Privacy Policy | TrainingPeaks

Privacy Policy

Date of Last Revision: January 7, 2019

TrainingPeaks, LLC ("TrainingPeaks", "we," or "us") is committed to protecting your privacy and utilizing technology that gives you a powerful and safe online experience. This Privacy Policy applies to the TrainingPeaks, LLC operated websites and applications, and governs data collection and usage.

If you have questions or concerns about our privacy policy or practices, please contact us in the first instance at privacy@trainingpeaks.com.

The websites www.trainingpeaks.com, summit.trainingpeaks.com, app.trainingpeaks.com, www.bestbikesplit.com, runwithhal.com, and all related mobile applications, (hereinafter "the Site") is owned and operated by TrainingPeaks, LLC ("TrainingPeaks", "we," or "us"). The Site provides athletic training and performance programs for endurance athletes and their coaches, and other related and supporting services offered by TrainingPeaks (the "Services").

Please read carefully through all sections of this Privacy Policy. This Privacy Policy may be changed by us from time to time and the governing version will be posted on the Site. We will notify you if we make material changes to the Privacy Policy or we will provide notice to you of our changes on our website landing page. Please review this Privacy Policy on a regular basis as your use of the Site will be governed by the then-current Privacy Policy.

TrainingPeaks recognizes the importance of protecting the privacy of our customers and the users of the Site. However, some uses of such information are required for us to conduct legitimate business by providing information of interest to our customers and the users of the Site.

What this Privacy Policy Covers

Unless otherwise provided herein, this Privacy Policy covers our treatment of Personal Data that we collect through your use of the Site and when you use Services provided on the Site. This policy does not apply to the practices of companies that we do not own and/or control or to people that we do not employ or manage.

Information Collection and Use

Through your use of the Services, we may collect the following "Personal Data" from you if you choose to provide it, including:

We do not collect any more Personal Data from you than what we have determined is needed for us to provide the Services or that you have decided to share with us to personalize the Services, and to comply with applicable laws.

TRAININGPEAKS IS NOT A HEALTHCARE PROVIDER OR A BUSINESS ASSOCIATE OF ANY HEALTHCARE PROVIDER AND IS NOT SUBJECT TO THE PRIVACY RULE OF THE HEALTH INFORMATION PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA).

How Your Personal Data May Be Used

We may use Analytical Information to improve the performance or layout of our website; to develop new services and ideas; to target advertisements to you on the websites of others, and to better administer and troubleshoot our systems.

We use your Contact information for the following purposes:

We use your User Data for the following purposes: We use your Social Media Information for the following purposes:

We may also use Contact Information, Third Party Data, User Data and other Personal Data to provide you the Services on the Site; to evaluate and improve the Services; to fulfill your requests for information; and to contact you about TrainingPeaks products or services and those of our affiliates, based on the preferences you have indicated.

We provide you the opportunity to consent to receive commercial email from us related to the Services or information that we deem you may be interested in when you seek more information from us. We will give you the opportunity to "opt out" of receiving any unsolicited information from us or to limit the unsolicited information you receive from us to information regarding the Services or information you specifically request or information we determine you may find useful as a result of your use of the Site.

Information Sharing and Disclosure

Except as otherwise described in this Privacy Policy, we will not share your Personal Data with any other person or company. We will share your Personal Data to other companies or people when:

Third Party Processors

To ensure that your Personal Data receives an adequate level of protection, we have put in place appropriate procedures with the third parties we share your Personal Data with to ensure that your Personal Data is treated by those third parties in a way that is consistent with and which respects the applicable laws on data security and privacy.

How long do we keep your information?

We will store your information for as long as you have an account with TrainingPeaks. We may keep records of transactions with you for a period of up to seven (7) years to comply with the IRS requirements.

