Echelon Indoor Cycling Limited (“Echelon”) is committed to protecting and respecting your privacy. This policy sets out how we will use your personal information and who it will be shared with. Please read the following carefully.
Echelon’s mission is to inspire our community to lead vibrant and fulfilled lives. Central to this mission is our commitment to you and your user experience and that includes transparency about the data we collect about you, how it is used and with whom it is shared.
We collect Personal Data about you when you visit our Website or use our Services, including the following:
• Registration and use information – When you register to use our Services by establishing an Account, we will collect Personal Data as necessary to offer and fulfil the Services you request. We may require you to provide us with your name, postal address, telephone number, email address, date of birth, gender, emergency contact name and contact information, how you heard about us and pre-existing health conditions in our health commitment and waiver release form to establish an Account.
• Any correspondence you send to us, telephone us, or when you email us.
• Details of your visits to our site and the resources that you access (which may include, amongst other things; traffic data and communication data);
• Details of Class Packs purchased on the site; and
• Reservations you make for Classes.
We may require you to provide us with additional Personal Data as you use our Services, to the extent that it is necessary for the provision of those services, and only where it is reasonable. Where we believe that we need more data we will set out the reasons why we need that information, and describe how we intend to use it.
We will process your Personal Data for a variety of reasons that are justified under data protection laws in the European Union (EU).
To operate the Website and provide the Services, including to:
• Create an account
• Make a booking.
• Make a class cancellation
• Make a class cancellation
• Make a purchase for the provision of our Services
• Initiate a payment
To manage our business needs, such as monitoring, analysing, and improving the Services and the Website’s performance and functionality. For example, we analyse User behaviour and perform research about the way you use our Services.
To manage risk and protect the Website, the Services and you from fraud by verifying your identity, and helping to detect and prevent fraud and abuse of the Website or Services.
To comply with our obligations and to enforce the terms of our Website and Services, including to comply with all applicable laws and regulations.
With your additional consent:
To market to you by delivering marketing materials about Echelon’s products and Services. We may also process your Personal Data to tailor certain Services or Website experiences to better match our understanding of your interests.
To respond to your requests, for example to contact you about a question you submitted to our customer service team.
You can withdraw your consent at any time and free of charge. Please contact firstname.lastname@example.org in writing to request this.
Your health data is regarded as a special category of data under data protection laws. We process health data so as to be aware of any particular concerns or issues that may affect your ability to undertake exercise with us, or to assist us if there is a medical emergency. Because we cannot allow you to participate in a class unless we have this information we regard the information as being necessary for the performance of your contract with us. In addition, we must have additional authority to process this personal data, because of its status. We will only process this data with your explicit consent, which we will ask for separately. Given the significant harm that could result if we are not aware of a medical condition, we will not be able to allow you to take our classes without your consent.
With other companies that provide services to us: We share Personal Data with third-party service providers that perform services and functions at our direction and on our behalf. Our providers include companies who will process our credit and debit card payments; companies who maintain our website and credits system, and companies that maintain our mailing lists and other contact details.
With other third parties as permitted or required by law, including: if we need to do so to comply with a law, legal process or regulations; to law enforcement authorities or other government officials, or other third parties pursuant to a subpoena, a court order or other legal process or requirement applicable to Echelon Indoor Cycling Limited; if we believe, in our sole discretion, that the disclosure of Personal Data is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity; to protect the vital interests of a person; to investigate violations of or enforce a user agreement or other legal terms applicable to any Service; to protect our property, Services and legal rights; to help assess and manage risk and prevent fraud against us, our Users and fraud involving our Website or use of our Services, including fraud that occurs at or involves our business partners, strategic ventures, or other individuals, and institutions; to support our audit, compliance, and corporate governance functions.
Sometimes it may be necessary to share your data with parties who are based or who operate outside of the European Union. Currently this happens where we share it with contact management companies such as Mailchimp, and our booking management company MindBody. We also use Google Analytics services which may process data outside of the EU. We always ensure that the service providers we engage with have safeguards in place whenever personal data is transferred outside of the EU. Currently all service providers based in the USA that process data on behalf of Echelon are registered under the EU-US Privacy Shield, which are fully compliant with GDPR regulations in the EU.
When you create an Account with Echelon using MINDBODY Software, it is for the purpose of managing your class bookings, viewing our class schedule and selecting and paying for Class Packs. You have the option to “opt in” to receive promotional and non-promotional e-mails, texts, newsletters in order to keep you informed of any promotional offers which we believe you may be interested in. By “opting in” you also allow the software to send you automated e-mail receipts, appointment and scheduling confirmation and reminders. You have the right (at any time) to “opt out” of receipt of these e-mails by going to your PROFILE section on your account (once logged in) and changing the settings.
We will not share any of your information with any other third parties without your agreement unless required in order to fulfil our contract with you, required by our regulators or allowed by law.
Subject to GDPR regulations in the EU, you have certain rights in respect of your Personal Data. In particular, you have a right of access, rectification, restriction, opposition, erasure and data portability. Please contact email@example.com with a written request if you wish to exercise these rights. If you wish to complete an access request to all personal data that Echelon holds on you, we would ask that you provide 2 points of data verification to prove your identity, for example, your Date of Birth and telephone number. Please allow 30 days from written request for us to provide this access.
Unless you ask us not to, we will tell you about services we offer and about opportunities to support us. Occasionally, this may include information about partner organisations.
We keep your data for the minimum period required by law or our regulators. This is usually no longer than eight years. After this time, where appropriate, we will destroy/delete your data unless the relationship is still ongoing.
All third parties used by Echelon for the purposes of marketing (e.g. e-mail and text marketing services) have a clearly defined “opt out” feature where you can choose to immediately stop receiving such information.
If your request requires all data to be removed, this could result in an end to the relationship and services provided by us.
If you would like more information on these rights or on how to do any of the above, please contact us at firstname.lastname@example.org. We hope any issue can be resolved by contacting us but if not, you have the right to complain to the Data Protection Commissioner’s Office.
We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorised access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centres, and information access authorisation controls. While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and Account/profile registration information and verifying that the Personal Data we maintain about you is accurate and current.
The Website and Services are not directed to children under the age of 16. We do not knowingly collect information, including Personal Data, from children or other individuals who are not legally able to use our Website and Services. If we obtain actual knowledge that we have collected Personal Data from a child under the age of 16, we will promptly delete it, unless we are legally obligated to retain such data.
If the revised version includes a substantial change, we will provide you with 30 days prior notice by posting notice of the change on the “Policy Update” page of our website. We also may notify Users of the change using email or other means.