Privacy Shield Policy
Anytime Fitness recognizes that the EEA has established strict protections regarding the handling of Personal Data, including requirements to provide adequate protection for Personal Data transferred outside of the EEA. To provide adequate protection for certain Personal Data about Individual Members and Employees received in the US, Anytime Fitness has elected to self-certify to the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Individual Members and Employees in the European Union member countries and Switzerland.(“Privacy Shield”).
Anytime Fitness adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability.
All Anytime Fitness employees who handle Personal Data from Europe and Switzerland are required to comply with the Principles stated in this Policy.
Capitalized terms are defined in Section XII of this Policy.
This Policy applies to the processing of Individual Member and Employee Personal Data that Anytime Fitness receives in the United States concerning Individual Members or Employees who reside in the European Union and Switzerland. Anytime Fitness franchises to third parties the right to operate Anytime Fitness Centers according to the Anytime Fitness System for operating boutique fitness centers with the potential for minimal overhead and labor costs under the registered trademarks “Anytime Fitness” and “Anytime Fitness Express”. In addition, Anytime Fitness may from time to time operate company-owned Anytime Fitness Centers in the European Union and in Switzerland.
This Policy does not cover data from which individual persons cannot be identified or situations in which pseudonyms are used. (The use of pseudonyms involves the replacement of names or other identifiers with substitutes so that identification of individual persons is not possible.)
II. Responsibilities and Management
Anytime Fitness has designated the Legal Department to oversee its information security program, including its compliance with the EU and Swiss Privacy Shield program. The Legal Department reviews and approves any material changes to this program as necessary. Any questions, concerns, or comments regarding this Policy may be directed to firstname.lastname@example.org.
III. Collection and Use of Personal Data
Anytime Fitness franchised and company-owned Anytime Fitness Centers collect Personal Data from Individual Members when they sign up to join an Anytime Fitness Center as a member, register with any Anytime Fitness Website, register with any Anytime Fitness App, complete surveys, request information or otherwise communicate with us.
The Personal Data that we collect may vary based on the Individual Member’s interaction with us, our Affiliates or our franchisees. As a general matter, Anytime Fitness collects the following types of Personal Data from its Individual Members: contact information, including, a person’s name, email address or other electronic contact information, home mailing address, telephone number, date of birth, gender, as well as payment information (which might include credit card and/or bank account information). Individual Members have the option to download Anytime Fitness Apps or to visit an Anytime Fitness Website. We also will collect information that Individual Members choose to provide to us through these portals including, among other things, information concerning club visits and usage by the Individual Member.
When Individual Members communicate with us online, we will collect their IP address and browser type. We may associate IP address and browser type with a specific Individual Member. We also may collect Personal Data from persons who contact us through an Anytime Fitness Website to request additional information; in such a situation, we would collect contact information (as discussed above) and any other information that the person chooses to submit through an Anytime Fitness Website.
The information that we collect from Individual Members is used for communicating with the Individual Member including offering and selling products and services they buy from us, our Affiliates or our franchisees, managing transactions, reporting, invoicing, renewals, and other operations related to providing services and products to the Individual Member.
For certain products or services, Anytime Fitness may receive, store, and/or process Personal Data. In such cases, we are acting as a data processor and will process the personal information on behalf of and under the direction of our partners and/or agents. The information that we collect from our Individual Members in this capacity is used for managing transactions, reporting, invoicing, renewals, other operations related to providing services to the Individual Member, and as otherwise requested by our partner and/or agent.
Anytime Fitness uses Personal Data that it collects directly from its Individual Members and for its partners indirectly in its role as a service provider for the following business purposes, without limitation:
- maintaining and supporting its products, delivering and providing the requested products/services, and complying with its contractual obligations related thereto (including managing transactions, reporting, invoices, renewals, and other operations related to providing services to an Individual Member);
- communicating with the Individual Member concerning promotions relating to our product/services;
- satisfying governmental reporting, tax, and other requirements (e.g., import/export);
- storing and processing data, including Personal Data, in computer databases and servers located in the United States;
- verifying identity (e.g., for online access to accounts);
- as requested by the Individual Member;
- to provide security services to Anytime Fitness Centers;
- for other business-related purposes permitted or required under applicable local law and regulation;
- and as otherwise required by law.
With respect to Employees, Anytime Fitness may collect Personal Data as part of the employment application process and stores and uses that Personal Data for the limited purpose of fulfilling HR functions and its other obligations as an employer.
Anytime Fitness does not disclose Personal Information to third parties for purposes that are materially different than what it was originally collected for. Should this change in the future, we will provide individuals with the option to opt-out of such disclosure.
IV. Disclosures / Onward Transfers of Personal Data
Except as otherwise provided herein, Anytime Fitness discloses Personal Data only to Third Parties who reasonably need to know such data only for the scope of the initial transaction and not for other purposes. Such recipients must agree to abide by confidentiality obligations.
Anytime Fitness may provide Personal Data to Third Parties that act as agents, consultants, and contractors to perform tasks on behalf of and under our instructions. For example, Anytime Fitness may store such Personal Data in the facilities operated by Third Parties. Such Third Parties must agree to use such Personal Data only for the purposes for which they have been engaged by Anytime Fitness and they must either:
- comply with the Privacy Shield principles or another mechanism permitted by the applicable EU & Swiss data protection law(s) for transfers and processing of Personal Data;
- or agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Policy;
Anytime Fitness also may disclose Personal Data for other purposes or to other Third Parties when a Data Subject has consented to or requested such disclosure. Please be aware that Anytime Fitness may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. Under certain circumstances, Anytime Fitness may remain liable for the acts of Third Parties who perform services on our behalf for their handling of Personal Data that we transfer to them.
