1. TYPES OF INFORMATION COLLECTED
1.1 “Personal Information” is information that personally identifies you. When you register for a HEIMAT membership, visit HEIMAT Clubs, use our Services, contact us directly, or interact with us on social media, you may provide us with certain Personal Information including your name, date of birth, gender, e-mail address, phone number, and your physical address. Additionally, we may collect certain sensitive personal data in order to better serve and meet your needs at HEIMAT Clubs, including information regarding your food allergies and dietary preferences (“Sensitive Personal Information”).
1.2 “Account Information” is information that we collect in connection with your HEIMAT membership account. The types of Account Information we collect may include the type of membership, billing method, effective dates of your membership, username and password (“Membership Information), and information in connection with the use of our Services, such as records of the products and services purchased, personal preferences such as favorite programs and classes, and notations made to your account in connection with a customer service communications between you to HEIMAT.
1.3 “Financial Information” is information we collect to process payments from you, such as a credit card number and/or other related information that may be required from you to complete your purchase. We do not store or retain any of your Financial Information, except for the last four digits of your credit card. For more information on how your Financial Information is used and shared in these instances, please see Section 3.3 (“Payment Processors”) below.
1.4 “Traffic Data” is information that your browser sends whenever you visit or use the Website or the App, as well as any other generic user information through the use of commonly-used information-gathering tools, such as cookies and web beacons. Traffic Data may also include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the type of mobile phone you are using to access our Services, the operating software and firmware used by your mobile phone, the pages of the Platform that you visit, the time and date of your visit, the time spent on those pages and other data generated from cookies (see Section 4 Cookies below for more information).
2. LEGAL BASIS, USE AND RETENTION OF INFORMATION
2.1 Use of Information Collected
We use your Personal Information for our legitimate business interest in operating and improving our business and services, including to: provide our services, products, and other offerings to you; establish, manage and administer your membership and account with us; personalize and improve your membership experience; respond to requests and enquiries from you or a third party; optimize our website and customer experience; provide customer support; inform you about our products and services; and ensure that our operations are conducted in an appropriate and efficient manner.
We may also use your Personal Information to perform analytics with your consent (including market research, trend analysis, and financial analysis).We may also use your Personal Information to protect against and prevent safety and security issues, fraud and other criminal activity, claims and other liabilities, and to comply with and enforce applicable legal requirements, relevant industry standards, and our policies and terms.
We may also use your Personal Information to send important notices, such as communications about your membership and changes to our policies. Because this information is important to your interaction with HEIMAT, you may not opt out of receiving these communications.
We collect Account Information for the purpose of providing and improving the Services, responding to your requests/inquiries, servicing your account, and communicating about your membership account.
We collect Financial Information for the purpose of processing payment for products or services purchased.
We may link or combine the personally identifiable information we collect and/or receive about you with non-personally identifiable information we collect or receive about you, such as the Traffic Data we collect automatically during your visit to our website or use of certain of our Services. This allows us to provide you with a personalized experience and helps us to continually work to improve our Services. If we do combine non-personally identifiable information with personally identifiable information, the combined information will be treated as personally identifiable information for as long as it remains combined.
2.2 Retention Policy
We will only retain your personally identifiable data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of our legitimate business interests that have been accessed and satisfy any legal or reporting requirements. For clarity, we retain all information collected for so long as you have a membership account with us, so that we can service your membership efficiently. Should you request to deactivate your membership account or for us to erase your personally identifiable data, subject to our thirty-day retention period for back-ups, we will cease to retain all personally identifiable information you have provided. However, retention periods may be extended if we are required to preserve your information or data because of litigation, investigations and other similar proceedings, or if a longer retention period is required or permitted by applicable law.
3. THIRD PARTY DATA PROCESSORS AND SERVICE PROVIDERS
3.1 Business Affiliates
3.2 On-Site Business Partners
For your convenience, HEIMAT Clubs may contain products or services provided by third party operators, including fitness equipment and fitness trainers. Third party operators operate independently from us, and the privacy practices of the relevant third parties, including details on the information they may collect about you, are subject to the privacy policies of those third-parties, which we strongly encourage you to review, as their practices may differ from ours.
