Concept2, Inc. Privacy Policy | Concept2

Concept2, Inc. Privacy Policy

Effective date: 19 February 2024

This Privacy Policy covers the information Concept2, Inc., collects about you when you use our products or services, or otherwise interact with us (for example, by attending our events), unless a different policy is displayed. “Concept2,” “we,” “our” and “us” refer to Concept2, Inc., any of our subsidiaries and corporate affiliates.

We offer a variety of products and services including online sales, mobile device apps, desktop computer software, and a web app. We refer to all of these products, together with our other services and websites as “Services” in this policy.

This policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you. If you do not agree with this policy, do not access or use our Services or interact with any other aspect of our business.

1.1 Cross-Border Information Transfers

You acknowledge (a) that you are accessing a Site that is based in the United States, (b) that you are providing personal information to a company in the United States, and (c) that Concept2 must adhere to laws of the United States. You agree that personal information collected on our Site may be stored and processed in the United States or any other country in which Concept2, its affiliates, partners, service providers, or agents maintain facilities, and while in such jurisdictions may be subject to access pursuant to the laws of those jurisdictions.

Each of these countries has different privacy laws that afford varying levels of protection for your personal information, and such laws may be less stringent or may not be as comprehensive as those laws that exist in your country. However, in all instances Concept2 will ensure that such information is subject to the standards articulated in this Privacy Policy, including compliance with the EU-U.S. Data Privacy Framework (and the UK Extension to the EU-U.S. Data Privacy Framework) Principles and the Swiss-U.S. Data Privacy Framework Principles described in “1.9 Data Privacy Framework Notice” below.

1.2 What Information We Collect About You

We may collect information about you when you provide it to us, when you use our Services, and when other sources provide it to us, as further described below. We sometimes refer to this information as “personal information” in this Privacy Policy.

1.2.1 Information You Provide to Us

We may collect the following information about you when you input it into the Services or otherwise provide it directly to us, and may process or otherwise make inferences from this information:

  • Personal identifiers, such as a real name, alias, postal address, unique personal identifier, IP address, email address, or account name;
  • Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with an internet web site, application, or advertisement;
  • Geolocation data;
  • Audio/video data;
  • Professional or employment-related information; and
  • Biometric information, such as heart rate data.

We also collect the following specific information that you provide to us by using our Services:

Account and profile information: We collect information about you when you register for an account, create a profile, set preferences, sign up for or make purchases through the Services. This may include personal information about you such as your name, address, phone number, email address, payment and billing information, as well as certain related information like your company name and website name, when you register for an account to access or utilize one or more of our Services.

Content you provide to us through our Services: The Services include the Concept2 Logbook, the Concept2 Utility, the ErgData app and any other software services developed by Concept2. Content we collect and store includes data related to your height, weight, heart rate, specific physical activities, and similar types of information relating to physiological condition and activity. We collect this data in order to provide the Services and to tailor features, products, event information and Services to your interests and goals.

Content includes the activity you track with and upload through and to our Services. If you use a third-party application or device to upload the content to our Services, your interactions with those third party applications and devices are not covered by our Privacy Policy.

Content you provide through our websites: The Services include our websites owned or operated by us. We collect other content that you submit to these websites, which include social media or social networking websites operated by us. For example, you provide content to us when you provide feedback or when you participate in any interactive features, reviews, surveys, contests, promotions, sweepstakes, activities or events.

Information you provide to us through our support channels: The Services also include our customer support, where you may choose to submit information related to a problem, question or suggestion related to our Products or Services. Whether you contact us over email, through a web form, over social media, using live chat, by calling or speaking to one of our representatives directly, you will be asked to provide contact information, a description of your reason for contact us, along with documents, screenshots or other information that will help us take care of your issue.

Information you provide when you sign up for marketing or promotional materials: We collect information from you when you sign up to receive marketing information about or related to our Products and Services. Information we collect may include your email address, name, location, and communication preferences.

Payment and billing information: We collect certain billing and payment information when you make a purchase on our online shops or when you contact us directly. Concept2 does not retain or store credit card information. A third-party intermediary is used to manage credit card processing. This intermediary is not permitted to store, retain, or use your billing information for any purpose except for credit card processing on our behalf.

