Privacy Statement

Effective Date: December 31, 2020

(If you are a CA resident, this statement includes your California Privacy Rights)

The ExerciseRewardsTM program is an Internet-based personal health improvement resource. It provides interactive tools and features that are designed to help individuals track their fitness activities and achieve fitness goals while earning points toward rewards (the “ExerciseRewards Program” or “Program”). The ExerciseRewards Program and the ExerciseRewards website (the “ExerciseRewards Website” or “Website”) are owned and operated by American Specialty Health Fitness, Inc. (“ASH Fitness”), a subsidiary of American Specialty Health Incorporated (“ASH”), a Delaware corporation with a mailing address of 10221 Wateridge Circle, San Diego, CA 92121, on behalf of itself and its subsidiaries. The provisions of this Privacy Statement apply to these companies to the extent they support the ExerciseRewards program. The terms “ASH” or “We” in this Privacy Statement refer collectively to these companies.

This Privacy Statement, together with the Terms and Conditions, govern your participation in the ExerciseRewards Program and your use of the ExerciseRewards Website. By using the ExerciseRewards Website, or otherwise participating in the ExerciseRewards Program, you accept and agree to be bound by this Privacy Statement and the Terms and Conditions.

You should read and familiarize yourself with this Privacy Statement and with ExerciseRewards.com Terms and Conditions. By using ExerciseRewards.com, you acknowledge and consent to our collection, processing and use of your information as described in this Privacy Statement. For any questions about this Privacy Statement, please contact us directly through any means noted at the end of this Privacy Statement. If information practices change, ExerciseRewards.com will post the revised policy on ExerciseRewards.com and/or will notify users through direct communication.

Information Collected by ExerciseRewards

We do not knowingly or intentionally collect what is commonly referred to as ‘sensitive personal information’. Sensitive personal information is information related to reproductive health, sexually transmitted diseases, substance use disorder, gender dysphoria, gender affirming care, domestic violence, and mental health. Please do not submit sensitive personal information to us.

How we obtain information about you:

  • when you provide it to us (e.g. by contacting us through our Contact Us, when you call us, when registering or enrolling for the services)
  • from your use of our website, using cookies,
  • from your Sponsoring Organization ( e.g. Health Plan/Insurer or Employer Group), and
  • occasionally, from our service providers.
This chart is a reference guide on how the ExerciseRewards Program collects, uses, and shares your information. This is only a summary. You should review the full privacy statement below for more detail.  If you are a California resident or an international user, the full privacy statement contains important information related to your privacy rights.
  Categories of Personal Information Source of Collection How do we use? How do we share?
 

Website Registration/
Program Enrollment

Benefit Administration

Identifiers: 

First and last name,
Email address,
Username and password,
Security question and answer
Fitness ID
Sponsoring Organization Member ID (provided by your Sponsoring Organization)

Personal Information:
Phone number
Mailing address

Protected Class Information:
Date of Birth

Provided by you during enrollment and by your Sponsoring Organization for eligibility purposes.To perform services to maintain and service your account, provide customer service, process transactions, verify customer information, and advertising and marketing of affiliate products available to you through ASH as part of your Sponsoring Organization’s plan.

To perform auditing, detecting security incidents, debugging programs, internal research and tech development, and quality assurance and product improvement.
We do not share passwords or security questions/answers.

Pursuant to the consent that you have given to your Sponsoring Organization, and (if applicable) as permitted under HIPAA and your Sponsoring Organization’s Notice of Privacy Practices, we may share information with the benefit administrator of said organization as necessary for benefit administration purposes.

With contracted Fitness Centers and/or Active Options providers (hereinafter “Fitness Providers”) for eligibility, reimbursement, and utilization reporting. Additional information shared may include Fitness ID, Location, program name, and effective date/termination date.

Fitness Providers may share utilization data with Us for benefit administration purposes.

We may share email, first name, and last name with service providers who support email communications.

Connected!™ FeatureIdentifiers: 

Device ID

Protected Class Information:
Date of Birth
Gender

Personal Information:
Your fitness device activity information (e.g. steps, exercise duration, etc.)
Height
Weight
Time Zone

When you agree to participate in the Connected! feature, you authorize your device to share your activity information with an activity aggregator, who forwards the activity information to Us to include in your account. To perform services related to recording your activity, such as steps taken in a day, tracking your progress over time, and processing rewards, if applicable.

