Last updated: January 24, 2023

BODYBAR Franchising, LLC (“us”, “we”, “our”, the “Company” or “BODYBAR”) has created this privacy policy (“Privacy Policy”) to give you confidence as you visit and use our services online and offline, and to demonstrate our commitment to fair information practices and the protection of privacy.

This Privacy Policy is only applicable to information we obtain in the course of our business, including though our website, our mobile app, BODYBAR Studios (“Studios”), our social media accounts, communications with us, and other online and offline offerings (collectively, the “Services”). Further, our franchisees may maintain individual websites in the country or territory where they operate. This Privacy Policy does not apply to any third-party products, services or websites that you may be able to access via the Services, which may have data collection, storage, and use practices and policies that differ materially from this Privacy Policy.

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Types of Information Collected

1.1         “Personal Information” is information that personally identifies you. When you register for a BODYBAR membership, visit Studios, use our Services, contact us directly, apply for employment or interact with us on social media, you may provide us or our Franchisees with certain Personal Information including your name, date of birth, gender, e-mail address, social media handles, phone number, your physical address and fitness-related information provided in the membership process, such as your height, weight, general fitness-related goals or other information helpful to achieving your fitness goal. If you are a prospective franchisee, we may collect detailed information such as your first name, last name, email address, phone number, address, and general financial information such as liquidity and assets, to evaluate your qualifications for an BODYBAR Pilates franchise.

1.2         “Account Information” is information that we and our Franchisees collect in connection with your BODYBAR membership account. The types of Account Information we or our Franchisees collect may include the type of membership, billing method, effective dates of your membership, username and password (“Membership Information), and information in connection with the use of our Services, such as records of the products and services purchased, personal preferences such as favorite programs and classes, and notations made to your account in connection with a customer service communications between you to BODYBAR.

1.3         “Financial Information” is information we or our Franchisees collect to process payments from you, such as a credit card number and/or other related information that may be required from you to complete your purchase. We do not store or retain any of your Financial Information, except for the last four digits of your credit card. For more information on how your Financial Information is used and shared in these instances, please see Section 3.3 (“Payment Processors”) below.

1.4   “Traffic Data” is information that your browser sends whenever you visit or use the Website or the App, as well as any other generic user information through the use of commonly-used information-gathering tools, such as cookies and web beacons. Traffic Data may also include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the type of mobile phone you are using to access our Services, the operating software and firmware used by your mobile phone, the pages of the Platform that you visit, the time and date of your visit, the time spent on those pages and other data generated from cookies (see Section 4 Cookies below for more information).

2. Legal Basis, Use and Retention of Information

2.1 Use of Information Collected

We may process your Personal Information for the purposes identified in this Privacy Policy, pursuant to the following legal basis: (1) with your consent, (2) for compliance with a legal obligation to which BODYBAR is subject, (3) for the performance of a contract to which you are party, (4) in order to protect your vital interests, or (5) when we have assessed it is necessary for the purposes of the legitimate interests pursued by BODYBAR or a third party to whom it may be necessary to disclose information and are not overridden by your rights and freedoms, including your right to have your personal data protected.

We use your Personal Information for our legitimate business interest in operating and improving our business and services, including to: provide our services, products, and other offerings to you; consideration or an employment application; establish, manage and administer your membership and account with us; personalize and improve your membership experience; providing you with information you have requested from us, our franchisees or trainers you have engaged with; respond to requests and enquiries from you or a third party; optimize our website and customer experience; provide customer support; inform you about our products and services; and ensure that our operations are conducted in an appropriate and efficient manner.

We may also use your Personal Information to perform analytics with your consent (including market research, trend analysis, and financial analysis).

We may also use your Personal Information to protect against and prevent safety and security issues, fraud and other criminal activity, claims and other liabilities, and to comply with and enforce applicable legal requirements, relevant industry standards, and our policies and terms.

We may use your Personal Information in processing your franchise or employment application and contacting you regarding franchise opportunities.

We may also use your Personal Information to send important notices, such as communications about your membership and changes to our policies. Because this information is important to your interaction with BODYBAR, you may not opt out of receiving these communications.

We collect Account Information for the purpose of providing and improving the Services, responding to your requests/inquiries, servicing your account, and communicating about your membership account.

We collect Financial Information for the purpose of processing payment for products or services purchased.