Google Analytics

We use Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses Cookies or other tracking technologies to help us analyze how users interact with the Site and Services, compile reports on their activity, and provide other services related to their activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a returning visitor, and any referring website. The technologies used by Google Analytics do not gather information that personally identifies you. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google's privacy policies. To learn more about Google's partner services and to learn how to opt-out of tracking of analytics by Google, click here.

Use of Cookies

TrainingPeaks uses "cookies," a small text file transferred to your device, along with similar technologies (e.g., internet tag technologies, web beacons and embedded scripts) to help provide you a better, more personalized user experience.

The Options/Settings section of most internet browsers will tell you how to manage the cookies and other technologies that may be transferred to your device, including how to disable such technologies. You can disable our cookies or all cookies through your browser settings. Please be advised that disabling cookies through either method may impact many of the Site's features.

Instructions for blocking or allowing cookies in common web browsers are provided at the links below:

We use the following cookies:

Cookie name Cookie Category Purpose
TPAUTH Strictly necessary Used to authenticate and track a logged-in user throughout our website and applications.
TOtosAgreed Strictly necessary Used to authenticate and track a logged-in user throughout our website and applications.
Google Analytics Analytical / Performance Used to track user activity over different browsing sessions.
AdRoll Targeting Used to track your use of the website and to send you targeted ads on the website or third-party website based upon the pages you have visited.
Google Tag Manager Analytical / Performance Used for event tracking to monitor user behavior.
Facebook Targeting Used for advertising and retargeting through Facebook.

We also allow third parties to place cookies on your device through the Services to:

The use of third-party cookies is not covered by our Privacy Notice. We do not have access or control over these cookies. If you continue to use our websites, we will assume you agree to the use of these cookies.

Interest-Based Ads

Unaffiliated third parties may use cookies and other technologies on our website to collect information about your online activities over time and across different websites you visit in order to provide you with interest-based advertising. You can generally opt-out of receiving interest-based advertisements from members of the Network Advertising Initiative or the Digital Advertising Alliance by visiting their opt-out pages: ( http://www.networkadvertising.org/choices/) and ( http://www.aboutads.info/choices/). When you opt-out using these links, please note that you may still receive advertisements. They just will not be personalized based on your interests.

Do Not Track

Some internet browsers incorporate a "Do Not Track" feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the "Do Not Track" signal, the Site does not currently interpret, respond to or alter its practices when it receives "Do Not Track" signals.

Security

We will take reasonable and appropriate measures to protect it from loss, misuse and unauthorized access, disclosure, alteration and destruction of your Personal Data, taking into due account the risks involved in the processing and the nature of the personal data. However, no electronic storage method or data transmission over the Internet can be guaranteed to be 100% secure.

Commitment to Children's Privacy

In compliance with the Children's Online Privacy Protection Act, 15 U.S.C., 6501-06 and 16 C.F.R., 312.1-312.12, the Site does not collect information from children under 16 years of age, and we do not intentionally collect information from persons under sixteen (16) years of age. Use of the Site is limited to users that are sixteen (16) years of age and older. By using the Site, you represent that you are sixteen (16) years of age or older.

Changes to this Privacy Policy

We reserve the right to change, modify or otherwise update this policy at any time. These changes or updates will be effective immediately. We may provide you notice of such changes when they are material, such notice may be given by posting on the Site, by electronic or conventional mail or by any other means by which you obtain notice of the changes or updates.

Policies of Other Websites

The Site may contain links to third-party websites not owned or controlled by TrainingPeaks. TrainingPeaks is not responsible for the privacy policies of any third-party websites which user may access through a third-party link. Further, these third-party websites may have privacy policies that differ from this Privacy Policy. TrainingPeaks disclaims all responsibility for the privacy practices of such other third-party websites. You should read the privacy policies of each third-party website you visit to determine what information each third-party website may be collecting about you and how they intend to use such information.

Notice to Utah Residents

Except as expressly identified below, we do not disclose a user's personal data to any third-party for such third-party's direct marketing purposes.

