Data Protection and Privacy Policy
AthleteMonitoring Data Protection and Privacy Policy
This is the Privacy Policy of the AthleteMonitoring website (the “Site”), operated by FITSTATS Technologies Inc. (together with our affiliates and subsidiaries, “FITSTATS”, “AthleteMonitoring”, “we”, “us”, “our” and terms of similar meaning) and our related products and services. This policy explains how the information we collect about you is used and kept securely. It also explains your privacy choices when using our website as well as your right to access your information under Data Protection Legislation.
We take the protection of the data that we hold about you very seriously and we will do everything possible to ensure that data is collected, stored, processed, maintained, cleansed and retained in accordance with the highest data protection and privacy standards, including the General Data Protection Regulation (“GDPR”) on and from May 25, 2018 (“Data Protection Legislation”).
Please read this privacy policy carefully to see how FITSTATS will treat the personal information that you provide to us either when using these websites (www.athletemonitoring.com, app.athletemonitoring.com. app.athletemonitoring.eu, app.athletemonitoring.in), corresponding mobile Apps, portal (the “AthleteMonitoring” portal) or in other circumstances when we collect data from you (including via email). We will take reasonable care to keep your information secure and to prevent any unauthorized access.
By accepting this Data Protection and Privacy Policy, registering for the service, or by visiting and using the Site and related Apps, you expressly consent to our collection, use and disclosure of your personal information in accordance with this Data Protection and Privacy Policy.
What type of information we collect?
When you open an AthleteMonitoring account as an athlete, coach, administrator or health practitioner, we will collect certain information about you which will include your name, date of birth, gender, email address, telephone number, and names of the affiliated clubs that you are a member of (“User Data”). If you are an athlete, we will also collect data provided by you of entered by your coaches, administrators and health professionals about daily wellness, training sessions, illnesses, injuries, etc. (“Performance Data”). You may also choose to provide us with other information on your online user profile.
Athletes
We only collect information that you and our customers allow us to collect, that you allow through your consent, or that our customers want us to process from their athletes. Generally, this information about you is related to your sports performance, health data, wellness data and sport related activity. The information is controlled by our customers/clubs, collected by them through the use of our products, and is processed and used by us as described below. We use and process the information in this fashion as it is necessary in order to perform our end of the contracts we have with our customers/clubs. In addition, we will be obtaining your specific consent to use the information in this manner.
Customers and their internal (non-athlete) representatives and personnel
We only collect the following information: name, contact details and information related to our professional work with you. Our legal basis for the collection, use, and processing of this information is that we collect, use, and process the information types listed above to perform our legitimate business of maintaining necessary employee, contractor, and applicant information for the operations of our company.
Suppliers, consultants and contractors
We only collect the following information: name, contact details, account and payments arrangements, and information related to and reasonably required for our professional work with you. Our legal basis for the collection, use, and processing of this information is that we collect, use, and process the information listed above to perform our legitimate business of maintaining necessary employee, contractor, and applicant information for the operations of our company.
How we do collect the information?
We collect the information when you directly use our products or services. Either yourself or someone else acting on your behalf can enter information about you into the software.
Where possible we however always try to collect your personal information directly from you.
Regardless of how your personal information is collected – whether it is directly from you, from your interactions with us or from third parties – we will deal with your personal information in accordance with this policy.
Why do we collect the information?
We collect the information for three purposes:
Providing and Maintaining the Services That Relate to this Product (“Services”)
We use the information for fulfilling our contractual terms as product and service providers to your club or team and for product development and enhancement. For example, by allowing coaches, administrators and health professionals to administer performance programs, provide quality coaching, manage testing data and manage sports medicine services.
Improving and Developing the Services
We also use the information we collect to improve the Services and to develop new ones. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; conduct research and surveys; and develop new features and Services./
Communicating with You
We use your information when needed to send you notifications and respond to you when you contact us. We also use your information to promote new features that we think you would be interested in. You can control marketing communications and most Service notifications by using your notification preferences in account settings or via the “Unsubscribe” link in an email. We use your information to provide customer service or assistance to you or to our customers about their instances of our products and Services.
Our Disclosure of Your Information
We will disclose your personal information with third parties only in the ways that are described in this privacy policy. The following describes some of the ways that your information may be disclosed in the normal scope of business to provide our services.
If you are an athlete, the information you decide to share will be viewable with the owner of the AthleteMonitoring account, as well as all coaches, administrators and health professionals linked to your account. Athlete users can only access their own data.
If you are a system administrator, health professional, or account owner user, the information you decide to share will be viewable by the account owner and system administrators only.
If you are a coach or a manager user, the information you decide to share will be viewable will be viewable by the account owner, system administrators and other coaches linked to the same teams as you.