1.2.2 Information We Collect Automatically When You Use the Services

We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services.

Your use of the Services: We keep track of certain aggregate information about you and your use when you interact with or visit any of the Services. While this data may be derived from your personal data, it is not considered personal data in law because it does not directly or indirectly reveal your identity. This information includes the features you use, the links you click on, search terms and files you view.

Device and connection information: We collect information about your computer, phone, tablet or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. How much of this information we collect depends on the type and settings of the device you use to access the Services.

Cookies and other tracking technologies: Concept2 and our third-party partners, such as our advertising and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognize you across different Services and devices. For more information, please see our Cookies Policy, which includes information on how to control or opt out of these cookies and tracking technologies.

1.2.3 Third Party Embeds

Some of the content that you see displayed on Concept2 is not hosted by Concept2; it is embedded, or hosted by a third party and displayed on a Concept2 page. For example, YouTube videos, Facebook posts or Twitter tweets. These files may send data to the hosted site just as if you were visiting that site directly (for example, when you load a Concept2 page with a YouTube video embedded in it, that video appears because of a pointer to files hosted by YouTube, and in turn YouTube receives data about your activity, such as your IP address and how much of the video you watch). Concept2 does not provide or transfer any data we collect about you to the third party during such interactions.

Concept2 does not control what data third parties collect in cases like this, or what they ultimately do with it. Your interaction with an embed is covered by the Privacy Policy of the third party.

1.3 How We Use the Information We Collect

To provide the Services: We use the information about you to provide the Services to you. This includes: processing transactions, authenticating your account when you log in, providing customer support and operating and maintaining the Services.

To communicate with you about the Services: We use your contact information to send transactional communications to you via email and within the Services. For example, we will send a purchase confirmation, notify you of software updates, send you technical updates or contact you about your account.

To market or promote the Services: You will receive marketing communications from us if you have opted in to receive such communications. You may opt in to such communications as part of account creation, registration, participation in a sweepstakes or promotion, during a phone call or while visiting our websites. You can control whether you receive these communications as described below under "Opt out of marketing communications."

For customer support purposes: We use your information to resolve technical issues you encounter, to respond to your requests for assistance, and to repair and improve the Services.

For safety and security: We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies.

For legitimate business interests and legal rights: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, or when we need to comply with a legal or regulatory obligation, we may use information about you.

In other circumstances with your consent: We may use information about you when you have given us consent to do so for a specific purpose not listed in this privacy policy. Examples include published testimonies that you give us, or featured blog content for the purposes of promoting our Products and Services, with your permission.

Legal bases for processing (for EEA users): If you are an individual in the European Economic Area (“EEA”), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:

  • We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
  • It satisfies a legitimate interest (which is not overridden by your data protection interests) (a) for research and development, (b) to market and promote the Services or (c) to protect our legal rights and interests;
  • You give us consent to do so for a specific purpose; or
  • We need to process your data to comply with a legal obligation.

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.

1.4 Third Parties and Concept2

We share information with third parties that help us operate, provide, improve, integrate, customize, support and market our Services.

Service providers: We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual and physical infrastructure, order processing, payment processing and analysis, which may require them to access or use information about you. For example, we use a service provider for sending bulk emails, such as our newsletter or software notifications. If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your information.

Credit reference and fraud prevention agencies: We exchange information with other companies and organizations for fraud protection and credit risk reduction. We share account information, including payment information and sometimes Internet activity information with these companies.

Community forums: We offer publicly accessible discussion forums, activity trackers and rankings as part of our Services, such as the Concept2 Forums and the Concept2 Online Logbook. You should be aware that information you provide on these websites, including profile information, may be viewed and collected by any member of the community who views these sites, based on the information sharing settings you have selected in your preferences. We urge you to consider the sensitivity of any information you post in these public settings when you use these Services.

To request removal of your information from publicly accessible websites that are part of our Services, please contact us as provided below. If we are unable to remove some or all of your information, we will notify you and explain why.

Links to other websites: The Services may include links that direct you to websites or features with privacy policies that differ from ours. Your use of those third party sites, and any information that you provide to those sites, are not governed by our Privacy Policy.

