Effective Date: December 31, 2019
(If you are a CA resident, this statement includes your California Privacy Rights. See below California Privacy Rights.)
The Active&Fit DirectTM program is a fitness and health education program (the “Active&Fit Direct Program” or “Program”) provided by American Specialty Health Fitness, Inc., a subsidiary of American Specialty Health Incorporated. The Active&Fit Direct Program and the Active&Fit Direct website (the “Active&Fit Direct Website” or “Website”) are owned and operated by American Specialty Health Incorporated, a Delaware corporation with a mailing address of 10221 Wateridge Circle, San Diego, CA 92121, on behalf of itself and its subsidiaries. The provisions of this Privacy Statement apply to these companies to the extent they support the Active&Fit Direct program. The terms “ASH” or “we” in this Privacy Statement refer collectively to these companies.
ASH values its users (“you”) and respects your privacy. We are committed to using your information responsibly. The information you provide to us through the Active&Fit Direct Program or on the Active&Fit Direct Website is governed by this Privacy Statement. This Privacy Statement informs users about the Active&Fit Direct information practices, including: what personal information we collect through the Active&Fit Direct Program and on the Active&Fit Direct Website; how the personal information is collected; how the personal information will be used; and the choices you have about the collection and use of personal information.
This Privacy Statement, together with the Terms and Conditions, govern your participation in the Active&Fit Direct Program and your use of the Active&Fit Direct Website. By using the Active&Fit Direct Website, or otherwise participating in the Active&Fit Direct Program, you accept and agree to be bound by this Privacy Statement and the Terms and Conditions.
You should read and familiarize yourself with this Privacy Statement and with activeandfitdirect.com Terms and Conditions. By using activeandfitdirect.com, you acknowledge and consent to our collection, processing and use of your information as described in this Privacy Statement. For any questions about this Privacy Statement, please contact us directly through any means noted at the end of this Privacy Statement. If information practices change, activeandfit.com will post the revised policy on activeandfitdirect.com and/or will notify users through direct communication.
What kind of information does ASH collect?
When you participate in the Active&Fit Direct Program or interact with the Active&Fit Direct Website, we will collect “Personal Information,” which is any information that can be used to identify you.
We do not knowingly or intentionally collect what is commonly referred to as ‘sensitive personal information’. Sensitive personal information is information related to reproductive health, sexually transmitted diseases, substance use disorder, gender dysphoria, gender affirming care, domestic violence, and mental health. Please do not submit sensitive personal information to us.
How we obtain information about you:
- when you provide it to us (e.g. by contacting us through our Contact Us, through our chat, when you call us, when registering or enrolling for the services)
- from your use of our website, using cookies, and
- occasionally, from our service providers.
This chart is a reference guide on how the Active&Fit Direct program collects, uses, and shares your information. This is only a summary. You should review the full privacy statement below for more detail. If you are a California resident or an international user, the full privacy statement below contains important information related to your privacy rights.
|Categories of Personal Information||Source of Collection||How do we use?||How do we share?|
Guest Pass Request/
Protected Class Information:
|Provided by you.|
To perform services such as maintain and service your account, provide customer service, process transactions, verify customer information, and advertising and marketing.
To perform auditing, detecting security incidents, debugging programs, internal research and tech development, and quality assurance and product improvement.
With contracted Fitness Centers for eligibility, reimbursement, and utilization reporting. Additional information shared may include Fitness ID, Program name, and effective date/termination date.
We may share email, first name, and last name with service providers who support email communications.
With Streaming Service Provider for on-demand fitness classes regarding utilization and reimbursement.
Your device will share your activity information when you agree to participate in the Connected! Feature with an activity aggregator that forwards the activity information to us to include in your account.
For apple watch users: Your device sends information directly to us which is then shared with our activity aggregator service provider so that it may be added to your account.
|To perform services related to recording your activity, such as steps taken in a day, and tracking your progress over time.||If your program is offered through your work or your health plan and you have given consent, we may share information with the benefit administrator of that program to help you meet your employer or health plan incentive, if applicable.|
First and last name
|Provided by you.||To verify your information and to perform services addressing your questions, suggestions and complaints.||We may share the information outside of ASH as necessary to resolve your inquiry or concern when resolution requires third-party action.|
|Payment Processing||We do not collect your credit card information or maintain it on our systems. If you choose to enroll in the Active&Fit Direct Program you will be asked to provide your credit card information to process your enrollment fee and recurring monthly fee. We use a PCI-compliant third-party payment processor to collect and process your credit card information. Active&Fit Direct does not directly collect or maintain your credit card information.|
|Additional Sharing||For legal purposes, including: as reasonably necessary to comply with law or legal process (including a court or government order or subpoena); to detect, prevent, or otherwise address fraud, security or technical issues; to enforce this Privacy Statement or the Terms & Conditions for the Active&Fit Direct program and the use of this Website; and as reasonably necessary to protect the rights, property or safety of ASH, ASH users, and/or the public.
