TrainingPeaks Privacy Policy

Last Updated June 28, 2023

TABLE OF CONTENTS

  1. WHO WE ARE

  2. HOW TO CONTACT US

  3. OUR LEGAL REASONS FOR COLLECTING AND USING DATA

  4. WHY WE COLLECT DATA AND HOW WE COLLECT IT

  5. PROTECTING YOUR PRIVACY GENERALLY

  6. COMMITMENT TO CHILDREN’S PRIVACY

  7. SOURCES AND TYPES OF INFORMATION WE COLLECT

  8. DO NOT TRACK SIGNALS

  9. INFORMATION WE DISCLOSE TO THIRD PARTIES

  10. HOW TO ACCESS & CONTROL YOUR PERSONAL DATA

  11. SECURITY

  12. LINKS TO THIRD-PARTY SITES

  13. DATA RETENTION

  14. ACCESSIBILITY

  15. NOTICE TO NEVADA RESIDENTS

  16. NOTICE TO CALIFORNIA RESIDENTS

  17. NOTICE TO RESIDENTS OF THE EUROPEAN ECONOMIC AREA

                                                                                                        

  1. WHO WE ARE

TrainingPeaks, LLC (“TrainingPeaks”, “we,” or “us”) provides a variety of services and features directed to coaches, sport enthusiasts and athletes through our online and mobile fitness offerings (“Services”).The TrainingPeaks Services are provided through its websites (www.trainingpeaks.com, app.trainingpeaks.com, api.trainingpeaks.com), related mobile applications and all related subdomains.  All of the above-identified websites and mobile applications are collectively referred to as the “Sites” and individually as a “Site.”

Some of the data we collect is considered “personally identifiable information,” “personal information” or “personal data” under applicable law (collectively referred to in this Privacy Policy as “Personal Data”).  Generally, Personal Data is information that can be reasonably connected to an identified or identifiable individual.  It does not include de-identified or anonymized data.

The purpose of this Privacy Policy is to disclose to you how we collect, use and share Personal Data and how we attempt to safeguard the Personal Data we collect and process.  We are committed to securing the Personal data that we collect concerning you (“you”) and complying with applicable data protection and privacy laws.  We may update this Privacy Policy from time to time.  When we do, we will post an amended version of the Privacy Policy on our Sites.  Please review this Privacy Policy periodically.

  1. HOW TO CONTACT US

If you have any questions regarding data protection or your rights, please contact us:

TrainingPeaks, LLC

Attn: Privacy Team

285 Century Place, Louisville, CO 80027

United States of America

Visit us at support.trainingpeaks.com 

Email us at privacy@trainingpeaks.com 

Call us toll-free (for the U.S.A.): 1-877-8201-1552

  1. OUR LEGAL REASONS FOR COLLECTING AND USING DATA.

We rely on the following legal grounds for the collection, processing, and use of personal data:

In some circumstances, the provision of your personal data is voluntary, but in many cases it is necessary in order to access the Sites and/or receive Services your request.

  1. WHY WE COLLECT DATA AND HOW WE COLLECT IT

We collect, process and use Personal Data to allow us to provide you our products, Services and Sites to you. For example, we use the Personal Data we collect to:

We obtain Personal Data directly from you, through cookies and other technologies, through your devices, and from third parties as described in this Policy and any other privacy notices we may provide to you when you interact with us.

  1. PROTECTING YOUR PRIVACY GENERALLY.  

  1. Industry-Standard Protection. We utilize industry-standard security measures to safeguard the information we collect, maintain and use. These measures include technical and procedural steps to protect your data from misuse, unauthorized access or disclosure, loss, alteration or destruction. However, we do not and cannot guarantee the performance or adequacy of such security measures.

  1. Limitation on Access.  Access to any Personal Data we collect and store is generally restricted to our employees and/or contractors who require it to perform a job or other contracted function. We require vendors and contractors we work with to use reasonable, industry standard protocols to maintain the confidentiality, security, and integrity of Personal Data.