Third party widgets or code: Some of our services contain widgets, such as our “Support” and “Chat” features. These widgets may collect your IP address, browsing behavior, location, and may set a cookie to enable that feature to function correctly.

Business transfer: In the case of a merger, sale, financing or acquisition of part or all of our business, we may share or transfer the information about you we collect under the terms of this privacy policy. Should this occur, you will be notified by email and/or other prominent notices on the Services, and you will be informed of your choices.

1.5 Information Storage and Security

We store your data using data service providers in the United States.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user places an order to maintain the safety of your personal information.

All credit card payment transactions are processed through PayTrace, a gateway provider, and are not stored or processed on our servers.

We have reasonable and appropriate physical, electronic, and administrative measures in place to safeguard the security of your personal information. However, when you communicate with customer service via email or chat on our websites, these communications may not be encrypted. For that reason, we ask that you do not share sensitive information via these communication channels.

We have put in place procedures to deal with any suspected personal data breach and in the case of a breach will notify you and, where we are legally required to do so, any applicable regulator.

1.6 Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, accounting, or reporting requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.

In some circumstances you can ask us to delete your data: see “Delete your information” below for further information.

In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

1.7 Your Rights

You have the right to:

  • Request that we disclose to you the following information that covering the 12-month period preceding your request:
    • The categories and sources of personal information we collected about you.
    • The specific personal information we collected about you.
    • The commercial purposes for collecting or selling (if applicable) the personal information about you.
    • The categories of Personal Information about you that we shared or disclosed, and the categories of third parties with whom we shared or to whom we disclosed such information about you, if applicable.
  • Object to our use of your personal information (including for marketing purposes).
  • Update and correct your personal information.
  • Request the deletion or restriction of your personal information.
  • Request your personal information in a structured, electronic format.

Below, we describe the tools and processes for making these requests.

You can exercise some of the choices by logging into the Services and using settings available within the Services or your account.

Access and update your personal information: Some of our Services give you the ability to access, correct and update information about yourself from within the Service. For example, you can log in, access and edit your Logbook profile and your online purchase Account settings.

Deactivate your accounts: If you no longer wish to use our Services, we may be able to deactivate your Services account. Contact us as provided in the Contact Us section below to request assistance.

Delete your personal information: Some of the Services give the ability to delete certain information about yourself from within the Service. For example, you can remove content that contains fitness activity information and remove certain profile information. Please note, however, that we may need to retain certain personal information for record keeping purposes, to complete transactions or to comply with our legal obligations.

Object to use of your information: You may object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal information which override your rights and freedoms.

Request restriction of processing of your personal information: This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request that we stop using your personal information: In some cases, you may ask us to stop accessing, storing, using and otherwise processing your personal information where you believe we don't have the appropriate rights to do so. For example, if you believe a Services account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this policy. Where you gave us consent to use your personal information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time.

When you make such requests, we may need time to process your request. If there is delay or dispute as to whether we have the right to continue using your personal information, we will restrict any further use of your personal information until the request is honored or the dispute is resolved.

Request the transfer of your personal information to you or to a third party: We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated personal information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Opt out of marketing communications: You may opt out of marketing communications from us by using the unsubscribe link provided at the bottom of every email or by contacting us as provided below and requesting that your contact information be removed from our promotional email lists.

Even after you opt out of marketing communications, you will continue to receive transactional notifications from us regarding our Services.

Turn off cookie controls: Refer to our Cookie Policy for details on managing browser-based cookies.

Interest-based advertising: We may work with third-party advertising companies that collect and use information about your online activities across sites over time, in order to deliver more relevant advertising when you are using the Concept2 Services and elsewhere on the Internet. This practice is known as interest-based advertising. You may visit www.aboutads.info to learn more and to opt out of this type of advertising by companies participating in the Digital Advertising Alliance self-regulatory program. We do not operate or control this site, and are not responsible for the opt-out choices available there. Note that electing to opt out will not stop advertising from appearing in your browser or applications. It may make the ads you see less relevant to your interests. If you delete, block or otherwise restrict cookies or use a different computer or Internet browser, you may need to renew your opt-out choice.

