Effective Date: May 9, 2023
Athletes’ Performance, Inc., and its affiliates (“Exos”, “us”, “we”, or “our”) is a coaching company helping individuals to get ready for their moments that matter in their personal and professional lives. Exos provides a variety of wellness services that we refer to as “Exos Offerings.” This Privacy Policy (“Policy”) applies to all Exos Offerings unless we have informed you that a different policy applies.
We are committed to protecting your privacy. This Policy explains our privacy practices in connection with the Personal Information we collect from you when providing the Exos Offerings. By accessing the Exos Offerings, you acknowledge that Exos may Process your Personal Information pursuant this Policy. Please also review our related Terms of Service.
You are not required by law to provide Exos with any Personal Information, and you may revoke your consent to such Processing at any time. However, if you do not provide Exos the certain Personal Information that is necessary for the proper operation of the Exos Offerings, Exos may not be able to provide them to you.
Please note this Policy does not apply to Personal Information we collect about Exos employees or contractors, or applicants for those roles, in the context of those roles.
What Personal Information We Collect From You
How We Use Your Personal Information
Disclosure of Personal Information
Aggregate and Non-Personal Information
Cookies, Analytics, Targeting, and “Do Not Track”/Global Control
Third Party Sites and Services
Additional Information for Certain Jurisdictions
In this Policy, we use certain capitalized terms that we define as follows:
“Agent” means a person who is legally authorized to act on behalf of another person or entity.
“Applicable Law” means all laws and regulations applicable to Exos’ Processing of Personal Information in connection with the applicable Exos Offering.
“Client” means any employer, community center, or other person that has engaged Exos to provide Exos Offerings to you, if applicable.
“Commercial Real Estate Client” means a Client operating in the commercial real estate industry that has contracted with Exos to provide Exos Fitness Management Services at their owned or managed properties.
“Employer Client” means a Client, in its role as an employer, that has contracted with Exos to provide the Exos Offering to its applicable employees, dependents and other authorized individuals.
“Exos Offerings” include, but not limited to:
Note certain Exos Offerings rely on third parties such as software vendors that have their own terms and privacy policies. See “Third Party Service Providers” below under the caption “Disclosure of Personal Information.”
“Non-Personal Information” means information which does not identify a specific natural person or household and cannot reasonably be used for such identification.
“Personal Information” means information relating to an identified or identifiable natural person or household, or as defined by Applicable Law.
“Processing” means any operation or set of operations performed on Personal Information, whether or not by automated means, such as collecting, recording, organizing, structuring, storaging, adapting or altering, retrieving, using, disclosing by transmission, dissemination or otherwise making available, and aligning or combining, restricting, and erasing, or destroying.
Under the EU General Data Protection Regulation (Regulation 2016/679) (“GDPR”), or any other Applicable Law, Exos acts as a “data controller” of the Personal Information we collect from or about you as an end user of the Exos Offerings.
If an Exos Client (e.g., your employer) has facilitated your access to the Exos Offerings, please note Exos acts as a “data processor” of the Personal Information (data) that the Exos Client transmit to us in their capacity as an Exos Client, in its role as a “data controller” (the data generally includes, a list of persons eligible to access the Exos Offerings). For such data, the Client independently of Exos decides what Personal Information to provide and instructs Exos on the processing of such Information.
If a Commercial Real Estate Client is facilitating your access to the Exos Fitness Center Management Services, please note that both Exos and the Commercial Real Estate Client act as independent controllers of the Personal Information (data) that is collected from your use of the Services. In this case, all Personal Information collected shall be for the benefit of both parties and is governed by this Policy and the applicable Commercial Real Estate Client’s privacy policy.
The types of Personal Information we Process depends on the applicable Exos Offering(s) that you access, as described in the categories below. In accordance with the Applicable Law, Exos will Process Personal Information solely for the development, fulfillment, and improvement, and marketing of the applicable Exos Offerings. Depending on the applicable Exos Offering(s), we may collect the Personal Information described below directly from you or from other sources, such as your Agent, our Clients, or other third parties with whom we partner with to provide the applicable Exos Offerings. If Exos obtains your Personal Information from a third party, that third party will be responsible for obtaining your consent for processing and transferring your Personal Information to Exos.
Provide to Exos:
Information we collect from your device:
Information we collect from third parties:
We may use your information for the following purposes:
Lawful Basis: Performance of our contract with you, with your consent, and part of our legitimate interests as a commercial business.
