Updated February 20, 2020
The websites www.getonform.com and all related mobile applications, (hereinafter "the Site") is owned and operated by OnForm, Inc. ("OnForm", "we," or "us"). The App and site provides video feedback, analysis and communication tools for coaches and athletes and other related and supporting services offered by OnForm (the "Services").
Information Collection and Use
Through your use of the Services, we may collect the following "Personal Data" from you if you choose to provide it, including:
- Your name, email, address and/or telephone number ("Contact Information").
- Videos containing your image
- Pages and products viewed, ads that you clicked on, emails from us that you opened, browser type, operating system, IP address and device information, your mobile operating system (OS), a mobile device identifier embedded by us, or other commonly used mobile device identifier if you access the Site on a mobile device ("Analytical Information").
- Data imported into the App or Site from third parties such as video or data like heart rate, swing speed, pitching velocity ("Third Party Data").
- Your age/birth date, username, password, primary sport, gender, coaching company name, client names ("User Data").
- If you choose to link your social media accounts to the Services, we may collect information related to your social media accounts ("Social Media Information").
- We may also collect publicly available information about you from third-party sources, such as the postal service for shipping address verification.
ONFORM IS NOT A HEALTHCARE PROVIDER OR A BUSINESS ASSOCIATE OF ANY HEALTHCARE PROVIDER AND IS NOT SUBJECT TO THE PRIVACY RULE OF THE HEALTH INFORMATION PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA).
How Your Personal Data May Be Used
We may use Analytical Information to improve the performance or layout of our website; to develop new services and ideas; to target advertisements to you on the websites of others, and to better administer and troubleshoot our systems.
We use your Contact information for the following purposes:
- Name - Your name is used for identification within the application and personalization of emails or notifications or messages.
- Email - Your email may be used for purposes of password reset assistance and transactional emails such as sales, payments, and recurring subscription processing.
- Physical Address - OnForm requires billing address when purchasing items using a credit card, but not while making payments on the Apple App Store or Google Play store. It is also possible to optionally store mailing address for each account via application settings, to help coaches manage their athletes.
- Phone Number - OnForm requests phone number when creating a coach account so we can contact you for onboarding and education.
- Unique Identifiers - We generate a unique identifier for your account as part of account creation in order to distinguish your data from other users within OnForm.
- Age & Birth Month/Year - OnForm may store birth month/year (and calculates age from this data) to assist with improving accuracy of analysis and automating various tasks. This information is not required.
- We use your User Data to provide you the Services. You may choose to provide more User Data to generate a more personalized experience and to maximize the functionalities of the Services.
- Social Media Information - Social Media Information is optionally stored at your discretion for blog post author bios and coach profile contact methods.
We may also use Contact Information, Third Party Data, User Data and other Personal Data to provide you the Services on the Site; to evaluate and improve the Services; to fulfill your requests for information; and to contact you about OnForm products or services and those of our affiliates, based on the preferences you have indicated.
We provide you the opportunity to consent to receive commercial email from us related to the Services or information that we deem you may be interested in when you seek more information from us. We will give you the opportunity to "opt out" of receiving any unsolicited information from us or to limit the unsolicited information you receive from us to information regarding the Services or information you specifically request or information we determine you may find useful as a result of your use of the Site.
Information Sharing and Disclosure
- We need to share your information to provide a product or service you have requested;
- We need to send the information to companies who work on behalf of OnForm to provide a product or service to you. Unless we tell you differently, we only provide these companies the minimum amount of information that is necessary for them to assist us and these companies do not have any right to use the Personal Data we provide to them beyond what is necessary to assist us;
- We find that your actions on our website violate the Terms and Conditions of Use, any of our usage guidelines for specific services or any agreement; and
- As required to respond to or initiate subpoenas, court orders, or legal process.
Third Party Processors
To ensure that your Personal Data receives an adequate level of protection, we have put in place appropriate procedures with the third parties we share your Personal Data with to ensure that your Personal Data is treated by those third parties in a way that is consistent with and which respects the applicable laws on data security and privacy.