3.3 Payment Processors
When you make a payment for the Services, we process your payments via a third party payment processor. In these instances, the third party payment processor may collect certain Financial Information from you to process a payment on behalf of HEIMAT, including your name, email address, address and other billing information in which case the use and storage of your Financial Information is governed by the third party payment processor’s terms, conditions and privacy policies.
HEIMAT engages certain third parties that may process data submitted to HEIMAT to perform certain business-related functions and to increase the functionality of our Services. Third party companies provide various other services to us, such as monitoring and analyzing how our Services are used or performing. When we engage another company to perform such functions, we may provide them with information, including Personal Information, Account Information and Traffic Data in connection with their performance of such functions. These third parties may analyze the data we provide, combine that data with publicly available data, and provide us with access to their analysis and reports.
We do not display the identities of all of our third-party data processors and service providers publicly by name for security and competitive reasons. If you would like further information about the identities of our third-party data processors and service providers, please contact us as provided in Section 13 Contact Us below.
To the extent these third parties have access to any of your data, and especially your Personal Information or a combination of data that is deemed to be personally identifiable, please know that they are contractually (i) limited to only use this data to perform specific tasks on our behalf and (ii) obligated not to disclose or use your information for any other purpose.
We use the following types of cookies (collectively, “Cookie Data”):
• “Essential Cookies” are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. Because of their essential nature, you cannot opt out of these cookies.
• “Functional Cookies” enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages.
• “Analytics Cookies” allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous.
• Additionally, “Advertising Cookies” may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites.
5. OPTING OUT OF PROMOTIONAL COMMUNICATIONS
You may opt out of receiving promotional communications from us by contacting us as provided in Section 13 Contact Us below, or following the unsubscribe link or instructions provided in any email we send.
6. COMPLIANCE WITH LAWS
We will disclose your Personal Information where required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.
7. YOUR RIGHTS UNDER THE GENERAL DATA PROTECTION REGULATION (“GDPR”)
If you are located in the European Economic Area (“EEA”), this Section 7 applies with respect to your personal data.
7.1 Data Controller
When you access our Services, contact us, or otherwise interact with us from the EEA, RSG Group North America, LP is the data controller.
7.2 Your Rights
Users who wish to correct, update, change, or erase the Personal Information they submit to the Service should be able to go back into the applicable account page to edit the submitted information. For your information, in accordance with certain, possibly applicable, privacy laws, you may have the following rights in respect of your Personal Information that we hold:
• Right of access. You have the right at any time to ask us for a copy of the personally identifiable information about you that we hold. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your personally identifiable information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
• Right of portability. In certain instances, you have a right to receive any personally identifiable information that we hold about you in a structured, commonly used and machine-readable format. You can ask us to transmit that information to you or directly to a third party organization. The above right exists only in respect of personally identifiable information that: (i) you have provided to us previously; and, (ii) is processed by us using automated means. While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organization’s systems. We are also unable to comply with requests that relate to personally identifiable information of others without their consent.
• Right to rectification. The right to obtain rectification of your personally identifiable information without undue delay where that personally identifiable information is inaccurate or incomplete.
• Right to erasure. The right to obtain the erasure of your Personal Information without undue delay in certain circumstances, such as where the Personal Information is no longer necessary in relation to the purposes for which it was collected or processed.
• Right to restriction. The right to obtain the restriction of the processing undertaken by us on your Personal Information in certain circumstances, such as where the accuracy of the Personal Information is contested by you, for a period enabling us to verify the accuracy of that Personal Information.
• Right to object. The right to object, on grounds relating to your particular situation, to the processing of your Personal Information, and to object to processing of your Personal Information for direct marketing purposes, to the extent it is related to such direct marketing.
For additional information, assistance with any problems accessing your information or if you wish to exercise one of these rights, please contact us as provided below in Section 13 Contact Us below.
