At Energy4Life, Inc. (“Energy4Life,” “E4L,” “us,” “we,” or “our”), we take your privacy seriously and want you to understand how we use, collect, and share Personal Data, and the measures we take to protect your Personal Data.
2. HOW WE COLLECT PERSONAL DATA
We collect Personal Data about you from:
- Yourself, when you provide such information directly to us, such as when completing your profile;
- GEM device that you wear;
- Automatic data collection, such as Cookies, local storage objects, web beacons, and other similar technologies in connection with your use of the Services;
- Customers and partners, such as coaches, teams, or other organizations that engage with our Services;
- Marketing and advertising partners, such as companies that have entered in joint marketing relationships with us or assist us with marketing or promotional services, which may provide us with data related to how you interact with our Services, advertisements, or communications;
- Social media, other third-party platforms, and linked accounts, devices, or features, if you interact with our pages on social media sites, post content to their sites using the Services, sign into the Services through a third-party site or service, or otherwise link accounts, devices, or features to your Energy4Life account; and
3. PERSONAL DATA WE COLLECT
We may collect the following types of Personal Data:
- Contact details, such as your first and last name, email and mailing address, and phone number;
- Profile data, such as username and password that you may establish to create an Energy4Life account, as well as any photographs or information you choose to include in your Energy4Life profile;
- Communications that we exchange with you, including when you contact us via email, web app, or mobile app with questions, feedback, or reviews;
- Wellness Data, such as resting heart rate, heart rate variability, skin temperature, blood oxygen saturation level and acceleration; metadata on workouts and sleep; your physiological profile, including birthday, gender identity, weight, height; and details you choose to submit about your diet, medications, and female health tracking. We may use certain of this information to customize your experience with us as part of our Services;
- Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with them (e.g., the marketing emails that you open and the links within them that you click);
- Device data, such as your computer or mobile device operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP Address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state, or geographic area;
- Geolocation data, such as IP Address, and movement on certain exercise types if you give permission for Energy4Life to do so; and
- Online activity data, such as pages or screens you view, how long you spent on a page or screen, the website you visited before visiting our website, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
4. COOKIES AND SIMILAR TECHNOLOGIES
Cookie Usage and Type. Energy4Life uses the following Cookies:
- Essential Cookies: Essential Cookies are required for providing you with features or Services that you have requested. For example, certain Cookies enable you to log into secure areas of our Services. Disabling these Cookies may make certain features and Services unavailable.
- Functionality Cookies: Functional Cookies are used to record your choices and settings regarding our Services, maintain your preferences over time, and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name, and remember your preferences (e.g., your region).
- Marketing Cookies: Marketing Cookies collect data about your online activity and identify your interests so that we and our advertising partners can provide marketing that we believe is relevant to you. For more information, please see the section below titled “Interest-based advertisements.”
Online tracking opt-outs.There are a number of ways you can opt-out of certain interest-based advertising and other online tracking activities, which we have summarized below.
- Blocking Cookies in your browser. Most browsers let you remove or reject Cookies, including Cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept Cookies by default until you change your settings. For more information about Cookies, including how to see what Cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
- Blocking advertising ID use in your mobile device settings. Your mobile devices may offer settings that enable you to make choices about the collection, use, or transfer of your advertising ID associated with your mobile device for interest-based advertising purposes.
- Using privacy plug-ins or browsers. You can block our websites from setting Cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party Cookies/trackers. You can also opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.
- Visiting our OneTrust Privacy Preference Center. You can click here to customize your Cookie consent preferences.
Platform opt out. Some third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors, and research firms, allow you to opt-out directly by using their opt-out tools. Some of these providers, and links to their opt-out tools, are:
- Google (AdWords): adssettings.google.com;
- Microsoft (Bing): about.ads.microsoft.com/en-us/resources/policies/personalized-ads; and
- Facebook: www.facebook.com/about/ads.
Advertising industry opt-out tools. You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:
Please note that some opt-out features are Cookie-based, meaning that when you use these opt-out features, an “opt-out” Cookie will be placed on your computer or other device indicating that you do not want to receive interest-based advertising from certain companies. If you delete your Cookies, use a different browser, or use a different device, you will need to renew your opt-out choice.
Opting-out of interest-based advertising does not mean that you will no longer receive online ads. It only means that such ads will no longer be tailored to your specific viewing habits or interests. You may continue to see ads on and about the Service.