To perform auditing, detecting security incidents, debugging programs, internal research and tech development, quality assurance, and product improvement.

We may share information with the benefit administrator of your Sponsoring Organization’s plan to help you meet your health plan incentive, if applicable.

 

 

ExerciseRewards ASH Connect™ AppIdentifiers: 

Username
Password
Device ID
IP Address

Personal Information:
Geolocation
Check-in/Check-out times

Provided to Us when you check-in on the ASH Connect app. To perform services related to recording your activity through Check-In, tracking your progress over time, finding Fitness Providers in your area, providing and monitoring use of resources, and processing rewards, if applicable.We may share information with the benefit administrator of your Sponsoring Organization’s plan to help you meet your health plan incentive, if applicable. We do not share your exact locations or check-in/check out times with the Sponsoring Organization. 
 Contact UsIdentifier:

First and last name,
E-mail address

Personal Information:
Phone number,
Sponsoring Organization,
General inquiry details

Provided by you. To verify your information and to perform services addressing your questions, suggestions and complaints.We share the information outside of ASH as necessary to resolve your inquiry or concern when resolution requires third-party action including with your Sponsoring Organization.
SurveysIdentifiers: 

First and last name,
Email address,

Personal Information:
Mailing address

Provided by ASH to our Survey Service Provider. To gather customer feedback to perform services related to internal research, tech development, quality assurance and product improvement. With Survey Service Provider for administering the survey and/or ASH.

We may share aggregate results of the survey with Sponsoring Organizations, existing and potential clients and the public.

Payment ProcessingWe do not collect your credit card information or maintain it on our systems.
Additional Sharing

For legal purposes, including: as reasonably necessary to comply with law or legal process (including a court or government order or subpoena); to detect, prevent, or otherwise address fraud, security or technical issues; to enforce this Privacy Statement or the Terms & Conditions for the ExerciseRewards program and the use of this Website; and as reasonably necessary to protect the rights, property or safety of ASH, ASH users, and/or the public.

During a corporate reorganization: If ASH is involved in a merger, acquisition, financing, or sale of business or assets, information collected from and about users may be transferred to one or more third parties involved in such transaction and, upon such transfer, the relevant third-party privacy policy or policies may govern further use of the information. In the event of such a change, ASH will endeavor to notify our users of the change as well as any choices our users may have regarding the change.

Aggregate Information: In addition, ASH may provide reputable service providers, third-party vendors and Sponsoring Organizations with aggregate statistics regarding user participation, ExerciseRewards Website traffic patterns and related Usage Information. The information so provided will not include individually identifiable information, meaning we will not share your Personal Information when sharing aggregate information.

Cookies, Website Analytics, and Interest Based AdvertisingInternet or Electronic Activity Information:
Web server logs,
Cookies,
Web beacons,
Website browsing activity
Provided by Google Analytics. To perform auditing, detecting security incidents, debugging programs, internal research, tech development, quality assurance and product improvement.We do not share the information that Google Analytics provides to us with any third parties.
Through your participation with ExerciseRewards you may have access to other ASH products and programs, such as but not limited to, the ASHConnect App and Active&Fit Direct. These products and programs have separate Terms and Conditions and Privacy Statements and may be provided by affiliates of ASH Fitness. You should review and accept their respective Terms and Conditions and Privacy Statements before you use them. 
If you choose not to provide your Personal Information, certain features of the ExerciseRewards Program and ExerciseRewards Website will not be available to you.

