Privacy Statement

Effective Date: March 13, 2024

(If you are a CA resident, this statement includes your California Privacy Rights. If you are a CO resident, this statement includes your Colorado Privacy Rights. If you are a CT resident, this statement includes your Connecticut Privacy Rights. If you are a UT resident, this statement includes your Utah Privacy Rights. If you are a VA resident, this statement includes your Virginia Privacy Rights.)

To view our Consumer Health Data Privacy Policy, please see below.

Welcome to the Active&Fit DirectTM program which is a fitness and health education program (the “Active&Fit Direct Program” or “Program”).The Active&Fit Direct Program and the Active&Fit Direct website (the “Active&Fit Direct Website” or “Website”) are owned and operated by American Specialty Health Fitness, Inc. (ASH Fitness), a subsidiary of American Specialty Health Incorporated (“ASH”), a Delaware corporation with a mailing address of 10221 Wateridge Circle, San Diego, CA 92121, on behalf of itself and its subsidiaries. The Active&Fit Direct Healthy Living Program as part of the Active&Fit Direct program is managed by ASH affiliate, American Specialty Health Management, Inc. (“ASH Management”). The provisions of this Privacy Statement apply to these companies to the extent they support the Active&Fit Direct program. The terms “ASH” or “we” in this Privacy Statement refer collectively to these companies.

ASH values its users (“you”) and respects your privacy. We are committed to using your information responsibly. The information you provide to us through the Active&Fit Direct Program or on the Active&Fit Direct Website is governed by this Privacy Statement. This Privacy Statement informs users about the Active&Fit Direct information practices, including: what categories of personal information, including any sensitive personal information, we collect through the Active&Fit Direct Program and on the Active&Fit Direct Website; how the personal information is collected; the business purposes for which we collect the personal information; the types of third parties to whom we disclose personal information; how long we keep the personal information, and the choices you have about the collection and use of personal information.

This Privacy Statement, together with the Terms and Conditions, govern your participation in the Active&Fit Direct Program and your use of the Active&Fit Direct Website. By using the Active&Fit Direct Website, or otherwise participating in the Active&Fit Direct Program, you accept and agree to be bound by this Privacy Statement and the Terms and Conditions.

You should read and familiarize yourself with this Privacy Statement and with ActiveandFitDirect.com Terms and Conditions. By using ActiveandFitDirect.com, you acknowledge and consent to our collection, processing and use of your information as described in this Privacy Statement. For any questions about this Privacy Statement, please contact us directly through any means noted at the end of this Privacy Statement. If information practices change, we will post the revised policy on ActiveandFitDirect.com and/or will notify users through direct communication.

Information Collected by Active&Fit Direct

Personal Information identifies, relates to, describes, is reasonably capable of being associated with, or could be linked, directly or indirectly, with a particular consumer or household. The type of personal information collected and used by Active&Fit Direct generally does not include sensitive personal information, which is subject to special protections under some state laws. Such laws consider sensitive personal information to include information like government-issued numbers (e.g., Social Security, driver’s license, state identification card, or passport); information allowing access to financial accounts like credit or debit cards; geolocation within a radius less than 1850 feet; racial or ethnic origin; religious or philosophical beliefs; union membership; contents of consumer’s mail, email, text messages; genetic data; biometric information capable of uniquely identifying a consumer; health and mental health data; citizenship or immigration status; or data about a person’s sex life or sexual orientation.

Active&Fit Direct uses payment processors who comply with federal PCI standards to complete payment on our behalf. Active&Fit Direct does not collect or process full credit card numbers or security codes.

Should you choose to use the Healthy Living Program, we must first make sure the coaching services available are appropriate for you. To do so, we ask general questions about mental and/or physical health concerns. Based on responses to such questions, or if you appeal any ASH determination not to make coaching services available to you, ASH may require more information from you or your medical provider. ASH intentionally limits the information needed to make these determinations using the least amount of information necessary. Please do not volunteer more detailed sensitive personal information than what is required.

If you choose to use the Connected feature, ASH will receive activity data (e.g. steps, duration, etc.) you have authorized your device or app manufacturer to send to ASH.

Both the coaching and Connected features require you to opt into those services before receiving them. ASH does not use sensitive personal information other than the limited business purposes noted above.

ASH does not sell personal information to third parties. When we use any service providers, processors, or third parties to assist us for business purposes involving the collection, use or retention of personal information, we limit those arrangements to the uses disclosed in this privacy statement. We also contractually require such persons to only use the personal information for the specific business purposes authorized in the contract. ASH may engage third parties to place targeted advertisements to you when you browse other websites or use social media.

Targeted Advertising (Cross-Context Behavioral Advertising). ASH does use targeted advertising for the Active&Fit Direct program to provide you with advertisements about our program. You can opt out by using the footer link labeled “Sharing Personal Information for Targeted Advertising”. You may also do this when presented with an opt-out popup message while using the website. Your opt-out preference will then be stored by your browser. You may also use the Global Privacy Control to signal Active&Fit Direct to opt you out of our targeted advertising.

ASH does not use personal information for profiling.

Workout Preferences. To help you identify resources on our website and applications, like fitness videos, we may ask you for your workout preferences to help you select workouts. Beyond this, ASH does not use personal information for profiling (the automatic processing of personal information to evaluate personal aspects and to analyze or predict aspects concerning, economic situation, health, personal preferences, interests, reliability, behavior, location or movements) or otherwise altering your experience outside your current interaction with the business.

Deidentified Information Will Not Be Re-identified: Deidentified information is data where identifiers are removed or altered so that the identify an individual, a household or device used by an individual reasonably cannot be determined from the data. Such data may also be known as pseudonymized or anonymized data. Where the information has been deidentified properly in accordance with federal or state law, the deidentified data set is not subject to privacy protections under the applicable law. To the extent ASH creates or uses such deidentified data sets, we will not attempt to alter that information so that is it is “reidentified,” meaning it could then be used to reasonably identify an individual, a household or device used by an individual.

How we obtain information about you:

when you provide it to us (e.g., by contacting us through our Contact Us, through our chat, when you call us, when registering or enrolling for the services)
from your use of our website, using cookies, and
occasionally, from our service providers and your sponsoring organization.