5. HOW WE USE PERSONAL DATA
We process Personal Data to operate, improve, understand, and personalize our Services. We use Personal Data for the following purposes:
Service delivery, including to:
- Provide, operate, improve, develop, understand, and personalize the Services and our business, including testing, research, analysis and product development;
- Satisfy the reason you provided the information to us, including responding to and fulfilling requests;
- Communicate with you about the Services, including Service announcements, updates, or offers;
- Provide support and assistance for the Services;
- Create and manage your account or other user profiles;
- Customize website content and communications based on your preferences; and
- Process orders, memberships, or other transactions.
Research and development. We may create and use Aggregated Data, De-identified Data or other anonymous data from Personal Data we collect, including Wellness Data, for our business purpose, including to analyze the effectiveness of the Services, to improve and add features to the Services, and to analyze the general behavior and characteristics of users of the Services. We also use anonymous Wellness Data for research purposes to help us and our research partners answer important questions about human performance and create an even-better experience for our members by identifying cutting-edge insights and providing new content and product features.
Marketing and advertising. We do not use personally identifiable Wellness Data for marketing or advertising purposes. We may use other Personal Data, such as data collected when you browse our website, to send you marketing messages or advertise the Services:
- Direct marketing. We may send you direct marketing messages as permitted by law.
Compliance and protection, including to:
- Protect against or deter fraudulent, illegal, or harmful actions and maintain the safety, security, and integrity of our Services;
- Audit our internal processes for compliance with legal and contractual requirements and internal policies;
- Protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims); and
- Respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
6. HOW WE SHARE PERSONAL DATA
We may share your Personal Data with:
- Service providers, such as payment processors, vendors who advertise our Services, security and fraud prevention consultants, hosting and other technology and communications providers, analytics providers, and staff augmentation and contract personnel, that provide services to us or on our behalf;
- Advertising partners that may collect information on our website through Cookies and other automated technologies, including for the interest-based advertising purposes described above. We do not share your Wellness Data with advertising partners;
- Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services they render to us;
- Authorities and others, including law enforcement, government authorities, and private parties we believe in good faith to be necessary or appropriate to comply with the law or legal process; and
- Business transferees, such as acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale, or other disposition of all or any portion of the business or assets of, or equity interests in, Energy4Life or our affiliates (including, in connection with a bankruptcy or similar proceedings).
7. HOW YOU MAY SHARE PERSONAL DATA THROUGH ENERGY4LIFE
Depending on your use of the Services, you may share Personal Data with:
- Third-party social media platforms, or linked accounts, devices, or features, when you choose to connect your account on those services with Energy4Life
- Managing entity. If your use of the Services is on behalf of or managed by a managing entity, such as a coach, team, organizing body, or other entity with which you are affiliated, your account information and Personal Data may be shared with the managing entity subject to your consent, and you consent to that managing entity allowing that information to be publicly shared, subject to any features of the Services that expressly override that control. The managing entity will determine how the relevant information and content is shared; and
- Corporate wellness programs. If you use the Services in connection with an employer or organizational corporate wellness program, we may share your information with that organization subject to your consent. Typically, we will share only Aggregated Data with these organizations.
8. YOUR CHOICES
Access, update, or delete. When you log in to your account, you may access, and, in some cases, edit or delete certain information you’ve provided to us, such as first and last name, username and password, email and mailing address, and other information in your profile. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request a full deletion of your account and corresponding data by emailing firstname.lastname@example.org. You will be asked to complete a verification form in connection with such deletion request in order to ensure that you have the authority to delete your account. We may need to retain certain Personal Data in our records, as well as Aggregated Data or De-identified Data derived from or incorporating your Personal Data that does not identify you after you update or delete it.
Push notifications and device permissions. When you use our mobile application, you may initially opt-out of push notifications that we may send you or revoke any permissions you previously granted to us at any time such as permission to access your camera or camera roll, Bluetooth, microphone, Siri, search, push notifications, background app refresh and/or cellular data access, by changing the settings on your mobile device.
Geolocation data. You may allow or disallow Energy4Life to collect geolocation data by enabling or disabling location services on your device. If you decline to grant Energy4Life access to this data, we will possibly not be able to provide certain Services, capabilities, or features to you.