We do not share, lend or sell personally identifiable data with any third party. We may however share your personal information with the police and other law enforcement agencies for the purposes of crime prevention or detection. If we disclose your information, we ask the organization to demonstrate that the data will assist in the prevention or detection of crime, or that FITSTATS is legally obliged to disclose it. This is done on a strictly case by case basis and through a tightly controlled process to ensure we comply with Data Protection Legislation
Technologies such as: cookies, beacons, tags and scripts are used by AthleteMonitoring and our partners (e.g., advertising, marketing and analytics), affiliates, or other service providers. These technologies are used in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis. We use cookies to remember users’ settings, store login addresses, authenticate users, run website experiments, and store analytics data. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited.
Third parties with whom we may partner to provide certain features on our site or to display advertising based upon your Web browsing activity use Local Storage Objects (LSOs) such as HTML 5 to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs. We may partner with a third party to either display advertising on our Web site or to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests.
Payment Information
We do not store credit card or other payment method information on the site. We use a third-party provider (“Freshbooks”) to deliver and process invoices, and third-party providers (“Stripe” and “Freshbooks”) to process credit card payments. Please consult the Data Protection Policy of each provider for more details about their data protection measures.
Our payment processors have the sole and complete responsibility for the storage of credit card and payment information.
Forum and Blog
If you post on our forum or blog your username and other information you include is displayed in your postings or comments, and is therefore available to the public. All of your activities in the public areas of the forum will be identifiable to your User ID, and other people can see your published content. If you disclose personal information in any posting in our forum or blog and wish to have it removed, please contact us at the support contact information listed below, and posted on the Site. Our blog commenting system is also managed by a third party application that may require you to register to post a comment. You will need to contact or login into the third party application if you want the personal information that was posted to the comments section removed. To learn how the third party application uses your information, please review their privacy policy.
Legal Requests and Business Transitions; Emergencies.
We may disclose your personal information (a) to any governmental authority as part of an investigation to determine our compliance with any applicable law, rule, or regulation (including privacy laws, rules, and regulations), (b) in response to a court order, subpoena, discovery request, or other lawful judicial or administrative proceeding, (c) as otherwise required under any applicable law, rule, or regulation, and (d) in good faith, to protect or defend the rights or property of AthleteMonitoring and other users and (e) if AthleteMonitoring is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
Your Use of Other Persons’ Information
In order to facilitate the services provided by the Site, the Site allows you in certain circumstances to give other Users limited access to the personal information of other persons. For example, if you are an Account Owner, an Administrator, a Team Manager, you may use the Site to give access to a staff member to the personal information of your Athletes.
By accepting our Terms of Use, you agree that, with respect to the personal information of other persons that you collect, use and disclose on the Site, you have all necessary consents and rights to collect, use and disclose that information as described in this Privacy Policy from time to time, and you agree that the indemnity you give to us in the Terms of Use applies to any non-compliance by you with the foregoing. If you choose to use our referral service to tell a friend about our site, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting him or her to visit the site. AthleteMonitoring stores this information for the sole purpose of sending this one-time email and tracking the success of our referral program. Your friend may contact us at privacy[at]athletemonitoring.com to request that we remove this information from our database.
Protecting your information
Encryption
To ensure a maximal security of data traveling from you to our server and from the server to you, we use the latest Transport layer security (TLS) protocol, which provides bidirectional encrypted communication security between client/server. The encryption process protects your information, by scrambling it before it is sent to us from your device or computer. Once AthleteMonitoring receives your transmission, we make commercially reasonable efforts to ensure its security on our system.
All information uploaded by AthleteMonitoring users (files, pictures, etc.) on our server is encrypted at rest.
Data Storage Location
If you access the service from the app.athletemonitoring.com domain and related mobile apps, all the information collected will be transmitted to and stored on servers located in Canada. If you access the service from the app.athletemonitoring.eu domain and related mobile apps, all the information collected will be transmitted to and stored on servers located in the European Union. If you access the service from the app.athletemonitoring.in domain and related mobile apps, all the information collected will be transmitted to and stored on servers located in India.
In order to maximize data protection and privacy for non-US users, particularly in regards to the Cloud Act (2018), we do not store data in the United State nor use the services of US-based cloud service providers with non-US users.
Two-Factor Authentication
Two-factor authentication is a mechanism that requires users to provide two different means of identification when logging in. All non-athlete users (coaches, managers, medical and administrators users) can add this additional layer of security to their account by enabling Two-factor authentication in their profile. When two-factor authentication is enabled, users will be required to log in with their password and a random numeric code generated by the Google Authenticator application which is available for iPhone, Android, and BlackBerry. Two-factor authentication is set up on a per-user basis.