This chart is a reference guide on how the Active&Fit Direct program collects, uses, and discloses your information. This is only a summary. You should review the full privacy statement below for more detail. If you are a California, Colorado, Connecticut, Utah, or Virginia resident, the full privacy statement below contains important information related to your privacy rights. For additional privacy rights related to Consumer Health Data laws, please see reference the Consumer Health Data Privacy Policy section below.
All Users - Publicly available program features
	Categories of Personal Information	Source of Collection	Business Purpose	Disclosure to Others
Fitness Provider Search	Identifiers: Address, Preferred fitness location ZIP code* *The ZIP Code for your first search is saved as your default Preferred ZIP Code until you change it.	Provided by you.	Performing Services for the Business: e.g., to conduct a search of Fitness Providers near the address or ZIP Code entered, and to update you of fitness center changes in your Preferred ZIP Code.	We do not disclose the address information you enter on our site with any third parties.
Contact Us	Identifiers: First and last name, E-mail address Special Identifiers: Phone number* Other Information: General inquiry or experience details you choose to hare when you reach out to us, Sponsoring Organization** a Special Identifier is one that may be subject to cybersecurity and breach notification laws in various states. An example would be California Civil Code 17898.80, subdivision (e). *Optional fields	Provided by you.	Performing Services for the Business: e.g., to verify your identity and perform services addressing your questions and complaints, as well as to make improvements to our products to better serve customer needs. Security	Service Providers, Contracted Fitness Centers, and Sponsoring Organizations: To Perform Services for the Business: e.g., we may disclose the information outside of ASH as necessary to resolve your inquiry when resolution requires third-party action. Security Chat Service Provider: To Perform Services for the Business: e.g., provide chat feature, quality assurance, product improvement, security, debugging, research and tech development. Primary Account Holder: as necessary for enrollment and billing of spouse/domestic partner accounts, the fees for which are payable by the Primary Account Holder.
Targeted or Interest-Based Advertising	Identifiers: First Name, Last Name, Email, IP Address Internet or Electronic Activity Information: Active&Fit Direct Website browsing activity	Operating Platforms: Aggregated information provided by cookies and third-party pixels.	Targeted Advertising: e.g., cross-context behavioral advertising of Active&Fit Direct and affiliate products to you.	Advertising Networks: e.g., we may disclose your name, email, cookies, electronic/internet data and IP address with social media platform operators, digital advertising tools, or digital advertising platforms to direct advertisements to you; third-party cookies and pixels may also track internet or electronic activity information and IP Address.
Website Analytics	Identifier: IP Address Internet or Electronic Activity Information: Web server logs, cookies, web beacons, Active&Fit Direct Website browsing activity	Data Analytic Providers	Performing Services for the Business: e.g., auditing advertising performance, internal research and tech development, quality assurance, and product improvement. Security Debugging	Data Analytic Providers evaluate information for us. We do not disclose personal information related to the information that Data Analytic Providers provide to us with third parties.
Registered or Enrolled Users - Program features available to members
	Categories of Personal Information	Source of Collection	Business Purpose	Disclosure to Others
Program Administration: Website Registration Program Enrollment & Administration Guest Pass Requests Fitness Center/ Active Options Activation & Access	Identifiers: First and last name, address, Email address, Username and password, Security question and answer Fitness ID Special Identifier: Phone number (optional), Username and password, Security question and answer Protected Class Information: Date of Birth, Gender (optional) Other Information: Selected fitness center location, Preferred fitness location ZIP code, Sponsoring Organization Affiliation*	Provided by you or the Primary Account Holder. *A limited number of Sponsoring Organizations may provide your first name, last name, date of birth and email address along with the name of the entity affiliated with the participating sponsoring organization (Sponsoring Organization Affiliation). Your sponsoring organization will inform you of this arrangement if it is available to you. If this applies to you, when you visit using your sponsoring organization’s link, you will see that your information will be populated into your account on our website when you first register or enroll.	Performing Services for the Business: e.g. maintain and service your account, provide customer service, process transactions, verify customer information, internal research and tech development, quality assurance, and product improvement. To invite product feedback, such as extending an invitation to participate in optional product improvement research. To provide a directory of Fitness Providers in your Preferred ZIP code and notify you of new Fitness Providers in that area. Non-targeted advertising and general marketing of affiliate products available to you through ASH, or in connection with your Sponsoring Organization’s plan. Members who are enrolled, those who are not yet enrolled but are registered, and those who have canceled enrollment but maintain a registered account may continue to receive advertising and marketing communication and related surveys for Active&Fit Direct. Security Debugging *If your sponsoring organization includes different groups affiliated with the sponsor, we may receive an affiliate identifier (Sponsoring Organization Affiliate) when you access our website and register. We use this information to confirm your eligibility through the sponsoring organization. We may also use the affiliate identifier in aggregate reporting back to your sponsoring organization.	Contracted Fitness Centers and/or Active Options Providers (hereinafter “Fitness Providers”) for eligibility, reimbursement, and utilization reporting. Additional information disclosed may include Fitness ID, program name, and effective date/termination date. Fitness Providers may share utilization data with Us for benefit administration purposes. We may disclose limited information with the Primary Account Holder related to billing or customer service issues. Such information may include selected fitness facilities and, where fees apply, the use of the selected fitness facilities. We may disclose email, first name, and last name with Service Providers who support email communications. We may disclose first name and last name, general location with Social Media Platform Operators that allow for customer service inquiries by way of social media platforms to be addressed directly via the social media platform. Service Providers for security. **We do not disclose Sponsoring Organization Affiliation with any third-parties other than the Sponsoring Organization.
Digital Workouts	Identifiers: IP Address, Device ID, Profile name (if you comment or interact with Active&Fit Direct or Streaming Service Providers)	Provided by you to Streaming Service Provider when you activate or stream a digital workout or live fitness class.	Perform Services for the Business: e.g., to maintain and service your account, provide customer service, process transactions, track utilization, and verify customer information; facilitate access to, and viewing of, streamed materials made available through the program but hosted on, or streamed through, the Streaming Service Provider’s platform.	Streaming Service Provider: The Provider and ASH disclose general utilization data for administrative purposes such as processing reimbursement by ASH to the Provider. Your use of the third-party website (Facebook, YouTube, etc.) to view publicly available live classes is governed by that platform’s own Privacy Policy and Terms & Conditions. If you comment on a workout video, your comment may be publicly viewable, and ASH may receive your profile name to reply to your comment.
Connected!^TM Feature	Identifiers: Device ID Other Information: Your fitness device activity information (e.g., steps, exercise duration, etc.)	When you agree to participate in the Connected! feature, you authorize your device to disclose your activity information with an activity aggregator, who forwards the activity information to Us to include in your account.	Perform Service for the Business: e.g., to facilitate services related to adding your activity, such as steps taken in a day, to your account so that you may track your progress over time. For internal research and tech development, quality assurance, and product improvement. Security Debugging	ASH does not disclose this information outside of our organization.
Active&Fit Direct Healthy Living Telephonic Coaching	Identifier: First and last name, E-mail address, mailing address Special Identifier Information: Phone number Video and/or Audio: coaching sessions may be telephonic or virtual capturing voice and video Other Information: Healthy Living Coaching Enrollment Information (e.g., self-reported information related to wellness goals, Height, Weight) Protected Class Information: Date of Birth Gender Sensitive Personal Information: General health information	Provided by you. Healthy Living Coaching Information is provided by you to ASH Fitness’ affiliate, American Specialty Health Management, Inc. (ASH Management). ASH Management provides the coaching services.	Perform services for the business: e.g., maintain and service your account, provide customer service, process transactions, verify customer information. General health information is collected to ensure coaching program is appropriate for you. Non-targeted advertising and general marketing of affiliate products available to you through ASH as part of your Sponsoring Organization’s plan.	ASH Management provides the coaching services with administrative support provided by ASH Fitness. Any Healthy Living Coaching Information noted herein is retained by ASH Management. ASH Fitness and ASH Management will exchange individually identifiable information (e.g., Identifiers, Personal Information, Protected Class Information, excluding Sensitive Personal Information) for administration of the coaching feature and to address any complaints. ASH Management may also provide individually identifiable information to ASH Fitness about Active&Fit Direct member participation in the program, but information is limited to your participation and does not include any information obtained in coaching sessions. ASH Fitness may in turn provide your Sponsoring Organization with aggregate-only participation information for its members.
Referral and Reward Program	Identifiers: First and last name, Fitness ID, email address Other Information: Enrollment status	Referred Person: Provided to referral provider when referred person uses the link sent from your account to visit the site	Perform Services for Business: Our referral program provider and ASH use this information to process rewards for you	Service Provider: ASH’s referral program provider discloses with ASH to process rewards.
Product Feedback	Identifiers: First and last name, Email address, mailing address Special Identifier: Phone number Protected Class Information: Age, Gender Personal Information: Location (city, state), General information and details provided pertaining to your experience using the product.	Provided by you to ASH; instances in which ASH uses our Survey Service Provider, we share this information with the provider.	To gather customer feedback to perform services related to internal research and tech development, quality assurance, and product improvement. Members who are enrolled, those who are not yet enrolled but are registered, and those who have canceled enrollment but maintain a registered account may continue to receive surveys and other communications related to Active&Fit Direct for product improvement and feedback.	With Survey Service Provider for administering the survey. We may disclose aggregate results of the member satisfaction survey with Sponsoring Organizations, existing and potential clients and the public.
Payment Processing	We do not collect your credit card information or maintain it on our systems. If you or the Primary Account Holder chooses to enroll you in the Active&Fit Direct Program, the Primary Account Holder will be asked to provide their credit card information to process any fees incurred by active account users as part of the program, including but not limited to, enrollment fees, recurring monthly fees, and annual maintenance fees. We use a PCI-compliant third-party payment processor to collect and process credit card information. Our systems store redacted credit card information (first six (6) and last four (4) numbers of your credit card), according to PCI data protection standards. Active&Fit does not collect or process full credit card numbers or security codes.
Additional Sharing	For legal purposes, including as reasonably necessary to comply with law or legal process (including a court or government order or subpoena); to detect, prevent, or otherwise address fraud, security or technical issues; to enforce this Privacy Statement or the Terms & Conditions for the Active&Fit Direct program and the use of this Website; and as reasonably necessary to protect the rights, property or safety of ASH, ASH users, and/or the public. During a corporate reorganization: If ASH is involved in a merger, acquisition, financing, or sale of business or assets, information collected from and about users may be transferred to one or more third parties involved in such transaction and, upon such transfer, the relevant third-party privacy policy or policies may govern further use of the information. In the event of such a change, ASH will endeavor to notify our users of the change as well as any choices our users may have regarding the change. Aggregate information: In addition, ASH may provide service providers, reputable third-party vendors and Sponsoring Organizations with aggregate statistics regarding user participation, Active&Fit Direct Website traffic patterns and related Usage Information. The information so provided will not include individually identifiable information, meaning we will not share your Personal Information when sharing aggregate information.
Your Active&Fit Direct Program may include access to other ASH products and programs, such as but not limited to, the Connected! and Active&Fit Direct Healthy Living features. These products and programs have separate Terms and Conditions and Privacy Statements and may be provided by affiliates of ASH Fitness. You should review and accept their respective Terms and Conditions and Privacy Statements before you use those services. If you consent to your information being used to access one of our affiliate products the use of your information is governed by the Privacy Statement of the affiliate product.
If you choose not to provide your Personal Information, certain features of the Active&Fit Direct Program and Active&Fit Direct Website will not be available to you.