Wellness Data. You can disable collection of additional Wellness Data by un-pairing your GEM Device device from your smartphone.
Marketing communications. We will give you the ability to opt-out of marketing-related emails and other communications by going to our preferences management page, or by following the opt-out or unsubscribe instructions contained in the message. You cannot opt-out of receiving certain non-marketing emails regarding the Service.
Online tracking opt-outs. There are a number of ways you can opt-out of certain interest-based advertising and other online tracking activities, which we summarize in the “Online tracking opt-outs” section above.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to online services. The Services do not currently support “Do Not Track” requests or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
9. OTHER SITES AND SERVICES
The Services may contain links to websites and other online services operated by Third Parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any Third Party. We do not control websites or online services operated by Third Parties, and we are not responsible for their actions. You can learn about and control how these Third Parties use and share Personal Data about you, including with Energy4Life, by reviewing their privacy notices and exercising the privacy choices the Third Party may offer.
10. DATA SECURITY AND RETENTION OF PERSONAL DATA
We employ a number of physical, technical, organizational, and administrative security measures designed to protect the Personal Data we collect. While we endeavor to protect the privacy of your account and other Personal Data we hold in our records, no security measures are failsafe, and we cannot guarantee the security of your Personal Data.
11. PERSONAL DATA OF CHILDREN
If you are under 13, or 16 where applicable, please do not attempt to register for the Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 13, or 16 where applicable, we will delete that information as quickly as possible. If you believe that a child under 13, or 16 where applicable, may have provided us Personal Data, please contact us at email@example.com.
13. CONTACT US
If you have any questions or concerns regarding our privacy policies, please send us a detailed message to firstname.lastname@example.org or at the mailing address below.
5801 Benjamin Center
Tampa FL 33634
14. PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
We are providing this supplemental privacy notice to consumers in California, pursuant to the California Consumer Privacy Act of 2018 (the “CCPA”).
California Privacy Rights. If you are a California resident, you have the following rights:
- Access: You can request a copy of the personal information that we maintain about you.
- Deletion: You can ask to delete the personal information that we have collected from you.
Please note that the CCPA limits these rights by, for example, prohibiting businesses from providing certain sensitive information in response to an access request and limiting the circumstances in which they must comply with a deletion request.
You are entitled to exercise the rights described above free from discrimination.
Exercising your rights. To exercise these rights, you can submit requests as follows:
- To request access to or deletion of Personal Data collected via your use of the Services, please email us at email@example.com.
- To verify your identity prior to responding to your requests, we may ask you to confirm information that we have on file about you or your interactions with us. Where we ask for additional Personal Data to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer.
- Authorized agents: California residents can empower an “authorized agent” to submit requests on the resident’s behalf. Your authorized agent may submit requests in the same manner, although we may require the agent to present signed written permission to act on your behalf, and you may also be required to independently verify your identity with us and confirm that you have provided the agent permission to submit the request.
15. PRIVACY NOTICE FOR EUROPEAN RESIDENTS
If you are a resident of the European Economic Area, the United Kingdom, or Switzerland (collectively, “Europe”), you may have additional rights under the General Data Protection Regulation (the “GDPR”) or other European data protection legislation.
Controller and European Representatives Energy4Life, Inc. will be the controller of your Personal Data processed in connection with the Services.
Legal bases for processing. The “How We Use Personal Data” section above explains how we use your Personal Data. We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others but will depend on the type of Personal Data and the specific context in which we process it. However, the legal bases we typically rely on for each category of processing activity are set out below.
- Service delivery: Processing is necessary to perform our contract, or to take steps that you request prior to engaging our Services. Where we cannot process your Personal Data as required to operate the Services on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interest in providing you with the products or Services you access and request.
- Research and development: These activities constitute our legitimate interests.
- Marketing and advertising: Processing is based on your consent where that consent is required by applicable law. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business.
- Compliance and protection: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
- Consent: To the extent that Wellness Data that we collect is considered health data or another special category of Personal Data subject to the GDPR, we ask for your explicit consent to process this data. You can use your account settings and tools to withdraw your consent at any time, including by unpairing your GEM Wearable, stopping use of a feature, removing our access to a Third-Party service, or deleting your data or your account. In addition, in some cases, such as when you direct us to share it, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, you have the right to withdraw it any time in the manner indicated at the time you give consent or as listed in our Services.
