Close

ULTIMATE FITNESS GROUP Privacy Policy

EFFECTIVE DATE: January 27, 2021

Ultimate Fitness Group, LLC d/b/a Orangetheory® Fitness (“Ultimate,” “we,” “us,” or “our”) values your privacy. In this Privacy Policy (“Policy”), we describe how we collect, use, and disclose information we obtain about visitors to our website, www.orangetheory.com  (the “Site”), users of our mobile applications (the “App” or “Apps”), visitors to Orangetheory® Fitness studios (whether owned by Ultimate or one of our franchisees), and the services available through our Site and App, and how we use and disclose that information. In this Policy, we also provide notice about our participation in the E.U. – U.S. and Swiss – U.S. Privacy Shield certifications, which apply, as applicable, to the information we collect from persons in the European Union and Switzerland, including information collected offline. This Policy does not apply to a franchisee’s collection, use, and disclosure of your information, except as described in this policy with regard to data sharing and change of a franchisee.

By visiting the Site, using or downloading the App, or using any of our services, you acknowledge that your personal information will be handled as described in this Policy. Your use of our Site, App, or services, and any dispute over privacy, is subject to this Policy and our Terms of Use, including its applicable limitations on damages and the resolution of disputes. The Terms of Use are incorporated by reference into this Policy.

Privacy Policy

1. THE INFORMATION WE COLLECT ABOUT YOU

We collect information about you directly from you and from other parties, as well as automatically through your use of our Site and App.

Information We Collect Directly From You. The information we collect from you depends on how you use our Site, App, and Services.

  • To Sign Up for a Trial Workout Online. To sign up for a trial workout at an Orangetheory® Fitness studio through our Site or App, you must provide us with your name, email address, phone number, date of birth, your payment information (in order to hold your trial workout reservation), and the studio you would like to attend for your workout. We also will collect information that you provide about any health conditions that could affect your ability to participate in a workout.
  • To Schedule or Purchase Sessions Online. To create an account to sign up for workout sessions or to purchase sessions online through our Site or our App, you must provide us with your name, physical address, email address, date of birth, phone number, height and weight, payment and billing information, and  username and password. If you complete a membership agreement or sign up for a fitness event, we also collect information that you provide about any health conditions that could affect your ability to participate in a workout. If you do not provide this information, you will not be able to create an online account, complete a membership agreement, or make a purchase.

We will also collect information about the workouts you schedule and information about your purchases. You may also provide information about your preferences, such as your favorite studios and coaches.

  • When You Visit an Orangetheory Fitness Studio. If you sign up for a trial workout or become an Orangetheory member by registering at an Orangetheory® Fitness studio (whether owned by Ultimate or one of our franchisees), you must provide us or our franchisee (as applicable) with your name, physical address, email address, date of birth, phone number, height and weight, marital status, emergency contact information, and payment and billing information. We or our franchisee (as applicable) also will collect information that you provide about any health conditions that could affect your ability to participate in a workout. If you do not provide this information, we or our franchisee (as applicable) may not be able to offer our services to you.

    We or our franchisee (as applicable) also will collect information about the workout sessions you schedule, details about your exercise frequency and goals (as provided by you), and information about your in-studio purchases. We or our franchisee (as applicable) will also collect information when you check in for a workout, such as your name, address, email address, member number, and studio location. If you provide your information to a studio owned by one of our franchisees, the franchisee will share the information you provide to us — please see the Information We Collect from Franchisees section below.


As part of your workout session, you may choose to use our OTbeat heart rate monitors. If you do so, we will collect your workout session heart rate, and other workout statistics, such as the number of miles run or rowed.

At certain locations you have the option of voluntarily participating in a body scanning program. This scan will measure your body’s muscle mass, fat percentage, and total body water, and will report your overall body composition and body mass index (based on your height, weight, gender, and age). These scans help you understand the effects of your workouts.

  • When You Express Interest in Purchasing an Orangetheory Franchise. If you express interest in owning an Orangetheory franchise, we will collect your name, physical address, email address, phone number, information about your finances, information about the location in which you are interested in starting your franchise, and any other information you provide to us with your submission.

