Privacy Statement

Effective: March 1, 2023

Zappy Limited d/b/a Glofox (“Glofox,” “we,” “us,” or “our”) values your privacy and understands its responsibilities when processing your personal data. By “Personal Data,” we mean information that allows us to determine your identity, and by “process” or “processing,” we mean any type of operation or set of operations which is performed on Personal Data such as (but not exclusively) collection, storage and use. Other terms not defined below will have the same meanings as set forth in our Terms of Service.

1. SCOPE

This Privacy Statement describes how we process your Personal Data when you do any of the following:

  • access the Platform;
  • use any of our Offerings;
  • use the Glofox mobile application (“App”);
  • visit our website, available at glofox.com (“Site”);
  • visit us at our social media page;
  • attend a Glofox-sponsored event or visit our offices; or
  • engage with us through a source that links to this Privacy Statement.

This Privacy Statement will refer to all of these things collectively as “Glofox Services.”

Any time you access or use Glofox Services, you acknowledge and agree to the terms and conditions set forth in this Privacy Statement.

2. OUR DIFFERENT ROLES

Our role with respect to the processing of your Personal Data will vary depending on the type of activities we perform.

  • For delivery of Purchased Services. We are a “data processor” of Personal Data when providing Purchased Services to Subscribers. A Subscriber is considered the “data controller” of its own Subscriber Data (which, for clarity, may include data about its clients, customers or members (which we refer to as and “End User” or “End Users”). Please note that Subscribers are responsible for preparing their own privacy policies and making those policies available to their respective End Users.
  • For Glofox marketing and managing a Subscriber’s Glofox account. We serve as a data controller when conducting our own marketing for Glofox services, or when managing the details of a Subscriber’s Glofox account, as discussed below.

You” or “your,” when used in the context of this Privacy Statement, will refer to a Subscriber and, specifically, the Subscriber identified in the Order Form. To clearly define role responsibilities, this Privacy Statement may reference the privacy rights of a Subscriber’s End Users in certain instances.

This Privacy Statement is incorporated by reference into your Agreement with Glofox.

3. THE TYPES OF PERSONAL DATA WE COLLECT

The amount and type of Personal Data that we collect depends on the nature of your interaction with the Glofox Services. The choice is always yours about whether to supply us with Personal Data, the caveat being that our inability to access Personal Data may prevent you from using certain features, functionalities or components of the Glofox Services. We collect, use, store and transfer different kinds of Personal Data, which we group together as follows:

  • Identity Data includes company name, email address, phone number, corporate office address, business location address, tax identification information, and company contact information (including name, email address and phone number).
  • Account Data includes usernames, passwords, communication preferences, feedback and survey responses.
  • Technical Data includes internet protocol (IP) address, login data, browser type and version, time zone settings and location, browser plug-in types and versions, type and version of operating system, hardware version, device settings, software types, device manufacturer and model, language, and other technology on the device you use to access Glofox Services.
  • Usage Data includes information about how you use Glofox Services.
  • Marketing and Communications Data includes your chosen preferences when receiving marketing or other communications from us or our Affiliates.
  • Transaction Data includes commercial information such as bank account information and tokenized credit card or debit card information needed to complete a purchase or make a transaction. Your transaction history will also be considered part of Transaction Data.
  • End User Data includes information about your End Users, including an End User’s name, email, address, phone number, payment account information (such as tokenized credit card number and/or bank account information), communication preferences, bookings and purchase history, check-in logs, and other information pertaining to an End User’s profile and/or use of your products or services.
  • Professional Data includes career or professional information, such as educational or other employment-related data. Professional Data is usually submitted by applicants seeking a job at Glofox.

We also collect, use and share Aggregated Data such as statistical, demographic or trend data for any purpose.  Aggregated Data may be derived from your Personal Data but is not considered Personal Data since this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Statement.

We do not collect any Sensitive Personal Information about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, or information about your genetics. We also do not collect Geographic Data about you or your End User’s precise geographic whereabouts.