Aggregate information: In addition, ASH may provide reputable third-party vendors and sponsoring organizations with aggregate statistics regarding user participation, Active&Fit Direct Website traffic patterns and related Usage Information. The information so provided will not include individually identifiable information, meaning we will not share your Personal Information with these third-parties.
|Cookies, Website Analytics, and Interest Based Advertising|
Internet or Electronic Activity Information:
Web server logs,
|Aggregated information provided by Google Analytics.|
To perform auditing, detecting security incidents, debugging programs, internal research and tech development, and quality insurance and product improvement.
To perform services related to marketing available program features.
|We do not share personal information that Google Analytics provides to us with any third parties.|
|Your Active&Fit Direct Program may include access to other ASH products and programs, such as but not limited to, the Connected! Feature. These products and programs have separate terms and conditions and privacy statements. You should review and accept their respective terms and conditions and privacy statements before you use them.|
|If you choose not to provide your Personal Information, certain features of the Active&Fit Direct Program and Active&Fit Direct Website will not be available to you.|
Additional Detail Regarding Uses
California Users seebelow.
- Registering and enrolling into the Active&Fit Direct Program: The Active&Fit Direct Program registration requires Identifiers such as first and last name, date of birth, gender (optional), mailing address, phone number (optional), e-mail address, a username and password to enter the password-protected area of the Active&Fit Direct Website, security question and answer to help recover your user name and/or password.
- Requesting a Guest Pass: If you request a guest pass letter, you will be required to register for the site. We may follow up with you on your guest pass experience at the contact information you provide.
- Joining Active&Fit Connected!TM: If you use the Active&Fit Connected! feature, you allow us to record your activity related information, such as steps taken in a day, through your eligible enabled activity/fitness device or equipment (a “Fitness Device”). When you use this feature, your activity information will be transmitted from your Fitness Device by the Fitness Device manufacturer to Validic (a third-party data aggregator that we use to facilitate the Active&Fit Connected! feature). After receiving the information from Validic, we upload the information into your member profile/account on Active&Fit Direct Website. By using the Active&Fit Connected! feature, you allow us to receive this information from your Fitness Device.
- Searching for and selecting an Active&Fit Fitness Center: We may collect and use your address to help locate Active&Fit fitness centers near you. We may also receive utilization reports containing dates of visits from any Active&Fit fitness center that you have accessed through your enrollment in the program.
- Contacting us: When you contact us through the Active&Fit Direct Website, via email, telephone or other means, we may collect your name, phone, address, e-mail address, sponsoring organization, inquiry type, and comment.
- Web server log information: We collect and store server logs to ensure network and IT security and so that the server and website remain uncompromised. This includes analyzing log files to help identify and prevent unauthorized access to our network, the distribution of malicious code, denial of services attacks and other cyber-attacks, by detecting unusual or suspicious activity.
- We also use server logs to troubleshoot application issues that would impact Active&Fit Direct users experience. This could happen when a certain feature (for example login or subscription) isn’t working as expected or when the performance of the website is degraded.
- Unless we are investigating user-impacting issues, suspicious or potential criminal activity, we do not make, nor do we allow our hosting provider to make, any attempt to identify you from the information collected via server logs.
- Web Beacons: We use web beacons, which can be included in web pages or in emails for reporting and analytic purposes, such as counting users who have visited a web page and/or tracking usage patterns. We do not gather personal information of any kind via this activity. Web beacons cannot be declined when delivered via a regular web page. However, web beacons can be refused when delivered via email. If you do not wish to receive web beacons via email, refuse HTML (select Text only) emails via your email.
- Interest-Based Advertising: We may also work with a variety of advertisers, third-party websites/applications, and analytics companies that use these technologies to collect data about your use of the Active&Fit Direct Website so that we can deliver ads to you based on your interests and online activities. This information does not identify you or give us access to your computer or mobile device. For more information about online advertising or to choose not to see interest-based ads, please visit http://www.aboutads.info/choices. Keep in mind that if you choose not to see online interest-based ads, you’ll still see ads, but they may not be as relevant to you.
How does ASH use my information?