Retention. To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Data subject rights. You have certain rights with respect to your Personal Data, including:
- Access. You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by logging into your account.
- Rectification. If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your account.
- Erasure. You can request that we erase some or all of your Personal Data from our systems.
- Withdrawal of consent. If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
- Portability. You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
- Objection. You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
- Restriction of processing: You can ask us to restrict further processing of your Personal Data.
- Right to file a complaint. You have the right to lodge a complaint about our practices with respect to your Personal Data with the supervisory authority of your country or European Economic Area Member State.
For more information about these rights, or to submit a request, please email firstname.lastname@example.org. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
Processing of Personal Data in the United States. To provide the Services, we will process your Personal Data in the United States, where Energy4Life is based. If such processing involves the transfer of Personal Data to the U.S. in a manner governed by European data protection law, the transfer will be performed pursuant to the applicable requirements of the law, such as standard contractual clauses, the individual’s consent, or other circumstances permitted by European data protection law.
If you have any questions about this section or our data practices generally, please contact us at email@example.com or using the contact information above.
Aggregated Data is data that has undergone a process whereby raw data is gathered and expressed in a summary form for statistical analysis. Raw data can be aggregated over a given time period, across individuals, or both, to provide statistics such as average, minimum, maximum, sum, and count. After the data is aggregated analysis can be performed to gain insights about particular data sets. When data is aggregated across a number of individuals, the resulting aggregation is considered anonymized such that it is no longer Personal Data.
The California Consumer Privacy Act, or CCPA, is a state law that provides California consumers with robust data privacy rights. These rights include the right to know, the right to delete, and the right to opt-out of “sale” of personal information that businesses collect, as well as additional protections for minors. A “sale” under the CCPA is defined as “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or to a third party for monetary or other valuable consideration.”
Cookies are small files which are stored on a user’s computer. They are designed to hold a modest amount of data specific to a particular user and website, and can be accessed either by the web server or the user computer. This allows the server to deliver a page tailored to a particular user, or the page itself can contain some script which is aware of the data in the cookie and is therefore able to carry information from one visit to the website (or related site) to the next.
De-Identified Data is data where all the personally identifiable information has been removed, rendering the data anonymous by stripping out information that would allow an individual’s identity to be determined from the remaining data. Data is “de-identified” to protect the privacy and identity of individuals associated with the data. De-identified Data is no longer Personal Data.
The General Data Protection Regulation, or GDPR, is a data privacy and security regulation under European law that sets guidelines for the collection and processing of personal information from individuals who live in the European Economic Area, Switzerland and United Kingdom (collectively, “Europe” or “European”). The GDPR provides data protection rights to European residents and applies to any organization that offers goods or services to individuals in Europe, even if that organization is not based in Europe.
An IP Address is a unique address that identifies a device on the internet or a local network. It allows a system to be recognized by other systems connected via the internet protocol. An IP Address may be considered Personal Data and is at times used by advertisers to serve interest-based ads.
Personal Data is any data that identifies or relates to you as a particular individual, including information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules, or regulations.
Services means, collectively, our websites and mobile apps, any software embedded within the GEM Wearable, and any features, content, or applications offered, from time to time, by Energy4Life in connection therewith.
Third Parties in the context of the relationship betweenEnergy4Life, Energy4Life Members (our end users), and third parties are entities or businesses involved in an arrangement, contract, deal, or transaction but are not one of the principals (i.e., Energy4Life or Energy4Life Members). We use Third Parties to enable us to do business with our members, such as charging for transactions or storing data. Third Parties also include advertisers that serve interest-based ads to visitors to our website.
Your GEM Wearable is a wearable sensor that, when used in connection with the Services, collects certain types of Wellness Data.
Energy4Life, we, us, our
The terms “Energy4Life,” “we,” “us,” or “our” mean Energy4Life, Inc. and each of its wholly owned subsidiaries.
Wellness Data is (a) data collected by your GEM Wearable and sent to the Energy4Life platform, including your heart rate, heart rate variability, sleep duration, respiratory rate, skin temperature, blood oxygen saturation level, and data such as the type of activity you engage in and the duration of your physical activity; and (b) any additional information you chose to enter during the use of our Services, such as information about your health and wellness, including information collected from accounts, devices, or features that you link with your Energy4Life account.