  1. Processing of Data By App Store Providers.  We make our mobile application available through various application stores. We assume no responsibility for the collection or processing of data by Google, Apple or any other app store provider at the time of downloading the App or creating an account with such app store providers. Please refer to the data privacy statements of these providers. There is no exchange of data between us and the app store providers.

  1. COMMITMENT TO CHILDREN’S PRIVACY.  

In compliance with applicable law and our company practices, we do not knowingly collect Personal Data from children under 16 years of age or permit children under 16 years old to register for accounts on the Sites and Services without first obtaining consent from a parent or legal guardian. The exception to this is we will collect limited Personal Data from a child under 16 years old if they attempt to create an account and identify that they are under 16 years old.  In that event, we will permit the child to create a limited, temporary account to provide contact information for a parent or legal guardian so that we can attempt to obtain consent.  If we are unable to obtain consent, we will delete the child’s account and Personal Data.  We will fully activate an account only after receiving verifiable consent from a parent or legal guardian.  We also permit parents and legal guardians of athletes under 16 years of age to contact us to request (1) what Personal Data we have about their child, (2) that we correct any incorrect Personal Data, (3) that we delete the Personal Data of their child, and/or (4) that we cease further collection or use of any Personal Data from their child.

We do not sell the Personal Data of children under 16 years old.

  1. SOURCES AND TYPES OF INFORMATION WE COLLECT.  

  1. Information You Provide Directly To Us.  We may collect the following categories of Personal Data if you provide it to us:

  1. Information We Collect Via Tracking Technology.  We use cookies and other tracking technologies (such as pixels and web beacons) (collectively, “cookies”) to collect information as you navigate the Sites.  Cookies are small files of information that are stored by your web browser software on your computer hard drive, mobile or other devices (e.g., smartphones or tablets). Information that may be collected via cookies include:

Types of cookies we use:

We use Cookies to: (a) estimate audience size and usage patterns; (b) understand and save your preferences for future visits, allowing us to customize the Sites and Services to your individual needs; (c) advertise new content, events and services that relate to your interests; (d) keep track of advertisements and search engine results; (e) compile aggregate data about Site traffic and Site interactions to resolve issues and offer better Site experiences and tools in the future; and (f) recognize when you return to the Site(s).  We set some Cookies ourselves and others are set by service providers. We use Cookies set by service providers to provide us with useful information to help us improve our Sites and Services, to conduct advertising, and to analyze the effectiveness of advertising.

You can control the use of cookies at the browser level by setting your web browser controls to accept or refuse cookies.  If you choose to block all cookies (including essential cookies) you may not be able to access all or parts of our Sites and Services.  In addition, most advertising networks offer you a way to opt out of targeted advertising.  If you would like to find out more information on this, please visit the websites: http://www.aboutads.info/choices/ or http://www.youronlinechoices.com or http://globalprivacycontrol.org.

  1. Non-Identifiable Information.  We collect and use non-personally identifiable user information (“Non-PII”) for several purposes, including (without limitation): (i) to calculate necessary royalty payments to third party content providers, which are often based on the number of times a work is opened or accessed by our users; (ii) to prepare reports and other materials that we may share with others in an anonymous format; and (iii) for analytics purposes.  In some instances, we use third-party vendors to collect, monitor and/or maintain Non-PII.  For example, we utilize Rollbar, Google SSO and Google Analytics. Rollbar is utilized for error monitoring. Information logged includes common request data. Google Analytics is utilized to analyze application, feature and content usage.

  1. Information from Coaches and Sponsors.  If you have a coach or sponsor, they may provide Personal Data about you to us to manage and support your account and/or training programs.

  1. DO NOT TRACK SIGNALS.

Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, the Site does not currently interpret, respond to or alter its practices when it receives “Do Not Track” signals.