How long do we keep your information?
We will store your information for as long as you have an account with OnForm. We may keep records of transactions with you for a period of up to seven (7) years to comply with the IRS requirements.
OnForm may use "cookies," a small text file transferred to your device, along with similar technologies (e.g., internet tag technologies, web beacons and embedded scripts) to help provide you a better, more personalized user experience.
The Options/Settings section of most internet browsers will tell you how to manage the cookies and other technologies that may be transferred to your device, including how to disable such technologies. You can disable our cookies or all cookies through your browser settings. Please be advised that disabling cookies through either method may impact many of the Site's features.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our websites. They include, for example, cookies that enable you to log into secure areas of our websites, use a shopping cart or make use of e-billing services.
- Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our websites when they are using it. This helps us to improve the way our websites works, for example, by ensuring that users are finding what they are looking for easily.
- Targeting cookies. These cookies record your visit to our websites, the pages you have visited and the links you have followed. We will use this information to make our websites and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
We also allow third parties like Intercom to place cookies on your device through the Services to:
- Help us understand and improve how visitors use our websites, including which of our pages and products are viewed most frequently.
- More effectively market our products and services and advertise other products and services that may be of interest to you.
- Obtain your feedback on our products and the Services.
- Allow you to engage in our social media offerings (e.g., clicking the "Like" button on our website).
The use of third-party cookies is not covered by our Privacy Notice. We do not have access or control over these cookies. If you continue to use our websites, we will assume you agree to the use of these cookies.
Do Not Track
Some internet browsers incorporate a "Do Not Track" feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the "Do Not Track" signal, the Site does not currently interpret, respond to or alter its practices when it receives "Do Not Track" signals.
We will take reasonable and appropriate measures to protect it from loss, misuse and unauthorized access, disclosure, alteration and destruction of your Personal Data, taking into due account the risks involved in the processing and the nature of the personal data. However, no electronic storage method or data transmission over the Internet can be guaranteed to be 100% secure.
Commitment to Children's Privacy
In compliance with the Children's Online Privacy Protection Act, 15 U.S.C., 6501-06 and 16 C.F.R., 312.1-312.12, the Site does not collect information from children under 16 years of age, and we do not intentionally collect information from persons under thirteen (13) years of age. Use of the Site is limited to users that are sixteen (16) years of age and older. By using the Site, you represent that you are thirteen (13) years of age or older.
We reserve the right to change, modify or otherwise update this policy at any time. These changes or updates will be effective immediately. We may provide you notice of such changes when they are material, such notice may be given by posting on the Site, by electronic or conventional mail or by any other means by which you obtain notice of the changes or updates.
Policies of Other Websites or Apps
Notice to Residents of the U.S. (Other than California) and Canada:
You may access Personal Data held by us about you, as well as information about how we are using your data and you can request that we rectify any inaccurate personal data held by us about you.
Notice to California Residents
The CCPA defines "personal information" to mean information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information does not include information that is publicly available, deidentified or aggregate information. For purposes of this "Notice to California Residents" section we will refer to this information as "Personal Information."
RIGHT TO KNOW ABOUT PERSONAL INFORMATION COLLECTED, DISCLOSED, OR SOLD
If you are a California resident, you have the right to request that we disclose what Personal Information we have collected about you in the 12-month period preceding your request. This right includes the right to request any or all of the following:
- Specific pieces of Personal Information that we have collected about you;
- Categories of Personal Information we have collected about you;
- Categories of sources from which the Personal Information was collected;
- Categories of Personal Information that we sold (if applicable) or disclosed for a business purpose about you;
- Categories of third parties to whom the Personal Information was sold (if applicable) or disclosed for a business purpose; and
- The business or commercial purpose for collecting or, if applicable, selling Personal Information.
The CCPA defines "sell" to mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a California resident's Personal Information to another business or a third party for monetary or other valuable consideration.
How to Submit a Request to Know
You may submit a request to know at firstname.lastname@example.org.