V. Sensitive Data
Anytime Fitness does not collect Sensitive Data from its Individual Members or Employees.
VI. Data Integrity and Security
Anytime Fitness maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield.
VII. Accessing Personal Data
Anytime Fitness personnel may access and use Personal Data only if they are authorized to do so and only for the purpose for which they are authorized.
VIII. Right to Access, Change, or Delete Personal Data
Right to Access
Individual Members or Employees have the right to access the Personal Data that we hold about them and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If Individual Members or Employees would like to request access to, correction, amendment, or deletion of Personal Data, they can submit a written request to the contact information provided below. We may request specific information from the requestor to confirm and authenticate identity. In some circumstances, we may charge a reasonable fee for access to such information.
Satisfying Requests for Access, Modifications, and Corrections
Anytime Fitness will endeavor to respond in a timely manner to all reasonable written requests to view, modify, or inactivate Personal Data.
IX. Changes to this Policy
This Policy may be amended from time to time, consistent with the Privacy Shield Principles and applicable data protection and privacy laws and principles. We will make Individual Members and Employees aware of changes to this policy either by posting to our website, through email, or other means. We will notify Individual Members or Employees if we make changes that materially affect the way we handle Personal Data previously collected, and we will allow them to choose whether their Personal Data may be used in any materially different manner.
X. Questions or Complaints
EU and Swiss Individual Members may contact Anytime Fitness with questions or complaints concerning this Policy at the following address: email@example.com.
EU or Swiss Employees may contact Anytime Fitness with question or complaints concerning this Policy by contacting the Anytime Fitness Legal Department.
XI. Enforcement and Dispute Resolution
In compliance with the EU-US and Swiss-US Privacy Shield Principles, Anytime Fitness commits to resolve complaints about your privacy and our collection or use of your personal information. EU and Swiss Individual Members with questions or concerns about the use of their Personal Data should contact us at firstname.lastname@example.org.
We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your Personal Data within 45 days of receiving your complaint.
Anytime Fitness has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield, operated by the Council of Better Business Bureaus.
If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Anytime Fitness, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. Finally, as a last resort and in limited situations, EU and Swiss individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism. For more information on binding arbitration, see US Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration).
Anytime Fitness commits to cooperate with the panels established by the EU data protection authorities (DPAs) and/or the Swiss Federal Data Protection and Information Commissioner, as applicable, and to comply with the advice given by such panel and/or Commissioner, as applicable, with regard to human resources data transferred from the EU and/or Switzerland, as applicable, in the context of the employment relationship.
EU Employees with a complaint can contact:
Swiss Employees with a complaint can contact:
If you have any questions about this Policy or would like to request access to your Personal Data, please contact us as follows:
Anytime Fitness LLC
111 Weir Drive
Woodbury, MN 55125
Attn: Legal Department
Or, by email at email@example.com.
Changes To This Policy
We reserve the right to amend this Policy from time to time consistent with the Privacy Shield’s requirements.
- Effective Date: February 1, 2018
- Last Modified: February 16, 2018
XII. Defined Terms
“Affiliate” means any direct or indirect parent or subsidiary of Anytime Fitness or company under common ownership with Anytime Fitness including Self Esteem Brands, LLC, Pro Vision Security Solutions, LLC, Anytime Health, LLC, and any other companies owned directly or indirectly by Self Esteem Brands LLC and operating under the “Anytime Fitness” brand.
“Individual Member” means an individual member of a franchised or company-owned Anytime Fitness Center from EU or Switzerland. The term also shall include any individual agent, representative, of an individual member of Anytime Fitness and all employees of Anytime Fitness or one of its affiliates where Anytime Fitness has obtained his or her Personal Data from such Individual Member as part of its business relationship with Anytime Fitness.
“Data Subject” means an identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics. For Individual Members residing in Switzerland, a Data Subject also may include a legal entity.
“Anytime Fitness Website” means any website authorized by Anytime Fitness to be operated in connection with the Anytime Fitness brand, whether operated by Anytime Fitness, an Affiliate, or a franchisee or sub-franchisee of Anytime Fitness.
“Employee” means an employee (whether temporary, permanent, part-time, or contract), former employee, independent contractor, or job applicant of Anytime Fitness or any of its affiliates or subsidiaries, who is also a resident of a country within the European Economic Area.
“Europe” or “European” refers to a country in the European Union.
“Personal Data” as defined under the European Union Directive 95/46/EC (and the successor regulation known as the General Data Protection Regulation) means data that personally identifies or may be used to personally identify a person, including an individual’s name in combination with country of birth, marital status, emergency contact, salary information, terms of employment, job qualifications (such as educational degrees earned), address, phone number, e-mail address, user ID, password, and identification numbers. Personal Data does not include data that is de-identified, anonymous, or publicly available. For Switzerland, the term “person” includes both a natural person and a legal entity, regardless of the form of the legal entity.
“Sensitive Data” means Personal Data that discloses a Data Subject’s medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation, or trade union membership.
“Third Party” means any individual or entity that is neither Anytime Fitness nor an Anytime Fitness employee, agent, contractor, or representative.