Notice to Nevada Residents

Nevada law allows Nevada residents to opt-out of the sale of certain types of personal information. Subject to a number of exceptions, Nevada law defines "sale" to mean the exchange of certain types of personal information for monetary consideration to a person for the person to license or sell the information to additional persons. We do not currently sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt-out of sales and we will record your instructions and incorporate them in the future if our policy changes. Opt-out requests may be sent to privacy@trainingpeaks.com.

Notice to Residents of the U.S. (Other than California) and Canada:

You may access Personal Data held by us about you, as well as information about how we are using your data and you can request that we rectify any inaccurate personal data held by us about you.

Notice to California Residents

The California Consumer Privacy Act (CCPA) requires that we provide California residents with a privacy policy that contains a comprehensive description of our online and offline practices regarding the collection, use, disclosure, and sale of personal information and of the rights of California residents regarding their personal information.

The CCPA defines "personal information" to mean information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include information that is publicly available, deidentified or aggregate information. For purposes of this "Notice to California Residents" section we will refer to this information as "Personal Information."

RIGHT TO KNOW ABOUT PERSONAL INFORMATION COLLECTED, DISCLOSED, OR SOLD

Your Right

If you are a California resident, you have the right to request that we disclose what Personal Information we have collected about you in the 12-month period preceding your request. This right includes the right to request any or all of the following:

  1. Specific pieces of Personal Information that we have collected about you;
  2. Categories of Personal Information we have collected about you;
  3. Categories of sources from which the Personal Information was collected;
  4. Categories of Personal Information that we sold (if applicable) or disclosed for a business purpose about you;
  5. Categories of third parties to whom the Personal Information was sold (if applicable) or disclosed for a business purpose; and
  6. The business or commercial purpose for collecting or, if applicable, selling Personal Information.

The CCPA defines "sell" to mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a California resident's Personal Information to another business or a third party for monetary or other valuable consideration.

How to Submit a Request to Know

You may submit a request to know at privacy@trainingpeaks.com.

Our Process for Verifying a Request to Know

If we determine that your request is subject to an exemption, we will notify you of our determination. If we determine that your request is not subject to an exemption, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the California resident on whose behalf you are making such request. Our verification process may differ depending on whether you maintain a password-protected account with us. If you maintain a password-protected account, we may verify your identity through existing authentication practices available through your account. Prior to disclosing the requested information, we will ask you to re-authenticate yourself with respect to that account. If you do not maintain a password-protected account, or if you are an account-holder but we suspect fraudulent or malicious activity with your account, we will verify your identity to a "reasonable degree of certainty" or a "reasonably high degree of certainty" using methods we have determined are reliable for the purpose of verifying identities depending on the sensitivity of the Personal Information and the risk of harm to you by unauthorized access. In addition, you may be required to submit a signed declaration under penalty of perjury stating that you are the individual whose Personal Information is being requested.

Collection of Personal Information

The following table presents the categories of Personal Information that we have collected, the categories of sources from which that information was collected, and the categories of third parties with whom we shared that Personal Information for the 12 months preceding the Effective Date of this Privacy Policy.

