct communication.
CALIFORNIA DO NOT TRACK DISCLOSURE
ASH and ASH Fitness do not track ExerciseRewards.com users across third party websites, nor does it allow third parties to collect personally identifiable information on the ExerciseRewards.com.
CALIFORNIA RESIDENTS: YOUR CALIFORNIA PRIVACY RIGHTS
Under California Civil Code Section 1798.83 (known as the “shine the light” law), California residents have a right to request an information-sharing disclosure from a business to which they have provided personal information and which has disclosed the information to any third party for third-party direct marketing uses in the prior calendar year.
We do not knowingly share your personal information with third parties for their direct marketing use without your permission. California residents may send requests for information-sharing disclosure under this law by emailing ASH at HIPAA@ashn.com. Please note that, under this law, we are not required to respond to your request more than once in a calendar year, nor are we required to respond to any requests that are not sent to the above-designated email address.
What kind of personal information may ExerciseRewards.com collect, and how is it collected?
- When you register on ExerciseRewards.com, we collect your name, date of birth, address, e-mail address, and home phone number.
- If you use the Challenges feature of ExerciseRewards.com, we collect the date you join the challenge, your current weight and goal weight (within weight challenges), and device activity (if you decide to join an activity tracking challenge that utilizes your activity or fitness tracking device).
- If you use the Accountabilities feature of ExerciseRewards.com, we collect the date you send an accountability invitation, your email address, the subject and recipient of the invitation and your message content.
- If you use the Connected! feature of ExerciseRewards.com, you allow us to receive your activity information, such as steps taken in a day, height, weight, and calories, from your activity or fitness tracking device (e.g., Fitbit, Jawbone, Garmin, etc.). When you use the Connected! feature, your activity information will be transmitted from your device by your device manufacturer, to Validic (a third party data aggregator that we use). After receiving the information from Validic, we will upload the information into your member profile/account on ExerciseRewards.com. By using the Connected! feature, you also allow us to receive profile information from your device, if applicable, or from your own input, including gender, birth year, height, weight, and time zone.
- If you use the CheckIn! mobile app feature of ExerciseRewards.com (which allows members to electronically log their fitness center visits), we will receive the location information of the fitness center you visit and your check-in and check-out times at such fitness center. NOTE: In order to use the CheckIn! mobile app, you must enable and allow GPS location tracking on your activity or fitness tracking device, and if you do not wish for your device location to be tracked, please do not use the CheckIn! mobile app because, without the location information, the app will not be able to log your fitness center visits. To learn more about what data we collect through or within the CheckIn! mobile app and how we use the data, please click here to view the the CheckIn! mobile app Privacy Statement, or you may request a hard copy through one of the contact methods listed in the “How to Contact ExerciseRewards.com for Questions” section below.
- If you enroll in a fitness center through ExerciseRewards.com, we may receive your fitness center location and date of visit information directly from the fitness center if the fitness center is in the ExerciseRewards.com network and, by enrolling in such a fitness center for the purpose of participating in the ExerciseRewards program, you acknowledge and agree that the fitness center may provide your visit information to us on your behalf. Alternatively, depending on availability within your program, you can submit to us your fitness center visit information directly, either through the CheckIn! mobile app or by sending to us via email, fax or postal mail your visit logbook signed by the fitness center or in a printout form provided by the fitness center.
- If you use the Contact Us page of ExerciseRewards.com to submit a comment, inquiry or request to us, we collect your name, phone number, e-mail address, user type, fitness center location, and your comment or inquiry message.
- Additionally, we may collect demographic information from ExerciseRewards.com members, such as age, gender, and areas of interest, as well as users’ IP addresses (which are numerical numbers that are automatically assigned to users’ computers and mobile devices when they are surfing the Internet) and information obtained by tracking the "clickstreams" from usage of ExerciseRewards.com (page requests, pages visited, content viewed, clicks and search queries made, etc.).
How do we use information collected on ExerciseRewards.com?
We use information collected on ExerciseRewards.com to enable users to access and use the ExerciseRewards program tools and features provided on ExerciseRewards.com. For example:
- If you register on ExerciseRewards.com, we will use your registration information to set up, administer, service, and communicate with you regarding your account. Registration on ExerciseRewards.com is required for users to gain access to special tools and features of the ExerciseRewards program, such as Challenges and Accountabilities.
- If you use the Challenges feature of ExerciseRewards.com, we will use your information to track your participation and progress in a challenge and determine if you have met the challenge or won the challenge.