4. HOW WE COLLECT YOUR PERSONAL DATA

We use different methods to collect Personal Data from and about you, including through:

  • Your Direct Interaction with Glofox Services. You may give us your Identity, Account and Transaction Data by visiting our Site, filling out a form, registering for a Glofox-sponsored event, applying for a job, communicating with us by email, phone or online chat, providing us with feedback, running a transaction at your business location, or otherwise accessing the Platform or using any of our Offerings.
  • Automated Technologies or Interactions. When you interact with Glofox Services, we may automatically collect Technical and Usage Data about your equipment, browsing actions and patterns. We collect this data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites using our cookies. Please read our Cookies Policy for more information about our use of cookies and other website tracking technologies.
  • Third Parties and Publicly Available Sources. We may receive Personal Data about you from various third parties including: (a) Technical Data from analytics providers such as Google Analytics; (b) Transaction Data from suppliers and providers of Third Party Services, including Payment Services; (c) social media sites; and (d) to the extent permitted by appliable law, additional information about you such as references, demographic data, or information to help detect fraud and safety issues from third party service providers or partners. If you provide us with Personal Data of any individual other than yourself (including your End Users), you agree that you have obtained the necessary consents from such individuals to lawfully disclose their personal data.

5. HOW WE USE YOUR PERSONAL DATA

We use your Personal Data to:

5.1 Provide, improve and develop the Glofox Services. This means using Personal Data to:

  • enable you to access and use the Platform;
  • enable you to make and receive payments through the Platform;
  • enable you to communicate with us and your End Users;
  • process your requests;
  • perform analytics, debug and conduct research;
  • provide you with customer support and training;
  • provide you with reports;
  • send you messages, updates, security alerts, and other administrative or account notices;
  • analyze Aggregated Data and trends to better understand the fitness industry, publish best practices or issue helpful guidance;
  • personalize and customize your experience based on your interactions with Glofox Services.

We engage in these activities with your consent, to meet our contractual obligations to you, and because we have a legitimate business interest.

5.2 Create and maintain the safety of Glofox Services. This means using Personal Data to:

  • detect and prevent fraud, spam, abuse, security and safety incidents, and other harmful activity on the Platform;
  • conduct security investigations and risk assessments;
  • verify or authenticate information that you or your End Users provide;
  • enforce our agreements with third-parties;
  • comply with law, respond to legal requests, prevent harm, and protect our rights and property;
  • enforce the terms of our Agreement with you, including in defense of our legal rights or the legal rights of others.

We engage in these activities to meet our contractual obligations to you and because we have a legitimate business interest.

5.3 Provide, personalize, measure and improve our own marketing. This means using Personal Data to:

  • send you promotional messages, marketing, advertising, and other information based on your chosen preferences;
  • personalize, measure, and improve our marketing;
  • administer referral programs, rewards, surveys, or other promotional activities or events sponsored or managed by Glofox, or our third-party partners;
  • analyze characteristics and preferences to send you promotional messages, marketing, advertising, and other information that we think might be of interest to you;
  • invite you to Glofox-sponsored events and related opportunities.

We engage in these activities with your consent, to meet our contractual obligations to you, and because we have a legitimate business interest.

5.4 Enable Payment Services. This means using Personal Data, or enabling authorized third parties to use Personal Data, to:

  • detect and prevent money laundering, fraud, abuse and security incidents;
  • conduct security investigations and risk assessments;
  • comply with legal obligations;
  • aid in the enforcement of third-party contracts, such as the Stripe Connected Account Agreement for Payment Services.

We engage in these activities with your consent, to meet our contractual obligations to you and others, and because we have a legitimate business interest.

5.5 Manage employment-related inquiries. This means using Personal Data to:

  • review, respond and assess job applicants;
  • facilitate job postings, job fairs and other employment-related actions or events.

We engage in these activities because we have a legitimate business interest.

6. DISCLOSING AND SHARING YOUR PERSONAL DATA

We disclose and share your Personal Data with others in the following ways:

6.1 With Your Consent. We may disclose your Personal Data to another person or entity where you have consented to the disclosure.

6.2 With Corporate Affiliates. We may disclose your Personal Data to Glofox subsidiaries or affiliates so that they can help market and provide Glofox Services. Zappy Limited will be the party responsible for managing any joint use of Personal Data.

