(If you are a CA resident, this statement includes your California Privacy Rights)
ExerciseRewards.com is an Internet-based personal health improvement resource. It provides interactive tools and features that are designed to help individuals track their fitness activities and achieve fitness goals while earning points toward rewards. ExerciseRewards.com is provided by American Specialty Health Fitness, Inc. (“ASH Fitness”), a subsidiary of American Specialty Health Incorporated (“ASH”).
ExerciseRewards.com values its users and respects their privacy and is committed to using personal information responsibly.
For the purposes of this Privacy Statement the terms “we” and “our” refer to ASH and ASH Fitness, and the terms “member” or “you” mean an authorized user of ExerciseRewards.com.
ExerciseRewards.com will not release, sell, rent, or trade your personal information to any third party without your permission, except when we believe in good faith that the law requires it, or to protect our own rights and properties, or as outlined in this Privacy Statement.
You should read and familiarize yourself with this Privacy Statement and with ExerciseRewards.com Terms and Conditions. By using ExerciseRewards.com, you acknowledge and consent to our collection, processing and use of your information as described in this Privacy Statement. For any questions about this Privacy Statement, please contact us directly. ExerciseRewards.com will respond to any questions within 10 business days from the date of receipt. Contact ExerciseRewards.com directly through any means noted at the end of this Privacy Statement. If information practices change, ExerciseRewards.com will post the revised policy on ExerciseRewards.com and/or will notify users through direct communication.
CALIFORNIA DO NOT TRACK DISCLOSURE
ASH and ASH Fitness do not track ExerciseRewards.com users across third party websites, nor does it allow third parties to collect personally identifiable information on the ExerciseRewards.com.
CALIFORNIA RESIDENTS: YOUR CALIFORNIA PRIVACY RIGHTS
Under California Civil Code Section 1798.83 (known as the “shine the light” law), California residents have a right to request an information-sharing disclosure from a business to which they have provided personal information and which has disclosed the information to any third party for third-party direct marketing uses in the prior calendar year.
We do not knowingly share your personal information with third parties for their direct marketing use without your permission. California residents may send requests for information-sharing disclosure under this law by emailing ASH at HIPAA@ashn.com. Please note that, under this law, we are not required to respond to your request more than once in a calendar year, nor are we required to respond to any requests that are not sent to the above-designated email address.
What kind of personal information may ExerciseRewards.com collect, and how is it collected?
- When you register on ExerciseRewards.com, we collect your name, date of birth, address, e-mail address, home phone number, a username and password to enter the password-protected area of the ExerciseRewards Website, and a security question and answer to help recover your username and/or password.
- If you use the Challenges feature of ExerciseRewards.com, we collect the date you join the challenge, your current weight and goal weight (within weight challenges), and device activity (if you decide to join an activity tracking challenge that utilizes your activity or fitness tracking device).
- If you use the Accountabilities feature of ExerciseRewards.com, we collect the date you send an accountability invitation, your email address, the subject and recipient of the invitation and your message content.
- If you use the Connected! feature of ExerciseRewards.com, you allow us to record your activity related information, such as steps taken in a day, through your eligible enabled activity/fitness device or equipment (a “Fitness Device”). When you use this feature, your activity information will be transmitted from your Fitness Device by the Fitness Device manufacturer, to Validic (a third party data aggregator that we use to facilitate the Connected! feature). After receiving the information from Validic, we upload the information into your member profile/account on the ExerciseRewards Website. By using the Connected! feature, you allow us to receive this information from your Fitness Device. If the Active&Fit Direct program feature is available to you as an ExerciseRewards program member, please refer to the Active&Fit Direct program section toward the end of this privacy statement (or click here) for information on how ExerciseRewards.com collects and uses information within the Active&Fit Direct program feature.
- If you use the ASHConnect mobile app feature of ExerciseRewards.com (which allows members to electronically log their fitness center visits), we will receive the location information of the fitness center you visit and your check-in and check-out times at such fitness center. NOTE: In order to use the ASHConnect mobile app, you must enable and allow GPS location tracking on your activity or fitness tracking device, and if you do not wish for your device location to be tracked, please do not use the ASHConnect mobile app because, without the location information, the app will not be able to log your fitness center visits. To learn more about what data we collect through or within the ASHConnect mobile app and how we use the data, please click here to view the the ASHConnect mobile app Privacy Statement, or you may request a hard copy through one of the contact methods listed in the “How to Contact ExerciseRewards.com for Questions” section below.