- If you use the Accountabilities feature of ExerciseRewards.com, we will use your information to communicate with your designated accountability partner and enable such partner to utilize the communication tools of the Accountabilities feature, such as providing daily cheers to encourage you to stay on track and posting encouraging messages via the Challenge Chatter feature.
- If you use the Connected! feature of ExerciseRewards.com, we will record your fitness center visit and exercise and your other independent activity information over time and will use such recorded information to verify and determine whether you are eligible for applicable rewards under the ExerciseRewards program (and/or under another member rewards program applicable to you). ASH may also disclose your Connected! activity information (such as steps taken over time) to your health plan or plan sponsor to assist in the administration of your benefit and/or for rewards and reimbursement fulfillment purposes only. If you enter your gender, birth year, weight, and height into your Connected! Profile, we may use this information to calculate and display your calorie metrics based on activity reported through your Connected!-enabled device.
- If you use the CheckIn! mobile app feature of ExerciseRewards.com, we will record the location information of each fitness center you visit and your check-in and check-out times at each such fitness center over time and will use such recorded information to verify and determine whether you are eligible for applicable rewards under the ExerciseRewards program (and/or under another member rewards program applicable to you).
- If you enroll in a fitness center through ExerciseRewards.com, we will use your information to process your enrollment and will use your fitness center location and date of visit information (whether submitted to us directly by you or provided to us on your behalf by the fitness center) to verify and determine whether you are eligible for applicable rewards under the ExerciseRewards program (and/or under another member rewards program applicable to you).
- If you use the Contact Us page of ExerciseRewards.com, we will use your information to process and respond to your comment, inquiry or request (as the case may be).
- We use user demographic information, IP addresses and clickstream data collected on ExerciseRewards.com for internal purposes, such as improving ExerciseRewards.com and associated tools and features, measuring and analyzing ExerciseRewards.com user interests, traffic, and usage patterns, etc.
Under what circumstances do we share user information collected on ExerciseRewards.com with third parties?
We may provide your information to your employer, health plan, or other entities that have contracted with your employer or health plan to provide you with health-related services on behalf of your employer and/or your health plan, or to help administer your benefits. In certain limited situations, we may be required to provide your personal information to your employer, health plan, or in some cases your designated fitness center, in order to confirm your eligibility, conduct billing, and perform other operational tasks required to administer your benefits. In these situations, we require that the recipient have internal controls in place to ensure that personal information is only disclosed to those who perform the benefit administration process described above.
We may also share your information with third parties in the following circumstances:
- as reasonably necessary to enable third-party service providers to provide services and support for the operation and maintenance of ExerciseRewards.com and associated tools and features;
- as reasonably necessary to comply with law or legal process (including a court or government order or subpoena);
- as reasonably necessary to detect, prevent, or otherwise address fraud, security or technical issues;
- as reasonably necessary to enforce this Privacy Statement and/or the Terms & Conditions for ExerciseRewards.com;
- as reasonably necessary to protect the rights, property or safety of ASH and ASH Fitness, our members and users, and/or the public.
In addition, we may share with select third parties (including, without limitation, our members’ employers and health plans)aggregate statistics regarding ExerciseRewards.com members, such as member demographics, interests, traffic, and usage patterns. The information so shared will not include personal health information or other personally identifiable information of ExerciseRewards.com members.
Can users opt out of collection of personal information on ExerciseRewards.com?
No. The functionality of ExerciseRewards.com and associated tools and features requires that we collect and receive certain personal information from and about participants in the ExerciseRewards program. Accordingly, if you do not wish to have your personal information collected or received by us, you should not use ExerciseRewards.com or participate in the ExerciseRewards program.
Can users access, update and delete their information collected on the ExerciseRewards.com?
If you have an active account on ExerciseRewards.com, you can log into your account to view your account/profile information. Members may update their account/profile information by submitting a written request to ASH using the “Member Request to Amend Protected Health Information” form which form is available upon request through the contact information at the end of this Privacy Statement. Failure to fully complete all sections of the form may result in the form being returned to you. Response to the request for amendment will be issued within 30 days of receipt of the completed form. However, we may obtain one 30-day extension by sending the member a written notice stating the reason for the delay and the expected date of the response. We may deny the member’s amendment request under the following circumstances:
- We cannot verify and confirm the identity of the member making the request.
- The request for amendment was made verbally.
- The request does not state a reason for the amendment.
- We cannot change member information provided to us by or on behalf of a health plan or a plan sponsor.
NOTE: Except as expressly otherwise stated in this Privacy Statement, and except where applicable law provides otherwise, member information (including personal health information and other personally identifiable information) collected on ExerciseRewards.com cannot be deleted or removed from our database and will be retained for a minimum of 10 years in accordance with our record retention policy. User accounts, however, may be disabled upon written request, using the contact information provided at the end of this Privacy Statement.