  1. INFORMATION WE DISCLOSE TO THIRD PARTIES.

We may provide access to Personal Data to others in the following ways:

  1. With Service Providers.  We may share information with service providers who:

  1. With Our API Partners.  We make our Sites and Services compatible with hundreds of devices, mobile apps and third party software that you can choose to connect with.  Examples include (Garmin, Suunto, Polar, Wahoo, Zwift and Apple Health).  For more information on our compatibility options and API partners, visit this page on the Training Peaks Help Center.

 

  1. To Meet Our Legal Requirements or Exercise Our Rights. We may share information with third parties in the following instances:

  1. At Your Request. We will share your Personal Data when you request or otherwise consent to the disclosures.  
  1. HOW TO ACCESS & CONTROL YOUR PERSONAL DATA

We respect your privacy and provide ways for you to choose whether to share your information with us or any third parties.  

  1. You may decline to provide information. You have the right to decide not to share information with us.

  1. You may request deletion. You may submit a request to update or delete your personal data by contacting us through any of the methods provided on our Privacy Request Form, or you may email us at privacy@trainingpeaks.com.

PLEASE NOTE, HOWEVER, THAT IF YOU CHOOSE NOT TO PROVIDE US WITH CERTAIN INFORMATION OR ASK US TO DELETE YOUR INFORMATION, WE MAY NOT BE ABLE TO PROVIDE YOU WITH ACCESS TO SOME OF OUR SITES AND/OR SERVICES.  IN ADDITION, IN SOME CIRCUMSTANCES, WE MAY NOT BE ABLE TO MODIFY OR DELETE DATA DUE TO OUR OWN OBLIGATIONS.

  1. You may review and request changes to your personal data.  If you have an account with us, you may use your account to access, correct, or view certain personal data we have collected which is associated with your account.   You may also download all personal data we have collected about you via our Privacy Request Form.  You may also contact us through any of the methods provided on our TrainingPeaks Contact Us page, or you may email us at privacy@trainingpeaks.com to request information or changes.  

  1. You may opt out of marketing communications. You can always choose whether you wish to receive communications we send via email, SMS messages, telephone calls and postal mail.  To unsubscribe from our marketing emails, please adjust your marketing preferences in our in-application settings. You may also contact us through any of the methods provided on our TrainingPeaks Contact Us page, or you may email us at privacy@trainingpeaks.com to opt out of our communications.

  1. SECURITY

When you register for an account with us, you will be required to choose a password which enables you to access our Sites and Services.  You are responsible for keeping this password confidential and for all activity that takes place through your account credentials. Do not share your password with anyone.  If your password is compromised, change  your password within your account.  If you believe your account may have been compromised, please notify us immediately.

We take industry standard security measures to protect your information. We also have put into place appropriate agreements and/or procedures with our service providers to ensure that your Personal Data is treated consistent with applicable data privacy and security laws. Unfortunately, the transmission of information via the internet is not completely secure.  Although we will do our best to protect your Personal Data, we cannot and do not guarantee the security of your data.

 

  1. LINKS TO THIRD-PARTY SITES

Our Sites may contain links to other websites and companies that may be of interest to you.  If you click on any of those links, you will leave our Sites.  We are not responsible for third-party websites.  Therefore, please consult the terms of service and privacy policies of those sites when you visit them.

  1. DATA RETENTION

We will store your Personal Data for as long as: (a) you maintain an account with us; (b) you continue using our Sites and Services; (c) your Personal Data is stored in our backup servers and/or services; (d) in accordance with our retention policies and schedules; and (e) as long as we are legally required to retain the Personal Data. Data can be deleted upon request.

  1. ACCESSIBILITY

We value all of our users, and it is our goal to provide an excellent experience for all our users, including our users with disabilities. You understand and accept, however, that some of the features of the Site and Services may not be fully accessible because they are provided by third-parties or have errors. If you wish to access this Privacy Policy in an alternate format, or would like to report an issue you are experiencing on our Sites or Services, please email us at   support@peaksware.com.  You expressly agree to attempt to resolve any and all issues with accessibility directly with us and in good faith prior to instituting any legal action against us.