We collect fitness and health-related information to allow us to personalize your experience, to allow our trainers to measure your progress and adjust programming, and for other related uses.

We collect Traffic Data for the purpose of providing and improving the Services, and, as described in this Privacy Policy, to, with your consent, advertise to you.

We may link or combine the personally identifiable information we collect and/or receive about you with non-personally identifiable information we collect or receive about you, such as the Traffic Data we collect automatically during your visit to our website or use of certain of our Services. This allows us to provide you with a personalized experience and helps us to continually work to improve our Services. If we do combine non-personally identifiable information with personally identifiable information, the combined information will be treated as personally identifiable information for as long as it remains combined.

2.2 Retention Policy

We will only retain your personally identifiable data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of our legitimate business interests that have been accessed and satisfy any legal or reporting requirements. For clarity, we retain all information collected for so long as you have a membership account with us, so that we can service your membership efficiently. Should you request to deactivate your membership account or for us to erase your personally identifiable data, subject to our 30-day retention period for back-ups, we will cease to retain all personally identifiable information you have provided. However, retention periods may be extended if we are required to preserve your information or data because of litigation, investigations and other similar proceedings, or if a longer retention period is required or permitted by applicable law.

3. Third Party Data Processors and Service Providers

We do not sell, otherwise disclose, or share data we collect about you except as described in this Privacy Policy. We may share your personal data with third parties as described below:

3.1 Business Affiliates

We may share your data with our affiliates, subsidiaries, parent companies and franchisees, for the purpose of any necessary collaboration. In addition, if BODYBAR is involved in a merger, acquisition or asset sale, your Personal Information and data may be transferred as a business asset. In such cases, we will provide notice before your Personal Information is transferred and/or becomes subject to a different Privacy Policy.

3.2 Business Partners

We may share such your data with our franchisees, or other business partners with whom we collaborate or work to provide specific services to you or if we think the products or services they offer would be of interest to you. We, as well as our franchisees, vendors, or other business partners may use this information for marketing and solicitation purposes.

3.3 Payment Processors

When you make a payment for the Services, we or our Franchisees may process your payments via a third party payment processor. In these instances, the third-party payment processor may collect certain Financial Information from you to process a payment on behalf of BODYBAR, including your name, email address, address and other billing information in which case the use and storage of your Financial Information is governed by the third party payment processor’s terms, conditions and privacy policies.

3.4 Vendors

BODYBAR engages certain third parties that may process data submitted to BODYBAR to perform certain business-related functions and to increase the functionality of our Services. Third party companies provide various other services to us, such as monitoring and analyzing how our Services are used or performing. When we engage another company to perform such functions, we may provide them with information, including Personal Information, Account Information and Traffic Data in connection with their performance of such functions. These third parties may analyze the data we provide, combine that data with publicly available data, and provide us with access to their analysis and reports.

We do not display the identities of all of our third-party data processors and service providers publicly by name for security and competitive reasons. If you would like further information about the identities of our third-party data processors and service providers, please contact us as provided in Section 12 Contact Us below.

To the extent these third parties have access to any of your data, and especially your Personal Information or a combination of data that is deemed to be personally identifiable, please know that they are contractually (i) limited to only use this data to perform specific tasks on our behalf and (ii) obligated not to disclose or use your information for any other purpose.

4. Cookies

Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and transferred to your device. We use cookies to collect information in order to improve our services for you. The third parties we work with may also use cookies to help us analyze how our users are using the Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The Help feature on most browsers provide information on how to accept cookies, disable cookies or to notify you when receiving a new cookie. Some third party service providers may use “flash cookies,” which are saved on your computer, but cannot be rejected, disabled, turned off, opted out of, or deleted in the same way as regular cookies. To learn how to manage your flash cookie settings, visit the Flash player settings page on Adobe’s website.

If you do not accept cookies, you may not be able to use some features of our Service and we recommend that you leave them turned on.

We use the following types of cookies (collectively, “Cookie Data”):

  • “Essential Cookies” are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. Because of their essential nature, you cannot opt out of these cookies.
  • “Functional Cookies” enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages.
  • “Analytics Cookies” allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous.
  • Additionally, “Advertising Cookies” may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites.

5. Opting Out of Promotional Communications

You may opt out of receiving promotional communications from us by contacting us as provided in Section 12 Contact Us below, or following the unsubscribe link or instructions provided in any email we send.

6. Compliance with Laws

We will disclose your Personal Information where required to do so by law or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.