Categories of Personal Information Collected Categories of Sources from which Personal Information was Collected Business or Commercial Purpose for the Collection Categories of Third Parties with whom We Share Personal Information
Name Information provided by you when making a transaction or registering with the Site. To deliver products and services to you. To identify you as a user of the Services. Service providers
Postal address Information provided by you when making a transaction or registering with the Site. To deliver products and services to you. Service providers
Email address Information provided by you when making a transaction or registering with the Site. To communicate with you regarding a transaction and products you may be interested in. Service providers
Telephone # Information provided by you when using the Services. To communicate with you regarding the Services. Service providers
Physical Characteristics Information provided by you to access functionalities of the Services To provide you improved feedback and functionalities when using the Services. Service providers
IP Address We collect your IP address when you log into the Services To deliver products and services to you. Service providers
Customer Number, unique pseudonym, or user alias Information provided by you when using the Services. To identify you as the owner of the account and/or to process payments. Service providers
Geolocation We receive this information from your input, or by a third-party device linked to your account. To provide you improved feedback and functionalities when using the Services. Service providers
Image of face in photos You provide any images. To provide you the ability to personalize your account when using the Services Service providers
Gait patterns/rhythms We receive this information from your input, or by a third-party device linked to your account. To provide you improved feedback and functionalities when using the Services. Service providers
Sleep, health or exercise data We receive this information from your input, or by a third-party device linked to your account. To provide you improved feedback and functionalities when using the Services. Service providers
Gender You provide this information when using the Site. To provide you improved feedback and functionalities when using the Services. Service providers
Age You provide this information when using the Site. To provide you improved feedback and functionalities when using the Services. Service providers
Disability You may provide this information when using the Site. To provide you or your coach with improved feedback when using the Services. Service providers
Records of products or services purchased, obtained or considered Information we generate through your use of the Site and purchases made, and navigation of our Site. To determine our revenue and calculate taxes, to provide you a record of your transactions, and to determine products or services that may be of interest to you. Service providers
Purchasing or consuming histories or tendencies Information we generate through your use of the Site and purchases made, and navigation of our Site. To determine our revenue and calculate taxes, to provide you a record of your transactions, and to determine products or services that may be of interest to you. Service providers
Medical Conditions You may provide this information when using the Site. To provide you or your coach with improved feedback when using the Services. Service providers
Inference drawn from information above to create a user profile To provide you improved feedback and functionalities when using the Services. Service providers

RIGHT TO REQUEST DELETION OF PERSONAL INFORMATION

Your Right

If you are a California resident, you have the right to request that we delete the Personal Information about you that we have collected or maintain. However, a business is not required to comply with a request to delete if it is necessary for the business to maintain the Personal Information in order to, for example, complete a transaction, detect security incidents, comply with a legal obligation, or otherwise use the Personal Information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.

How to Submit a Request to Delete

You may submit a request to delete by sending an email to privacy@trainingpeaks.com.

If you submit a request to delete online, you will be asked to confirm separately that you want your Personal Information deleted.

Our Process for Verifying a Request

If we determine that your request is subject to an exemption, we will notify you of our determination. If we determine that your request is not subject to an exemption, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the California resident on whose behalf you are making such request. Our verification process may differ depending on whether you maintain a password-protected account with us. If you maintain a password-protected account, we may verify your identity through existing authentication practices available through your account. Prior to deleting the Personal Information, we will ask you to re-authenticate yourself with respect to that account. If you do not maintain a password-protected account, or if you are an account-holder but we suspect fraudulent or malicious activity with your account, we will verify your identity either to a "reasonable degree of certainty" or a "reasonably high degree of certainty" depending on the sensitivity of the Personal Information and the risk of harm to you by unauthorized deletion.

If we are unable to verify your identity to the applicable standard, we will treat your request to delete as a request to opt-out of the sale of the personal information that you provided as part of processing the request to delete. See the following section for a description of the right to opt-out of the sale of personal information.

NOTICE OF RIGHT TO OPT-OUT OF SALE OF PERSONAL INFORMATION

Your Right

If you are a California resident, you have the right to direct a business that sells (or may in the future sell) your Personal Information to stop selling your Personal Information and to refrain from doing so in the future.

The CCPA defines "sell" to mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a California resident's Personal Information to another business or a third party for monetary or other valuable consideration.

How to Submit a Request to Opt-Out

You may submit a request to delete by sending an email to privacy@trainingpeaks.com.

How We Process a Request to Opt-Out

We will act upon your request to opt-out within 15 days from the date that you submit the request. The CCPA does not require that we verify the identity of individuals who submit requests to opt-out of sales. However, we may deny the request if we have a good-faith, reasonable, and documented belief that the request is fraudulent. If we deny the request on this basis, we will notify the requesting party and provide an explanation why we believe the request is fraudulent.