How Active&Fit Direct Uses Personal Information

All Users - Publicly available program features

Searching for an Active&Fit Direct Fitness Provider: We use the address and/or Preferred ZIP code you provide to help locate Active&Fit Direct fitness providers near you to perform services for the business. The ZIP code that you enter for your first search is saved as your default Preferred ZIP code until you change it. We use the Preferred ZIP code to update you of fitness center changes in that ZIP code. We do not disclose search information you enter on our site with any third parties.
Contacting us: When you contact us through the Active&Fit Direct Website, via chat, telephone or other means, we may collect your first and last name, phone number, address, e-mail address, sponsoring organization and details of your inquiry, and experience details you choose to share when you reach out to us for support, to provide us feedback, or otherwise interact or communicate with us. We will use your information to perform services for the business such as to process and respond to your inquiries and requests. We may disclose such information with your Sponsoring Organization, our service providers, or contracted fitness centers, as necessary, to resolve issues requiring their input.
Targeted or Interest-Based Advertising: We may also work with a variety of advertisers, third-party websites/applications, and analytics companies (advertising networks) that use cookies and similar technologies to collect data about your use of the Active&Fit Direct Website so that we can deliver ads to you based on your interests and online activities. This information does not give us access to your computer or mobile device. We use Third-Party Pixels to help measure our advertising and marketing efforts. All pixels are tiny snippets of code that allow website owners, like us, to gather information about visitors to the website. Website pixels track how you browse, what type of ads you click on, and if you make any purchases. Tracking pixels are also used to measure a marketing campaign’s performance, track conversions, and build an audience base. Pixels also collect your name, IP address, and email address. Active&Fit Direct uses the information gathered from tracking pixels to market and advertise to you on social media platforms and third-party websites. Your email address may be shared with social media platforms to target advertisements to your social media profile.

You can opt out of Targeted Advertising by using the footer link labeled “Sharing Personal Information for Targeted Advertising”.

You may also do this when presented with an opt-out popup message while using the website. Your opt-out preference will then be stored by your browser. You may also use the Global Privacy Control to signal Active&Fit Direct to opt you out of our targeted advertising.

For more information about online advertising or to choose not to see targeted ads, please visit http://www.aboutads.info/choices. Keep in mind that if you choose not to see online targeted ads, you’ll still see ads when you browse, but they may not be as relevant to you as your personal information will not be shared with third parties to target our specific advertisements to you on those other platforms.

Website Analytics

We use cookies and other similar technologies on the Active&Fit Direct Website to help us remember who you are, to enhance and personalize your experience, to understand and save your preferences for future visits, to compile group information about our users, and to carry out other tasks relating to the operation or improvement of the Active&Fit Direct Website.

Cookies are small text files that are placed on your hard disk by a webpage server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. Most web browsers are initially set to accept cookies, but you can change your browser settings to notify you when you are sent a cookie, giving you the ability to accept or reject it, or you can choose to routinely and manually delete cookies stored on your computer or mobile device. Each time you revisit the Active&Fit Direct Website, your ability to restrict our use of cookies on that service is subject to your browser settings and limitations at the time. Please note that if you choose to disable or reject cookies from the Active&Fit Direct Website, some portions and features of the Active&Fit Direct Website may become inaccessible or may not function properly.
Web Beacons: We use web beacons, which can be included in web pages or in emails for reporting and analytic purposes, such as counting users who have visited a web page and/or tracking usage patterns. We do not gather personal information of any kind via this activity. Web beacons cannot be declined when delivered via a regular web page. However, web beacons can be refused when delivered via email. If you do not wish to receive web beacons via email, refuse HTML (select Text only) emails via your email.
Web server log information: We collect and store server logs to ensure network and IT security and so that the server and website remain uncompromised. This includes analyzing log files to help identify and prevent unauthorized access to our network, the distribution of malicious code, denial of services attacks and other cyber-attacks, by detecting unusual or suspicious activity.
- We also use server logs to troubleshoot application issues that would impact Active&Fit Direct users experience. This could happen when a certain feature (for example login or subscription) isn’t working as expected or when the performance of the website is degraded.
- Unless we are investigating user-impacting issues, suspicious or potential criminal activity, we do not make, nor do we allow our hosting provider to make, any attempt to identify you from the information collected via server logs.
Third-Party Pixels: There are three types of commonly used pixels: Targeting Pixels, Retargeting pixels, and Conversion pixels. All pixels are tiny snippets of code that allow website owners to gather information about visitors to the website. Website pixels track how you browse, what type of ads you click on, and if you make any purchases. Pixels also collect your name, IP address, and email address. We use tracking pixels to measure our non-targeted, general marketing campaigns’ performance and track conversions to our website and Program. For more information about how ASH also uses pixels for targeted advertising, please see the Targeted or Interest-Based Advertising section above.
DO NOT TRACK: Some web browsers incorporate a "do-not-track" (“DNT”) or similar feature that signals to websites that a visitor does not want to have his/her online activity tracked. If a website receives a DNT signal, the browser can block that website from collecting certain information about the browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, we (along with many other website operators) do not currently respond to DNT signals. For more information about DNT signals, visit www.allaboutdnt.com.
Data Analytic Providers: We use Google Analytics as our Data Analytics Provider to collect information to improve the Website, such as how often users visit the Website, what pages they visit when they do so, and what other websites they used prior to visiting the Active&Fit Direct Website. Google Analytics places a cookie on your web browser so that it can identify you the next time you visit the Website, and the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to the Website is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. If you don’t want Google Analytics to be used in your browser, you can install the Google Analytics opt-out browser add-on which is available at https://tools.google.com/dlpage/gaoptout.