Additional Detail Regarding Uses

  • When you register on ExerciseRewards.com, we collect your name, date of birth, address, e-mail address, home phone number. We also require a username and password to enter the password-protected area of the ExerciseRewards Website and a security question and answer to help recover your username and/or password. We may share you email, first name, and last name with service providers who support email communications.
  • If you use the Connected! feature of ExerciseRewards.com, you allow us to record your activity related information, such as steps taken in a day, through the eligible enabled activity/fitness device or equipment (a “Fitness Device”) you authorize for use with the feature. When you use this feature, your activity information will be transmitted from your Fitness Device by the Fitness Device manufacturer, to a third-party data aggregator that we use to facilitate the Connected! feature. After receiving the information from the aggregator, we upload the information into your member profile/account on the ExerciseRewards Website. By using the Connected! feature, you allow us to receive this information from your Fitness Device.
  • If the Active&Fit Direct program feature is available to you as an ExerciseRewards program member, please refer to the Active&Fit Direct program privacy statement (click here) for information on how ExerciseRewards.com collects and uses information within the Active&Fit Direct program feature.
  • If you use the ASHConnect mobile app feature of ExerciseRewards.com (which allows members to electronically log their fitness provider visits), we will receive the location information through GPS technology or other similar technology (such as WiFi and/or cell towers) to determine your current location. We use this information to recommend participating fitness providers and to determine if you are in a participating facility when you check in and or check out. We will collect your check-in and check-out times at such fitness provider and use the information in combination with your location information to determine eligibility for certain points or rewards in accordance with your applicable Program. NOTE: In order to track your activity through the ASHConnect mobile app, you must enable and allow GPS location tracking on your activity, and if you do not wish for your device location to be tracked, please do not use the ASHConnect mobile app because, without the location information, the app will not be able to log your fitness provider visits. To learn more about what data we collect through or within the ASHConnect mobile app and how we use the data, please review the ASHConnect mobile app Privacy Statement located in the footer of the ASHConnect app login page.
  • If you enroll with a fitness provider through ExerciseRewards.com, we may receive your fitness provider location and date of visit information directly from the fitness provider if the fitness provider is in the ExerciseRewards.com network and, by enrolling in such a fitness provider for the purpose of participating in the ExerciseRewards program, you acknowledge and agree that the fitness provider may provide your visit information to us on your behalf. Alternatively, depending on availability within your program, you can submit to us your fitness provider visit information directly, either through the ASHConnect mobile app or by emailing, faxing or mailing us: 1) your visit logbook signed by the fitness provider, or 2) a printed history of your visits as documented by your fitness provider.
  • Surveys. A portion of members are randomly selected for participation in surveys, if you are selected, your name, email address and mailing address will be forwarded to our Survey Service Provider for administration of the survey. If you receive a survey, your participation is optional. ASH may share non-individually identifiable aggregate survey results with your Sponsoring Organization.
  • If you use the Contact Us page of ExerciseRewards.com to submit a comment, inquiry or request to us, we collect your name, phone number, e-mail address, user type, fitness provider location, and your comment or inquiry message.
  • Additionally, we may collect aggregate information from ExerciseRewards.com members, such as users’ IP addresses (which are numerical numbers that are automatically assigned to users’ computers and mobile devices when they are surfing the Internet) and information obtained by tracking the "clickstreams" from usage of ExerciseRewards.com (page requests, pages visited, content viewed, clicks and search queries made, etc.).

Cookies and other similar technologies

We use cookies and other similar technologies on the ExerciseRewards Website to help us remember who you are, to enhance and personalize your experience, to understand and save your preferences for future visits, to compile group information about our users, and to carry out other tasks relating to the operation or improvement of the ChooseHealthy Website.

  • " Cookies" are small text files that are placed on your hard disk by a webpage server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. Most web browsers are initially set to accept cookies, but you can change your browser settings to notify you when you are sent a cookie, giving you the ability to accept or reject it, or you can choose to routinely and manually delete cookies stored on your computer or mobile device. Each time you revisit the ExerciseRewards Website, your ability to restrict our use of cookies on that service is subject to your browser settings and limitations at the time. Please note that if you choose to disable or reject cookies from the ChooseHealthy Website, some portions and features of the ChooseHealthy Website may become inaccessible or may not function properly. For more information on how to manage cookies, visit http://www.aboutcookies.org/
  • We may also use "web beacons" – which can be included in web pages or in emails for reporting and analytic purposes, such as counting users who have visited a web page and/or tracking usage patterns. We do not gather personal information of any kind via this activity. Web beacons cannot be declined when delivered via a regular web page. However, web beacons can be refused when delivered via email. If you do not wish to receive web beacons via email, refuse HTML (select Text only) emails via your email.

Interest-Based Advertising: We may also work with a variety of advertisers, third-party websites/applications, and analytics companies that use these technologies to collect data about your use of the ExerciseRewards Website so that we can deliver ads to you based on your interests and online activities. This information does not identify you or give us access to your computer or mobile device. For more information about online advertising or to choose not to see interest-based ads, please visit http://www.aboutads.info/choices. Keep in mind that if you choose not to see online interest-based ads, you’ll still see ads, but they may not be as relevant to you.

