Privacy Statement

Effective Date: May 1, 2020

(If you are a CA resident, this statement includes your California Privacy Rights. See below California Privacy Rights.)

The Active&Fit DirectTM program is a fitness and health education program (the “Active&Fit Direct Program” or “Program”). The Active&Fit Direct Program and the Active&Fit Direct website (the “Active&Fit Direct Website” or “Website”) are owned and operated by American Specialty Health Fitness, Inc. (ASH Fitness), a subsidiary of American Specialty Health Incorporated (“ASH”), a Delaware corporation with a mailing address of 10221 Wateridge Circle, San Diego, CA 92121, on behalf of itself and its subsidiaries. The Active&Fit Direct Healthy Living Program as part of the Active&Fit Direct program are managed by ASH affiliate, American Specialty Health Management, Inc. (ASH Management). The provisions of this Privacy Statement apply to these companies to the extent they support the Active&Fit Direct program. The terms “ASH” or “we” in this Privacy Statement refer collectively to these companies.

ASH values its users (“you”) and respects your privacy. We are committed to using your information responsibly. The information you provide to us through the Active&Fit Direct Program or on the Active&Fit Direct Website is governed by this Privacy Statement. This Privacy Statement informs users about the Active&Fit Direct information practices, including: what personal information we collect through the Active&Fit Direct Program and on the Active&Fit Direct Website; how the personal information is collected; how the personal information will be used; and the choices you have about the collection and use of personal information.

This Privacy Statement, together with the Terms and Conditions, govern your participation in the Active&Fit Direct Program and your use of the Active&Fit Direct Website. By using the Active&Fit Direct Website, or otherwise participating in the Active&Fit Direct Program, you accept and agree to be bound by this Privacy Statement and the Terms and Conditions.

You should read and familiarize yourself with this Privacy Statement and with activeandfitdirect.com Terms and Conditions. By using activeandfitdirect.com, you acknowledge and consent to our collection, processing and use of your information as described in this Privacy Statement. For any questions about this Privacy Statement, please contact us directly through any means noted at the end of this Privacy Statement. If information practices change, activeandfit.com will post the revised policy on activeandfitdirect.com and/or will notify users through direct communication.

Information Collected by Active&Fit Direct

We do not knowingly or intentionally collect what is commonly referred to as ‘sensitive personal information’. Sensitive personal information is information related to reproductive health, sexually transmitted diseases, substance use disorder, gender dysphoria, gender affirming care, domestic violence, and mental health. Please do not submit sensitive personal information to us.

How we obtain information about you:

  • when you provide it to us (e.g. by contacting us through our Contact Us, through our chat, when you call us, when registering or enrolling for the services)
  • from your use of our website, using cookies, and
  • occasionally, from our service providers.
This chart is a reference guide on how the Active&Fit Direct program collects, uses, and shares your information. This is only a summary. You should review the full privacy statement below for more detail. If you are a California resident or an international user, the full privacy statement below contains important information related to your privacy rights.
 Categories of Personal InformationSource of CollectionHow do we use?How do we share?
Website Registration/
Program Enrollment/Guest Pass Request/Club Activation

Identifiers:
First and last name,
Email address,
Username and password,
Security question and answer

Personal Information:
Phone number (optional)
Mailing address

Protected Class Information:
Date of Birth
Gender (optional)

Provided by you.

To perform services such as maintain and service your account, provide customer service, process transactions, verify customer information, and advertising and marketing.

To perform auditing, detecting security incidents, debugging programs, internal research and tech development, and quality assurance and product improvement.

With contracted Fitness Centers for eligibility, reimbursement, and utilization reporting. Additional information shared may include Fitness ID, Program name, and effective date/termination date.

We may share email, first name, and last name with service providers who support email communications

On-Demand Fitness Classes and
Live Fitness Classes

Identifiers:

IP Address Device ID
Profile name (if you comment or interact with Active&Fit Direct)

Provided by you to Streaming Service Provider when you activate or stream an on-demand fitness class or live fitness class.To perform services such as maintain and service your account, provide customer service, process transactions, verify customer information, and advertising and marketing.

With Streaming Service Provider for on-demand fitness classes. The Provider and ASH share general utilization data for administrative purposes such as processing reimbursement by ASH to the Provider.


Your use of the third-party website (Facebook,Youtube, etc.) to view live classes is governed by its own Privacy Policy and Terms & Conditions. If you comment on a workout video, your comment may be publicly viewable and ASH may receive your profile name, in order to reply to your comment.