6.3 With Service Providers. We may disclose your Personal Data to authorized third party service providers, vendors and suppliers to help us run our business and for their compliance purposes, including service providers, vendors and suppliers that help us: (a) conduct background checks, fraud prevention and risk assessments; (b) perform product development, maintenance and debugging; (c) allow the provision of Glofox Services through third-party platforms and software tools (for example, through integrations with our API platform); or (d) provide customer service, marketing, or payments services. Our contracts with third party service providers, vendors and suppliers include provisions which seek to protect your  Personal Data and limit its use.

6.4 With Partners. We occasionally have relationships with third parties that are not service providers, vendors or suppliers but are working with us to enable joint products or research studies, or to facilitate services like message boards, blogs or other shared platforms. In these cases, additional terms or privacy notices may be provided. For third parties or uses not described in this Privacy Statement, we share your information only if we have s lawful basis to do so.

6.5 For Compliance and Safety. We may disclose Personal Data as necessary or appropriate under applicable laws, including laws outside your country of residence, to: (a) comply with legal process or requirements; (b) respond to requests from public or government authorities, including those outside your country of residence; (c) enforce our Terms or the Agreement; and (d) protect our operations, rights and safety, and that of you and others, as needed.

6.6 For Business Transfers. If we undertake or are involved in any merger, acquisition, reorganization, sale of assets, bankruptcy, or insolvency event, then we may sell, transfer, or share some or all of our assets, including Personal Data in connection with such transaction or in contemplation of such transaction (as part of a due diligence process). In this event, we will notify you before your Personal Data becomes subject to a different privacy policy.

Importantly, Glofox does not and will not sell your Personal Data to a third party for their own marketing purposes.

The Glofox Services may contain links to, or facilitate access to, other websites or online services. This Privacy Statement does not address, and we are not responsible for, the privacy, information or practices of other parties, including without limitation any of our Subscribers, social media platform providers, Stripe or other payment service providers, wireless service providers, or any other service provider, supplier or vendor for Third-Party Services. A link contained within the Glofox Services does not imply endorsement of the linked site or service by us. We encourage you to review the privacy policies and learn about the privacy practices of the companies whose websites you choose to visit or apps or services you choose to use.

8. YOUR RIGHTS & CHOICES

8.1 Your Rights. You have certain rights and choices related to Personal Data. Depending on where in the world you are located, these rights may be somewhat different. Please see Section 15 (Supplemental Terms and Conditions for Certain Regions) for more details.

  • If you wish to access, correct, update or request deletionof your Personal Data, that is your right and you may request to do so at any time.
  • You can object to our processing of your Personal Data, where the processing is in our legitimate interests and we will cease to use and process your Personal Data for that purpose, unless we have compelling legitimate reasons for the processing to continue, or if we need to use this Personal Data for the purpose of a legal claim.
  • You can ask us to restrict processingof your Personal Data, or request portability of your Personal Data.
  • You have the right to opt-out from our marketing communicationsat any time. You have control over how to set these preferences. If you no longer wish to receive our promotional communications, then you may opt-out of receiving them by clicking on the “unsubscribe” or “opt-out” link in the communication itself. You can also change your communication preferences by going to your Glofox account and adjusting the settings. Please note that if you opt-out from receiving promotional communications from us, you may still receive messages for administrative, transactional or other purposes directly related to your use of Glofox Services. Also, if you have previously consented to receiving push notifications via the App and no longer wish to receive them, you can turn off these push notifications at the device level.
  • Because we collect and process your Personal Data with your consent, you can withdraw your consentat any time by providing us with notice. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of Personal Data conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authorityabout our collection and use of Personal Data. For more information, please contact your local data protection authority.

Please note that the exercise of the rights above, in each case, are subject to restrictions set out in applicable data protection laws. If you would like further information on any of these rights or if you would like to exercise any of these rights, please email us at [email protected].  

If you are an End User and would like to exercise your rights or choices with respect to your Personal Data, please send your instructions directly to the Subscriber with whom you have a business relationship. If we receive a request directly from an End User, our practice is to validate the identity of the End User and redirect the request to the applicable Subscriber.

9. CHILDREN’S USE

We are committed to protecting the privacy of children who might use Glofox Services. This Children’s Use policy explains our collection, disclosure and parental consent practices with respect to information provided by children under the age of 13 (“Child” or “Children”). This policy is in accordance with the U.S. Children’s Online Privacy Protection Act (“COPPA”) and outlines our practices in the United States and other countries regarding the Personal Data of Children. For more information about COPPA and general tips about protecting Children’s online privacy, go here.