Google Analytics: Google Analytics to collect information to improve the Website, such as how often users visit the Website, what pages they visit when they do so, and what other websites they used prior to visiting the ExerciseRewards Website. Google Analytics places a cookie on your web browser so that it can identify you the next time you visit the Website, and the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to the Website is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. If you don’t want Google Analytics to be used in your browser, you can install the Google Analytics opt-out browser add-on which is available at https://tools.google.com/dlpage/gaoptout

Do Not Track: Some web browsers incorporate a "do-not-track" (“ DNT”) or similar feature that signals to websites that a visitor does not want to have his/her online activity tracked. If a website receives a DNT signal, the browser can block that website from collecting certain information about the browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, we (along with many other website operators) do not currently respond to DNT signals. For more information about DNT signals, visit www.allaboutdnt.com.

How ExerciseRewards Uses Personal Information

We use information collected through the ExerciseRewards program to enable users to access and use the ExerciseRewards program tools and features. For example:

  • If you enroll in the ExerciseRewards program, we will use the eligibility information that your Sponsoring Organization sends ASH, including your Sponsoring Organization Member ID to verify your eligibility and complete your enrollment.
  • If you register on ExerciseRewards.com, we will use your registration information to set up, administer, service, and communicate with you regarding your account. Registration on ExerciseRewards.com is required for users to gain access to special tools and features of the ExerciseRewards program.
  • If you use the Connected! feature of ExerciseRewards.com, we will record your fitness provider visit and exercise and your other independent activity information over time and will use such recorded information to verify and determine whether you are eligible for applicable rewards under the ExerciseRewards program (and/or under another member rewards program applicable to you). ASH may also disclose your Connected! activity information (such as steps taken over time) to your health plan or plan sponsor to assist in the administration of your benefit and/or for rewards and reimbursement fulfillment purposes only. If you enter your gender, birth year, weight, and height into your Connected! profile, we may use this information to calculate and display your calorie metrics based on activity reported through your Connected!-enabled device.
  • If you use the ASHConnect mobile app feature of ExerciseRewards.com, we will record the location information of each fitness provider you visit and your check-in and check-out times at each such fitness provider over time and will use such recorded information to verify and determine whether you are eligible for applicable rewards under the ExerciseRewards program (and/or under another member rewards program applicable to you).
  • If you use the ASHConnect app, the data is uploaded to your Exercise Rewards account in order to track your activity and your progress over time.
  • If you enroll in a fitness provider through Exercise Rewards, we will use your information, along with a Fitness ID we assign to your account, with Fitness Providers to confirm you eligibility for services, to reimburse Fitness Providers, for reporting utilization of the Fitness Providers services, and for processing rewards, if applicable Additional information shared with Fitness Providers for these purposes may include your Sponsoring Organization’s program name, your effective date/termination date with Active&Fit Direct, and the fitness provider location and date of your visit or use of the location.
  • If you participate in a Survey, ASH will use your information and responses to improve our program and to share program aggregate feedback with your Sponsoring Organization, our existing and potential clients, and the public.
  • Email: We use a Service Provider to store emails you send us. We also use our Service Providers to send follow-up emails to the address you provide. Transmission of information over the internet is not entirely secure, and if you submit any information to us over the internet (whether by email, via our website or any other means), you do so entirely at your own risk.
  • If you Contact Us, we will use your information to process and respond to your inquiries and requests. If you contact us by phone, we may record you phone calls for quality and training purposes.
  • We use user IP addresses and clickstream data collected on ExerciseRewards.com for internal purposes, such as improving ExerciseRewards.com and associated tools and features, measuring and analyzing exerciserewards.com user interests, traffic, and usage patterns, etc.

Sharing with Third Parties

We may provide your information to your sponsoring organization (employer, health plan, or other entities that have contracted with your employer or health plan) to provide you with health-related services on behalf of your employer and/or your health plan, or to help administer your benefits. In certain limited situations, we may be required to provide your personal information to your employer, health plan, or in some cases your designated fitness provider, in order to confirm your eligibility, conduct billing, and perform other operational tasks required to administer your benefits. In these situations, we require that the recipient have internal controls in place to ensure that personal information is only disclosed to those who perform the benefit administration process described above.