Connected!™

Identifiers:
Device ID

Personal Information:
Your fitness device activity information (e.g. steps, exercise duration, etc.)

Your device will share your activity information when you agree to participate in the Connected! Feature with an activity aggregator that forwards the activity information to us to include in your account.

For apple watch users: Your device sends information directly to us which is then shared with our activity aggregator service provider so that it may be added to your account.

To perform services related to recording your activity, such as steps taken in a day, and tracking your progress over time.If your program is offered through your work or your health plan and you have given consent, we may share information with the benefit administrator of that program to help you meet your employer or health plan incentive, if applicable.
Active&Fit Direct Healthy Living Telephonic Coaching

Identifier:
First and last name,
E-mail address


Personal Information:
Phone number,
Mailing address,
Program sponsor name

Healthy Living Coaching Enrollment Information (e.g. information related to wellness goals,
Height,
Weight, general health information to ensure coaching program is appropriate for you)

Protected Class Information:
Date of Birth
Gender

 

Provided by you.

Healthy Living Coaching Information is provided by you to ASH Fitness’ affiliate, American Specialty Health Management, Inc. (ASH Management). ASH Management provides the coaching services.

To perform services such as maintain and service your account, provide customer service, process transactions, verify customer information, and advertising and marketing.

ASH Management provides the coaching services with administrative support provided by ASH Fitness. Any Healthy Living Coaching Information noted herein is retained by ASH Management and is not shared with ASH Fitness on an individually identifiable basis. ASH Fitness and ASH Management will share individually identifiable information (e.g., Identifiers, Personal Information, Protected Class Information) for administration of the coaching feature.

ASH Management may also provide aggregate information to ASH Fitness about Active&Fit Direct member participation in the program, but such information will not include individually identifiable information. ASH Fitness may in turn share such aggregate information with Program sponsors.

Contact Us

Identifier:
First and last name
E-mail address

Personal Information:
Phone number,
Sponsoring Organization,
General inquiry details

Provided by you.To verify your information and to perform services addressing your questions, suggestions and complaints.We may share the information outside of ASH as necessary to resolve your inquiry or concern when resolution requires third-party action.
Payment ProcessingWe do not collect your credit card information or maintain it on our systems. If you choose to enroll in the Active&Fit Direct Program, you will be asked to provide your credit card information to process your enrollment fee and recurring monthly fee. We use a PCI-compliant third-party payment processor to collect and process your credit card information. Active&Fit Direct does not directly collect or maintain your credit card information.
Additional Sharing

For legal purposes, including: as reasonably necessary to comply with law or legal process (including a court or government order or subpoena); to detect, prevent, or otherwise address fraud, security or technical issues; to enforce this Privacy Statement or the Terms & Conditions for the Active&Fit Direct program and the use of this Website; and as reasonably necessary to protect the rights, property or safety of ASH, ASH users, and/or the public.

During a corporate reorganization: If ASH is involved in a merger, acquisition, financing, or sale of business or assets, information collected from and about users may be transferred to one or more third parties involved in such transaction and, upon such transfer, the relevant third-party privacy policy or policies may govern further use of the information. In the event of such a change, ASH will endeavor to notify our users of the change as well as any choices our users may have regarding the change.

Aggregate information: In addition, ASH may provide reputable third-party vendors and sponsoring organizations with aggregate statistics regarding user participation, Active&Fit Direct Website traffic patterns and related Usage Information. The information so provided will not include individually identifiable information, meaning we will not share your Personal Information with these third-parties.

Cookies, Website Analytics, and Interest Based AdvertisingInternet or Electronic Activity Information:
Web server logs,
Cookies,
Web beacons, and
Website browsing activity
Aggregated information provided by Google Analytics.

To perform auditing, detecting security incidents, debugging programs, internal research and tech development, and quality assurance and product improvement.

To perform services related to marketing available program features.

We do not share the information that Google Analytics provides to us with any third parties.
Your Active&Fit Direct Program may include access to other ASH products and programs, such as but not limited to, the Connected! and Active&Fit Direct Healthy Living features. These products and programs have separate terms and conditions and privacy statements. You should review and accept their respective terms and conditions and privacy statements before you use them.
If you choose not to provide your Personal Information, certain features of the Active&Fit Direct Program and Active&Fit Direct Website will not be available to you.