- If you enroll in a fitness center through ExerciseRewards.com, we may receive your fitness center location and date of visit information directly from the fitness center if the fitness center is in the ExerciseRewards.com network and, by enrolling in such a fitness center for the purpose of participating in the ExerciseRewards program, you acknowledge and agree that the fitness center may provide your visit information to us on your behalf. Alternatively, depending on availability within your program, you can submit to us your fitness center visit information directly, either through the ASHConnect mobile app or by sending to us via email, fax or postal mail your visit logbook signed by the fitness center or in a printout form provided by the fitness center.
- If you use the Contact Us page of ExerciseRewards.com to submit a comment, inquiry or request to us, we collect your name, phone number, e-mail address, user type, fitness center location, and your comment or inquiry message.
- Additionally, we may collect demographic information from ExerciseRewards.com members, such as age, gender, and areas of interest, as well as users’ IP addresses (which are numerical numbers that are automatically assigned to users’ computers and mobile devices when they are surfing the Internet) and information obtained by tracking the "clickstreams" from usage of ExerciseRewards.com (page requests, pages visited, content viewed, clicks and search queries made, etc.).
How do we use information collected on ExerciseRewards.com?
We use information collected on ExerciseRewards.com to enable users to access and use the ExerciseRewards program tools and features provided on ExerciseRewards.com. For example:
- If you register on ExerciseRewards.com, we will use your registration information to set up, administer, service, and communicate with you regarding your account. Registration on ExerciseRewards.com is required for users to gain access to special tools and features of the ExerciseRewards program, such as Challenges and Accountabilities.
- If you use the Challenges feature of ExerciseRewards.com, we will use your information to track your participation and progress in a challenge and determine if you have met the challenge or won the challenge.
- If you use the Accountabilities feature of ExerciseRewards.com, we will use your information to communicate with your designated accountability partner and enable such partner to utilize the communication tools of the Accountabilities feature, such as providing daily cheers to encourage you to stay on track and posting encouraging messages via the Challenge Chatter feature.
- If you use the Connected! feature of ExerciseRewards.com, we will record your fitness center visit and exercise and your other independent activity information over time and will use such recorded information to verify and determine whether you are eligible for applicable rewards under the ExerciseRewards program (and/or under another member rewards program applicable to you). ASH may also disclose your Connected! activity information (such as steps taken over time) to your health plan or plan sponsor to assist in the administration of your benefit and/or for rewards and reimbursement fulfillment purposes only. If you enter your gender, birth year, weight, and height into your Connected! Profile, we may use this information to calculate and display your calorie metrics based on activity reported through your Connected!-enabled device.
- If you use the ASHConnect mobile app feature of ExerciseRewards.com, we will record the location information of each fitness center you visit and your check-in and check-out times at each such fitness center over time and will use such recorded information to verify and determine whether you are eligible for applicable rewards under the ExerciseRewards program (and/or under another member rewards program applicable to you).
- If you enroll in a fitness center through ExerciseRewards.com, we will use your information to process your enrollment and will use your fitness center location and date of visit information (whether submitted to us directly by you or provided to us on your behalf by the fitness center) to verify and determine whether you are eligible for applicable rewards under the ExerciseRewards program (and/or under another member rewards program applicable to you).
- If you use the Contact Us page of ExerciseRewards.com, we will use your information to process and respond to your comment, inquiry or request (as the case may be).
- We use user demographic information, IP addresses and clickstream data collected on ExerciseRewards.com for internal purposes, such as improving ExerciseRewards.com and associated tools and features, measuring and analyzing ExerciseRewards.com user interests, traffic, and usage patterns, etc.
Under what circumstances do we share user information collected on ExerciseRewards.com with third parties?
We may provide your information to your employer, health plan, or other entities that have contracted with your employer or health plan to provide you with health-related services on behalf of your employer and/or your health plan, or to help administer your benefits. In certain limited situations, we may be required to provide your personal information to your employer, health plan, or in some cases your designated fitness center, in order to confirm your eligibility, conduct billing, and perform other operational tasks required to administer your benefits. In these situations, we require that the recipient have internal controls in place to ensure that personal information is only disclosed to those who perform the benefit administration process described above.
We may also share your information with third parties in the following circumstances:
- With Vendors: Sharing your Personal Information with our vendors to provide services under the Program and to support the operation and maintenance of the ExerciseRewards Website. For example, if you submit credit card information to enroll in the Active&Fit Direct feature of the ExerciseRewards program, we direct our third party payment processor to collect your payment information and process your payment.