We may share with Service Providers to facilitate services under the Program and to support the operation and maintenance of the ExerciseRewards program. Our service providers include:

  • Telephone Providers
  • Email Providers
  • Payment Processing
  • Activity Aggregator
  • Cloud Provider
  • Analytic Provider
  • Fitness Providers

We may share your information for legal purposes, including: as reasonably necessary to comply with law or legal process (including a court or government order or subpoena); to detect, prevent, or otherwise address fraud, security or technical issues; to enforce this Privacy Statement or the Terms & Conditions for the ExerciseRewards program and the use of this Website; and as reasonably necessary to protect the rights, property or safety of ASH, ASH users, and/or the public.

We may share your information during a corporate reorganization: If ASH is involved in a merger, acquisition, financing, or sale of business or assets, information collected from and about users may be transferred to one or more third parties involved in such transaction and, upon such transfer, the relevant third-party privacy policy or policies may govern further use of the information. In the event of such a change, ASH will endeavor to notify our users of the change as well as any choices our users may have regarding the change.

In addition, ASH may provide reputable service providers, third-party vendors and sponsoring organizations with aggregate statistics regarding user participation, ExerciseRewards Website traffic patterns and related Usage Information. The information so provided will not include individually identifiable information, meaning we will not share your Personal Information with these third-parties.

Disabling and Deleting User Accounts and Information

California residents see below Except as expressly otherwise stated in this Privacy Statement, and except where applicable law provides otherwise, personal information collected on the ExerciseRewards Website, or through the ExerciseRewards Program generally, cannot be deleted or removed from ASH’s database and will be retained for a minimum of 10 years in accordance with ASH’s record retention policy. User accounts, however, may be disabled upon written request, using the contact information at the end of this Privacy Statement.

Opt-out of Communications received from ExerciseRewards

California Residents see below. If you have provided your email address, postal address, and/or telephone number to us, you may opt out of receiving marketing/promotional communications from us by using the contact information provided at the end of this Privacy Statement. To stop receiving marketing/promotional communications via email, you can also use the “unsubscribe” link contained in a marketing/promotional email you have previously received from us. Please note that email unsubscribe requests may not take effect immediately. NOTE: Your opt-out regarding our marketing/promotional communications will not stop our communications of a transactional or member relation nature or as required by law (e.g., communications regarding your ExerciseRewards.com account or your participation in the ExerciseRewards program, communications in response to a request or inquiry you have made with us, notices regarding material changes to ExerciseRewards.com or our information practices, notices regarding an actual or suspected security breach that affects your information stored by or for us, etc.).

Privacy of Minors

ASH is concerned about the safety of children when they use the Internet. The ExerciseRewards Website may be used by eligible participants at least 13 years old. If ASH becomes aware that a user is under the age of 13 and has provided Personal Information to ASH without prior parental consent, ASH will remove all information provided by such underage user from its database.

Security of Personal Information

In order to maintain the confidentiality of and safeguard the security of personal information of exerciserewards.com members, we enforce strict company-wide policies regarding member information privacy, security, and confidentiality.

ASH has an organizational commitment to protecting member information privacy and security. All employees who work for exerciserewards.com are made aware of security policies and practices through employee orientation and annual refresher training. Personal information of exerciserewards.com members is stored in an isolated database with tightly restricted access. Employees authorized to view this information are authenticated prior to gaining such access. We review web security on an ongoing basis. In addition to daily security administration and response activities, ExerciseRewards.com undergoes an overall security review on an annual basis.

ExerciseRewards.com uses Transport Layer Security (TLS) technology to protect the security of members’ personal information. You will see an unbroken key or a closed lock (depending on the browser used) in the upper part of the browser window when TLS is active and the server is secure. The URL line of the browser will also contain "https" instead of "http". When you register on ExerciseRewards.com, your account/profile information will be transmitted to us in encrypted form and your registration will be assigned a unique User ID to which only our authorized employees will have access.

Some versions of browsers and some firewalls don't permit communication through secure servers. In that case, users will not have the ability to connect to the server and therefore won't have the ability to place an order through an unsecure connection. Orders can be made over the phone by calling (877) 330-2746 if access to the secure server cannot be accomplished.