  • Information We Collect from Franchisees. As described above, if you visit an Orangetheory Fitness studio owned by one of our franchisees, you will be providing your information directly to the franchisee. When you provide your information to a franchisee (including your in-studio sign up information, purchases you make at a franchise, and your workout information), the franchisee will make this information available to Ultimate. The franchisee, however, handles all billing and account administration, including determining how your information is used for the franchisee’s own marketing purposes in accordance with applicable laws. If you register for a workout at a different location from your home studio, then the owners of both studios — the one at which you completed your workout and your home studio — will have access to information about your workout registration and participation. Information from your OTbeat heart rate monitor, however, is not shared among franchisees.

  • Information We Collect from Social Networking Sites. You may log into your online account or our Apps through Facebook. If you log in to your account or link your account to your Facebook profile, you must enter your Facebook email address and password. We will ask that you grant us permission to: (i) access your Facebook basic profile information (this includes your name, profile picture, gender, networks, user IDs, list of friends, date of birth, email address, and any other information you have set to public on your Facebook account); (ii) post to your wall; and (iii) access posts in your newsfeed. If you allow us to have access to this information, then we will have access to this information even if you have chosen not to make that information public through Facebook.


We store the information we receive from Facebook with other information that we collect from you or receive about you in accordance with this Policy. Any social networking site, such as Facebook, controls the information it collects from you pursuant to its own terms. For information about how a social networking site may use and disclose the information it collects about you, including any information you make public through the social networking site, please consult the social network’s privacy policy. We have no control over how any social networking sites use or disclose the personal information they collect about you.

We also collect information about you when you interact with us on social networking platforms. If you message us or tag us in a social network post, we will collect information about your message or the post we are tagged in.

Information We Collect Automatically. We automatically collect information about your use of our Site and Apps through cookies, web beacons, and other technologies, including technologies designed for mobile apps. To the extent permitted by applicable law, we combine this information with other information we collect about you, including your personal information. Please see the section “Cookies and Other Tracking Mechanisms” below for more information.

Site:  

  • domain name;
  • your browser type and operating system;
  • web pages you view on the Site; links you click on the Site; your IP address;
  • the length of time you visit our Site and or use our Services;
  • the referring URL, or the webpage that led you to our Site; and
  • your device’s location information, with your permission, to help identify Orangetheory Fitness studios located in your area and to help us market the Orangetheory® Fitness services.

App:

  • mobile device ID; device name and model; operating system type, name, and version;
  • language information;
  • activities within the App; and the length of time that you are logged into our App;
  • location information. With your permission, we will collect location information from your mobile device to help you identify Orangetheory Fitness studios located in your area and to help us market the Orangetheory® Fitness services. You may turn off this feature through the location settings on your mobile device.
2. HOW WE USE YOUR INFORMATION

We use your information, including your personal information, for the following purposes:

  • To provide our services to you, to communicate with you about your use of our services, to respond to your inquiries, to fulfill your orders, and for other customer service purposes.

  • To tailor the content and information we may send or display to you, to offer location customization, to offer personalized help and instructions, and to otherwise personalize your experiences while using the Site and App. For example, we will display upcoming workouts at your preferred studios, or we may use your location information to show you Orangetheory Fitness studios in your area. We also use information collected through OTbeat and body scans to customize workout programs and classes and to conduct workout challenges.

  • For marketing and promotional purposes in accordance with applicable laws. For example, we use your information, such as your email address, to send you news and newsletters, special offers and promotions, or to otherwise contact you about products, services, workout sessions, or other information we think may interest you.

  • We use your information (typically in the aggregate) to assist us in advertising the Orangetheory Fitness brand on unaffiliated websites and in evaluating the success of our advertising campaigns (including our online targeted advertising and offline promotional campaigns).

  • To better understand how users access and use our Site and Apps, both on an aggregated and individualized basis, in order to improve our Site and Apps and respond to user desires and preferences, and for other research and analytical purposes.

  • To administer our membership reward program.

  • To administer surveys and questionnaires, such as for market research or member satisfaction purposes.

  • To develop our franchise program. For example, if you inquire about operating an Orangetheory franchise, we will use your information to assess your suitability for owning one of our franchises.