Additional Detail Regarding Uses

  • Registering and enrolling into the Active&Fit Direct Program: The Active&Fit Direct Program registration requires Identifiers such as first and last name, date of birth, gender (optional), mailing address, phone number (optional), e-mail address, a username and password to enter the password-protected area of the Active&Fit Direct Website, security question and answer to help recover your user name and/or password.
  • Requesting a Guest Pass: If you request a guest pass letter, you will be required to register for the site. We may follow up with you on your guest pass experience at the contact information you provide.
  • Joining Active&Fit Connected!TM: If you use the Active&Fit Connected! feature, you allow us to record your activity related information, such as steps taken in a day, through your eligible enabled activity/fitness device or equipment (a “Fitness Device”). When you use this feature, your activity information will be transmitted from your Fitness Device by the Fitness Device manufacturer to Validic (a third-party data aggregator that we use to facilitate the Active&Fit Connected! feature). After receiving the information from Validic, we upload the information into your member profile/account on Active&Fit Direct Website. By using the Active&Fit Connected! feature, you allow us to receive this information from your Fitness Device.
  • Searching for and selecting an Active&Fit Fitness Center: We may collect and use your address to help locate Active&Fit fitness centers near you. We may also receive utilization reports containing dates of visits from any Active&Fit fitness center that you have accessed through your enrollment in the program.
  • On-Demand Fitness Classes. ASH embeds Fitness On Demand’s video platform directly onto the Active&Fit Direct website. Fitness On Demand will receive analytic information such as videos participants have selected to watch in order for ASH to receive data about the content being accessed and in order to perform payment to Fitness On Demand by ASH. You should review Fitness On Demand’s full privacy policy for further understanding of information that is collected.
  • Viewing live workouts. If you click on the Active&Fit Direct live workout links hosted on Facebook and Youtube, you will be redirected to those third-party websites to view the workout. Your use of the third-party website (Facebook,Youtube, etc.) is governed by its own Privacy Policy and Terms & Conditions. If you comment on a workout video, your comment may be publicly viewable and ASH may receive your profile name, in order to reply to your comment.
  • If you participate in Active&Fit Direct Healthy Living Telephonic Coaching, ASH will collect your first and last name, date of birth, gender, e-mail address, phone number, mailing address, and Program sponsor name. The coaching is provided through ASH Fitness affiliate ASH Management. ASH Management does not share your individually-identifiable Active&Fit Direct Healthy Living Telephonic Coaching information with ASH Fitness. The two affiliates may share your Identifiers and related Personal Information and Protected Class Information to perform services such as to maintain and service your account, provide customer service, process transactions, and verify customer information. ASH Management may also provide aggregate information to ASH Fitness about Active&Fit Direct member participation in the coaching program, but such information will not include individually identifiable information. ASH Fitness may in turn share such aggregate information with Program sponsors.
  • Contacting us: When you contact us through the Active&Fit Direct Website, via email, telephone or other means, we may collect your name, phone, address, e-mail address, sponsoring organization, inquiry type, and comment.

We may also collect information about your use of the Active&Fit Direct Website, which cannot be used to identify you.

Cookies and other similar technologies

We use cookies and other similar technologies on the Active&Fit Direct Website to help us remember who you are, to enhance and personalize your experience, to understand and save your preferences for future visits, to compile group information about our users, and to carry out other tasks relating to the operation or improvement of the Active&Fit Direct Website.

  • Cookies: We use cookies and other similar technologies on the Active&Fit Direct Website to help us remember who you are, to enhance and personalize your experience, to understand and save your preferences for future visits, to compile group information about our users, and to carry out other tasks relating to the operation or improvement of the Active&Fit Direct Website.
  • Cookies are small text files that are placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. Most web browsers are initially set to accept cookies, but you can change your browser settings to notify you when you are sent a cookie, giving you the ability to accept or reject it, or you can choose to routinely and manually delete cookies stored on your computer or mobile device. Each time you revisit the Active&Fit Direct Website, your ability to restrict our use of cookies on that service is subject to your browser settings and limitations at the time. Please note that if you choose to disable or reject cookies from the Active&Fit Direct Website, some portions and features of the Active&Fit Direct Website may become inaccessible or may not function properly.
  • Web server log information: We collect and store server logs to ensure network and IT security and so that the server and website remain uncompromised. This includes analyzing log files to help identify and prevent unauthorized access to our network, the distribution of malicious code, denial of services attacks and other cyber-attacks, by detecting unusual or suspicious activity.
    • We also use server logs to troubleshoot application issues that would impact Active&Fit Direct users experience. This could happen when a certain feature (for example login or subscription) isn’t working as expected or when the performance of the website is degraded.
    • Unless we are investigating user-impacting issues, suspicious or potential criminal activity, we do not make, nor do we allow our hosting provider to make, any attempt to identify you from the information collected via server logs.