- For legal purposes, including: as reasonably necessary to comply with law or legal process (including a court or government order or subpoena); to detect, prevent, or otherwise address fraud, security or technical issues; to enforce this Privacy Statement or the Terms & Conditions for the ExerciseRewards program and the use of this Website; and as reasonably necessary to protect the rights, property or safety of ASH, ASH users, and/or the public.
In addition, we may share with reputable third parties (including, without limitation, our members’ employers and health plans) aggregate statistics regarding ExerciseRewards.com members, such as member demographics, interests, traffic, and usage patterns. The information so shared will not include personal health information or other personally identifiable information of ExerciseRewards.com members.
Can users opt out of collection of Personal Information on the ExerciseRewards Website or as part of the ExerciseRewards Program?
No. The functionality of the ExerciseRewards Website and associated tools and features requires that we collect and receive certain personal information from and about participants in the ExerciseRewards Program. If you do not wish to have your Personal Information collected or received by us, you should not use the ExerciseRewards Website or participate in the ExerciseRewards Program.
Can users disable their accounts and delete their information collected on the ExerciseRewards Website or through enrollment in the ExerciseRewards program?
Except as expressly otherwise stated in this Privacy Statement, and except where applicable law provides otherwise, personal information collected on the ExerciseRewards Website, or through the ExerciseRewards Program generally, cannot be deleted or removed from ASH’s database and will be retained in accordance with ASH’s record retention policy. User accounts, however, may be disabled upon written request, using the contact information at the end of this Privacy Statement.
How can users opt out of receiving certain communications from us?
If you have provided your email address, postal address, and/or telephone number to us, you may opt out of receiving marketing/promotional communications from us by using the contact information provided at the end of this Privacy Statement. To stop receiving marketing/promotional communications via email, you can also use the “unsubscribe” link contained in a marketing/promotional email you have previously received from us. Please note that email unsubscribe requests may take up to 30 days to process once received.
For users who have requested to be removed from our email, postal mail, and/or telephone contact lists, once their requests are processed, we will maintain an internal do-not-contact list to ensure that the request is honored.
NOTE: Your opt-out regarding our marketing/promotional communications will not stop our communications of a transactional or member relation nature or as required by law (e.g., communications regarding your ExerciseRewards.com account or your participation in the ExerciseRewards program, communications in response to a request or inquiry you have made with us, notices regarding material changes to ExerciseRewards.com or our information practices, notices regarding an actual or suspected security breach that affects your information stored by or for us, etc.).
How do we protect the privacy of minors?
We are concerned about the safety of children when they use the Internet. ExerciseRewards.com is not intended for use by persons under the age of majority (e.g., under the age of 18 in California). If we become aware that a user is under the age of 18 and has provided personal information to us without prior parental consent, we will remove all information provided by such underage user from we database.
The ExerciseRewards Website also uses third-party websites and applications, including Facebook, to collect data about your activities. This information does not in any way identify you or give access to your computer or mobile device. The third party websites and applications use the information they collect to serve you relevant advertisements for the ExerciseRewards Website. For more information about how to opt-out, please visit https://www.facebook.com/help/568137493302217 or http://www.aboutads.info/choices.
“Cookies” are small text files that are placed on your hard disk by a webpage server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
We may also use “web beacons” – which can be included in web pages or in emails for reporting and analytic purposes, such as counting users who have visited a web page and/or tracking usage patterns. We do not gather personal information of any kind via this activity. Web beacons cannot be declined when delivered via a regular web page. However, web beacons can be refused when delivered via email. If you do not wish to receive web beacons via email, refuse HTML (select Text only) emails via your email.
Some web browsers incorporate a "do-not-track" (“DNT”) or similar feature that signals to websites that a visitor does not want to have his/her online activity tracked. If a website receives a DNT signal, the browser can block that website from collecting certain information about the browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, we (along with many other website operators) do not currently respond to DNT signals. For more information about DNT signals, visit www.allaboutdnt.com.
How do we safeguard user information?
In order to maintain the confidentiality of and safeguard the security of personal information of ExerciseRewards.com members, we enforce strict company-wide policies regarding member information privacy, security, and confidentiality.