  • To enable our franchisees to provide services to you in their independently owned and operated studios. In addition, if a franchisee leaves our franchise system, we will assist with facilitating the franchise’s transition to a new owner, including ensuring that the respective studio’s members’ personal information is transitioned to the new owner to ensure the members continue to receive services.

  • To comply with legal and regulatory obligations, as part of our general business operations, and for other business administration purposes, including authenticating your identity, maintaining customer records, to monitor your compliance with any of your agreements with us, to collect debts owed to us, to safeguard our business interests, and to manage or transfer our assets or liabilities, for example in the case of an acquisition, disposition or ‎‎merger, as described below.

  • Where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud or error, situations involving potential threats to the safety of any person, or violations of our Terms of Use or this Privacy Policy.

  • For other purposes we may inform you about from time to time.
3. HOW WE SHARE YOUR INFORMATION

We may share your information, including personal information, as follows:

  • Workout Sessions and Challenges. During a workout session, participants may share their name and OTbeat heart rate information with other session participants on our in-studio display screens. If you participate in a workout challenge, you may share your name and workout information with other challenge participants. You may also share information about your workouts and challenges you participate in with your social media accounts.

  • Orangetheory Franchisees. If we collect information from you requesting a trial workout in your area, we will provide that information to the local franchisee. When you sign up for a workout or schedule or purchase sessions through our Site or App or in-person at a studio, such information is hosted by Mindbody Inc. (“Mindbody”), a service provider under contract with Ultimate and our franchisees. All data hosted by Mindbody is made available to Ultimate and the franchise owner of your home studio (if applicable). If you complete a workout at a studio different from your home studio, then your data will be available to the owners of both studios. If a franchisee sells or otherwise transfers its franchise, we will transfer member information controlled by the outgoing franchisee to the successor franchisee. If you utilize a body scanner at a franchisee-owned studio, we will share your scan results with that franchisee.

  • Health-focused Apps and Websites. With your consent, we may share your personal information, including workout and health data, with unaffiliated health-focused mobile applications and websites to help you track your health and wellness information. If you choose to share your information with these apps, your personal information, including your health information, will be used in accordance with those apps’ and websites’ own privacy policies, not this one. Before consenting to sharing your personal information with any third party apps or websites, you should make sure that you have read, understood and agree to their own privacy policy and terms of use.

  • Affiliates. We may disclose the information we collect from you to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your personally identifiable information will be subject to this Policy.

  • Service Providers. We disclose the information we collect from you to our vendors, service providers, contractors, and agents who perform functions on our behalf. In particular, the workout sign-up portal is hosted by Mindbody; as noted above, when you register for a workout, your information is available to the owner of that particular location and to Ultimate.

We also disclose information in the following circumstances:

  • Business Transfers. If (i) we or our affiliates are or may be acquired by, merged with, or invested in by another company, or (ii) if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company. As part of the business transfer process, we will share certain of your personal information with lenders, auditors, and advisors, including attorneys and consultants.

  • In Response to Legal Process. We also may disclose the information we collect from you in order to comply with the law, a judicial proceeding, or other legal process, such as in response to a court order or a subpoena.

  • To Protect Us and Others. We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Policy, or where it is reasonably necessary as evidence in litigation in which Ultimate is involved.

  • Aggregate and De-Identified Information. We may share aggregate, de-identified, or anonymized information about users and members with others for marketing, advertising, research, or similar purposes.
4. OUR USE OF COOKIES AND OTHER TRACKING MECHANISMS

We and our service providers use cookies and other tracking mechanisms to track information about your use of our Site and App. We may combine this information with other personal information we collect from you (and our service providers may do so on our behalf).

Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Site and App, while others are used to enable a faster log-in process or to allow us to track your activities at our Site and App.

Disabling Cookies. Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Site who disable cookies will be able to browse certain areas of the Site, but some features may not function.

Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web or mobile application pages. We may use clear GIFs (aka web beacons, web bugs or pixel tags), in connection with our Site and App to, among other things, track the activities of Site visitors and App users, help us manage content, and compile statistics about usage of our Site and Apps. We and our service providers also use clear GIFs in HTML emails to our customers to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.