Lawful Basis: Performance of our contract with you and with your consent.
Lawful Basis: Performance of our contract with you, with your consent, and as a legitimate interest as a commercial business.
Lawful Basis: Performance of our contract with you, with your consent, and as a legitimate interest as a commercial business.
Lawful Basis: Your consent, legitimate business interest.
Lawful Basis: Performance of our contract with you and compliance with Applicable Laws.
Lawful Basis: Such usage is a part of our legitimate interests as a commercial business and compliance with Applicable Laws.
We may disclose Your Personal Information to the following constituents:
Any Personal Information shared with our Client will also be subject to its privacy policy.
We may aggregate and/or anonymize Personal Information we collect or process such that it not longer reveals your identity (“Non-Personal Information”). We may use and share Non-Personal Information for any purpose, including, commercial, research, or statistical purposes, without further notice to you. Such usage is not governed by this Policy, as the information is not Personal Information. Examples of Non-Personal Information include Offering usage data, fitness outcomes, Client/Member survey scores and website usage data.
Please see our Cookie and Pixel Tracking Policy to understand how we use the cookies we collect to deliver, improve, protect and optimize our Exos Digital Solutions.
To manage your cookie preferences, please take the following steps:
Do Not Track is a privacy preference, which allows users to set certain web browsers to inform websites and services not to collect certain information about their usage across websites or online services. Exos uses its cookie banner technology to respond to “Do Not Track” signals.
The Exos Offerings may link to or incorporate third party websites and services. We do not own, operate, or control them, and we do not review their privacy programs. We are not responsible for their privacy practices, including the use and disclosure of your Personal Information. When you interact with those websites or services, you are subject to the applicable third party’s privacy policy and terms of use, and we encourage you to review those materias.
An example of a third party is a social media site, a content publisher e.g., of fitness information, or the manufacturer of Internet-connected fitness equipment. These third parties are distinct from the “Third Party Service Providers” referred to above that we consider to be our “subprocessors.”
We transfer to, store and process any Personal Information you provide to us via your use of the Exos Offerings in the United States. If you use the Offerings in another country, we may also store your Personal Information in that country. We take appropriate safeguards, in compliance with Applicable Law and this Privacy Policy, to protect the transfer of your Personal information, which may include your consent and the use of the UK and European Union Commission’s Standard Contractual clauses among Exos affiliates and with third parties.
If you are a resident of a jurisdiction from which transferring your Personal Information requires your consent, then your acknowledgement of this Privacy Policy constitutes your express consent for such transfer of your data. Depending on the applicable Exos Digital Solution, we may also ask for your separate consent to transfer your Personal Information during the account creation process.
We use a variety of security technologies and procedures to help protect your Personal Information from unauthorized access, use or disclosure. We use physical, technical, and administrative security measures that comply with Applicable Laws and industry standards to secure your Personal Information.
Unless you instruct us otherwise, and subject to Applicable Laws, we retain your Personal Information for as we have an ongoing legitimate business need, which may include, for example, to comply with our legal obligations, resolve disputes, and provide you the Exos Offering.
In accordance with that policy, Exos will retain your Personal Information for up to three years from the date of your last log-in of the applicable Exos Digital Solution e.g., to provide you with continuity of service following your absence of use of the Solutions for up to that time period. In addition, upon your request and subject to Applicable Law, we will delete your Account and/or Personal Information. However, if an Exos Client has facilitated your access to our Solutions and that client terminates its agreement with Exos or if an Exos Client or we determine that you are no longer an eligible to use Exos Digital Solutions, we will delete your Personal Information within 90 days after the termination of the Client’s agreement with Exos.
Please note that if you request the deletion of your account for any applicable Exos Digital Solution, this will result in the deletion of your account and all associated information, including workouts and achievements. You will also not be able to make a data access request following a data deletion request.
To the extent we act as a Data Processor on behalf of a Client, we retain Personal Information as directed by the Client. Please contact the applicable Exos Client if you have any questions regarding their data retention policies.
We recognize the importance of protecting the privacy and safety of children. To provide the Exos Offerings, we may need to collect Personal Information about children as defined under Applicable Law (e.g., under 13 years old for US individuals, under 16 years old for European Economic Area individuals, under 18 years old for Israeli individuals, and under 12 year old for Brazilian individuals). However, we do not knowingly collect, maintain, or use personal information about children without verifiable parental consent.