  1. NOTICE TO NEVADA RESIDENTS

Nevada law allows Nevada residents to opt-out of the sale of certain types of personal information. Subject to a number of exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to a person for the person to license or sell the information to additional persons. We do not currently sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt-out of sales and we will record your instructions and incorporate them in the future if our policy changes. Opt-out requests may be sent to privacy@trainingpeaks.com.         

  1. NOTICE TO CALIFORNIA RESIDENTS

This Privacy Notice to California Consumers (“CA Notice”) is for California residents and supplements the other sections of our Privacy Policy.  This CA Notice explains how we collect, use and disclose your “Personal Information” (as that term is defined by California law) and how you may exercise your rights under the California Consumer Privacy Act (“CCPA”).  This Notice is intended solely for, and is applicable only as to, California residents. If you are not a California resident, this does not apply to you.

NOTE: If you are a California resident and a current or former employee, job applicant or independent contractor of TrainingPeaks, please see our Privacy Policy for California Employees, Former Employees & Job Applicants for more information on our collection, use and storage of your Personal Information in that capacity.

NOTICE AT COLLECTION OF PERSONAL INFORMATION. To provide you with our products, Sites and Services, we collect and process information about you, including in some cases, Personal Information.  To comply with the CCPA and to assist you in understanding our data collection and protection practices during the past 12 months:

  1. Categories of Consumer Personal Information.  We collect and, in the 12 months prior to the Date of Last Revision of this Privacy Policy, have collected the following categories of consumer Personal Information.  Please note that not all categories are collected from all users of the Sites and Services.

  1. Sources of Personal Information.  We collect the above categories of consumer Personal Information from you, from your devices, from coaches and sponsors, and from our service providers as described in Section 7 above.

  1. Purpose for Collection.  In addition to the business purposes for which we collect consumer Personal Data described in Sections 3 and 4 above, we collect consumer Personal Information for the following business or commercial purposes:

  1. Sale, Sharing and Disclosure of Personal Information.  We do not “sell” Personal Information, as that term is commonly interpreted.  However, we do engage in targeted advertising activities that may constitute a sale or a share of Personal Information under California law.  The following table identifies the categories of Personal Information that we have shared for cross-contextual behavioral advertising in the 12 months preceding the Date of Last Revision of this Privacy Policy and, for each category, the categories of third parties to whom we sold or shared Personal Information:

Category of Personal Information

Categories of Third Parties

Unique personal identifiers (such as browser information, IP address, date and time of visit, device identifiers, unique user IDs, cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology)

Advertising networks/service providers.

The following table identifies the categories of Personal Information that we disclosed for a business purpose in the 12 months preceding the Last Updated date of this Privacy Policy and, for each category, the categories of recipients to whom we disclosed Personal Information.  Please note that not all categories of personal information were necessarily shared with all categories of recipients listed.                

   

Category of Personal Information

Categories of Recipients

Identifiers (name, alias, account name, email address, Internet Protocol address, online identifiers, other similar identifiers)

Coaches; other app providers; data hosting and cloud storage providers; mailing providers; accounting and billing service providers; client relationship management service providers; payment processing vendors.

Unique personal identifiers (cookies, beacons, pixel tags, mobile ad identifiers, or other similar technology)

Data hosting and cloud storage providers; advertising service providers; cookie and privacy management provider; client relationship management service providers.

Physical characteristics or description

Coaches; other app providers; data hosting and cloud storage providers; client relationship management service providers.

Telephone number

Coaches; client relationship management service providers; data hosting and cloud storage providers.

Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account

Client relationship management service providers; security, anti-fraud, and verification providers; data hosting and cloud service providers; payment processing vendors.