Analytics. We use automated devices and applications, such as Google Analytics, to evaluate usage of our Site, and to the extent permitted, our Apps. We also may use other analytic means to evaluate our Site and Apps. We use these tools to help us improve our Site’s and Apps’ performance and user experiences. These entities may use cookies and other tracking technologies, such as web beacons or local storage objects (LSOs), to perform their services. To learn more about Google’s privacy practices, please review the Google Privacy Policy at https://www.google.com/policies/privacy/. You can also download the Google Analytics Opt-out Browser Add-on to prevent your data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout.

Do Not Track. Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies); you also may opt out of targeted advertising by following the instructions in the Ad Networks section.

Ad Networks. We use network advertisers to serve advertisements on unaffiliated websites or other media (e.g., social networking platforms). This enables us and network advertisers to target advertisements to you for products and services in which you might be interested. Ad network providers, advertisers, sponsors, and/or traffic measurement services may use cookies, JavaScript, web beacons (including clear GIFs), Flash LSOs, and other tracking technologies to measure the effectiveness of their ads and to personalize advertising content to you. These cookies and other technologies are governed by each entity’s specific privacy policy, not this one. We may provide these advertisers with information, including personal information, about you.

We may disclose certain information (such as your email address) to Facebook Custom Audiences (for more information on Facebook Custom Audience go here or to opt-out, go to the Facebook ad preferences page)—so that we can better target ads and content to you and others with similar interests on other websites or media (“Custom Audiences”). We may also work with other ad networks and marketing platforms that enable us and other participants to target ads to Custom Audiences submitted by us and others. You may also control how Facebook and other ad networks display certain ads to you, as explained further in their respective privacy policies or by using the opt-outs described below.

Users in the United States may opt out of many ad networks. For example, you may go to the Digital Advertising Alliance (“DAA”) Consumer Choice Page for information about opting out of interest-based advertising and their choices regarding having information used by DAA companies. You may also go to the Network Advertising Initiative (“NAI”) Consumer Opt-Out Page for information about opting out of interest-based advertising and their choices regarding having information used by NAI members. If you are in the EU, you may opt out of certain ad network cookies that we and other websites may use for targeted advertising through the European Interactive Digital Advertising Alliance (EDAA)   Your Online Choices Page or www.aboutads.info. Users in Australia may opt out of certain ad networks by going to the Your Online Choices Page for information about opting-out of interest-based advertising and choices available from participating organizations. Users in Canada should go to the Digital Advertising Alliance Canada (“DAAC”) AdChoices Page for information about opting out of interest-based advertising and the choices available from DAAC members.

Opting out from one or more companies listed on the DAA Consumer Choice Page,  the NAI Consumer Opt-Out Page, or a country- or region-specific consumer choice website will opt you out from those companies’ delivery of interest-based content or ads to you, but it does not mean you will no longer receive any advertising through our Site or on other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing (i.e., contextually based ads). Also, if your browsers are configured to reject cookies when you opt out on a consumer choice website, your opt out may not be effective.

5. LINKS

Our Site and Apps may contain links to unaffiliated entities’ websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those websites. We are not responsible for the information practices of such websites.

6. SECURITY OF YOUR PERSONAL INFORMATION

We have implemented reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our efforts, no data security measures can guarantee security.

You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

7. ACCESS TO YOUR PERSONAL INFORMATION

You may modify personal information that you have submitted by logging into your account and updating your profile information. You may also update your information by visiting your Orangetheory Fitness studio. Please note that copies of information that you have updated, modified, or deleted may remain viewable in cached and archived pages of the Site or App for a period of time.

If you are a resident of the European Union, please see the Additional Information for EU Individuals section below for additional information on accessing your information and other legal rights available to you under European Union law. Residents of countries outside of the United States or European Union should see the Additional Information for Individuals Outside the United States section below.

8. WHAT CHOICES DO I HAVE REGARDING PROMOTIONAL COMMUNICATIONS?

In accordance with applicable law, we will send periodic promotional communications to you. You may opt-out of such communications by following the opt-out instructions contained in the communication, or if you have opted-in to our promotional text messages, replying STOP. We will process opt-out requests in accordance with applicable law. If you opt-out of receiving promotional communications about recommendations or other information we think may interest you, we may still send you communications about your account or any services you have requested or received from us. App users may enable or disable push notifications by adjusting their App or device settings.