Program features available to registered or enrolled members

Performing Services for the Business: Website Registration, Program Enrollment & Administration, Guest Pass Requests, Fitness Center/Active Options Activation & Access: The Active&Fit Direct Program registration and enrollment require Identifiers such as first and last name, date of birth, gender (optional), mailing address, phone number (optional), e-mail address, selected fitness center location, and Preferred ZIP code. (Please note: The ZIP code you enter for your first search is saved as your Preferred ZIP code until you change it.) We also require you to establish a username and password to enter the password-protected area of the Active&Fit Direct Website and a security question and answer to help you recover your username and/or password. Upon enrollment, we will provide you with a Fitness ID for use with the program.
A limited number of sponsoring organizations, who have already obtained your permission to do so, may provide your first name, last name, date of birth and email address along with the name of the entity affiliated with the participating sponsoring organization (Sponsoring Organization Affiliation). Your sponsoring organization will inform you of this arrangement if it is available to you. If this applies to you, when you visit our website using your sponsoring organization’s link, you will see that your information will be populated into your account on our website when you first register or enroll.
We will use your registration information to perform services on behalf of the business such as to service your account, provide customer service, process transactions, verify customer information, conduct internal research and tech development, perform quality assurance and improve the product, as well as to invite product feedback, such as extending an invitation to participate in product improvement research, either on the website or in email. We may also use this information for security purposes. We use limited data to assist with debugging purposes. We use and disclose your registration information with service providers as needed to perform the business service and security functions noted above. We may also disclose your email, first name, and last name with service providers who support email communication and may disclose first name and last name, general location with Social Media Platform Operators that allow for customer service inquiries by way of social media platforms to be addressed directly via the social media platform. We may also use this information to provide you with general, non-targeted advertising and marketing of affiliate products available to you through ASH, or in connection with your Sponsoring Organization’s plan. Members who are enrolled, those who are not yet enrolled but are registered, and those who have canceled enrollment but maintain a registered account may continue to receive advertising and marketing communications and related surveys for Active&Fit Direct.
When available through sponsoring organizations, the Primary Account Holder may enroll a spouse or domestic partner by providing the spouse or domestic partner’s name, date of birth, and email address. We will use the information the Primary Account Holder provides to enroll each member in the program. The newly enrolled spouse or domestic partner will receive an email to register their own account and will also separately provide the information listed above. The Primary Account Holder controls enrollment, fitness facility selection, billing, and termination for the spouse/domestic partner account. ASH may disclose the spouse/domestic partner’s personal information and limited program activity with the Primary Account Holder as necessary to resolve inquiries regarding the account features the Primary Account Holder controls.
If you request a guest pass letter, you will be required to register for the site. We may follow up with you on your guest pass experience at the contact information you provide.
If you enroll with a fitness provider, we will use your information to process your enrollment, along with a Fitness ID we assign to your account, with Fitness Providers to confirm your eligibility for their services, to reimburse the Fitness Providers and for reporting utilization of the Fitness Provider services. We may also receive utilization reports containing dates of visits from any Active&Fit Direct fitness provider that you have accessed through your enrollment in the program. Additional information disclosed between ASH and the Fitness Providers for these purposes may include your Sponsoring Organization’s program name, your effective date/termination date with Active&Fit, and the fitness provider location and date of your visit or use of the location.
Eligible Affiliate Information: If your sponsoring organization includes different groups affiliated with the sponsor, we may receive a Sponsoring Organization Affiliation identifier when you access the website and register. We use that information to confirm eligibility through the sponsoring organization. If your sponsoring organization includes such different groups, we may also use the Sponsoring Organization Affiliation identifier in aggregate reporting back to your sponsoring organization; we do not disclose affiliate identifiers with any additional third parties.
Digital Workouts: For some digital workouts, ASH embeds the Streaming Service Provider’s video platform directly onto the Active&Fit Direct website. For such content, when you view the content, the Streaming Service Provider and ASH will receive analytic information such as IP address, Device ID, profile name (if you comment or interact with Active&Fit Direct or the Streaming Service Provider while streaming), and the videos you select with timestamps to show the duration for which the videos were streamed. The service provider and ASH use this information to facilitate access to the content available through our program but not hosted on our website, to receive data about the content being accessed generally and to process payment by ASH to the Streaming Service Provider. In addition, ASH will pair the information with Fitness ID in order to perform services for the business such as providing customer service, processing transactions, tracking utilization, and verifying customer information as needed.
Viewing live workouts: If you click on the Active&Fit Direct live workout links hosted on Facebook and YouTube, you will be redirected to those third-party websites to view the workout. Your use of the third-party website (Facebook, YouTube, etc.) is governed by its own Privacy Policy and Terms & Conditions. If you comment on a workout video, your comment may be publicly viewable and ASH may receive your profile name, in order to reply to your comment.
Connected! Feature: If you use the Active&Fit Connected! feature, you will separately agree at that time to authorize your eligible, enabled, activity/fitness device or equipment (a “Fitness Device”) to transmit your designated activity information from your Fitness Device from the Fitness Device manufacturer to a third-party data aggregator that we use to facilitate the Active&Fit Connected! feature. The aggregator, in turn, will forward that information to us. After receiving the information from the aggregator, we upload the information into your member profile/account on Active&Fit Direct Website. By using the Active&Fit Connected! feature, you allow us to receive this information from your Fitness Device. If you enter your gender, birth year, weight, and height into your device that is shared with your Connected! Profile, we may use this information to calculate and display your calorie metrics based on activity reported through your Connected!-enabled device. We may use the information to perform services for the business such as customer services, internal research and tech development, quality assurance and product improvement. We may also use the information as needed for security purposes together with our service providers supporting our security efforts. We may also use limited information for debugging purposes. Other than when necessary for a security concern, we do not disclose the activity information we received outside ASH.
If you participate in Active&Fit Direct Healthy Living Telephonic Coaching, ASH will collect your first and last name, date of birth, gender, e-mail address, phone number, mailing address, and Sponsoring Organization name. The coaching is provided through ASH Fitness affiliate ASH Management. ASH Management uses the personal information you provide during coaching to provide you with the coaching services and to track your progress with your wellness goals. Coaching staff will ask general health information questions to ensure that the coaching program is appropriate for you. ASH Management discloses individually identifiable participation information with ASH Fitness. The two affiliates may use and disclose your Identifiers and related Personal Information and Protected Class Information, excluding Sensitive Personal Information like your answers to the general health questions, to perform services for the business. These would include servicing your account, providing customer service, processing transactions, and verifying customer information. ASH Management does not disclose coaching records or information obtained in a coaching session with ASH Fitness. ASH Fitness may disclose aggregate participation information with your Sponsoring Organization to administer your benefits under the plan. ASH Fitness may also exchange individually identifiable information with your Sponsoring Organization as necessary to resolve customer service issues that you may have involving your program. Coaching information is not maintained on the Active&Fit Direct Website.
Referral and Reward Program: If you participate in our Referral and Reward Program, your personal information including your first and last name and email will be disclosed to our Referral Program Provider along with your enrollment status in order to process rewards related to the enrollment status of the persons you sent a link to. ASH will use this information to process rewards for you.
Surveys: A portion of members are randomly selected for optional participation in surveys. If you are selected, your name, phone number, email address, mailing address, age, gender, location (city, state), and general information and details provided pertaining to your experience using the product may be used to process surveys conducted by ASH. In some instances, such information may be forwarded to our Survey Service Provider for administration of the survey. If you receive a survey, your participation is optional. Members who are enrolled, those who are not yet enrolled but are registered, and those who have canceled enrollment but maintain a registered account may continue to receive surveys and other communications related to Active&Fit Direct for product improvement and feedback. If you participate in any such feedback request, ASH or the Survey Service Provider will process the responses, including any other information you choose to include. ASH will use your information and responses to improve our program. ASH may create and disclose aggregate feedback for its surveys with your Sponsoring Organization, our existing and potential clients, and the public. Such aggregate information will not include information that can be used to identify you.
Payment: If you are required to pay a fee to ASH in connection with your use of the Active&Fit Direct program, ASH will use a third-party PCI DSS certified payment processor, to collect and process your credit card information. Our systems store redacted credit card information (first six (6) and last four (4) of your credit card), according to PCI data protection standards. Active&Fit Direct does not collect or process full credit card numbers or security codes.

Disclosure of Your Personal Information to Others

ASH may disclose your Personal Information with third parties for the purposes noted above. In summary, we disclose personal information to others in the following circumstances:

With Sponsoring Organizations: You have access to Active&Fit Direct through a program made available to your Sponsoring Organization. Your Sponsoring Organization is the entity who is offering the Active&Fit Direct program to its eligible population. We may provide Aggregate Information to the Sponsoring Organization.

With Service Providers and Contractors: To facilitate services under the Program and to support the operation and maintenance of the Active&Fit Direct. Our service providers include:

Telephone Providers
Email Providers
Mailing List Providers
Payment Processors
Activity Aggregators
Cloud Providers
Chat Providers
Data Analytic Providers
Referral Program Providers
Fitness Providers
Fitness Class Streaming Providers
Healthy Living Coaching/ASH Management
Advertising Networks
Security Service Providers

For legal purposes, including as reasonably necessary to comply with law or legal process (including a court or government order or subpoena); to detect, prevent, or otherwise address fraud, security or technical issues; to enforce this Privacy Statement or the Terms & Conditions for the Active&Fit Direct program and the use of this Website; and as reasonably necessary to protect the rights, property or safety of ASH, ASH users, and/or the public.