RIGHT TO NON-DISCRIMINATION FOR THE EXERCISE OF A CALIFORNIA RESIDENT'S PRIVACY RIGHTS

We will not discriminate against California residents if they exercise any of the rights provided in the CCPA as described in this section "Notice to California Residents." As such, we will not deny goods or services to that California resident; charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; provide a different level or quality of goods or services to the California resident; or suggest that the California resident will receive a different price or rate for goods or services or a different level or quality of goods or services. However, we are permitted to charge a California resident a different price or rate, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to us by the individual's data.

AUTHORIZED AGENTS

California residents may use an authorized agent to submit a request to know, delete, or opt-out of sales on your behalf.

If you use an authorized agent to submit a request to know or request to delete, we may require that (1) the authorized agent provide proof of your written permission and (2) you verify your identity directly with us. These requirements do not apply if you have provided the authorized agent with a power of attorney pursuant to California Probate Code sections 4000 to 4465.

If you use an authorized agent to submit a request to opt-out of sales, you will need to provide that authorized agent with written permission to do so and submit written proof to us that the agent has been authorized to act on your behalf.

SHINE THE LIGHT LAW

We do not disclose personal information obtained through our Site or Services to third-parties for their direct marketing purposes. Accordingly, we have no obligations under California Civil Code 1798.83.

Accessibility

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you wish to access this Privacy Policy in an alternative format, please contact us as described below.

Notice to Residents of Europe and the United Kingdom

TrainingPeaks recognizes the importance of protecting the privacy of our customers and the users of the Site. As such, we will always ensure that we have a lawful basis for processing your Personal Data.

OUR LEGAL BASIS FOR COLLECTING, STORING AND PROCESSING YOUR PERSONAL DATA

If you have subscribed to use the Site in order to obtain the Services, we collect, store and process your Personal Data out of a contractual necessity in order to provide you the Services.

In certain cases, we may store and process your Personal Data in order to comply with TrainingPeaks' legal obligations for record keeping and other compliance with laws or regulatory compliance.

The Personal Data we hold about you is processed by us on the basis of our legitimate interests in providing the Services. Based upon the type and amount of data we collect, we have made a determination that our legitimate interest in using such Personal Data is not outweighed by any detriment to you.

Under the GDPR, you have the following rights related to TrainingPeak's use of your Personal Data.

Number Description of your right
Right 1 A right to access personal data held by us about you, as well as information about how we are using your data.
Right 2 A right to require us to rectify any inaccurate personal data held by us about you.
Right 3 A right to require us to erase personal data held by us about you, and where the personal data has been made public, for other controllers processing the personal data to also erase links to, or copy or replication of, such personal data. This right will only apply where (for example): we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to the way we process your data (in line with Right 6 below).
Right 4 A right to restrict our processing of personal data held by us about you. This right will only apply where (for example): you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but you require the data for the purposes of dealing with legal claims.
Right 5 A right to receive personal data, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to require us to transfer this personal data to another organization, at your request
Right 6 A right to object to our processing of personal data held by us about you (including for the purposes of sending marketing materials to you).
Right 7 A right to withdraw your consent, where we are relying on it to use your personal data (for example, to provide you with marketing information about our services or products). If you have consented to receive communications from us, you can contact us at any time to have your details removed from lists used by us or to update your marketing preferences. Please email privacy@trainingpeaks.com and quote your email/telephone number/account number in the body of the email, telling us what you would like us to do. You can also: click "unsubscribe" on any of our emails, and we will ensure we don't send you any communications of this nature in future.