Internet or other electronic network activity information (browsing history; search history; and information regarding an individual’s interaction with a website, application or advertisement)

Data hosting and cloud storage providers; cookie and privacy management provider; error logging provider; website hosting providers; advertising service providers.

Commercial information (records of products or services purchased, obtained, or considered, or other commercial information)

Coaches; data hosting and cloud storage providers; mailing providers; accounting and billing service providers; advertising service providers; client relationship management service providers; payment processing vendors.

Geolocation data

Coaches; other app providers (if you share it); data hosting and cloud storage providers; client relationship management service providers.

Biometric data

Coaches; other app providers (if you share it); data hosting and cloud storage providers; client relationship management service providers.

Fitness data

Coaches; other app providers (if you share it); data hosting and cloud storage providers; client relationship management service providers.

Audio, electronic, visual, or similar information that is linked or reasonably linkable to an individual (photos)

Coaches; other app providers (if you share it); data hosting and cloud storage providers; client relationship management service providers.

Video

Coaches; other app providers (if you share it); data hosting and cloud storage providers; client relationship management service providers.

  1. Children’s Personal Information. We do not knowingly collect Personal Information of consumers under 16 years of age and we do not knowingly sell the Personal Information of consumers under 16 years of age.

  1. Sensitive Personal Information. We do not use Sensitive Personal Information (as it is defined in the CCPA) for the purpose of inferring characteristics about individuals.

  1. Retention of Personal Information. We retain Personal Information for as long as necessary to fulfill the purposes for which we collect it, such as to provide you with the service you have requested, and for the purpose of satisfying any legal, accounting, contractual, or reporting requirements that apply to us.

  1. Your Rights.  Under the CCPA, you have the following rights:

RIGHT TO KNOW

You have the right to request that we disclose to you the Personal Information we collected about you in the 12-month period preceding your request.  This right includes the right to request: (1) specific pieces of Personal Information we have collected about you; (2) categories of Personal Information we have collected about you; (3) categories of sources from which the Personal Information was collected; (4) categories of Personal Information that we sold or disclosed for a business purpose about you (if applicable); (5) categories of third parties to whom your Personal Information was sold or disclosed for a business purpose (if applicable); and (6) the business or commercial purpose for collecting or, if applicable, selling your Personal Information.

RIGHT TO DELETE

You have the right to request that we delete your Personal Information that we have collected from you, with some exceptions.  Note that if you request that we delete your information, we may be unable to provide you with certain offers or services.

RIGHT TO CORRECT

You have the right to correct inaccurate Personal Information we maintain about you.

RIGHT TO OPT OUT OF SALE OR SHARING

You have the right to say no to the sale of Personal Information or the sharing of your Personal Information for cross-context behavioral advertising purposes.  We do not sell Personal Information, but we do engage in advertising practices that could be considered cross context behavioral advertising.

RIGHT TO LIMIT PROCESSING OF SENSITIVE PERSONAL INFORMATION

If we use or disclose Sensitive Personal Information for purposes other than those allowed by the CCPA and its regulations, the right to limit our use and disclosure.  We do not collect, use or disclose Sensitive Personal Information for any purposes other than to provide our Sites and Services to you.  

RIGHT TO NON-DISCRIMINATION

You have the right to non-discrimination for exercising your CCPA rights.  This means we cannot deny you goods or services, charge you different prices, or provide a different level of quality of goods or services just because you

exercise your rights under the CCPA. We do not will not discriminate against you for exercising your CCPA rights.

  1. How to Exercise Your Rights. 

Right to Submit a Request to Know, Delete and/or Correct:  You may submit a request to know, delete and/or correct by visiting our Privacy Request Form, emailing us at privacy@trainingpeaks.com or calling us at 1-877-201-1552.  If you are submitting a request on behalf of a California resident, please submit the request through one of the designated methods discussed above. After submitting the request, we will require additional information to verify your authority to act on behalf of the California resident.