We use the information we collect from you in the following ways:
- Process enrollment and facilitate participation: If you enroll in the Active&Fit Direct Program, we will use your information to process your enrollment, set up and administer your account, and verify utilization with Active&Fit fitness centers. If you use Active&Fit Connected! feature, we will record your registered device activity information over time and will use such recorded information to allow you to track your fitness progress.
- Fulfill your requests: We use your information to fulfill your requests, such as process a guest pass letter request or send you information that you request.
- Communicate with you: We may use your information to process and respond to your inquiries or to send you important administrative announcements, such as about changes to ASH, the Active&Fit Direct Program and Website, or this Privacy Statement. We may also follow up with you on your guest pass experience at the contact information you provide while using the guest pass request feature.
- Enhance your experience: We use Usage Information to enhance and personalize your experience, such as to help us remember who you are and to understand and save your preferences for future visits.
- Improving our services: We may aggregate your information with other users’ information to understand how the Active&Fit Direct Program and Website are being used, evaluate the efficacy of the overall Program, and carry out other tasks relating to operation or improvement. This “Aggregate Information” is statistical data collected and pooled with all other participants enrolled in the Program, and it cannot be used to identify you.
What is ASH’s policy regarding links to other websites and services?
For more on Links, please see the Active&Fit Direct Terms and Conditions.
Under what circumstances does ASH share user information collected on the Active&Fit Direct Website or through the Active&Fit Direct Program with third parties?
- With Program Sponsors: You have access to Active&Fit Direct through a program made available to your Program sponsor. Your Program sponsor, or sponsoring organization, is the entity who is offering the Active&Fit Direct program to its eligible population. We may provide Aggregate Information to the Program sponsor. ASH will not provide individually identifiable information to the Program sponsor.
- With Service Providers: To facilitate services under the Program and to support the operation and maintenance of the Active&Fit Direct. Our service providers include:
- Telephone Providers
- Email Providers
- Mailing List Providers
- Payment Processing
- Activity Aggregator
- Cloud Provider
- Chat Provider
- Analytic Provider
- Fitness Centers
- Fitness Class Streaming
- For legal purposes, including: as reasonably necessary to comply with law or legal process (including a court or government order or subpoena); to detect, prevent, or otherwise address fraud, security or technical issues; to enforce this Privacy Statement or the Terms & Conditions for the Active&Fit Direct program and the use of this Website; and as reasonably necessary to protect the rights, property or safety of ASH, ASH users, and/or the public.
Additional Information Regarding Service Providers:
- Activity Aggregator: As part of Active&Fit Direct we allow our users to access their fitness data (steps, distance, duration, calories, etc.) through our “Connected” feature. This is a convenience feature and doesn’t impact users’ access to fitness centers. That data is collected on fitness devices (ex. Garmin or Fitbit fitness band, smart watch, fitness mobile app on a smart phone.) Connected supports over 250 fitness devices and apps. Validic is the service provider that builds and maintains connectivity to all these devices, aggregates and transmits that data to us. If you don’t want Active&Fit Direct and Validic to aggregate your fitness data simply abstain from adding your device to Connected. If you’ve already added your device you can disconnect it from Active&Fit Direct and your fitness data will stop being collected.
- Cloud Provider: Microsoft Azure is used to host certain parts of Active&Fit Direct that do not collect your personal information.
- Chat Provider: Our live chat feature is powered by our service provider. That feature is meant to help you get faster support to answer any customer support question you may have. We will only use your personal information in order to help your experience through the registration, enrollment to Active&Fit Direct and any other part of the experience you require assistance on. If you do not want Active&Fit Direct and to collect your personal information for that purpose you have access to email and phone-based customer support.
- Fitness Centers: When you enroll in Active&Fit Direct, ASH will provide you with a fitness card. When you sign up at your selected fitness center, the fitness center verifies your eligibility information which includes personal information (name, date of birth, fitness ID, program name). In the event that you terminate your Active&Fit Direct membership, ASH sends your name, date of birth, fitness ID, program name, effective date, and termination date to the fitness center to facilitate termination of your account.
Transfer and storage of your information
Email: We use a Service Provider to store emails you send us. Our email service provider is Hubspot located in the United States. We also use Hubspot and/or Microsoft 365 to send follow-up emails to the address you provide. Transmission of information over the internet is not entirely secure, and if you submit any information to us over the internet (whether by email, via our website or any other means), you do so entirely at your own risk.
Telephone Providers: When you contact us by phone, we collect your phone number and any information provide to us during your conversation with us. We may record your phone calls for quality and training purposes.