Privacy Shield Notice

We participate in and have certified our compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Framework ("Privacy Shield"). This Privacy Shield notice and the TrainingPeaks Privacy policy ("Privacy Policy", located at https://www.trainingpeaks.com/privacy/) define the privacy principles we follow with respect to Personal Data received from entities in the European Economic Area ("EEA") and Switzerland. TrainingPeaks is committed to subjecting all personal information received from EEA member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework to the Framework's applicable Principles for as long as we retain the personal information.

For more information about Privacy Shield, see the US Department of Commerce's Privacy Shield website at https://www.privacyshield.gov. To view TrainingPeaks' certification, please visit https://www.privacyshield.gov/list.

If your personal data is collected by TrainingPeaks via our website or via our services for our own account management, billing, or marketing purposes (e.g., as a customer of TrainingPeaks), this Privacy Policy explains how you may access or submit requests to review, correct, update, or delete personal data. We may limit or deny access to personal data when providing such access presents an unreasonable financial or labor burden, or as otherwise permitted by the Privacy Shield Principles.

If you are a subject whose data is stored by TrainingPeaks on behalf of one of our customers, you should contact that customer with your request. We will then assist that customer to fulfill your request in accordance with their instructions.

We may disclose Personal Data to trusted third parties as indicated in this Privacy Policy. TrainingPeaks requires that our agents and service providers that have access to Personal Data provide the same level of protection as those listed in the Privacy Shield Principles. We ensure that our agents process Personal Data received under Privacy Shield in a manner consistent with our obligations under the Privacy Shield, and we retain responsibility unless we can prove that we are not responsible for the breach. We may need to disclose Personal Data in response to lawful requests by public authorities, for law enforcement or national security reasons, or when such action is necessary to comply with a judicial proceeding or court order, or when otherwise required by law.

The collection and use of data is essential to the value that we provide as a service, as well as improve on the services we provide.

TrainingPeaks does not disclose information to third parties outside of the reasons listed in this Privacy Policy. Should you disagree with any of the usages, transfers of your information as listed here, or any other reason, we offer you the following choices:

  1. Opting out. You can refuse cookies or opt-out of communications as described in this Privacy Policy.
  2. Requesting/Updating/Correcting/Removing Information. We describe the methods that you can employ to request, remove, or update your Personal Data in this Privacy Policy.

For the avoidance of doubt, if you wish to exercise your choice to be excluded from the onward transfer of information to third parties, or if you feel like your information will be used for purposes other than what it was intended for, please request the removal of your personal data from our servers as per this Privacy Policy.

Resolving Your Privacy Shield Complaints

In compliance with the Privacy Shield principles, TrainingPeaks commits to resolve complaints about our collection or use of your personal data. If you have an inquiry or complaint regarding this Privacy Shield Policy, please contact TrainingPeaks at privacy@trainingpeaks.com.

If the dispute involves personal data collected in the context of an employment, agent, or sub-contractor relationship, we will cooperate with competent EU data protection authorities and comply with the advice of such authorities. In the event that we or such authorities determine that we did not comply with the Privacy Shield requirements, we will take appropriate steps to address any adverse effects and to promote future compliance. Further, any of our employees who are found to have violated the Privacy Shield Policy will be subject to disciplinary process.

Within the scope of this Privacy Policy, if a privacy complaint or dispute cannot be resolved through TrainingPeaks, LLC's internal processes, TrainingPeaks, LLC has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe under the Privacy Shield Dispute Resolution Procedure, please submit the required information to VeraSafe here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/.

Under certain circumstances, you may also invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission. Please see the Privacy Shield website for more information on conditions giving rise to binding arbitration (https://www.privacyshield.gov/article?id=G-Arbitration-Procedures).

TrainingPeaks is subject to the investigatory and enforcement powers of the US Federal Trade Commission ("FTC").

Questions

If you have any questions or comments about these Terms of Use or this Site, please contact us by email at privacy@trainingpeaks.com. You also may write to us at:

TrainingPeaks
Attn: Privacy
7007 Winchester Circle
Suite 200
Boulder, CO 80301