Our Process for Verifying a Request to Know
If we determine that your request is subject to an exemption, we will notify you of our determination. If we determine that your request is not subject to an exemption, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the California resident on whose behalf you are making such request. Our verification process may differ depending on whether you maintain a password-protected account with us. If you maintain a password-protected account, we may verify your identity through existing authentication practices available through your account. Prior to disclosing the requested information, we will ask you to re-authenticate yourself with respect to that account. If you do not maintain a password-protected account, or if you are an account-holder but we suspect fraudulent or malicious activity with your account, we will verify your identity to a "reasonable degree of certainty" or a "reasonably high degree of certainty" using methods we have determined are reliable for the purpose of verifying identities depending on the sensitivity of the Personal Information and the risk of harm to you by unauthorized access. In addition, you may be required to submit a signed declaration under penalty of perjury stating that you are the individual whose Personal Information is being requested.
RIGHT TO REQUEST DELETION OF PERSONAL INFORMATION
If you are a California resident, you have the right to request that we delete the Personal Information about you that we have collected or maintain. However, a business is not required to comply with a request to delete if it is necessary for the business to maintain the Personal Information in order to, for example, complete a transaction, detect security incidents, comply with a legal obligation, or otherwise use the Personal Information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information.
How to Submit a Request to Delete
You may submit a request to delete by sending an email to email@example.com
If you submit a request to delete online, you will be asked to confirm separately that you want your Personal Information deleted.
Our Process for Verifying a RequestIf we determine that your request is subject to an exemption, we will notify you of our determination. If we determine that your request is not subject to an exemption, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the California resident on whose behalf you are making such request. Our verification process may differ depending on whether you maintain a password-protected account with us. If you maintain a password-protected account, we may verify your identity through existing authentication practices available through your account. Prior to deleting the Personal Information, we will ask you to re-authenticate yourself with respect to that account. If you do not maintain a password-protected account, or if you are an account-holder but we suspect fraudulent or malicious activity with your account, we will verify your identity either to a "reasonable degree of certainty" or a "reasonably high degree of certainty" depending on the sensitivity of the Personal Information and the risk of harm to you by unauthorized deletion.
If we are unable to verify your identity to the applicable standard, we will treat your request to delete as a request to opt-out of the sale of the personal information that you provided as part of processing the request to delete. See the following section for a description of the right to opt-out of the sale of personal information.
NOTICE OF RIGHT TO OPT-OUT OF SALE OF PERSONAL INFORMATION
Your RightIf you are a California resident, you have the right to direct a business that sells (or may in the future sell) your Personal Information to stop selling your Personal Information and to refrain from doing so in the future. The CCPA defines "sell" to mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a California resident's Personal Information to another business or a third party for monetary or other valuable consideration.
How to Submit a Request to Opt-Out
You may submit a request to delete by sending an email to firstname.lastname@example.org.
How We Process a Request to Opt-Out
We will act upon your request to opt-out within 15 days from the date that you submit the request. The CCPA does not require that we verify the identity of individuals who submit requests to opt-out of sales. However, we may deny the request if we have a good-faith, reasonable, and documented belief that the request is fraudulent. If we deny the request on this basis, we will notify the requesting party and provide an explanation why we believe the request is fraudulent.
RIGHT TO NON-DISCRIMINATION FOR THE EXERCISE OF A CALIFORNIA RESIDENT'S PRIVACY RIGHTS
We will not discriminate against California residents if they exercise any of the rights provided in the CCPA as described in this section "Notice to California Residents." As such, we will not deny goods or services to that California resident; charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; provide a different level or quality of goods or services to the California resident; or suggest that the California resident will receive a different price or rate for goods or services or a different level or quality of goods or services. However, we are permitted to charge a California resident a different price or rate, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to us by the individual's data.
California residents may use an authorized agent to submit a request to know, delete, or opt-out of sales on your behalf.
If you use an authorized agent to submit a request to know or request to delete, we may require that (1) the authorized agent provide proof of your written permission and (2) you verify your identity directly with us. These requirements do not apply if you have provided the authorized agent with a power of attorney pursuant to California Probate Code sections 4000 to 4465.