We have an organizational commitment to protecting member information privacy and security. All employees who work for ExerciseRewards.com are made aware of security policies and practices through employee orientation and annual refresher training. Personal information of ExerciseRewards.com members is stored in an isolated database with tightly restricted access. Employees authorized to view this information are authenticated prior to gaining such access. We review web security on an ongoing basis. In addition to daily security administration and response activities, ExerciseRewards.com undergoes an overall security review on an annual basis.
ExerciseRewards.com uses Transport Layer Security (TLS) technology to protect the security of members’ personal information. You will see an unbroken key or a closed lock (depending on the browser used) in the upper part of the browser window when TLS is active and the server is secure. The URL line of the browser will also contain "https" instead of "http". When you register on ExerciseRewards.com, your account/profile information will be transmitted to us in encrypted form and your registration will be assigned a unique User ID to which only our authorized employees will have access.
Note to international users.
The ExerciseRewards Program and Website are intended for U.S. residents. If you are outside of the United States and access the ExerciseRewards Website or submit your Personal Information to us, please be advised that U.S. law may not offer the same privacy protections as the law of your jurisdiction. By using the ExerciseRewards Website or submitting your Personal Information to us, you consent to the transfer to and processing of your Personal Information in the United States.
What is ExerciseRewards.com’s advertising policy?
We do not allow third-party advertising on ExerciseRewards.com.
What is ExerciseRewards.com’s policy regarding links to other websites and services?
How to contact ExerciseRewards.com for questions?
Questions may be submitted online using ExerciseRewards.com ’s Contact Us page. All ExerciseRewards.com site operations are conducted and maintained by staff affiliated with ASH. ASH is a Delaware corporation domiciled in California, with the corporate office located at 10221 Wateridge Circle, San Diego, CA 92121.
ExerciseRewards.com Customer Service
P.O. Box 509040
San Diego, CA 92150-9040
Privacy and Security Contact Information
ASH has a designated Privacy Officer and an Information Security Officer to oversee our privacy and security programs. You may direct questions about these programs to these individuals by either calling (877) 427-4766 or emailing HIPAA@ashn.com.
If the Active&Fit Direct program feature is available to you as an ExerciseRewards program member, and you choose to use that feature, the following will apply to you:
When you participate in the Active&Fit Direct program feature of the ExerciseRewards program Website, we will collect “Personal Information,” which is any information that can be used to identify you. If you choose not to provide your Personal Information, aspects of the Active&Fit Direct Program feature and the ExerciseRewards Website will not be available to you.
We collect your Personal Information when, for example:
- You Request a Guest Pass: If you request a guest pass letter, we will collect your contact information (name, mailing address, email address and phone number) to process your guest pass letter request. We may follow up with you on your guest pass experience at the contact information you provide.
- You Search for an Active&Fit Direct Fitness Center: We may collect and use your address to help locate Active&Fit Direct fitness centers near you. We may also receive utilization reports containing dates of visits from any Active&Fit Direct fitness center that you have accessed through your enrollment in the program.
- You Enroll in the Active&Fit Direct Program Feature: If you choose to enroll in the Active&Fit Direct Program feature, you will be asked to provide your credit card information to process your enrollment fee and recurring monthly fee. We use a PCI-compliant third party payment processor to collect and process your credit card information. ExerciseRewards and the Active&Fit Direct program feature does not directly collect or maintain your credit card information.
We use the information we collect from the Active&Fit Direct program feature in the following ways:
- Process enrollment and facilitate participation: If you use the Active&Fit Direct Program feature, we will use your information to process your enrollment, set up and administer your account (including processing your payment history if you are enrolled in the ExerciseRewards reimbursement program), and verify utilization with Active&Fit fitness centers.
- Fulfill your requests: We use your information to fulfill your requests, such as process a guest pass letter request or send you information that you request. We may also follow up with you on your guest pass experience at the contact information you provide while using the guest pass request feature.
Changes to Privacy Statement
We reserve the right to make changes to this Privacy Statement at any time by posting the new policy on ExerciseRewards.com. Except where otherwise stated by applicable law, changes to this Privacy Statement will become effective when the new policy is posted ExerciseRewards.com, and such posting will constitute our notice to you regarding the changes, and by continuing to use ExerciseRewards.com following such posting, you accept and agree to be bound by the new policy.
If we make changes to this Privacy Statement that will materially change the way we collect or use personal information of ExerciseRewards.com members, we will obtain member consent to such changes where required by applicable law, and the changes will apply to members on a prospective basis only (unless otherwise agreed in writing by members).
We encourage you to check the website regularly to see if we have made any modifications to this Privacy Statement.