Payment Processing: we collect your credit or debit card and address information in order to process your payment for the Active&Fit Direct service. Recurly is our PCI-compliant service provider (payment gateway) we use to collect your recurring monthly payment. CardEasy is the PCI-compliant service provider we use to collect your payment in a secure way over the phone. Paypal is the payment processor used by both CardEasy and Recurly to charge your credit or debit card. Active&Fit Direct does not collect or store any payment information.
We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.
Can users opt out of collection of Personal Information on the Active&Fit Direct Website or as part of the Active&Fit Direct Program?
California Residents see below. The functionality of the Active&Fit Direct Website and associated tools and features requires that we collect and receive certain personal information from and about participants in the Active&Fit Direct Program. If you do not wish to have your Personal Information collected or received by us in any capacity, you should not use the Active&Fit Direct Website or participate in the Active&Fit Direct Program.
Do Not Track: Some web browsers incorporate a "do-not-track" (“DNT”) or similar feature that signals to websites that a visitor does not want to have his/her online activity tracked. If a website receives a DNT signal, the browser can block that website from collecting certain information about the browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, we (along with many other website operators) do not currently respond to DNT signals. For more information about DNT signals, visit www.allaboutdnt.com.
How can users opt-out of receiving communications from ASH?
If you have provided your email address, postal address, and/or telephone number to ASH, you may opt out of receiving marketing/promotional communications from ASH by contacting ASH as described at the end of this Privacy Statement. To stop receiving marketing/promotional communications via email, you can also use the “unsubscribe” link contained in a marketing/promotional email you have previously received from ASH. Please note that email unsubscribe requests may not take effect immediately.
NOTE: Your opt-out regarding our marketing/promotional communications will not stop communications from ASH of a transactional nature or as required by law. For example, we will still send you communications regarding your account or a purchase, request or inquiry you have made with ASH, notices regarding material changes to the Active&Fit Direct Website or its information practices, and other administrative notices.
How long does ASH retain my personal information?
ASH retains your data for ten years. ASH may also retain your data as long as required by any legal obligations. California Residents see below.
Can users disable their accounts and delete their information collected on the Active&Fit Direct Website or through enrollment in the Active&Fit program?
Except as expressly otherwise stated in this Privacy Statement, and except where applicable law provides otherwise, personal information collected on the Active&Fit Direct Website, or through the Active&Fit Program generally, cannot be deleted or removed from ASH’s database and will be retained in accordance with ASH’s record retention policy for ten years. User accounts, however, may be disabled upon written request, using the contact information at the end of this Privacy Statement. California Residents see below.
How does ASH protect the privacy of minors regarding the Active&Fit Direct Website?
ASH is concerned about the safety of children when they use the Internet. The Active&Fit Direct Website is not intended for use by persons under the age of majority (e.g., under the age of 18 in California). If ASH becomes aware that a user is under the age of 18 and has provided Personal Information to ASH without prior parental consent, ASH will remove all information provided by such underage user from its database.
How does ASH safeguard user information?
In order to maintain confidentiality and safeguard the security of Personal Information, ASH has implemented company-wide policies regarding privacy, security, and confidentiality. Despite these measures, the confidentiality of your Personal Information cannot be guaranteed. We encourage you to take appropriate steps to protect your Personal Information, such as using a complex password when you register for the Program.
Note to international users.
The Active&Fit Direct Program and Website are intended for U.S. residents. If you are outside of the United States and access the Active&Fit Direct Website or submit your Personal Information to us, please be advised that U.S. law may not offer the same privacy protections as the law of your jurisdiction. By using the Active&Fit Direct Website or submitting your Personal Information to us, you consent to the transfer to and processing of your Personal Information in the United States.
CALIFORNIA RESIDENTS: YOUR CALIFORNIA PRIVACY RIGHTS
Under California Civil Code Section 1798.83 (known as the “shine the light” law) and the California Consumer Privacy Act 1798.100-199 (known as the “CCPA”), provide California residents with specific rights related to the collection, use and disclosure of their personal information by us.
Under the “shine the light” law, California residents have a right to request an information-sharing disclosure from a business to which they have provided personal information and which has disclosed the information to any third party for third-party direct marketing uses in the prior calendar year.
While our privacy practices have adopted many of the CCPA requirements across our program, this section discusses specific rights and elements applicable to persons who are California residents at the time we collected, used or disclosed your personal information.
Your rights in relation to your information:
Right to Know: You have the right to request that ASH disclose what personal information we have collected, used, disclosed, and sold in the previous twelve (12) months.