During a corporate reorganization: If ASH is involved in a merger, acquisition, financing, or sale of business or assets, information collected from and about users may be transferred to one or more third parties involved in such transaction and, upon such transfer, the relevant third-party privacy policy or policies may govern further use of the information. In the event of such a change, ASH will endeavor to notify our users of the change as well as any choices our users may have regarding the change. In addition, ASH may provide reputable third-party vendors and sponsoring organizations with aggregate statistics regarding user participation, Active&Fit Direct Website traffic patterns and related Usage Information. The information so provided will not include individually identifiable information, meaning we will not share your Personal Information with these third-party vendors.

Disabling and Deleting User Accounts and Information

California Residents see below. Colorado residents see below. Connecticut residents see below. Utah residents see below. Virginia residents see below. For information pertaining to our Consumer Health Privacy Policy, please see below. Except as expressly otherwise stated in this Privacy Statement, and except where applicable law provides otherwise, personal information collected on the Active&Fit Direct Website, or through the Active&Fit Direct Program generally, cannot be deleted or removed from ASH’s database and will be retained in accordance with ASH’s record retention policy. User accounts, however, may be disabled upon written request, using the contact information at the end of this Privacy Statement.

Retention

ASH retains your data for as long as your account remains continually active. ASH may also retain your data for up to 10 years or longer if required by any legal obligations.

Opt-out of Communications received from Active&Fit Direct

If you have provided your email address, postal address, and/or telephone number to ASH Fitness, you may opt out of receiving marketing/promotional communications about affiliate programs that may be available to you from ASH Fitness by contacting ASH Fitness as described at the end of this Privacy Statement. To stop receiving marketing/promotional communications via email, you can also use the “unsubscribe” link contained in a marketing/promotional email you have previously received from ASH Fitness. Please note that email unsubscribe requests may not take effect immediately.

NOTE: Your opt-out regarding our marketing/promotional communications will not stop communications from ASH Fitness of a transactional nature or as required by law. For example, we will still send you communications regarding your account or a purchase, request or inquiry you have made with ASH Fitness, notices regarding material changes to the Active&Fit Direct Website or its information practices, and other administrative notices.

Privacy of Minors

ASH is concerned about the safety of children when they use the Internet. The Active&Fit Direct product and Website are not intended for use by persons under the age of majority (e.g., under the age of 18 in California). If ASH becomes aware that a user is under the age of 18 and has provided Personal Information to ASH without prior parental consent, ASH will remove all information provided by such underage user from its database.

Security of Personal Information

In order to maintain confidentiality and safeguard the security of Personal Information, ASH has implemented company-wide policies regarding privacy, security, and confidentiality. Despite these measures, the confidentiality of your Personal Information cannot be guaranteed. We encourage you to take appropriate steps to protect your Personal Information, such as using a complex password when you register for the Program.

Third-Party Links and Services

For your convenience, the Active&Fit Direct Website may provide links to third-party websites and online services not owned or controlled by or affiliated with ASH (each, a “Linked Third-Party Website/Service”). Linking does not mean, and should not be deemed or construed to mean, that ASH endorses or approves or is affiliated with a Linked Third-Party Website/Service. ASH is not responsible for the information privacy and security policies or practices of a Linked Third-Party Website/Service. When you leave the Active&Fit Direct Website to visit a Linked Third-Party Website/Service, this Privacy Statement no longer applies, and any information collected from or about you or your device by a Linked Third-Party Website/Service will be governed by that site/service’s privacy policies and practices, which may be substantially different from those of ASH. A Linked Third-Party Website/Service may set or use its own cookies, web beacons, etc. to your computer or mobile device, and may collect information from and about you and use the information in ways that ASH would not. You access a Linked Third-Party Website/Service entirely at your own risk. You should always read the privacy policy associated with a Linked Third-Party Website/Service before disclosing any personal information. Linked Third-Party Websites may include websites operated by Service Providers identified below. For more on Links, please see the Active&Fit Direct Terms and Conditions.

NOTE TO INTERNATIONAL USERS.

The Active&Fit Direct Program and Website are intended for U.S. residents. If you are outside of the United States and access the Active&Fit Direct Website or submit your Personal Information to us, please be advised that U.S. law may not offer the same privacy protections as the law of your jurisdiction. By using the Active&Fit Direct Website or submitting your Personal Information to us, you consent to the transfer to and processing of your Personal Information in the United States.

CONSUMER HEALTH DATA PRIVACY POLICY

This Consumer Health Data Privacy Policy applies to “Consumer Health Data”, as that term has been defined by applicable laws. This policy provides consumers whose consumer health data is processed ("you", or "your") with specific rights regarding their consumer health data. This Consumer Health Data Privacy Policy supplements the above Privacy Statement and applies solely to consumers protected by the applicable laws pertaining to the processing of Consumer Health Data.

Additionally, this policy explains your rights regarding your consumer health data and how you can exercise those rights. This policy describes the practices of Active&Fit Direct and its subsidiaries and affiliates (“ASH”, “we”) that link to this policy regarding the collection, use, disclosure, sale, and sharing of consumer health data we collect from you.

Consumer Health Data ASH Collects

As stated in the above Privacy Statement, in sections outlining the personal data we collect, data collected depends on your interactions with Active&Fit Direct and choices you make, the features you engage with or opt-in to, and the information you choose to share. Applicable laws define consumer health data broadly, some categories of the data described above may also be considered consumer health data.

Examples of consumer health data, as defined by applicable laws may include, but are not limited to:

General health information provided to your coach (*if opted-into coaching services), including but not limited to height, weight, health related conditions or diagnosis, symptoms, surgeries, procedures, medications, interventions, etc.)
Information which could identify your attempt to seek health care services or information, including services that allow you to assess, measure, improve, or learn about your or another person’s health through things like search queries, browsing histories, and survey responses.
Other information that may be used to infer or derive data related to the above or other health information.

How Consumer Health Data is Collected

As described in the above section of the privacy statement outlining the personal data we collect, we collect personal data, which could include consumer health data, directly from you, from your interactions with our products and services.

Why We Collect and Use Consumer Health Data

We collect and use consumer health data for the purposes described in the sections above outlining our business uses of personal data. Principally, we collect and use consumer health data as reasonably necessary to provide you with the products you have requested or authorized. This may include providing and operating the product and associated features, ensuring secure and reliable operation of the products and the systems that support them, troubleshooting and product improvement, and other essential business operations that support the provision of the product, such as analyzing our performance, meeting legal obligations, and conducting research and development.

Our Sharing of Consumer Health Data

We may share each of the categories of consumer health data described above for the purposes described in above sections of the privacy statement. We may share personal data, including consumer health data, with your consent or as reasonably necessary to administer the product, as described above.

Third Parties with Which We Share Consumer Health Data

As necessary for the purposes outlined above, we may share consumer health data with the following categories of third parties:

Service Providers- Vendors working on our behalf may access consumer health data for the purposes described above.
Affiliates- We enable access to data across our subsidiaries and affiliates where we share common data systems or where access helps us provider our services and operate our business.
Health Plan Clients/Sponsoring Organizations- We may share consumer health information with our health plan clients and sponsoring organizations for the purposes stated above.
Government Agencies- As stated in our Privacy Statement, we may disclose consumer health data to law enforcement and government agencies when necessary to comply with applicable law or respond to valid legal requests.

How to Exercise your Consumer Health Data Rights

Consumer Health Data laws provide consumers whose consumer health data is processed with specific rights related to collection, use and disclosure of their consumer health data.

Right to Know: You have the right to request that ASH disclose what consumer health information we have collected, used, disclosed, and sold, including specific pieces of consumer health data as well as a list of third parties and affiliates with whom we share such information for the date range indicated by you for records dated on or after March 31, 2024.

To request this information, you may fill out this form. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Consumer Health Data Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Know by phone at 1-844-646-2746.

ASH will verify your request by matching information provided by you in the Right to Know Form to information housed in our internal systems.