Interest-Based Advertising: We may also work with a variety of advertisers, third-party websites/applications, and analytics companies that use these technologies to collect data about your use of the Active&Fit Direct Website so that we can deliver ads to you based on your interests and online activities. This information does not identify you or give us access to your computer or mobile device. For more information about online advertising or to choose not to see interest-based ads, please visit http://www.aboutads.info/choices. Keep in mind that if you choose not to see online interest-based ads, you’ll still see ads, but they may not be as relevant to you.

  • Google Analytics: Google Analytics to collect information to improve the Website, such as how often users visit the Website, what pages they visit when they do so, and what other websites they used prior to visiting the Active&Fit Direct Website. Google Analytics places a cookie on your web browser so that it can identify you the next time you visit the Website, and the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to the Website is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. If you don’t want Google Analytics to be used in your browser, you can install the Google Analytics opt-out browser add-on which is available at https://tools.google.com/dlpage/gaoptout

DO NOT TRACK: Some web browsers incorporate a "do-not-track" (“DNT”) or similar feature that signals to websites that a visitor does not want to have his/her online activity tracked. If a website receives a DNT signal, the browser can block that website from collecting certain information about the browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, we (along with many other website operators) do not currently respond to DNT signals. For more information about DNT signals, visit www.allaboutdnt.com.

How Active&Fit Direct uses personal information

We use the information we collect from you in the following ways:

  • Process enrollment and facilitate participation: If you enroll in the Active&Fit Direct Program, we will use your information to process your enrollment, set up and administer your account, and verify utilization with Active&Fit fitness centers. If you use Active&Fit Connected! feature, we will record your registered device activity information over time and will use such recorded information to allow you to track your fitness progress.
  • Fulfill your requests: We use your information to fulfill your requests, such as process a guest pass letter request or send you information that you request.
  • Communicate with you: We may use your information to process and respond to your inquiries or to send you important administrative announcements, such as about changes to ASH, the Active&Fit Direct Program and Website, or this Privacy Statement. We may also follow up with you on your guest pass experience at the contact information you provide while using the guest pass request feature.
  • Enhance your experience: We use Usage Information to enhance and personalize your experience, such as to help us remember who you are and to understand and save your preferences for future visits.
  • Improving our services: We may aggregate your information with other users’ information to understand how the Active&Fit Direct Program and Website are being used, evaluate the efficacy of the overall Program, and carry out other tasks relating to operation or improvement. This “Aggregate Information” is statistical data collected and pooled with all other participants enrolled in the Program, and it cannot be used to identify you.

Sharing with Third Parties

ASH may share your Personal Information with third parties in the following circumstances:

With Program Sponsors: You have access to Active&Fit Direct through a program made available to your Program sponsor. Your Program sponsor, or sponsoring organization, is the entity who is offering the Active&Fit Direct program to its eligible population. We may provide Aggregate Information to the Program sponsor. ASH will not provide individually identifiable information to the Program sponsor.

With Service Providers: To facilitate services under the Program and to support the operation and maintenance of the Active&Fit Direct. Our service providers include:

  • Telephone Providers
  • Email Providers
  • Mailing List Providers
  • Payment Processing
  • Activity Aggregator
  • Cloud Provider
  • Chat Provider
  • Analytic Provider
  • Fitness Centers
  • Fitness Class Streaming
  • Healthy Living Coaching

For legal purposes, including: as reasonably necessary to comply with law or legal process (including a court or government order or subpoena); to detect, prevent, or otherwise address fraud, security or technical issues; to enforce this Privacy Statement or the Terms & Conditions for the Active&Fit Direct program and the use of this Website; and as reasonably necessary to protect the rights, property or safety of ASH, ASH users, and/or the public.