7. Your California Rights

The California Consumer Privacy Act (“CCPA”) provides California residents with the following rights:

  • Right to Know. The right to know the Personal Information that we collect from you, the purposes for which we use it, the sources from which we collect it, the limited circumstances under which we share it, with whom we share it, and your rights regarding it.
  • Right to Request Access and Data Portability Rights. The right to request we disclose certain information to you about our collection and use of your Personal Information (as used in this section “Personal Information” has the definition set forth in CCPA) over the past 12 months, upon verifiable consumer request. Once we receive and confirm your verifiable consumer request, we will disclose to you: (i) the categories of Personal Information we collected about you, (ii) the categories of sources for the Personal Information we collected about you, (iii) our business or commercial purpose for collecting or selling that Personal Information, (iv) the categories of third parties with whom we disclosed or sold that Personal Information, (v) and/or the specific pieces of Personal Information we collected about you (also called a data portability request). You may make a “request to know” up to two times in a 12-month period free of charge, subject to limitations described in the law. A general description of the categories of information that we collect, the purpose for collecting, using and sharing such information, and types of service providers we share information with is set forth above in the “Information and Collection,” “Legal Basis, Use and Retention of Information” and “Third Party Data Processors and Services Providers” sections.
  • Right to Request Deletion. The right to request we delete your Personal Information that we collected from you and retained. Once we receive and confirm your verifiable consumer request, we will delete your Personal Information from our records, subject to certain exceptions under applicable law.
  • Right to Opt Out of Sale. The right to opt out of the “sale” of your personal information to “third parties.”
  • Authorized Representatives. You may also designate an authorized representative to make consumer rights requests on your behalf. We will require verification that you did in fact authorize the representative.
  • No sale of personal information. Although we do not believe we sell personal information, CCPA has very broadly defines “sale” as to qualify our limited sharing of your personal information as a “sale.”
  • No Discrimination. We will not discriminate against any consumer for exercising their rights under the CCPA. We will not deny you goods or services, charge you different rates, or give you different discounts because you used one of these rights.

If you wish to exercise these rights, please contact us as provided below in Section 12 Contact Us below. Please note that certain rights may be limited or unavailable depending on the type of data requested or exception under applicable law.

As already stated elsewhere in this Privacy Policy, and in accordance with California Civil Code Section §1798.83, please know that BODYBAR does not disclose personally identifiable information collected on the Service to third parties for their direct marketing purposes. California Civil Code Section § 1798.83 permits users of a website that are California residents to request certain information regarding the disclosure of personally identifiable information to third parties for their direct marketing purposes.

If BODYBAR is involved in a merger, acquisition or asset sale, your Personal Information may be transferred as a business asset. In such cases, we will provide notice before your Personal Information is transferred and/or becomes subject to a different Privacy Policy.

8. Children’s Privacy

Our Services are not directed at anyone under the age of thirteen (13); and we do not knowingly collect personally identifiable information from anyone under the age of thirteen (13). Additionally, you must be over the minimum age to consent to the processing of your personal data as required by the laws of your country to use our Services.

9. Data Transfer

To facilitate BODYBAR’s operations, we may store, transfer and access the information and personally identifiable information you submit to our Services around the world, including the United States, Canada and other countries in which we or our third party service providers have operations. This Privacy Policy shall apply even if BODYBAR transfers such information or personally identifiable information to other countries. By consenting to this Privacy Policy and using our Services (or, for the avoidance of any doubt, providing information or personally identifiable information to us on any Company website in any other context), you consent to the transfer of your information and personally identifiable information among these facilities, including those located outside your home country.

You may request a copy of the safeguards that we have put in place in respect of any applicable transfers of personally identifiable information by contacting us as described in the Contact Us section below.

For the avoidance of any doubt, if you are located outside United States and choose to provide information to us, please note that our current practice is to transfer the information, including Personal Information, to United States, where it is processed. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

10. Security

The security of your Personal Information is important to us, and we strive to implement and maintain administrative, technical, and physical security measures appropriate to the nature of the information we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure.

However, please be aware that no method of transmission over the internet, or method of electronic storage is 100% secure and we are unable to guarantee the absolute security of the Personal Information we have collected from you.

11. Changes To This Privacy Policy

This Privacy Policy is effective and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted.