Other Information Collectors
Except as otherwise expressly included in this Privacy Policy, this document only addresses the use and disclosure of information we collect from you. To the extent that you disclose your information to other parties through the Site, whether they are Athletes, Customers and their internal (non-athlete) representatives and personnel, Suppliers, Consultants and Contractors or otherwise, different rules may apply to their use, collection and disclosure of the personal information you disclose to them. Since we do not control the information use, collection or disclosure policies of third parties, you are subject to their privacy policies. We encourage you to ask questions before you disclose your personal information to others.
Correcting and Updating Your Personal Information
To review, delete and update your personal information to ensure it is accurate, you may login into your account to make the changes, or you may contact us at privacy[at]athletemonitoring.com and:
- Provide us with enough information to identify you and;
- Specify the information that is incorrect and what it should be replaced with.
Data portability
You can export a copy of your personal data for you to reuse for your own purposes across different services by using the Application various export and Log & stats options. You may also exercise this right at any time by contacting us at privacy@athletemonitoring.com.
Data Retention
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Once you deactivate your account, any data that we collect from you will be deleted in accordance with timescales set out below:
User Data :
This information is deleted three years after account deactivation by a user or following a 365 days period of inactivity.
Performance Data:
This information is anonymized after the 365 period referred to above.
We may retain anonymized data for research and product and service development purposes.
Right to be forgotten
In certain circumstances you can request us to delete all information we hold which identifies you. You can make this request at any time by emailing privacy@athletemonitoring.com but please note we may be compelled to maintain your information due to specific legislative or regulatory requirements.
Additional Policy Information
Service and marketing messages
If you are currently receiving service messages or marketing communications from FITSTATS and no longer wish to do so, you may revoke your consent to receiving such emails by clicking the Unsubscribe link, found at the bottom of every email, or by contacting privacy@athletemonitoring.com.
Invitations
You have the opportunity to invite others to work with you through your AthleteMonitoring account. To do that, AthleteMonitoring asks you to import or to manually enter your contacts’ email addresses. As you direct, we then send them an invitation on your behalf or other notices reflecting changes you make to their status in your account. If you click on a link to a third-party site, you will leave the AthleteMonitoring site and go to the site you selected. If you elect to use a third-party product or service in conjunction with AthleteMonitoring, you yourself enter into a license agreement with the third party for use of their product or service and their use of your data. Because we cannot control the activities of third parties, we cannot accept responsibility for any use of your personal information by such third parties, and we cannot guarantee that they will adhere to the same privacy practices as AthleteMonitoring. We encourage you to review the privacy policies of any other service provider from whom you request services. If you visit a third party website that is linked to a AthleteMonitoring site, you should read that site’s privacy policy before providing any personal information.
Testimonials
With your prior written consent we may post your testimonial along with your name and photo. If you want your testimonial removed please contact us at privacy[at]athletemonitoring.com.
Social Media Features
Our Web site may include Social Media Features, such as the Facebook and Twitter buttons and Widgets, such as the Share this button or interactive mini-programs that run on our site. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy policy of the company providing it.
Changes to our Data Protection and Privacy Policy
We may update this privacy statement to reflect changes to our information practices we will notify you by means of a notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
This Privacy Policy was last updated on May 24, 2018
Complaints and contacts
It is our goal to make our privacy practices easy to understand. If you have any concerns or complaints in relation to how FITSTATS collects and/or processes your personal data, you should contact the FITSTATS data protection officer at the address below: privacy[at]athletemonitoring.com
FITSTATS Technologies, Inc.
75 Brydges St. Moncton, NB
Canada E1C2E9
APPLIES TO USERS OF ATHLETEMONITORING IN THE UNITED STATES OF AMERICA
In the course of performing our contractual obligations and our various corporate functions and activities, AthleteMonitoring collects some health information from athletes via the AMS. The US legislation, Health Insurance Portability and Accountability Act (1996) (“HIPPA”) introduces a number of rules that businesses must comply with in relation to the collection of protected health information. To the extent that AthleteMonitoring collects public health information (“PHI”) of athletes in the USA, it will be mindful of the following requirements of HIPPA (“US Activities”).
In relation to the collection of PHI through our US Activities we will be mindful of the principles articulated in the body of this document. We have processes in place to ensure HIPPA compliance including:
We have safeguards to protect the privacy of health information and set limits on the use and disclosure of this information.
We provide individuals with the ability to access information about their health and request corrections where appropriate.
We ensure that appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.
We have appropriate technical and non-technical safeguards to secure electronic PHI.
In the event of a breach of PHI, unless a risk assessment demonstrates that the there is a low probability that the health information has been compromised, we will notify the individual whose information is involved (as soon as possible and within 72 hours).
We have appointed a privacy officer and an incident response team.
Our employees are adequately trained about the use and disclosure of PHI and how to safeguard it appropriately.