During a corporate reorganization: If ASH is involved in a merger, acquisition, financing, or sale of business or assets, information collected from and about users may be transferred to one or more third parties involved in such transaction and, upon such transfer, the relevant third-party privacy policy or policies may govern further use of the information. In the event of such a change, ASH will endeavor to notify our users of the change as well as any choices our users may have regarding the change. In addition, ASH may provide reputable third-party vendors and sponsoring organizations with aggregate statistics regarding user participation, Active&Fit Direct Website traffic patterns and related Usage Information. The information so provided will not include individually identifiable information, meaning we will not share your Personal Information with these third-party vendors.

Additional Information Regarding Service Providers:

  • Analytics: Google Analytics collects information to improve the Website via a web beacon, such as how often users visit the Website, what pages they visit when they do so, and what other websites they used prior to visiting the Active&Fit Direct Website. Google Analytics places a cookie on your web browser so that it can identify you the next time you visit the Website, and the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to the Website is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. If you don’t want Google Analytics to be used in your browser, you can install the Google Analytics opt-out browser add-on which is available at https://tools.google.com/dlpage/gaoptout
  • Activity Aggregator: As part of Active&Fit Direct we allow our users to access their fitness data (steps, distance, duration, calories, etc.) through our “Connected” feature. This is a convenience feature and doesn’t impact users’ access to fitness centers. That data is collected on fitness devices (ex. Garmin or Fitbit fitness band, smart watch, fitness mobile app on a smart phone.) Connected supports over 250 fitness devices and apps. Validic is the service provider that builds and maintains connectivity to all these devices, aggregates and transmits that data to us. If you don’t want Active&Fit Direct and Validic to aggregate your fitness data simply abstain from adding your device to Connected. If you’ve already added your device you can disconnect it from Active&Fit Direct and your fitness data will stop being collected.
  • Cloud Provider: Microsoft Azure is used to host certain parts of Active&Fit Direct that do not collect your personal information.
  • Chat Provider: Our live chat feature is powered by our service provider. That feature is meant to help you get faster support to answer any customer support question you may have. We will only use your personal information in order to help your experience through the registration, enrollment to Active&Fit Direct and any other part of the experience you require assistance on. If you do not want Active&Fit Direct and to collect your personal information for that purpose you have access to email and phone-based customer support.
  • Fitness Centers: When you enroll in Active&Fit Direct, ASH will provide you with a fitness card. When you sign up at your selected fitness center, the fitness center verifies your eligibility information which includes personal information (name, date of birth, fitness ID, program name). In the event that you terminate your Active&Fit Direct membership, ASH sends your name, date of birth, fitness ID, program name, effective date, and termination date to the fitness center to facilitate termination of your account.
  • Fitness Class Streaming: ASH embeds Fitness On Demand’s video platform directly onto the Active&Fit Direct website. Fitness On Demand will receive analytic information such as videos participants have selected to watch in order for ASH to receive data about the content being accessed and in order to perform payment to Fitness On Demand by ASH. You should review Fitness On Demand’s full privacy policy for further understanding of information that is collected.
  • Healthy Living Telephonic Coaching: American Specialty Health Management . Inc. (ASH Management), an affiliate of American Specialty Health Fitness, Inc. (ASH Fitness), provides the coaching service. ASH Management does not share your individually-identifiable Healthy Living Telephonic Coaching information with ASH Fitness. The two affiliates may share your Identifiers and related Personal Information and Protected Class Information to perform services such as to maintain and service your account, provide customer service, process transactions, and verify customer information. ASH Management may also provide aggregate information to ASH Fitness about Active&Fit Direct member participation in the coaching program, but such information will not include individually identifiable information. ASH Fitness may in turn share such aggregate information with Program sponsors.

Transfer and storage of your information

Email: We use a Service Provider to store emails you send us. Our email service provider is Hubspot located in the United States. We also use Hubspot and/or Microsoft 365 to send follow-up emails to the address you provide. Transmission of information over the internet is not entirely secure, and if you submit any information to us over the internet (whether by email, via our website or any other means), you do so entirely at your own risk.

Telephone Providers: When you contact us by phone, we collect your phone number and any information provide to us during your conversation with us. We may record your phone calls for quality and training purposes.

Payment Processing: we collect your credit or debit card and address information in order to process your payment for the Active&Fit Direct service. Recurly is our PCI-compliant service provider (payment gateway) we use to collect your recurring monthly payment. CardEasy is the PCI-compliant service provider we use to collect your payment in a secure way over the phone. Paypal is the payment processor used by both CardEasy and Recurly to charge your credit or debit card. Active&Fit Direct does not collect or store any payment information.

We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.