Third-Party Links and Services

For your convenience, ExerciseRewards.com may provide links to third-party websites and online services not owned or controlled by or affiliated with us (each, a “Linked Third-Party Website/Service”). Linking does not mean, and should not be deemed or construed to mean, that we endorse or approve or are affiliated with a Linked Third-Party Website/Service. We are not responsible for the information privacy and security policies or practices of a Linked Third-Party Website/Service. When you leave the ExerciseRewards Website to visit a Linked Third-Party Website/Service, this Privacy Statement no longer applies, and any information collected from or about you by a Linked Third-Party Website/Service will be governed by that site/service’s privacy policies and practices, which may be substantially different from those of ours. A Linked Third-Party Website/Service may set or use its own cookies, web beacons, etc. to your computer or mobile device, and may collect information from and about you and use the information in ways that we would not. You access a Linked Third-Party Website/Service entirely at your own risk. You should always read the privacy policy associated with a Linked Third-Party Website/Service before disclosing any personal information.

Note to international users.

 

The ExerciseRewards Program and Website are intended for U.S. residents. If you are outside of the United States and access the ExerciseRewards Website or submit your Personal Information to us, please be advised that U.S. law may not offer the same privacy protections as the law of your jurisdiction. By using the ExerciseRewards Website or submitting your Personal Information to us, you consent to the transfer to and processing of your Personal Information in the United States.

CALIFORNIA RESIDENTS: YOUR CALIFORNIA PRIVACY RIGHTS
Under California Civil Code Section 1798.83 (known as the “shine the light” law), California residents have a right to request an information-sharing disclosure from a business to which they have provided personal information and which has disclosed the information to any third party for third-party direct marketing uses in the prior calendar year.

ASH does not knowingly share your personal information with third parties for their direct marketing use without your permission. California residents may send requests for information-sharing disclosure under this law by emailing ASH at HIPAA@ashn.com. Please note that, under this law, we are not required to respond to your request more than once in a 12-month period, nor are we required to respond to any requests that are not sent to the above-designated email address.

The California Consumer Privacy Act (CCPA) (California Civil Code 1798.100-199) provides California residents with specific rights related to the collection, use and disclosure of their personal information by us. While our privacy practices have adopted many of the CCPA requirements across our program, this section discusses specific rights and elements applicable to persons who are California residents at the time we collected, used or disclosed your personal information.

The CCPA and the details noted here do not apply to situations where your personal information is collected, used or disclosed by us:

  1. Where in our capacity as a business associate of a covered entity, we collect or maintain your personal information in the same manner as protected health information in compliance with privacy, security, and breach notification rules issued by the United States Department of Health and Human Services, Parts 160 and 164 of Title 45 of the Code of Federal Regulations, established pursuant to the Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191) and the Health Information Technology for Economic and Clinical Health Act (Public Law 111-5). This may apply when your access to our program is made available to you as part of a health benefit plan operated by a plan sponsor who is a covered entity under the laws noted immediately above.
  2. Where your access to our program is made available to you through a sponsoring organization as part of the organizations’ policies or products subject to the federal Gramm-Leach-Bliley Act (Public Law 106-102), and implementing regulations, or the California Financial Information Privacy Act (Division 1.4 (commencing with Section 4050) of the Financial Code).

Additionally, should we receive CCPA-related requests that are manifestly unfounded or excessive, in particular because of their repetitive character, we reserve the ability to either charge a reasonable fee for taking the action requested or refuse to act on the request. If we refuse your request on this basis we will notify you of the reason why.

If neither of the above situations apply to you and you are a California resident, you may exercise your rights under the CCPA as described below:

Right to Know: You have the right to request that ASH disclose what personal information we have collected, used, disclosed, and sold in the previous twelve (12) months.

To request this information, you may fill out this form - https://go.ashcompanies.com/hubfs/RighttoKnow.pdf. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “California Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Know by phone at (877) 810-2746.

ASH will verify your request by matching information provided by you in the Right to Know Form to information housed in our internal systems.

If we are unable to verify the request, we will deny the request and provide notice of such denial. ASH may also deny requests if you submit the Right to Know Form more than twice in a calendar year or if your request is not sent to the designated email, phone number, or address.

ASH will grant, deny, or respond to a request within 45 days of receipt of the Right to Know Form. If an extension of time (up to a maximum of 90 days) is required, we will notify you and provide additional information about the process.

Right to Delete: You have the right to request the deletion of your personal information collected or maintained by the ASH.

To request this information, you may fill out this form - https://go.ashcompanies.com/hubfs/RighttoDelete.pdf. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “California Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Delete by phone at (877) 810-2746.