If you use an authorized agent to submit a request to opt-out of sales, you will need to provide that authorized agent with written permission to do so and submit written proof to us that the agent has been authorized to act on your behalf.
SHINE THE LIGHT LAW
We do not disclose personal information obtained through our Site or Services to third-parties for their direct marketing purposes. Accordingly, we have no obligations under California Civil Code 1798.83.
Notice to Residents of Europe and the United Kingdom
OnForm recognizes the importance of protecting the privacy of our customers and the users of the Site. As such, we will always ensure that we have a lawful basis for processing your Personal Data.
OUR LEGAL BASIS FOR COLLECTING, STORING AND PROCESSING YOUR PERSONAL DATA
If you have subscribed or downloaded our app to use the Site in order to obtain the Services, we collect, store and process your Personal Data out of a contractual necessity in order to provide you the Services. In certain cases, we may store and process your Personal Data in order to comply with OnForm's legal obligations for record keeping and other compliance with laws or regulatory compliance.
The Personal Data we hold about you is processed by us on the basis of our legitimate interests in providing the Services. Based upon the type and amount of data we collect, we have made a determination that our legitimate interest in using such Personal Data is not outweighed by any detriment to you.\.
Under the GDPR, you have the following rights related to OnForm's use of your Personal Data.
Description of your right
Right 1A right to access personal data held by us about you, as well as information about how we are using your data.
Right 2A right to require us to rectify any inaccurate personal data held by us about you.
Right 3A right to require us to erase personal data held by us about you, and where the personal data has been made public, for other controllers processing the personal data to also erase links to, or copy or replication of, such personal data. This right will only apply where (for example): we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based on your consent; or where you object to the way we process your data (in line with Right 6 below).
Right 4A right to restrict our processing of personal data held by us about you. This right will only apply where (for example): you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but you require the data for the purposes of dealing with legal claims.
Right 5A right to receive personal data, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to require us to transfer this personal data to another organization, at your request
Right 6A right to object to our processing of personal data held by us about you (including for the purposes of sending marketing materials to you).
Right 7A right to withdraw your consent, where we are relying on it to use your personal data (for example, to provide you with marketing information about our services or products). If you have consented to receive communications from us, you can contact us at any time to have your details removed from lists used by us or to update your marketing preferences. Please email email@example.com and quote your email/telephone number/account number in the body of the email, telling us what you would like us to do. You can also: click "unsubscribe" on any of our emails, and we will ensure we don't send you any communications of this nature in future.
For more information about Privacy Shield, see the US Department of Commerce's Privacy Shield website at https://www.privacyshield.gov. To view OnForm's certification, please visit https://www.privacyshield.gov/list.
If you are a subject whose data is stored by OnForm on behalf of one of our customers, you should contact that customer with your request. We will then assist that customer to fulfill your request in accordance with their instructions.
The collection and use of data is essential to the value that we provide as a service, as well as improve on the services we provide.
Resolving Your Privacy Shield ComplaintsIn compliance with the Privacy Shield principles, OnForm commits to resolve complaints about our collection or use of your personal data. If you have an inquiry or complaint regarding this Privacy Shield Policy, please contact OnForm at firstname.lastname@example.org.
If the dispute involves personal data collected in the context of an employment, agent, or sub-contractor relationship, we will cooperate with competent EU data protection authorities and comply with the advice of such authorities. In the event that we or such authorities determine that we did not comply with the Privacy Shield requirements, we will take appropriate steps to address any adverse effects and to promote future compliance. Further, any of our employees who are found to have violated the Privacy Shield Policy will be subject to disciplinary process.
Under certain circumstances, you may also invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission. Please see the Privacy Shield website for more information on conditions giving rise to binding arbitration (https://www.privacyshield.gov/article?id=G-Arbitration-Procedures).
OnForm, Inc is subject to the investigatory and enforcement powers of the US Federal Trade Commission ("FTC").