Disabling and Deleting User Accounts and Information

Except as expressly otherwise stated in this Privacy Statement, and except where applicable law provides otherwise, personal information collected on the Active&Fit Direct Website, or through the Active&Fit Direct Program generally, cannot be deleted or removed from ASH’s database and will be retained in accordance with ASH’s record retention policy. User accounts, however, may be disabled upon written request, using the contact information at the end of this Privacy Statement.

ASH retains your data for ten years. ASH may also retain your data as long as required by any legal obligations. California Residents see below.

Opt-out of Communications received from Active&Fit Direct

If you have provided your email address, postal address, and/or telephone number to ASH Fitness, you may opt out of receiving marketing/promotional communications from ASH Fitness by contacting ASH Fitness as described at the end of this Privacy Statement. To stop receiving marketing/promotional communications via email, you can also use the “unsubscribe” link contained in a marketing/promotional email you have previously received from ASH Fitness. Please note that email unsubscribe requests may not take effect immediately.

NOTE: Your opt-out regarding our marketing/promotional communications will not stop communications from ASH Fitness of a transactional nature or as required by law. For example, we will still send you communications regarding your account or a purchase, request or inquiry you have made with ASH Fitness, notices regarding material changes to the Active&Fit Direct Website or its information practices, and other administrative notices.

Privacy of Minors

ASH is concerned about the safety of children when they use the Internet. The Active&Fit Direct product and Website are not intended for use by persons under the age of majority (e.g., under the age of 18 in California). If ASH becomes aware that a user is under the age of 18 and has provided Personal Information to ASH without prior parental consent, ASH will remove all information provided by such underage user from its database.

 

Security of Personal Information

In order to maintain confidentiality and safeguard the security of Personal Information, ASH has implemented company-wide policies regarding privacy, security, and confidentiality. Despite these measures, the confidentiality of your Personal Information cannot be guaranteed. We encourage you to take appropriate steps to protect your Personal Information, such as using a complex password when you register for the Program.

Third-Party Links and Services
For your convenience, the Active&Fit Direct Website may provide links to third-party websites and online services not owned or controlled by or affiliated with ASH (each, a “Linked Third-Party Website/Service”). Linking does not mean, and should not be deemed or construed to mean, that ASH endorses or approves or is affiliated with a Linked Third-Party Website/Service. ASH is not responsible for the information privacy and security policies or practices of a Linked Third-Party Website/Service. When you leave the Active&Fit Direct Website to visit a Linked Third-Party Website/Service, this Privacy Statement no longer applies, and any information collected from or about you or your device by a Linked Third-Party Website/Service will be governed by that site/service’s privacy policies and practices, which may be substantially different from those of ASH. A Linked Third-Party Website/Service may set or use its own cookies, web beacons, etc. to your computer or mobile device, and may collect information from and about you and use the information in ways that ASH would not. You access a Linked Third-Party Website/Service entirely at your own risk. You should always read the privacy policy associated with a Linked Third-Party Website/Service before disclosing any personal information. Linked Third-Party Websites may include websites operated by Service Providers identified below.

For more on Links, please see the Active&Fit Direct Terms and Conditions.

Note to international users.

The Active&Fit Direct Program and Website are intended for U.S. residents. If you are outside of the United States and access the Active&Fit Direct Website or submit your Personal Information to us, please be advised that U.S. law may not offer the same privacy protections as the law of your jurisdiction. By using the Active&Fit Direct Website or submitting your Personal Information to us, you consent to the transfer to and processing of your Personal Information in the United States.

CALIFORNIA RESIDENTS: YOUR CALIFORNIA PRIVACY RIGHTS
Under California Civil Code Section 1798.83 (known as the “shine the light” law) and the California Consumer Privacy Act 1798.100-199 (known as the “CCPA”), provide California residents with specific rights related to the collection, use and disclosure of their personal information by us.

Under the “shine the light” law, California residents have a right to request an information-sharing disclosure from a business to which they have provided personal information and which has disclosed the information to any third party for third-party direct marketing uses in the prior calendar year.

While our privacy practices have adopted many of the CCPA requirements across our program, this section discusses specific rights and elements applicable to persons who are California residents at the time we collected, used or disclosed your personal information.

Your rights in relation to your information:

Right to Know: You have the right to request that ASH disclose what personal information we have collected, used, disclosed, and sold in the previous twelve (12) months.