ASH will verify your request in a two-step verification process. First, ASH will match information provided by you in the Right to Delete Form to information housed in our internal systems. Second, ASH will contact you to verify your identity and confirm your request, such contact may be made by phone or email.

If we are unable to verify the request, we will deny the request and provide notice of such denial. ASH may also deny requests if you submit the Right to Delete Form more than twice in a calendar year or if your request is not sent to the designated email, phone number, or address.

ASH will grant, deny, or respond to a request within 45 days of receipt of the Right to Delete Form. If an extension of time (up to a maximum of 90 days) is required, we will notify you and provide additional information about the process.

In response to your request, ASH may deny or grant your request. If ASH grants your request, we will notify you as to which of the following methods We have used to fulfill your request. We may do one of the following: (1) permanently delete your information from our systems; (2) deidentify your information; or (3) aggregate your information in accordance with CCPA requirements.

A denial of a deletion request may occur if ASH requires the use of your personal information to complete a transaction or provide services on your behalf, to detect security incidents and prosecute those responsible, to debug and repair errors that impair existing functionality, to exercise free speech or allow you to exercise free speech or any other right, to comply with the California Electronic Communications Privacy Act, to engage in public or peer-reviewed research with informed consent if deletion would seriously impair the achievement of such research, to enable solely internal uses that are reasonably aligned with the business relationship between you and ASH, or to comply with a legal obligation.

Right to Non-Discrimination: You have the right to exercise your privacy rights to know and to delete without facing discrimination of service or product offerings. Your use of Active&Fit Direct will remain the same whether you exercise your Right to Know or Right to Delete under the CCPA.

Right to Authorize an Agent: You have the right to authorize an agent to communicate on your behalf. To authorize an agent you may fill out this form - https://go.ashcompanies.com/hubfs/AuthorizedAgent.pdf. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “California Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Authorize an Agent by phone at (877) 810-2746.

ASH will verify your request by matching information provided by you in the Right to Authorize an Agent Form to information housed in our internal systems.

If we are unable to verify the request, we will deny the request and provide notice of such denial.

Right to Opt-Out: ASH does not sell or knowingly share your personal information with third parties for non-permitted uses including direct marketing. California residents may send requests for information-sharing disclosure under this law by contacting us at the following email: HIPAA@ashn.com with the subject line “California Privacy Rights” or by phone (877) 810-2746 or by mail address located in the contact section below. Please note that, under this law, we are not required to respond to your request more than twice in a calendar year, nor are we required to respond to any requests that are not sent to the designated email, phone number, or address.

CCPA Form 2020 Metrics

 Requests to Know Requests to DeleteRequests to Opt-Out Right to Agent
Total # Received01201
# Complied with in Whole or Part0400
# Denied0801
Mean # of Days to Respond to Request09.503
# of Requests Denied because request was not verifiable, was not made by a consumer, request related to exempt information, or wrong form submitted etc.0801

*Note: Numbers above reflect requests received from all individuals, rather than requests received from consumers only.

 

Program Contact Information

Questions may be submitted online using ExerciseRewards.com ’s Contact Us page. All ExerciseRewards.com site operations are conducted and maintained by staff affiliated with ASH. ASH is a Delaware corporation domiciled in California, with the corporate office located at 10221 Wateridge Circle, San Diego, CA 92121.

U.S. Mail:
ExerciseRewards.com Customer Service
P.O. Box 509117
San Diego, CA 92150-9040
Phone: (877) 810-2746
E-mail: fitnessservice@ashn.com

If you need assistance with or require this Privacy Statement in an alternative format, please contact us at (877) 810-2746.

Privacy and Security Contact Information

ASH has a designated Privacy Officer and an Information Security Officer to oversee our privacy and security programs. You may direct questions about these programs to these individuals by either calling (877) 427-4766 or emailing HIPAA@ashn.com.

If the Active&Fit Direct program feature is available to you as an ExerciseRewards program member, and you choose to use that feature, the Active&Fit Direct Privacy Statement (https://www.activeandfitdirect.com/Privacy) and Terms and Conditions (https://www.activeandfitdirect.com/TermsAndConditions) will apply to you.

The ExerciseRewards Program and the use of the ExerciseRewards Website are governed by the ExerciseRewards Terms and Conditions.