If we are unable to verify the request, we will deny the request and provide only general information about the type of consumer health data we process as outlined in this document. ASH may also deny requests if you submit the Right to Know Form more than twice in a calendar year or if your request is not submitted online or using the email, phone number, or address designated above.

ASH will grant, deny, or respond to a request within 45 days of receipt of the Right to Know Form. If an extension of time (up to a maximum of 90 days) is required, we will notify you and provide additional information about the process.

Right to Access and Portability: You have the right to receive a copy of your consumer health data and the specific pieces of your consumer health data we maintain in an easily readable electronic format. To request this information, you may fill out this form and select the option to receive a copy of the associated data.

You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Consumer Health Data Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Access and Portability by phone at 1-844-646-2746.

ASH will verify your request by matching information provided by you in the Right to Know and Access Form to information housed in our internal systems.

If we are unable to verify the request, we will deny the request and provide only general information about the type of consumer health data we process as outlined in this document. ASH may also deny requests if you submit the Right to Know and Access Form more than twice in a calendar year or if your request is not submitted online or using the email, phone number, or address designated above.

ASH will grant, deny, or respond to a request within 45 days of receipt of the Right to Know and Access Form. If an extension of time (up to a maximum of 90 days) is required, we will notify you and provide additional information about the process.

To appeal a denial, you may fill out this form to specify which information requires correction. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Consumer Health Data Privacy Rights” or by mailing said form to our address below. You may also call 1-844-646-2746. We will reply to your appeal in writing within 45 days of receipt. If we deny your appeal, and your consumer health data is subject to the Washington My Health My Data Act (WA HB 1155), you can submit a compliant with the Washington Attorney General at https://www.atg.wa.gov/file-complaint.

Right to Correct: You have the right to have inaccurate consumer health data we maintain about your corrected. To request this information, you may fill out this form to specify which information requires correction.

ASH will verify your request by matching information provided by you in the Right to Correct Form to information housed in our internal systems.

If we are unable to verify the request, we will deny the request. We may also deny the request, in whole or in part, if we determine the contested consumer health data is more likely than not accurate based on the totality of circumstances. We may also deny a request if it involves the same alleged inaccuracy previously denied within the past 6 months should the request not provide new or additional documentation attempting to prove the inaccuracy. We may also deny a request if we have a good-faith, reasonable and documented belief the request is fraudulent or abusive.

ASH will grant, deny, or respond to a request within 45 days of receipt of the Right to Correct Form. If an extension of time (up to a maximum of 90 days) is required, we will notify you and provide additional information about the process.

Right to Delete: You have the right to request the deletion of your consumer health information collected or maintained by the ASH.

ASH will verify your request in a two-step verification process. First, ASH will match information provided by you in the Right to Delete Form to information housed in our internal systems. Second, ASH will contact you to verify your identity and confirm your request, such contact may be made by phone or email.

ASH will grant, deny, or respond to a request within 45 days of receipt of the Right to Delete Form. If an extension of time (up to a maximum of 90 days) is required, we will notify you and provide additional information about the process.

In response to your request, ASH may deny or grant your request. If ASH grants your request, we will notify you as to which of the following methods We have used to fulfill your request. We may do one of the following: (1) permanently delete your information from our systems; (2) deidentify your information; or (3) aggregate your information in accordance applicable laws.

A denial of a deletion request may occur if ASH requires the use of your consumer health data to complete a transaction or provide services on your behalf, to detect security incidents and prosecute those responsible, to debug and repair errors that impair existing functionality, to exercise free speech or allow you to exercise free speech or any other right, to engage in public or peer-reviewed research with informed consent if deletion would seriously impair the achievement of such research, to enable solely internal uses that are reasonably aligned with the business relationship between you and ASH, or to comply with a legal obligation.

Right to Withdraw Consent: You have the right to withdraw consent from future collection and sharing of consumer health information.

ASH will verify your request in a two-step verification process. First, ASH will match information provided by you in the Right to Withdraw Form to information housed in our internal systems. Second, ASH will contact you to verify your identity and confirm your request, such contact may be made by phone or email. If we are able to successfully verify your information, ASH will honor your request and no longer collect or process the information requested from the time of completed verification.

Please note, depending on the nature of your request to withdraw consent, some or all features of the program will not be available to you.

If we are unable to verify the request, we will deny the request and provide notice of such denial. ASH may also deny requests if you submit the Right to Withdraw Consent Form more than twice in a calendar year or if your request is not sent to the designated email, phone number, or address.

CALIFORNIA RESIDENTS: YOUR CALIFORNIA PRIVACY RIGHTS

Under California Civil Code Section 1798.83 (known as the "shine the light" law), California residents have a right to request an information-sharing disclosure from a business to which they have provided personal information, and which has disclosed the information to any third party for third-party direct marketing uses in the prior calendar year.

ASH does not knowingly share your personal information with third parties for their direct marketing use without your permission. California residents may send requests for information-sharing disclosure under this law by contacting us by mail at the address located in the contact section below. Please note that, under this law, we are not required to respond to your request more than once in a calendar year, nor are we required to respond to any requests that are not sent to the above-designated email address.

The California Consumer Privacy Act (CCPA) (California Civil Code 1798.100-199) provides California residents with specific rights related to the collection, use and disclosure of their personal information by us. While our privacy practices have adopted many of the CCPA requirements across our program, this section discusses specific rights and elements applicable to persons who are California residents at the time we collected, used or disclosed your personal information.

The CCPA and the details noted here do not apply to situations where your personal information is collected, used or disclosed by us:

Where in our capacity as a business associate of a covered entity, we collect or maintain your personal information in the same manner as protected health information in compliance with privacy, security, and breach notification rules issued by the United States Department of Health and Human Services, Parts 160 and 164 of Title 45 of the Code of Federal Regulations, established pursuant to the Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191) and the Health Information Technology for Economic and Clinical Health Act (Public Law 111-5). This may apply when your access to our program is made available to you as part of a health benefit plan operated by a plan sponsor who is a covered entity under the laws noted immediately above.
Where your access to our program is made available to you through a sponsoring organization as part of the organizations’ policies or products subject to the federal Gramm-Leach-Bliley Act (Public Law 106-102), and implementing regulations, or the California Financial Information Privacy Act (Division 1.4 (commencing with Section 4050) of the Financial Code).

Additionally, should we receive CCPA-related requests that are manifestly unfounded or excessive, in particular because of their repetitive character, we reserve the ability to either charge a reasonable fee for taking the action requested or refuse to act on the request. If we refuse your request on this basis, we will notify you of the reason why.

If neither of the above situations apply to you and you are a California resident, you may exercise your rights under the CCPA as described below:

Right to Know: You have the right to request that ASH disclose what personal information we have collected, used, disclosed, and sold, including specific pieces of personal information, for the date range indicated by you for records dated on or after January 1, 2020.

To request this information, you may fill out this form. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “California Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Know by phone at 1-844-646-2746.

ASH will verify your request by matching information provided by you in the Right to Know Form to information housed in our internal systems.

Right to Access and Portability: You have the right to receive a copy of your personal information and the specific pieces of your personal information we maintain in an easily readable electronic format. To request this information, you may fill out this form and select the option to receive a copy of the associated data.

You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “California Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Access and Portability by phone at 1-844-646-2746.

ASH will verify your request by matching information provided by you in the Right to Know and Access Form to information housed in our internal systems.

Right to Correct: You have the right to have inaccurate personal information we maintain about your corrected. To request this information, you may fill out this form to specify which information requires correction.

ASH will verify your request by matching information provided by you in the Right to Correct Form to information housed in our internal systems.

If we are unable to verify the request, we will deny the request. We may also deny the request, in whole or in part, if we determine the contested PI is more likely than not accurate based on the totality of circumstances. We may also deny a request if it involves the same alleged inaccuracy previously denied within the past 6 months should the request not provide new or additional documentation attempting to prove the inaccuracy. We may also deny a request if we have a good-faith, reasonable and documented belief the request is fraudulent or abusive.

Right to Delete: You have the right to request the deletion of your personal information collected or maintained by the ASH.