To request this information you may fill out this form - https://go.ashcompanies.com/hubfs/RighttoKnow.pdf. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “California Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Know by phone at (844) 646-2746.

ASH will verify your request by matching information provided by you in the Right to Know Form to information housed in our internal systems.

If we are unable to verify the request, we will deny the request and provide notice of such denial. ASH may also deny requests if you submit the Right to Know Form more than twice in a calendar year or if your request is not sent to the designated email, phone number, or address.

ASH will grant, deny, or respond to a request within 45 days of receipt of the Right to Know Form. If an extension of time (up to a maximum of 90 days) is required, we will notify you and provide additional information about the process.

Right to Delete: You have the right to request the deletion of your personal information collected or maintained by the ASH.

To request this information you may fill out this form - https://go.ashcompanies.com/hubfs/RighttoDelete.pdf. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “California Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Delete by phone at (844) 646-2746.

ASH will verify your request in a two-step verification process. First, ASH will match information provided by you in the Right to Delete Form to information housed in our internal systems. Second, ASH will contact you to verify your identity and confirm your request, such contact may be made by phone or email.

If we are unable to verify the request, we will deny the request and provide notice of such denial. ASH may also deny requests if you submit the Right to Delete Form more than twice in a calendar year or if your request is not sent to the designated email, phone number, or address.

ASH will grant, deny, or respond to a request within 45 days of receipt of the Right to Delete Form. If an extension of time (up to a maximum of 90 days) is required, we will notify you and provide additional information about the process.

In response to your request, ASH may deny or grant your request. If ASH grants your request, we will notify you as to which of the following methods We have used to fulfill your request. We may do one of the following: (1) permanently delete your information from our systems; (2) deidentify your information; or (3) aggregate your information in accordance with CCPA requirements.

A denial of a deletion request may occur if ASH requires the use of your personal information to complete a transaction or provide services on your behalf, to detect security incidents and prosecute those responsible, to debug and repair errors that impair existing functionality, to exercise free speech or allow you to exercise free speech or any other right, to comply with the California Electronic Communications Privacy Act, to engage in public or peer-reviewed research with informed consent if deletion would seriously impair the achievement of such research, to enable solely internal uses that are reasonably aligned with the business relationship between you and ASH, or to comply with a legal obligation.

Right to Non-Discrimination: You have the right to exercise your privacy rights to know and to delete without facing discrimination of service or product offerings. Your use of Active&Fit Direct will remain the same whether you exercise your Right to Know or Right to Delete under the CCPA.

Right to Authorize an Agent: You have the right to authorize an agent to communicate on your behalf. To authorize an agent you may fill out this form - https://go.ashcompanies.com/hubfs/AuthorizedAgent.pdf. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “California Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Authorize Agent by phone at (844) 646-2746.

ASH will verify your request by matching information provided by you in the Right to Authorize an Agent Form to information housed in our internal systems.

If we are unable to verify the request, we will deny the request and provide notice of such denial.

Right to Opt-Out: ASH does not sell or knowingly share your personal information with third parties for non-permitted uses including direct marketing. California residents may send requests for information-sharing disclosure under this law by contacting us at the following email: HIPAA@ashn.com with the subject line “California Privacy Rights” or by phone (844) 646-2746 or by mail address located in the contact section below. Please note that, under this law, we are not required to respond to your request more than twice in a calendar year, nor are we required to respond to any requests that are not sent to the designated email, phone number, or address.

Additionally, should we receive CCPA-related requests that are manifestly unfounded or excessive, in particular because of their repetitive character, we reserve the ability to either charge a reasonable fee for taking the action requested or refuse to act on the request. If we refuse your request on this basis we will notify you of the reason why.

Program Contact Information

Questions and requests may be submitted through the Contact Us feature of the Active&Fit Direct Website, or using the following contact information:

U.S. Mail

Active&Fit Direct Customer Service
P.O. Box 509117
San Diego, CA 92150-9117

By Phone
(844) 646-2746, 5:00am to 6:00pm, Monday through Friday (except for company holidays).

If you need assistance with or require this Privacy Statement in an alternative format, please contact us at (844) 646-2746.

Privacy and Security Contact Information

ASH has a designated Privacy Officer and an Information Security Officer to oversee our privacy and security programs. You may direct questions about these programs to these individuals by either calling (877) 427-4766 or emailing HIPAA@ashn.com The Active&Fit Direct Program and use of the Active&Fit Direct Website are governed by the Active&Fit Direct Terms and Conditions.