Our franchisees also send their own marketing communications in accordance with applicable law. If you no longer wish to receive marketing communications from our franchisees, you will need to separately opt-out of the respective franchisee’s marketing communications. We do not control, and are not responsible for, the promotional communications sent by our franchisees.

9. CHILDREN UNDER 13

Our Site, Apps, and services are not designed for children under the age of 13. If we discover that a child under the age of 13 has provided us with personal information, we will delete such information from our systems.

10. CONTACT US

If you have questions about the privacy aspects of our Services or would like to make a complaint, please contact us at privacy@orangetheoryfitness.com or by contacting your local studio.

You may also have rights under applicable laws to lodge a complaint with your country’s supervisory authority in relation to how we collect, use or disclose your personal information.

11. CHANGES TO THIS POLICY

This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Site and App. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Site and App.

12. ADDITIONAL INFORMATION FOR INDIVIDUALS OUTSIDE THE UNITED STATES

In some jurisdictions, you may have additional rights, and we have certain obligations with respect to your personal information, which will vary based on your jurisdiction of residency. Below we have identified certain of these rights that may be available under your country’s laws. If you are a resident of the European Union, please see the Additional Information for EU Individuals section below.

Access and Correction. Upon written request and verification of your identity, you may have the right to access the personal ‎‎information about you under our control, information about the ways in which that information is being used and ‎‎a description of the individuals and organizations to whom that information has been disclosed. We ‎‎will make the information available within any legally required timeframe or provide written notice where additional time is ‎‎required to fulfil the request.‎

In some situations we may not be able to provide access to certain personal information.  This may be ‎‎the case where, for example, disclosure would reveal personal information about another individual, the ‎‎personal information is protected by a legal privilege, the information was collected for the ‎‎purpose of an investigation or where disclosure of the information would reveal confidential ‎‎commercial information that, if disclosed, could harm our competitive position.  We may also be ‎‎prevented by law from providing access to certain personal information.  When an access request is ‎‎refused, we will notify you about such refusal.

We will make a reasonable effort to ensure that personal information we are using or disclosing is ‎‎accurate and complete.  In most cases, we rely on you to ensure that your information is current, ‎‎complete and accurate.‎ If you demonstrate the inaccuracy or incompleteness of personal information, we will amend the ‎‎information as required.

Retention. We retain your personal information for as long as necessary to provide our services to you, to fulfil the purposes described in this Policy and/or our business purposes, or as permitted or required by law, regulation, or internal policy.

Cross-border Transfer of Personal Information. We generally maintain servers and systems in the United States hosted by service providers. Our franchisees in your country of residence may transfer personal information to us in the United States, and we also may subcontract the processing of your information to, or otherwise share your information with, other parties in the United States or countries other than your country of residence.  As a result, where the personal information that we collect through or in connection with the Site, App, or our services, or is provided to us by our franchisees, is transferred to and processed in the United States or anywhere else outside your country of residence, we will take steps to ensure that the information receives the same level of protection as if it remained within your country of residence.  In some cases, when we share your information, the person or entity to whom we share the information may be overseas or may store your information overseas and may not be required to protect the information in a way that provides comparable safeguards to those which apply domestically to your information.  Where this is the case and to the extent required by law, we will seek your authorisation before sharing such information.  You therefore acknowledge that your personal ‎‎information may be processed and stored in foreign jurisdictions and that governments, courts, law ‎‎enforcement or government or regulatory agencies in the United States and elsewhere may be able to ‎‎access or obtain disclosure of your personal information under a lawful order or otherwise through the ‎‎laws of the foreign jurisdiction, irrespective of the safeguards we have put in place for the protection of ‎‎your personal information.‎

13. ADDITIONAL INFORMATION FOR EU INDIVIDUALS

The information we collect through the Services is controlled by Ultimate Fitness Group, LLC, which is headquartered in the United States at 6000 Broken Sound Parkway NW, Suite 200, Boca Raton, Florida 33487, USA. For personal information collected at an Orangetheory Fitness studio owned by one of our franchisees, the relevant franchisee will be the data controller; to exercise any of your rights with one of our franchisees, please contact the respective franchisee by visiting your local studio or following the contact information for the local studio on the Site. As the franchisor, Ultimate can access the personal information you provide to our franchisees, and where we use that personal information for our own purposes, we will be an independent controller.