A denial of a deletion request may occur if ASH requires the use of your personal information to complete a transaction or provide services on your behalf, to detect security incidents and prosecute those responsible, to debug and repair errors that impair existing functionality, to exercise free speech or allow you to exercise free speech or any other right, to comply with the California Electronic Communications Privacy Act, to engage in public or peer-reviewed research with informed consent if deletion would seriously impair the achievement of such research, to enable solely internal uses that are reasonably aligned with the business relationship between you and ASH, or to comply with a legal obligation.

No Fee for Requests for Rights to Know/Access/Portability, Correct or Delete: ASH does not charge a fee to exercise these rights. However, should we receive CCPA-related requests that are manifestly unfounded or excessive, in particular because of their repetitive character, we reserve the ability to refuse to act on the request. If we refuse your request on this basis, we will notify you of the reason why.

Right to Non-Discrimination: You have the right to exercise your privacy rights to know and to delete without facing discrimination of service or product offerings. Your use of Active&Fit Direct will remain the same whether you exercise your Right to Know or Right to Delete under the CCPA.

Right to Authorize an Agent: You have the right to authorize an agent to assist with exercising California privacy rights on your behalf. To authorize an agent, you may fill out this form. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “California Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Authorize Agent by phone at 1-844-646-2746.

ASH will verify your request by matching information provided by you in the Right to Authorize an Agent Form to information housed in our internal systems.

Additionally, if you have provided your agent with Power of Attorney, you do not have to fill out our form but will need to provide a valid copy of the Power of Attorney documentation.

If we are unable to verify the request, we will deny the request and provide notice of such denial.

Right to Opt-Out of Targeted Advertising: ASH may engage third parties advertising networks and social networks to advertise our products to you when you are browsing other websites or using other applications. To opt-out of such sharing as defined by the California Consumer Privacy Act, you may click the link below.

You can opt out of Targeted Advertising by using the website, or by using the footer link labeled “Sharing Personal Information for Targeted Advertising”.

COLORADO RESIDENTS: YOUR COLORADO PRIVACY RIGHTS

The Colorado Privacy Act (“CPA”) provides Colorado residents with specific rights related to the collection, use and disclosure of their personal information by us.

While our privacy practices have adopted many of the CPA requirements across our program, this section discusses specific rights and elements applicable to persons who are Colorado residents at the time we collected, used or disclosed your personal information.

Your rights in relation to your information:

Right to Know: You have the right to request that ASH disclose what personal information we have collected, used, disclosed, and sold.

To request this information, you may fill out this form. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Colorado Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Know by phone at 1-844-646-2746.

ASH will verify your request by matching information provided by you in the Right to Know Form to information housed in our internal systems.

Right to Access and Portability: You have the right to receive a copy of your personal information we maintain in an easily readable electronic format. To request this information, you may fill out this form and select the option to receive a copy of the associated data.

You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Colorado Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Access and Portability by phone at 1-844-646-2746.

ASH will verify your request by matching information provided by you in the Right to Know and Access Form to information housed in our internal systems.

If we are unable to verify the request, we will deny the request and provide only general information about the type of personal information we process as outlined in this document. ASH may also deny requests if you submit the Right to Know and Access Form more than twice in a calendar year or if your request is not submitted online or using the email, phone number, or address designated above. If we deny your request, you have a right to appeal that decision. To appeal, you may fill out this form. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Colorado Privacy Rights” or by mailing said form to our address below. You may also call 1-844-646-2746. We will reply to your appeal in writing within 45 days of receipt. If we deny your appeal we will provide instructions for how you can submit a compliant with the Colorado Attorney General.

Right to Correct: You have the right to have inaccurate personal information we maintain about you corrected. To request this information, you may fill out this form to specify which information requires correction.

ASH will verify your request by matching information provided by you in the Right to Correct Form to information housed in our internal systems.

If we deny your request, you have a right to appeal that decision. To appeal, you may fill out this form to specify which information requires correction. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Colorado Privacy Rights” or by mailing said form to our address below. You may also call 1-844-646-2746. We will reply to your appeal in writing within 45 days of receipt. If we deny your appeal, we will provide instructions for how you can submit a compliant with the Colorado Attorney General.

Right to Delete: You have the right to request the deletion of your personal information collected or maintained by the ASH.

If we are unable to verify the request, we will deny the request and provide notice of such denial. ASH may also deny requests if you submit the Right to Delete Form more than twice in a calendar year or if your request is not sent to the designated email, phone number, or address. If we deny your request, you have a right to appeal that decision. Our response to you will include instructions on how you can appeal the denial.

ASH may be unable to delete spouse/domestic partner account information related to account activity controlled by the Primary Account Holder.

A denial of a deletion request may occur if ASH requires the use of your personal information to complete a transaction or provide services on your behalf, to detect security incidents and prosecute those responsible, to debug and repair errors that impair existing functionality, to exercise free speech or allow you to exercise free speech or any other right, to engage in public or peer-reviewed research with informed consent if deletion would seriously impair the achievement of such research, to enable solely internal uses that are reasonably aligned with the business relationship between you and ASH, or to comply with a legal obligation.

To appeal a denial, you may fill out this form to specify which information requires correction. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Colorado Privacy Rights” or by mailing said form to our address below. You may also call 1-844-646-2746. We will reply to your appeal in writing within 45 days of receipt. If we deny your appeal, we will provide instructions for how you can submit a compliant with the Colorado Attorney General.

No Fee for Requests for Rights to Know/Access/Portability, Correct or Delete: ASH does not charge a fee to exercise these rights. However, should we receive CPA-related requests that are manifestly unfounded or excessive, in particular because of their repetitive character, we reserve the ability to refuse to act on the request. If we refuse your request on this basis, we will notify you of the reason why.

Right to Opt-Out of Targeted Advertising: ASH may engage third parties advertising networks or tools and social networks to advertise our products to you when you are browsing other websites or using other applications. To opt-out of such sharing as defined by the Colorado Privacy Act, you may click the link below.

You can opt out of Targeted Advertising by using the website, or by using the footer link labeled “Sharing Personal Information for Targeted Advertising”. You may also do this when presented with an opt-out popup message while using the website. Your opt-out preference will then be stored by your browser. You may also use the Global Privacy Control to signal Active&Fit Direct to opt you out of our targeted advertising.

CONNECTICUT RESIDENTS: YOUR CONNECTICUT PRIVACY RIGHTS

The Connecticut Data Protection Act (“CTDPA”) provides Connecticut residents with specific rights related to the collection, use and disclosure of their personal information by us.

While our privacy practices have adopted many of the CTDPA requirements across our program, this section discusses specific rights and elements applicable to persons who are Connecticut residents at the time we collected, used or disclosed your personal information.

Your rights in relation to your information:

Right to Know: You have the right to request that ASH disclose what personal information we have collected, used, disclosed, and sold.

To request this information, you may fill out this form. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Connecticut Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Know by phone at 1-844-646-2746.

ASH will verify your request by matching information provided by you in the Right to Know Form to information housed in our internal systems.

You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Connecticut Data Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Access and Portability by phone at 1-844-646-2746.

ASH will verify your request by matching information provided by you in the Right to Know and Access Form to information housed in our internal systems.

If we are unable to verify the request, we will deny the request and provide only general information about the type of personal information we process as outlined in this document. ASH may also deny requests if you submit the Right to Know and Access Form more than twice in a calendar year, the request is determined to be technically infeasible or unreasonably burdensome, or if your request is not submitted online or using the email, phone number, or address designated above. If we deny your request, you have a right to appeal that decision. To appeal, you may fill out this form. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Connecticut Privacy Rights” or by mailing said form to our address below. You may also call 1-844-646-2746. We will reply to your appeal in writing within 60 days of receipt. If we deny your appeal we will provide instructions for how you can submit a compliant with the Connecticut Attorney General.

You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Connecticut Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Correct by phone at 1-844-646-2746.

ASH will verify your request by matching information provided by you in the Right to Correct Form to information housed in our internal systems.

If we deny your request, you have a right to appeal that decision. To appeal, you may fill out this form to specify which information requires correction. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Connecticut Privacy Rights” or by mailing said form to our address below. You may also call 1-844-646-2746. We will reply to your appeal in writing within 60 days of receipt. If we deny your appeal, we will provide instructions for how you can submit a compliant with the Connecticut Attorney General.

Right to Delete: You have the right to request the deletion of your personal information collected or maintained by the ASH.