If you learn that a child has provided us with Personal Information in violation of this Policy, then you may alert us at privacyofficer@teamexos.com.
You have the following rights:
Please note that if you request the deletion of your Personal Information, we will either remove it from our servers or retain it only in an anonymized form. We also have the right to refuse your request for deletion of Personal Information that we are required or permitted by Applicable Law to retain e.g.,: to comply with applicable legal obligations, to complete a transaction, to protect freedom of speech or public interest, or to detect security incidents, fraudulent or other illegal activity. If an exception is relevant to your request, we will promptly notify you, including the reasons for this decision. After we delete your Personal Information, we may also retain copies in our back-up files, which will be secured against further processing and deleted if such backup copies are ever restored.
If you wish to exercise any of your rights, please contact us as described at the bottom of this Policy. If we are not able to fulfill your request, we will endeavor to explain the reasoning for this and inform you of your rights. We reserve the right to ask for reasonable evidence to verify your identity before we fulfill certain types of requests in accordance with Applicable Law.
In addition to the rights described above, you may opt-out of data collection and sharing that occurs through the use of cookies. For more information about cookies and your controls in this regard, please review your browser settings as well as our Cookie and Pixel Tracking Policy.
Please note that the rights listed within this Section are not intended as an exhaustive list of your rights. To understand rights that are applicable to your specific country of residency, please read the “Additional Information for Certain Jurisdictions” section.
We will post any changes to the Policy on this page, and the revised version will be effective when it is posted. We will notify you by updating the “Last Updated” date at the top of this Policy, or through other communication. We encourage you to review this Policy whenever you use or access the Exos Offerings or otherwise interact with us to stay informed about our information practices and the ways you can help protect your privacy.
This section includes additional information as required under the privacy laws of certain jurisdictions.
Brazilian Residents. If you are a Brazilian resident, your privacy rights are assured based on the provisions set forth under the Brazilian General Personal Data Protection Law (LGPD). Please read Exos’ Brazil Notice to understand more about your rights. If you have any questions or requests related to your privacy rights, please contact us at privacyofficer@teamexos.com.
EU & UK GDPR. Throughout this policy, we have incorporated all the rights of the European Union and United Kingdom data protection laws. To exercise any of the rights contained within this policy, please contact us at privacyofficer@teamexos.com.
Canadian Residents. You may be asked to provide your Personal Information to opt-in to receive emails about our services, products, promotions, special offers and/or company updates. You can unsubscribe at any time from these types of emails by using the “unsubscribe link” located in the email or by contacting us at privacyofficer@teamexos.com, or by mail to Exos Privacy Officer 2629 E. Rose Garden Lane, Phoenix, AZ 85050, USA, Attn: Privacy Affairs.
Costa Rican Residents. You are entitled to, at least, the rights to request access to your Personal Information (“Acceso a la informació”) and rectification of your Personal Information (“Derecho de rectificación”) as set forth by the Protección de la Persona frente al tratamiento de sus datos personales.
Penduduk Indonesia. Jika Anda merupakan penduduk Indonesia, hak privasi Anda dijamin berdasarkan ketentuan yang diatur dalam Undang-Undang Nomor 27 Tahun 2022 tentang Perlindungan Data Pribadi (UU PDL). Bacalah Pemberitahuan Exos dalam bahasa Indonesia untuk memahami lebih lanjut tentang hak-hak Anda.
Israeli Residents. You may ask to view your Personal Information by sending a written request to privacyofficer@teamexos.com. If you find that your Personal Information is incorrect and/or out of date, you may ask Exos to correct or remove it. Note that this right may not be exercised, or may not be exercised to its fullest extent, if you do not own the information, the information provided does not match the information in our databases, and/or the request is unclear and non-specific, violates the privacy of others, and/or is not made in good faith. Furthermore, you have the right to be removed from direct email marketing services. If you do not wish to receive email newsletters and/or advertising, you can use the removal button included in the newsletters/advertisements, or submit a request to privacyofficer@teamexos.com.
Türk Vatandaşları. Türkiye’de ikamet ediyorsanız, gizlilik haklarınız 6698 Sayılı Kişisel Verilerin Korunması Kanunu kapsamındaki hükümler esas alınarak güvence altına alınmaktadır. Haklarınız hakkında daha fazla bilgi edinmek için lütfen Exos’un Türkiye Bildirimini okuyun.