Based on a Subscriber’s use of Glofox Services, we may need to collect the Personal Data of Children, however, we do not knowingly collect the Personal Data of Children without appropriate parental consent. We may collect and process the Personal Data of Children if the Child’s parent or legal guardian registers the Child under an authorized Glofox account, enrolls the Child in an event or activity associated with a Subscriber’s business location, or otherwise permits the Child’s access and use of the Platform. If we learn that a Child has provided his or her Personal Data through the Glofox Services without parental consent, we will take immediate steps to remove and delete that information from the Platform. If you are a parent or legal guardian of a Child and have questions regarding this Children’s Use policy, please contact us at [email protected]

10. SECURITY

While no organization can guarantee absolute or perfect security, we are continuously implementing and updating administrative, technical and physical security measures to help protect Personal Data against unauthorized access, loss, destruction or alteration. If you have questions about our security practices, please email us at [email protected]

11. RETENTION

We retain Personal Data for the period necessary to provide the Glofox Services, as needed to comply with our legal obligations (i.e., maintaining opt-out lists to fulfill marketing choices or to comply mandatory record retention or legal hold requirements), as agreed in an individual consent, to resolve disputes, and to otherwise fulfill the purposes, rights and obligations outlined in this Privacy Statement. Retention periods can vary significantly based on the type of information and how it is used and our retention periods are based on criteria that include legally mandated retention periods, pending or potential litigation, our intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving. When Personal Data is removed from the Platform, it will be deleted or destroyed using appropriate security protocols so that it cannot be reconstructed or read.

12. CROSS-BORDER TRANSFERS OF PERSONAL DATA

Personal Data may be stored and processed in any country where we, our subsidiaries, partners, sub-processors and providers of Third-Party Services conduct business or host events. These locations may be outside your home country, including in the United States, where different data protection laws may apply.

When we transfer Personal Data, any transfers will be done in accordance with applicable data protection laws, including through the implementation of appropriate or suitable safeguards in accordance with such applicable data protection laws, such as standard contractual clauses. We put in place appropriate terms to protect your Personal Data in our agreements with our sub-processors and other service providers.

13. CHANGES TO THIS PRIVACY STATEMENT

We may change this Privacy Statement from time to time so that it accurately reflects our privacy practices and legal requirements. The “Effective” date at the top of this Privacy Statement states when this Privacy Statement was last revised and we update this date each time a revision is posted. Any changes to this Privacy Statement will become effective when we post the revised Privacy Statement to the Glofox Services. You should check our Site and Platform regularly to stay informed of our privacy practices.

If any change to our Privacy Statement materially affects the use of your Personal Data, we use reasonable efforts to notify you in advance, such as by sending an email or posting a prominent notice of the changes on the Site or Platform and give you a reasonable period of time to object to any changes. In some cases, objecting to changes may affect the availability or functionality of Glofox Services available to you. We will treat your continued use of Glofox Services after the effective date of any updated Privacy Statement as your acceptance of the changes we have made. However, we will seek your affirmative consent to any material changes in our use of your Personal Data as described in an updated Privacy Statement if and where this is required by applicable data protection laws.

14. HOW YOU CAN CONTACT US

We are dedicated to maintaining transparency and open lines of communication for anyone with questions or concerns regarding the processing of Personal Data. If you have any questions about this Privacy Statement or the way in which Personal Data has been used, please contact us at [email protected] or by postal mail at:

Zappy Limited
Attn: ABC Fitness Solutions (Legal Dept.)
2600 North Dallas Pkwy., Ste. 590
Frisco, TX 75034

You also have the right to lodge a complaint with the Irish Data Protection Commissioner about the processing of your Personal Data by visiting the Data Protection Commission here.

15. SUPPLEMENTAL TERMS AND CONDITIONS FOR CERTAIN REGIONS

15.1 European Economic Area (“EEA”). If you are in the EEA, the table below details how we will use the Personal Data (“Purposes”), which are further detailed at Section 5 (HOW WE USE YOUR PERSONAL DATA), and the context for which we use your Personal Data (“Legal Basis”).