We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at [email protected]. Our corporate office is located at 3000 S. Hulen Street, Suite 155, Fort Worth, Texas 76109. You may also call us at 1 (817) 862-9550.

To submit a verifiable data privacy request to us, please contact us at [email protected]. Once we receive your request, we must verify your identity before we can respond. You may be required to provide the following information for verification purposes and efficiency:

Your first and last name

Your e-mail address

Your telephone number

Your club location

Your key FOB number

Unless otherwise stated in an addendum, all communications must be in the English language. We will respond to reasonable requests within the time limits established by applicable law or within a reasonable time if no time limit is established by applicable law. For your protection, we may ask you for additional information to verify your identity. In most cases, we will provide the information you request and correct or delete any inaccurate personal information you discover. We reserve the right, however, to limit or deny your request to the extent permitted by applicable law if: (1) the disclosure may be threat to the personal safety, property, or rights of any other person or organization; (2) the disclosure may lead to a violation of applicable laws or regulations; or (3) where you have failed to provide sufficient evidence to verify your identity.

13. Your Nevada Privacy Rights:

Nevada law allows consumers to direct certain businesses not to sell their personally identifiable information to third parties to license or sell that information to additional third parties. We do not sell your information to such data resellers and have no plans to do so. However, if you are a Nevada resident, you may submit such opt-out requests to [email protected]. To be effective, your request must include your full name, address, phone number, and email address. BODYBAR will endeavor to respond to your verified request within 60 days of receiving the request. However, due to unforeseen circumstances, BODYBAR may need to extend this period by up to 30 days. If an extension is necessary, BODYBAR will notify you of this during the initial 60-day period.

14. Your Virginia Privacy Rights:

If you are a Virginia resident, please refer to the information below. This section describes how we, as the “controller”, process your personal data under Virginia’s Consumer Data Protection Act (“VCDPA”), effective as of January 1, 2023. For purposes of this section, “controller”, “personal data” and other terms used herein have the meanings provided for in the VCDPA.

The law offers Virginia residents various rights to access and control their personal data, and sets certain notice obligations, outlined below.

Consumer Privacy Rights. The Virginia law grants consumers the right to:

  • Know whether we are processing your personal data
  • Access personal data we process
  • Correct inaccuracies in your personal data
  • Delete your personal data
  • Obtain a copy of your personal data
  • Opt-out of processing your personal data for: targeted advertising, personal data sales, or automated decision-making, including profiling, which has legal or other significant effects on you

If we refuse to honor any one of your privacy requests outlined above, you may appeal our refusal. In this case, please contact us within a reasonable time as outlined in Section 9, “How to Contact Us”, of this Privacy Policy.

To submit a verifiable request to us, please contact us at [email protected]. Please also refer to Section 12 of this Privacy Policy for more information.

Legal Basis, Use and Retention of Information. This section is intended to supplement the information contained in Section 2 and other applicable sections of this Privacy Policy. It outlines the broad categories of personal data we process, examples of personal data we collect, the purposes for processing this data, and the categories of third parties that we “sell” and/or share your data with.

Categories of personal data. The following categories of personal data we collect includes:

Contact information, transaction history relating to the use of Studios, information regarding training classes and utilization of services, identifiers, geolocation data, information related to becoming a franchisee and/or employee.

Personal data we collect. The personal data we collect includes but is not limited to (see also personal data we may collect under Section 2 of this Privacy Policy): Contact information to create an account (e.g., full name, phone number, email address, birth date); fitness-related information provided in the membership process (e.g., height, weight, general fitness-related goals); employment history and information in relation to employment applications; account information related to your membership to allow you to update credit card, bank account, other payment information; computer data or files which may be sent by your web browser to allow our server to “recognize” you through the navigation of the site; your IP address to measure our website traffic and to help provide a more personalized experience; contact information for marketing purposes where you have consented to receive such communications; information collected where you use our application

Categories of sources of data. We receive your personal data from information you provide to us, a franchisee, as a result of certain interactions with third parties, and public sources

Purposes for processing your data. We process your data for the following purposes:

  • Creating and managing your membership, improving our services, sending marketing communications with your consent, processing your payments (using a third-party payment provider), helping you achieve your fitness goals and related purposes, processing a franchise or employment application

Categories of third parties with whom we “sell” and share your data. While we do not sell your data, we may share it with our Club management software providers, marketing providers, payment processors, cloud-hosting services, our affiliates and franchisees.