The Legal Bases for Using Your Personal Information. We collect your information as a data controller when we have a legal basis to do so. The following legal bases pertain to our collection of data:

  • Our use of your personal information is in our legitimate interest as a commercial organization (for example in order to make improvements to our products and services and to provide you with information you request); you have a right to object to processing as explained in the section below entitled Your Legal Rights;

  • Our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you (for example, to facilitate your participation a trial class that you have requested, , where we use your personal information to respond to your customer service requests, to provide our services through our Site or Apps); and/or

  • Our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have (for example, where we are required to disclose personal information to a court or tax authority).

  • Our use of your personal information is in accordance with your consent (for example, when you consent to sharing your personal information with another party for their own marketing).

  • Our use is necessary to protect your vital interests (for example, if you are injured during a workout)
    If you would like to find out more about the legal bases on which we process personal information, please see Appendix A at the end of this policy or contact us using the details below.

Retention of Your Personal Information. We retain your personal information for as long as necessary to provide our services to you, to fulfil the purposes described in this Policy and/or our business purposes, or as required by law, regulation, or internal policy.

Special Categories of Personal Information. We require an additional legal basis to process special categories of personal information which includes your health data (which may be inferred from your weight and height, performance during workouts, from your heartbeat when you use one of our OTbeat heartrate monitors and your voluntary participation in body scans, or when we ask you to provide to us with your health information, such as health conditions that you disclose to us when completing a membership agreement), which shall be one of the following:

  • You have provided explicit consent;

  • The processing is necessary to protect your vital interests or those of another person where you are physically or legally incapable of giving consent (for example in exceptional situations such as a medical emergency); or

  • The processing is necessary for the establishment, exercise, or defense of legal claims.

  • Profiling. We may analyze members’ workout habits and activities, interests, and preferences in order to provide our services, such as to customize workouts, and for our marketing purposes.

Processing of Information from Children Between the Ages of 14 and 17. Where a child in the EU between the ages of 14 and 17 provides us with personal information through the Services and our processing is based on consent as a legal basis, we will obtain the consent of the child’s respective parent or guardian. The parent or guardian has the right to withdraw such consent provided on behalf of their child at any time.

Your Legal Rights. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, when Ultimate acts as a data controller, European Union individuals have certain rights in relation to their personal information:

Right to access, correct, and delete your personal information: You have the right to request access to the personal information that we hold about you and:  (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.

You also have the right to request that we delete your information.

We are not required to comply with your request to erase personal information if the processing of your personal information is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.

Right to restrict the processing of your personal information: You have the right to restrict the use of your personal information when (i) you contest the accuracy of the data; (ii) the use is unlawful but you do not want us to erase the data; (iii) we no longer need the personal information for the relevant purposes, but we require it for the establishment, exercise, or defense of legal claims; or (iv) you have objected to our personal information use where such use is justified on our legitimate interests and we must verify as to whether we have a compelling interest to continue to use your data.

We can continue to use your personal information following a request for restriction, where:

  • we have your consent; or

  • to establish, exercise or defend legal claims; or

  • to protect the rights of another natural or legal person.

Right to data portability: To the extent that we process your information (i) based on your consent or under a contract; and (ii) through automated means, you have the right to receive such personal information in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller.

Right to object to the processing of your personal information: You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction: You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the EEA.

Right to lodge a complaint with your local supervisory authority: You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

How to Exercise Your Rights: If you would like to exercise any of the rights described above, please send us a request at privacy@orangetheoryfitness.com. In your message, please indicate the right you would like to exercise and the information that you would like to access, review, correct, or delete.

We may ask you for additional information to confirm your identity and for security purposes before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

We may not always be able to fully address your request, for example if it would affect the duty of confidentiality we owe to others or if we are legally entitled to deal with the request in a different way.