United States Residents. If you are a resident of California, Colorado, Connecticut, Nevada, Utah, or any other US state that may grant you specific privacy rights, this section is applicable to you. This section is intended to supplement the rights described within this policy to comply with the disclosure requirements required by the Applicable Laws.
Washington State Residents. Washington's My Health My Data law provides you with rights regarding your Consumer Health Data. Please read Exos’ Consumer Health Data Policy to understand your rights and how Exos processes your Consumer Health Data. Contact privacyofficer@teamexos.com with any questions.
The table below identifies the categories of Personal information we collect and the third parties that we may share such information. Please see the sections titled “What Personal Information We Collect From You”, “How We Use Your Personal Information,“ and “Disclosure of Personal Information,“ ” and “Retention” for more information about the Personal Information we collect, how we use it, and disclose and retain it.
We will not collect any additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Personal Information Categories |
Examples of Personal Information |
Sources of Personal Information |
Third Party Recipients |
Identifiers |
your name, address, phone number, email address, date of birth, or other similar identifiers |
Directly and indirectly from you |
· Service Providers · Affiliates and subsidiaries · Others as required by law |
Commercial Information |
records of personal property, products or services purchased, or other consuming histories or tendencies. |
Directly from you |
· Service Providers · Affiliates and subsidiaries · Others as required by law |
Internet or other electronic network activity information |
P address, cookie identifiers, mobile carrier, mobile advertising identifiers, browser type and language, geo-location information, operating system, the date and time of your visit, the amount of time you spend on each page, and other actions taken through use of the applicable Exos Offering |
Directly from you |
· Service Providers · Affiliates and subsidiaries · Others as required by law |
Geolocation Data |
physical location, IP address, city, zip code and region |
Indirectly from you |
· Service Providers · Affiliates and subsidiaries · Others as required by law |
Sensory Data |
audio, electronic, visual, thermal, or olfactory |
Directly from you |
· Service Providers · Affiliates and subsidiaries · Others as required by law |
Financial or Health Information or other Sensitive Information |
Payment information, heart rate, fitness activity, calories burned, and sleep data |
Directly from you |
· Service Providers · Affiliates and subsidiaries · Others as required by law |
Protected Characteristics |
Gender, date of birth, and marital status |
Directly from you |
· Service Providers · Affiliates and subsidiaries · Others as required by law |
Inferences drawn from other Personal Information |
predictions about your interests and preferences |
Indirectly from you |
· Service Providers · Affiliates and subsidiaries · Others as required by law |
Some states consider the transfer of Personal Information to third parties a “sale” even if no money is exchanged (Please Note: Exos does not sell Personal Information to third parties for money). If you would like to withdraw your consent for “sale” of your information to third parties for marketing purposes, please opt out by using the “Do Not Sell My Personal Information” link in the footer of our website. For more information about cookies and your controls in this regard, please review your browser settings as well as our Cookie and Pixel Tracking Policy.
Additionally, we may disclose your Personal Information to a third party for a business purpose. When we disclose Personal Information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except pursuant to the contract. For a list of third parties we share your Personal Information with, please review our subprocessor list.
Depending on your state of residency, you may have the following rights:
If you wish to exercise any of your rights, please contact us as described below. If we are not able to fulfill your request, we will endeavor to explain the reasoning for this and inform you of your rights. We reserve the right to ask for reasonable evidence to verify your identity before we fulfill certain types of requests in accordance with applicable law.
Authorized Agent Requests: If you utilize an Agent or a representative on your behalf to submit a request under this section, we must obtain verifiable proof that such Agent represents you. We recommend only using an authorized Agent only as necessary as this may require additional steps to verify your representative.
Pursuant to California “Shine the Light” Law, California residents may request once per year, free of charge, a list of third parties (if any) that we may have disclosed your Personal Information to for direct marketing purposes. To make such a request, please send an email to privacyofficer@teamexos.com.
If you have any questions or comments about this notice, the ways in which Exos collects and uses your information, your choices and rights regarding such use, or wish to exercise your rights, contact our Privacy Officer:
U.S. Toll-Free Number: +1 (877) 660-4171
U.S. Domestic Number (reachable globally): +1 623-201-1433
Email: privacyofficer@teamexos.com
We are committed to responding to all inquiries and resolving any complaints about your privacy and our collection or use of your Personal Information.
VERSION HISTORY