Upon request, we will provide you with information about whether we hold any of your personally identifiable information. Again, you may access, correct or request deletion of your personally identifiable information by logging into your account, or by contacting us. We will respond to your request within 30 days.
If you live or work in the EEA, you are also entitled to lodge a complaint with your applicable supervisory authority. A list of relevant authorities in the EEA and the European Free Trade Area can be accessed here: https://edpb.europa.eu/about-edpb/board/members_en.
8. YOUR CALIFORNIA RIGHTS
The California Consumer Privacy Act (“CCPA”) provides California residents with the following rights:
• Right to Know. The right to know the Personal Information that we collect from you, the purposes for which we use it, the sources from which we collect it, the limited circumstances under which we share it, with whom we share it, and your rights regarding it.
• Right to Request Access and Data Portability Rights. The right to request we disclose certain information to you about our collection and use of your Personal Information (as used in this section “Personal Information” has the definition set forth in CCPA) over the past 12 months, upon verifiable consumer request. Once we receive and confirm your verifiable consumer request, we will disclose to you: (i) the categories of Personal Information we collected about you, (ii) the categories of sources for the Personal Information we collected about you, (iii) our business or commercial purpose for collecting or selling that Personal Information, (iv) the categories of third parties with whom we disclosed or sold that Personal Information, (v) and/or the specific pieces of Personal Information we collected about you (also called a data portability request). You may make a “request to know” up to two times in a 12-month period free of charge, subject to limitations described in the law. A general description of the categories of information that we collect, the purpose for collecting, using and sharing such information, and types of service providers we share information with is set forth above in the “Information and Collection,” “Legal Basis, Use and Retention of Information” and “Third Party Data Processors and Services Providers” sections.
• Right to Request Deletion. The right to request we delete your Personal Information that we collected from you and retained. Once we receive and confirm your verifiable consumer request, we will delete your Personal Information from our records, subject to certain exceptions under applicable law.
• Right to Opt Out of Sale. The right to opt out of the “sale” of your personal information to “third parties.”
• Authorized Representatives. You may also designate an authorized representative to make consumer rights requests on your behalf. We will require verification that you did in fact authorize the representative.
• No sale of personal information. Although we do not believe we sell personal information, CCPA has very broadly defines “sale” as to qualify our limited sharing of your personal information as a “sale”.
• No Discrimination. We will not discriminate against any consumer for exercising their rights under the CCPA. We will not deny you goods or services, charge you different rates, or give you different discounts because you used one of these rights.
If you wish to exercise these rights, please contact us as provided below in Section 13 Contact Us below. Please note that certain rights may be limited or unavailable depending on the type of data requested or exception under applicable law.
9. CHILDREN’S PRIVACY
Our Services are not directed at anyone under the age of thirteen (13); and we do not knowingly collect personally identifiable information from anyone under the age of thirteen (13). Additionally, you must be over the minimum age to consent to the processing of your personal data as required by the laws of your country to use our Services.
10. DATA TRANSFER
If you are located in the EEA, we will comply with applicable legal requirements providing adequate protection for the transfer of personally identifiable information to recipients in countries outside of the EEA, including the USA. In all such cases, we will only transfer your personally identifiable information if:
• The country to which the personally identifiable information will be transferred has been granted a European Commission adequacy decision;
• The recipient of the personally identifiable information is located in the U.S. and has certified to the EU-U.S. Privacy Shield Framework; or
• We have put in place appropriate safeguards with respect to the transfer, for example the EU Model Clauses.
You may request a copy of the safeguards that we have put in place in respect of any applicable transfers of personally identifiable information by contacting us as described in the Contact Us section below.
The security of your Personal Information is important to us, and we strive to implement and maintain administrative, technical, and physical security measures appropriate to the nature of the information we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure.
However, please be aware that no method of transmission over the internet, or method of electronic storage is 100% secure and we are unable to guarantee the absolute security of the Personal Information we have collected from you.
13. CONTACT US
Effective Date: 04/11/2022