ASH may be unable to delete spouse/domestic partner account information related to account activity controlled by the Primary Account Holder.

A denial of a deletion request may occur if ASH requires the use of your personal information to complete a transaction or provide services on your behalf, to detect security incidents and prosecute those responsible, to debug and repair errors that impair existing functionality, to exercise free speech or allow you to exercise free speech or any other right, to engage in public or peer-reviewed research with informed consent if deletion would seriously impair the achievement of such research, to enable solely internal uses that are reasonably aligned with the business relationship between you and ASH, or to comply with a legal obligation.

To appeal a denial, you may fill out this form to specify which information requires correction. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Connecticut Privacy Rights” or by mailing said form to our address below. You may also call 1-844-646-2746. We will reply to your appeal in writing within 60 days of receipt. If we deny your appeal, we will provide instructions for how you can submit a compliant with the Connecticut Attorney General.

No Fee for Requests for Rights to Know/Access/Portability, Correct or Delete: ASH does not charge a fee to exercise these rights. However, should we receive CTDPA-related requests that are manifestly unfounded or excessive, in particular because of their repetitive character, we reserve the ability to refuse to act on the request. If we refuse your request on this basis, we will notify you of the reason why.

Right to Opt-Out of Targeted Advertising: ASH may engage third parties advertising networks or tools and social networks to advertise our products to you when you are browsing other websites or using other applications. You may authorize an agent to exercise your right to opt-out of targeted advertising. To opt-out of such sharing as defined by the Connecticut Data Privacy Act, you or your authorized agent may click the link below.

UTAH RESIDENTS: YOUR UTAH PRIVACY RIGHTS

The Utah Consumer Privacy Act (“UCPA”) provides Utah residents with specific rights related to the collection, use and disclosure of their personal information by us.

While our privacy practices have adopted many of the UCPA requirements across our program, this section discusses specific rights and elements applicable to persons who are Utah residents at the time we collected, used or disclosed your personal information.

Your rights in relation to your information:

Right to Know: You have the right to request that ASH disclose what personal information we have collected, used, disclosed, and sold.

To request this information, you may fill out this form. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Utah Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Know by phone at 1-844-646-2746.

ASH will verify your request by matching information provided by you in the Right to Know Form to information housed in our internal systems.

You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Utah Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Access and Portability by phone at 1-844-646-2746.

ASH will verify your request by matching information provided by you in the Right to Know and Access Form to information housed in our internal systems.

Right to Delete: You have the right to request the deletion of your personal information collected or maintained by the ASH.

ASH may be unable to delete spouse/domestic partner account information related to account activity controlled by the Primary Account Holder.

A denial of a deletion request may occur if ASH requires the use of your personal information to complete a transaction or provide services on your behalf, to detect security incidents and prosecute those responsible, to debug and repair errors that impair existing functionality, to exercise free speech or allow you to exercise free speech or any other right, to engage in public or peer-reviewed research with informed consent if deletion would seriously impair the achievement of such research, to enable solely internal uses that are reasonably aligned with the business relationship between you and ASH, or to comply with a legal obligation.

No Fee for Requests for Rights to Know/Access/Portability or Delete: ASH does not charge a fee to exercise these rights. However, should we receive UCPA-related requests that are manifestly unfounded or excessive, in particular because of their repetitive character, we reserve the ability to refuse to act on the request. If we refuse your request on this basis, we will notify you of the reason why.

Right to Opt-Out of Targeted Advertising: ASH may engage third parties advertising networks or tools and social networks to advertise our products to you when you are browsing other websites or using other applications. To opt-out of such sharing as defined by the Utah Consumer Privacy Act, you may click the link below.

VIRGINIA RESIDENTS: YOUR VIRGINIA PRIVACY RIGHTS

The Virginia Consumer Data Protection Act (“VCDPA”) provides Virginia residents with specific rights related to the collection, use and disclosure of their personal information by us.

While our privacy practices have adopted many of the VCDPA requirements across our program, this section discusses specific rights and elements applicable to persons who are Virginia residents at the time we collected, used or disclosed your personal information.

Your rights in relation to your information:

Right to Know: You have the right to request that ASH disclose what personal information we have collected, used, disclosed, and sold.

To request this information, you may fill out this form. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Virginia Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Know by phone at 1-844-646-2746.

ASH will verify your request by matching information provided by you in the Right to Know Form to information housed in our internal systems.

ASH will verify your request by matching information provided by you in the Right to Know and Access Form to information housed in our internal systems.

If we are unable to verify the request, we will deny the request and provide only general information about the type of personal information we process as outlined in this document. ASH may also deny requests if you submit the Right to Know and Access Form more than twice in a calendar year or if your request is not submitted online or using the email, phone number, or address designated above. If we deny your request you have a right to appeal that decision. To appeal, you may fill out this form. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Virginia Privacy Rights” or by mailing said form to our address below. You may also call 1-844-646-2746. We will reply to your appeal in writing within 60 days of receipt. If we deny your appeal we will provide instructions for how you can submit a compliant with the Virginia Attorney General.

You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Virginia Privacy Rights” or by mailing said form to our address below. You may also utilize your Right to Correct by phone at 1-844-646-2746. ASH will verify your request by matching information provided by you in the Right to Correct Form to information housed in our internal systems.

If we deny your request you have a right to appeal that decision. To appeal, you may fill out this form to specify which information requires correction. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Virginia Privacy Rights” or by mailing said form to our address below. You may also call 1-844-646-2746. We will reply to your appeal in writing within 60 days of receipt. If we deny your appeal we will provide instructions for how you can submit a compliant with the Virginia Attorney General.

Right to Delete: You have the right to request the deletion of your personal information collected or maintained by the ASH.

If we are unable to verify the request, we will deny the request and provide notice of such denial. ASH may also deny requests if you submit the Right to Delete Form more than twice in a calendar year or if your request is not sent to the designated email, phone number, or address. If we deny your request you have a right to appeal that decision. Our response to you will include instructions on how you can appeal the denial.

A denial of a deletion request may occur if ASH requires the use of your personal information to complete a transaction or provide services on your behalf, to detect security incidents and prosecute those responsible, to debug and repair errors that impair existing functionality, to exercise free speech or allow you to exercise free speech or any other right, to engage in public or peer-reviewed research with informed consent if deletion would seriously impair the achievement of such research, to enable solely internal uses that are reasonably aligned with the business relationship between you and ASH, or to comply with a legal obligation.

To appeal a denial, you may fill out this form to specify which information requires correction. You may submit this form by emailing us at the following email: HIPAA@ashn.com with the subject line “Virginia Privacy Rights” or by mailing said form to our address below. You may also call 1-844-646-2746. We will reply to your appeal in writing within 60 days of receipt. If we deny your appeal we will provide instructions for how you can submit a compliant with the Virginia Attorney General.

No Fee for Requests for Rights to Know/Access/Portability, Correct or Delete: ASH does not charge a fee to exercise these rights. However, should we receive VCDPA-related requests that are manifestly unfounded or excessive, in particular because of their repetitive character, we reserve the ability to refuse to act on the request. If we refuse your request on this basis, we will notify you of the reason why.

Right to Opt-Out of Targeted Advertising: ASH may engage third parties advertising networks and social networks to advertise our products to you when you are browsing other websites or using other applications. To opt-out of such sharing as defined by the Virginia Consumer Data Protection Act, you may click the link below.

Program Contact Information

Questions and requests may be submitted through the Contact Us feature of the Active&Fit Direct Website, or using the following contact information:

U.S. Mail

Active&Fit Direct Customer Service
P.O. Box 509117
San Diego, CA 92150-9117

By Phone

1-844-646-2746, 5:00am to 6:00pm, Monday through Friday (except for company holidays).

E-mail

afdcontactus@ashn.com

If you need assistance with or require this Privacy Statement in an alternative format, please contact us at 1-844-646-2746.

Privacy and Security Contact Information

ASH has a designated Privacy Officer and an Information Security Officer to oversee our privacy and security programs. You may direct questions about these programs to these individuals by either calling 1-877-427-4766 or emailing HIPAA@ashn.com.

The Active&Fit Direct Program and use of the Active&Fit Direct Website are governed by the Active&Fit Direct Terms and Conditions.