How can users opt out of receiving certain communications from us?
If you have provided your email address, postal address, and/or telephone number to us, you may opt out of receiving marketing/promotional communications from us by using the contact information provided at the end of this Privacy Statement. To stop receiving marketing/promotional communications via email, you can also use the “unsubscribe” link contained in a marketing/promotional email you have previously received from us. Please note that email unsubscribe requests may take up to 30 days to process once received.
For users who have requested to be removed from our email, postal mail, and/or telephone contact lists, once their requests are processed, we will maintain an internal do-not-contact list to ensure that the request is honored.
NOTE: Your opt-out regarding our marketing/promotional communications will not stop our communications of a transactional or member relation nature or as required by law (e.g., communications regarding your ExerciseRewards.com account or your participation in the ExerciseRewards program, communications in response to a request or inquiry you have made with us, notices regarding material changes to ExerciseRewards.com or our information practices, notices regarding an actual or suspected security breach that affects your information stored by or for us, etc.).
How do we protect the privacy of minors?
We are concerned about the safety of children when they use the Internet. ExerciseRewards.com is not intended for use by persons under the age of majority (e.g., under the age of 18 in California). If we become aware that a user is under the age of 18 and has provided personal information to us without prior parental consent, we will remove all information provided by such underage user from we database.
For more information on how to manage cookies, visit http://www.aboutcookies.org/
To manage Adobe Local Shared Objects (also known as LSOs or Flash cookies), visit http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html.
We may also use “web beacons” (also known as “clear GIFs,” “pixel tags,” etc.) – which are small bits of code embedded in web pages or in emails – to deliver or communicate with cookies, to count users who have visited a web page, and to understand usage patterns. We may include web beacons in emails to help us recognize activities such as when an email was opened, how many times an email was forwarded, which links in the email were clicked on, etc. Web beacons cannot be declined when delivered via a regular web page. However, web beacons can be refused when delivered via email. If you do not wish to receive web beacons via email, you will need to disable HTML images or refuse HTML (select Text only) emails via your email software.
How do we safeguard user information?
In order to maintain the confidentiality of and safeguard the security of personal information of ExerciseRewards.com members, we enforce strict company-wide policies regarding member information privacy, security, and confidentiality.
We have an organizational commitment to protecting member information privacy and security. All employees who work for ExerciseRewards.com are made aware of security policies and practices through employee orientation and annual refresher training. Personal information of ExerciseRewards.com members is stored in an isolated database with tightly restricted access. Employees authorized to view this information are authenticated prior to gaining such access. We review web security on an ongoing basis. In addition to daily security administration and response activities, ExerciseRewards.com undergoes an overall security review on an annual basis.
ExerciseRewards.com uses Transport Layer Security (TLS) technology to protect the security of members’ personal information. You will see an unbroken key or a closed lock (depending on the browser used) in the upper part of the browser window when TLS is active and the server is secure. The URL line of the browser will also contain "https" instead of "http". When you register on ExerciseRewards.com, your account/profile information will be transmitted to us in encrypted form and your registration will be assigned a unique User ID to which only our authorized employees will have access.
What is ExerciseRewards.com’s advertising policy?
We do not allow third-party advertising on ExerciseRewards.com.
What is ExerciseRewards.com’s policy regarding links to other websites and services?
How to contact ExerciseRewards.com for questions?
Questions may be submitted online using ExerciseRewards.com ’s Contact Us page. All ExerciseRewards.com site operations are conducted and maintained by staff affiliated with ASH. ASH is a Delaware corporation domiciled in California, with the corporate office located at 10221 Wateridge Circle, San Diego, CA 92121.
ExerciseRewards.com Customer Service
P.O. Box 509040
San Diego, CA 92150-9040
Changes to Privacy Statement
We reserve the right to make changes to this Privacy Statement at any time by posting the new policy on ExerciseRewards.com. Except where otherwise stated by applicable law, changes to this Privacy Statement will become effective when the new policy is posted ExerciseRewards.com, and such posting will constitute our notice to you regarding the changesm, and by continuing to use ExerciseRewards.com following such posting, you accept and agree to be bound by the new policy.
If we make changes to this Privacy Statement that will materially change the way we collect or use personal information of ExerciseRewards.com members, we will obtain member consent to such changes where required by applicable law, and the changes will apply to members on a prospective basis only (unless otherwise agreed in writing by members).
We encourage you to check the website regularly to see if we have made any modifications to this Privacy Statement.