Cross-border Transfer of Information.  We generally maintain servers and systems in the United States hosted by service providers. Our European Union franchisees may transfer personal information to us in the United States, and we also may subcontract the processing of your information to, or otherwise share your information with, other parties in the United States or countries other than your country of residence. As a result, where the personal information that we collect through or in connection with the Site, App, or our services, or is provided to us by our franchisees, is transferred to and processed in the United States or anywhere else outside the European Economic Area (EEA) for the purposes described above, we will take steps to ensure that the information receives the same level of protection as if it remained within the EEA, including entering into data transfer agreements, using the EU Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the E.U. – U.S. Privacy Shield and Swiss – U.S. Privacy Shield for individuals located in Switzerland. You may have a right to details of the mechanisms under which your data is transferred outside the EEA.

We comply with the E.U. – U.S. and Swiss – U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information obtained from European Union member countries and Switzerland and transferred to the United States. For information on how we process personal information transferred from the European Union and Switzerland, under the Privacy Shield Principles, please see our Privacy Shield Notice or visit the Privacy Shield website at https://www.privacyshield.gov/.

Appendix A: Our Legal Bases for Processing Personal Information of European Union Individuals

Type of Personal Information

Processing Purpose(s)

Our Legal Basis

Name, contact information, studio preferences

·       Provide free trial workout session

·       To perform a contract or take steps to enter into a contract with you

Name, contact information, date of birth, marital status, payment and billing information, online username and password

 

Scheduled workouts, attended workouts, member identification number, exercise frequency and goals

·       To provide the Orangetheory services (online account creation, online and purchases, participating in Orangetheory workouts when you have chosen to reflect certain information in the App)

·       To administer our membership reward program

·       To perform a contract or take steps to enter into a contract with you

Emergency Contact Information

·       Notify your emergency contact in the event of an injury or incident

·       Protection of your vital interests

Name, contact information, workout activities

·       To market the Orangetheory Fitness services

·       Our legitimate interests; OR

·       Your consent.

Health conditions that could affect your ability to participate in a workout, height and weight

·       To become an Orangetheory member

·       To perform a contract or take steps to enter into a contract with you; AND

·       To protect your vital interests

OTbeat heartrate information

·       To provide the Orangetheory services, including workout customization;

·       Member safety

·       To perform a contract or take steps to enter into a contract with you;

·       Protection of your vital interests; AND

·       Your consent

Computer and mobile device information, including IP address

·       To provide and improve our website and mobile applications

·       Our legitimate interest

Computer and mobile device information, including IP address

·       Online targeted advertising

·       Our legitimate interests; OR

·       Your consent

Name, contact information, workout activities

·       To administer surveys and questionnaires

·       Our legitimate interest

Name, address, contact information, financial information of persons interested in operating a franchise

·       To administer our franchise program

·       To perform a contract or take steps to enter into a contract with you

Body scan information

·       Provide you with your body scan results.

·       To provide workout recommendations and customization;

·       For our marketing purposes

·       Your consent

14. ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

This section of our Privacy Policy provides information for California residents, as required under California privacy laws, including the California Consumer Privacy Act (“CCPA”).  California privacy laws require that we provide California residents information about how we use their personal information, whether collected online or offline, and this section is intended to satisfy that requirement.

Under the CCPA, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.

Categories of Personal Information that We Collect, Disclose, and Sell

Below we identify the categories of personal information that we collect about California consumers and households, the purposes for which we use each category, and whether we disclose or sell information within each category.

Please note our data collection practices set forth below are not different than those described above; the CCPA specifies particular information that we need to discuss in our privacy policy, and, in this section, we have reorganized the discussion above into the categories as outlined by the CCPA.

Categories of personal information

Do we collect?

Do we disclose for business purposes?

Do we sell or may we sell?

NAME, CONTACT INFORMATION AND IDENTIFIERS: Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, or other similar identifiers.
For example, the information you provide us when you become an Orangetheory Fitness member or sign up for a trial workout.

YES

YES

YES

CUSTOMER RECORDS: Paper and electronic customer records containing personal information, such as name, signature, physical characteristics or description, address, telephone number, employment information, bank account number, credit card number, debit card number, or any other financial information, or medical information.
For example, the information you provide us when you purchase workout sessions.

YES

YES

YES

PROTECTED CLASSIFICATIONS: Characteristics of protected classifications under California or federal law such as sex, age, and disability.
For example, we collect sex and age information from members.