Right to Opt Out of the Sale of Sharing of Data for Cross Context Behavioral Advertising.  You have the right to opt-out of the sales of your Personal Information and the sharing of your Personal Information for cross context behavioral marketing.  You may exercise your right to opt out by following the instructions on our Privacy Request Form.  

Our Process for Verifying a Request to Know, Delete, and/or Correct.  We will comply with your request upon verification of your identity and, to the extent applicable, the identity of the California resident on whose behalf you are making such request.  We will verify your identity either to a “reasonable degree of certainty” or a “reasonably high degree of certainty” depending on the sensitivity of the Personal Information and the risk of harm to you by unauthorized disclosure, deletion, or correction as applicable.  For requests to access categories of Personal Information and for requests to delete or correct Personal Information that is not sensitive and does not pose a risk of harm by unauthorized deletion or correction, we will verify your identity to a “reasonable degree of certainty” by verifying at least two data points that you previously provided to us and which we have determined to be reliable for the purpose of verifying identities.  For requests to access specific pieces of Personal Information or for requests to delete or correct Personal Information that is sensitive and poses a risk of harm by unauthorized deletion or correction, we will verify your identity to a “reasonably high degree of certainty” by verifying at least three pieces of Personal Information you previously provided to us and which we have determined to be reliable for the purpose of verifying identities. In addition, you must submit a signed declaration under penalty of perjury stating that you are the individual whose Personal Information is being requested.

  1. Shine the Light Law.  California Civil Code § 1798.83 permits you to request information regarding the disclosure of your personal information by us to third parties for the third parties’ direct marketing purposes (as those terms are defined in that statute). We do not sell or disclose information to third parties for their direct marketing purposes.  

  1. NOTICE TO RESIDENTS OF THE EUROPEAN ECONOMIC AREA.  

The General Data Protection Regulation (“GDPR”) applies to individuals located in the European Economic Area (“EEA”).  The GDPR allows us to collect and use personal information from individuals within the EEA only for one or more of the following reasons:

  1. To fulfill a contract we have with you;
  2. When we have a legal duty;
  3. When it is in our legitimate interest; or
  4. When you provide consent.

We do not operate in the EEA or specifically direct our business to consumers in the EEA.  However, we recognize some of our website users, customers and prospective customers could be located within the EEA.  If you reside in the EEA, you have a number of rights under data protection laws in relation to the way we process your Personal Data, which are set forth below.  You may contact us directly to exercise any of these rights, and we will verify your request and, if appropriate, respond to any request received from you within one month from the date of the request. In exceptional circumstances we may need to extend this timescale, but we will always tell you in advance if we do, and our reasons why.

Right 1

A right to access personal data held by us about you, as well as information about how we are using your data.

Right 2

A right to require us to rectify any inaccurate personal data held by us about you.

Right 3

A right to require us to erase personal data held by us about you, and where the personal data has been made public, for other controllers processing the personal data to also erase links to, or copy or replication of, such personal data.  This right will only apply where (for example): we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to the way we process your data (in line with Right 6 below).

Right 4

A right to restrict our processing of personal data held by us about you.  This right will only apply where (for example): you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but you require the data for the purposes of dealing with legal claims.  

Right 5

A right to receive personal data, which you have provided to us, in a structured, commonly used and machine-readable format.  You also have the right to require us to transfer this personal data to another organization, at your request.

Right 6

A right to object to our processing of personal data held by us about you (including for the purposes of sending marketing materials to you).

Right 7

A right to withdraw your consent, where we are relying on it to use your personal data (for example, to provide you with marketing information about our services or products).

If you have any concerns regarding our processing of your personal data, or are not satisfied with our handling of any request by you in relation to your rights, please get in touch with our team through the contact information provided in Section 2 of this Privacy Policy.  You may also reach out to your applicable Data Protection Authority (“DPA”) for more information.  There is a DPA located in each EU Member State.