Links to Third Parties and Social Media

Our websites and App may contain links to third-party online properties. Such third parties have their own policies that govern their collection, use, and disclosure of information. We suggest that you read their privacy policies to learn about their practices.

Social media provides tools that many of our customers use and enjoy, and we include links to various social media platforms on our websites. If you interact with these social media tools through our websites, your experience on those social media sites will be governed by the privacy and other policies of those sites. So, the privacy settings you have chosen on those sites will determine the degree to which your information is made public. We encourage you to choose your privacy settings on those sites accordingly.

All Other Requests

For all other requests, you may contact us as provided in the Contact Us section below to request assistance. We may request specific information from you to confirm your identity.

Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete personal information which we are permitted by law or have compelling legitimate interests to retain. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.

If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed. In addition, we reserve the right to retain information that we are permitted by law to retain.

1.8 Children

The online Concept2 Services are specifically marketed to and available to individuals over the age of 13.

Please see our COPPA Policy for additional information.

1.9 Data Privacy Framework Notice

Concept2, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Concept2, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Concept2, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit: Data Privacy Framework

We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

1.9.1 Sensitive Personal Information

We may collect the following sensitive EEA personal data: data regarding your height, weight, heart rate, specific physical activities, and similar types of information relating to physiological condition and activity. We collect this data in order to provide the Services and to tailor features, products, event information and Services to your interests and goals. When we collect sensitive EEA Personal Data, we will obtain your opt-in consent for the collection and use of such information, including if we disclose your sensitive EEA personal data to third parties, or before we use your sensitive EEA personal data for a different purpose than we collected it for or than you later authorized.

1.9.2 Onward Transfers

Under the EU-U.S. and Swiss-U.S. Data Privacy Frameworks, we are responsible for the processing of information about you we receive from the European Union, the United Kingdom and Switzerland and onward transfers to a third party acting as an agent on our behalf. We comply with the Data Privacy Framework Principles for such onward transfers and remain liable in accordance with the Data Privacy Framework Principles if third-party agents that we engage to process such information about you on our behalf do so in a manner inconsistent with the Data Privacy Framework Principles, unless we prove that we are not responsible for the event giving rise to the damage.

1.9.3 Certification

To learn more about the Data Privacy Framework program, and to view our certification page, please visit Data Privacy Framework.

1.9.4 Contact and Dispute Resolution

In compliance with the Data Privacy Framework Principles, Concept2, Inc. commits to resolve complaints about our collection or use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our Data Privacy Framework policy should first contact Concept2 at:

Email address: privacy@concept2.com

Concept2, Inc. has further committed to refer unresolved Data Privacy Framework complaints to the International Centre for Dispute Resolution (ICDR), the international division of the American Arbitration Association, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit adr.org for more information or to file a complaint. The services of the ICDR are provided at no cost to you.

1.9.5 Binding arbitration

You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your compliant directly with Concept2 and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see US Department of Commerce’s Data Privacy Framework: Annex I (Binding Arbitration).

1.10 Updates to the Privacy Policy

If we modify this Privacy Policy, we will post the revised Privacy Policy online. We will notify you if the policy changes in any material way by sending a notice to the email address you provided us, if any, and by placing a prominent notice on our website at concept2.com. You should check regularly to see if this Privacy Policy has changed.

1.11 Contact Us

Your information is controlled by Concept2, Inc. If you have any questions or concerns about this Privacy Policy or your information, please direct your inquiry to Concept2, Inc., or if you are a resident of the European Economic Area, please contact our EU representative.

Email (for Privacy Concerns): privacy@concept2.com
California Residents, please include “CCPA Privacy Request” in the subject line.
Email (for General Contact): info@concept2.com
Website: www.concept2.com

Address:
Attn: Privacy
Concept2, Inc.
105 Industrial Park Dr.
Morrisville, VT 05661
USA

EU Representative for EEA residents
Full name of legal entity: Concept 2 Limited.
Full name of data privacy manager: Rebecca Nowell
Email address: dataprotection@concept2.co.uk
Postal address: Unit C8, Queens Drive Industrial Estate, Crossgate Drive Nottingham NG2 1LW.

Toll-free Phone (US & Canada): 800.245.5676
Phone: 802.888.7971