To request this information you may fill out this form - https://go.ashcompanies.com/hubfs/RighttoKnow.pdf. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “California Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Know by phone at (844) 646-2746.
ASH will verify your request by matching information provided by you in the Right to Know Form to information housed in our internal systems.
If we are unable to verify the request, we will deny the request and provide notice of such denial. ASH may also deny requests if you submit the Right to Know Form more than twice in a calendar year or if your request is not sent to the designated email, phone number, or address.
ASH will grant, deny, or respond to a request within 45 days of receipt of the Right to Know Form. If an extension of time (up to a maximum of 90 days) is required, we will notify you and provide additional information about the process.
Right to Delete: You have the right to request the deletion of your personal information collected or maintained by the ASH.
To request this information you may fill out this form - https://go.ashcompanies.com/hubfs/RighttoDelete.pdf. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “California Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Delete by phone at (844) 646-2746.
ASH will verify your request in a two-step verification process. First, ASH will match information provided by you in the Right to Delete Form to information housed in our internal systems. Second, ASH will contact you to verify your identity and confirm your request, such contact may be made by phone or email.
If we are unable to verify the request, we will deny the request and provide notice of such denial. ASH may also deny requests if you submit the Right to Delete Form more than twice in a calendar year or if your request is not sent to the designated email, phone number, or address.
ASH will grant, deny, or respond to a request within 45 days of receipt of the Right to Delete Form. If an extension of time (up to a maximum of 90 days) is required, we will notify you and provide additional information about the process.
In response to your request, ASH may deny or grant your request. If ASH grants your request, we will notify you as to which of the following methods We have used to fulfill your request. We may do one of the following: (1) permanently delete your information from our systems; (2) deidentify your information; or (3) aggregate your information in accordance with CCPA requirements.
A denial of a deletion request may occur if ASH requires the use of your personal information to complete a transaction or provide services on your behalf, to detect security incidents and prosecute those responsible, to debug and repair errors that impair existing functionality, to exercise free speech or allow you to exercise free speech or any other right, to comply with the California Electronic Communications Privacy Act, to engage in public or peer-reviewed research with informed consent if deletion would seriously impair the achievement of such research, to enable solely internal uses that are reasonably aligned with the business relationship between you and ASH, or to comply with a legal obligation.
Right to Non-Discrimination: You have the right to exercise your privacy rights to know and to delete without facing discrimination of service or product offerings. Your use of Active&Fit Direct will remain the same whether you exercise your Right to Know or Right to Delete under the CCPA.
Right to Authorize an Agent: You have the right to authorize an agent to communicate on your behalf. To authorize an agent you may fill out this form - https://go.ashcompanies.com/hubfs/AuthorizedAgent.pdf. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “California Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Authorize Agent by phone at (844) 646-2746.
ASH will verify your request by matching information provided by you in the Right to Authorize an Agent Form to information housed in our internal systems.
If we are unable to verify the request, we will deny the request and provide notice of such denial.
Right to Opt-Out: ASH does not sell or knowingly share your personal information with third parties for non-permitted uses including direct marketing. California residents may send requests for information-sharing disclosure under this law by contacting us at the following email: HIPAA@ashn.com with the subject line “California Privacy Rights” or by phone (844) 646-2746 or by mail address located in the contact section below. Please note that, under this law, we are not required to respond to your request more than twice in a calendar year, nor are we required to respond to any requests that are not sent to the designated email, phone number, or address.
Additionally, should we receive CCPA-related requests that are manifestly unfounded or excessive, in particular because of their repetitive character, we reserve the ability to either charge a reasonable fee for taking the action requested or refuse to act on the request. If we refuse your request on this basis we will notify you of the reason why.
How can users contact ASH?
Questions and requests may be submitted through the Contact Us feature of the Active&Fit Direct Website, or using the following contact information:
Active&Fit Direct Customer Service
P.O. Box 509117
San Diego, CA 92150-9117
(844) 646-2746, 5:00am to 6:00pm, Monday through Friday (except for company holidays).
If you need assistance with or require this Privacy Statement in an alternative format, please contact us at (844) 646-2746.
Privacy and Security Contact Information
ASH has a designated Privacy Officer and an Information Security Officer to oversee our privacy and security programs. You may direct questions about these programs to these individuals by either calling (877) 427-4766 or emailing HIPAA@ashn.com The Active&Fit Direct Program and use of the Active&Fit Direct Website are governed by the Active&Fit Direct Terms and Conditions.