Where we have your consent to do so

Legal basis

We will process your Personal Data where you have given consent for us to process your Personal Data for a use for a particular purpose. 

IMPORTANT. You have the right to withdraw consent for our future use of your Personal Data for some of all of the purposes. To withdraw consent to process your Personal Data you can contact us at any time by emailing [email protected].

Where we need the Personal Data to perform a contract with you, or take steps to enter into a contract with you

Legal Basis

We will process your Personal Data as is necessary to enter into and perform our contract of with you.

Purpose

To manage employment-related inquiries

Where we have a legal obligation to do so

Legal basis

It is necessary to process your Personal Data in order to comply with legal obligations imposed under applicable EU Member Sate or European Union law.

Purpose

We obtain, collect and process your Personal Data for:

  • compliance with applicable tax and regulatory reporting obligations; or
  • where we are required to disclose information by a court with appropriate jurisdiction.

Where the processing is in our legitimate interests

Legal basis

We may obtain, collect and process your Personal Data where we have a legitimate interest to do so as controller.

Purposes

  • To provide, improve and develop the Glofox Services
  • To create and maintain the safety of Glofox Services.
  • To provide, personalize, measure and improve our own marketing
  • To enable Payment Services

IMPORTANT. Before we process your Personal Data to pursue our legitimate interests for the above purposes, we determine if such processing is necessary, and we carefully consider the impact of our processing activities on your fundamental rights and freedoms. On balance, we have determined that such processing is necessary for our legitimate interests and that the processing which we conduct does not adversely impact on these rights and freedoms.

Where processing is necessary to establish, exercise or defend our legal rights or for the purpose of legal proceedings.

Legal basis

We may process your Personal Data in order for us to establish, investigate, exercise or defend legal claim to which you are a party.

Purposes

We obtain, collect and process your Personal Data:

  • To file legal proceedings
  • To investigate, establish, exercise or defend a legal claim
  • To settle legal claims

We will only use your Personal Data for the purposes for which we collect it (as outlined in above), unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for any other reasonable purposes in connection with our engagement with you, the Purpose and Legal Basis for any further processing will be notified in advance from time to time.  

In the EEA, Zappy Limited controls and is responsible for the management of Personal Data used for completing orders and performing Subscriber contracts as described above.

If you have any questions or concerns about Glofox’s privacy practices, you can contact us at any time by emailing [email protected]. If your request or concern is not satisfactorily resolved by us, you can approach your local data protection authority. You can find your local data protection authority in the EU here and in the UK here.

15.2 California. The California “Shine the Light” law permits California residents to annually request and obtain information free of charge about what personal information is disclosed to third parties for direct marketing purposes in the preceding calendar year.  Glofox does not sell your Personal Data or provide such information to any third party for direct marketing purposes without your consent. 

In compliance with the California Consumer Privacy Act (“CCPA”), this Privacy Statement, at Section 3, defines the types of Personal Data (“personal information” under the CCPA) that we collect and the purpose for use of such personal information. The categories of personal information collected include:

  • Identifiers such as your first name, last name, email address, IP address, unique device identifiers or other online identifier;
  • Commercial information such as your tokenized credit card, debit card, bank account number, or purchase history;
  • Internet or other electronic network activity information, including connection information such as the name of your mobile operator or ISP, browser type, language and time zone, mobile phone number and IP address;
  • Interaction with our Platform or apps such as usage data, type and version of operating system, hardware version, device settings, software types, battery and signal strength, screen resolution, device manufacturer and model, language, and Internet browser type and version;
  • Audio, electronic, or visual information such as photos;
  • Employment-related or educational information;
  • Other information that relates to or is capable of being associated with you, such as social media engagement and information about the computer or mobile device you use to access our Platform, including the hardware model, operating system and version, and mobile network information.

We collect personal information from a variety of sources (such as directly from you, through device and product operations, from third party parties and through our website and services) and use such information for business and commercial purposes and shares such information for a variety of business purposes, such as to provide services, to respond to requests and offer customer support, to fulfill legal and contractual obligations and to build its innovative products.  Please refer to our Privacy Statement at Section 6 for the categories of third parties with whom we may share personal information.