YES

YES

YES

PURCHASE HISTORY AND TENDENCIES:  Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
For example, we collect information about your preferred studios and your workout package purchase history.

YES

YES

YES

BIOMETRIC INFORMATION: Physiological, biological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.
For example, we collect your heartrate information when you use OT Beats.

YES

YES

YES

USAGE DATA: Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement.
For example, we automatically collect information when you visit our Site or use our Apps, such as the pages you view.

YES

YES

YES

GEOLOCATION DATA: Precise geographic location information about a particular individual or device.
For example, we collect your mobile device’s location information to help you find nearby studios.

YES

YES

YES

AUDIO/VISUAL: Audio, electronic, visual,  or similar information.
For example, we may video record studio activity for our own marketing and social media content.

YES/NO

YES/NO

YES

EMPLOYMENT HISTORY: Professional or employment-related information.
For example, we may collect your business contact information if you join through a corporate membership..

YES

YES

YES

PROFILES AND INFERENCES: Inferences drawn from any of the information identified above to create a profile about a resident reflecting the resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

YES

YES

YES

California Residents’ Rights

California law grants California residents certain rights and imposes restrictions on particular business practices as set forth below.

Right to Opt-out. California residents have the right to opt-out of our “Sale” of their personal information. California defines the term “Sale” broadly, and includes, our selling, renting, releasing, disclosing, disseminating, making available, transferring or otherwise communicating (collectively a “Sale”) California residents’ personal information to another business or third party for monetary or other valuable consideration. Please note that while some of our sharing of personal information may be a “Sale” as defined by CCPA, we do not sell personal information for monetary compensation.  California residents may exercise their right to opt-out the Sale of their personal information by completing our CCPA rights request form at https://orangetheoryfitness.truyo.com/consumer/request_form or by contacting us at 888-413-1505 (toll free).

Right to Opt-In. We do not sell personal information about residents who we know are younger than 16 years old without opt-in consent.

Notice at Collection. We are required to notify California residents, at or before the point of collection of their personal information, the categories of personal information collected and the purposes for which such information is used.

Verifiable Requests to Delete, and Requests to Know. Subject to certain exceptions, California residents have the right to make the following requests, at no charge, up to twice every 12 months:

Right of Deletion: California residents have the right to request deletion of their personal information that we have collected about them, subject to certain exemptions, and to have such personal information deleted, except where necessary for any of a list of exempt purposes.  

Right to Know – Right to a Copy: California residents have the right to request a copy of the specific pieces of personal information that we have collected about them in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance.

Right to Know – Right to Information: California residents have the right to request that we provide them certain information about how we have handled their personal information in the prior 12 months, including the:

  • categories of personal information collected;

  • categories of sources of personal information;

  • business and/or commercial purposes for collecting or selling their personal information;

  • categories of third parties/with whom we have disclosed or shared their personal information;
  • categories of personal information that we have disclosed or shared with a third party for a business purpose;

  • categories of personal information collected; and

  • categories of third parties to whom the residents’ personal information has been sold and the specific categories of personal information sold to each category of third party.

Submitting Requests. Requests to exercise the Right of Deletion, Right to a Copy, and / or the Right to Information may be submitted by California residents on our CCPA rights request form at https://orangetheoryfitness.truyo.com/consumer/request_form, as well as by contacting us at 888-413-1505 (toll free).  We will respond to verifiable requests received from California consumers as required by law.  

Right to Non-Discrimination, and Incentives. The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA and imposes requirements on any financial incentives offered to California residents related to their personal information.  

Discrimination: Businesses may not discriminate against residents who exercise their rights under CCPA. Discrimination may exist where a business denies or provides a different level or quality of goods or services, or charges (or suggests that it will charge) different prices or rates or impose penalties on residents who exercise their CCPA rights, unless doing so is reasonably related to the value provided to the business by the residents’ data.

Disclosure of Incentives: If businesses offer any financial incentives for the collection, sale or deletion of California residents’ personal information, residents have the right to be notified of any financial incentives offers and their material terms, the right not be included in such offers without prior informed opt-in consent, and the right to be able to opt-out of such offers at any time. Businesses may not offer unjust, unreasonable, coercive or usurious financial incentives.  We do not offer any financial incentives at this time.