We collect and use this location-related data in order to
You may disable the collection and use of your location data through your browser-, operating system- or device-level settings. Consent concerning location data may be withdrawn at any time by changing these settings.
Categories of Personal Information.
While the Personal Information we collect varies depending upon the nature of the MINDBODY Services provided or used and our interactions with individuals, Personal Information we may collect or obtain includes:
How We Collect Information.
We collect information about you whenever you use the MINDBODY Services, for example:
We collect and use this location-related data in order to
You may disable the collection and use of your location data through your browser-, operating system- or device-level settings. Consent concerning location data may be withdrawn at any time by changing these settings.
You do not have to provide us with certain Personal Information, however, if you do not provide or enable us to collect the necessary information, we may not be able to provide the MINDBODY Service. If you disclose any Personal Information relating to other people to us or to our service providers in connection with the MINDBODY Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.
How Personal Information May Be Used.
We may use your Personal Information for legitimate business purposes, including:
We will engage in these activities to manage our contractual relationship with you, with your consent, and/or to comply with a legal obligation.
We will engage in this activity with your consent, to manage our contractual relationship with you, or where we have a legitimate interest. (Note: Health and fitness tracker data that is obtained via third parties will not be used for this purpose).
We will engage in this activity because we have a legitimate interest.
We will engage in these activities to comply with a legal obligation or because we have a legitimate interest.
To the extent that we process your Personal Information based on your consent, you may withdraw your consent at any time.
Social Media Features and Widgets
The MINDBODY Services includes social media features such as the Facebook Like button, and widgets, such as the Share This button or interactive mini-programs that run on our websites. These features may collect your IP address, which page you are visiting on our websites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our websites. Your interactions with these features are shared with such third parties and governed by the privacy policy of the company providing it.
Public Forum.
Our websites offer publicly accessible message boards, blogs, and community forums. Please keep in mind that if you disclose Personal Information through MINDBODY public message boards, blogs, or forums, as offered through the MINDBODY Services, this information may be viewed, collected and used by others. To request removal of your Personal Information from our blog or community forum, contact us at support@mindbodyonline.com. In some cases, we may not be able to remove your Personal Information or some content (if, for example, it is reposted by another user), in which case we will let you know if we are unable to do so and why.
Sign-In Services.
You can log in to some of the MINDBODY Services using sign-in services such as Facebook Connect, Google or an Open ID provider. These services will authenticate your identity and provide you the option to share certain Personal Information with us such as your name and email address to pre-populate our sign-up form. Some services like Facebook Connect give you the option to post information about your activities on our websites to your profile page to share with others within your network. In addition, when using some of our mobile applications we may allow you a chance to tell friends about our services by accessing the contacts in your Facebook or other social media account.
Testimonials, Ratings and Reviews.
If you submit testimonials, ratings or reviews to the MINDBODY Services, any Personal Information you include may be displayed in the MINDBODY Services. If you want your testimonial removed, please contact us at support@mindbodyonline.com.
We also partner with service providers to collect and display ratings and review content on our web sites.
The security of Personal Information is a high priority at MINDBODY. We seek to use reasonable technical, administrative and physical safeguards designed to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have any questions about the security of your interaction with us please refer to our Security Policy.
If you have any questions regarding this Privacy Policy you can contact us via email at privacy@mindbodyonline.com or via postal mail at:
ATTN: MINDBODY Legal - Privacy Policy Issues
MINDBODY, Inc.
4051 Broad Street Suite 220
San Luis Obispo, CA 93401
For the EEA, you may also:
Privacy Rights regarding your Personal Information.
This section provides specific information for California residents, as required under California privacy laws, including the California Consumer Privacy Act (“CCPA”) as well as other jurisdictions and regulations that allow for individual privacy rights such as the European Economic Area, the United Kingdom, and the General Data Protection Regulation (“GDPR”).
Explanation of Individual Rights
Right to a Copy/Access or Portability: You may have the right to request, free of charge, a copy of the specific pieces of Personal Information that we have collected about you in a readily useable format that allows you to transmit this information to another entity without hindrance.
Right to Know: You may have the right to request, free of charge, that we provide certain information about how we have handled your Personal Information, including the categories of Personal Information collected; categories of sources of Personal Information; business and/or commercial purposes for collecting your Personal Information; categories of third parties/with whom we have shared your Personal Information; and whether we sell any categories of Personal Information to third parties (however, we do not sell your Personal Information).
Right to Deletion: You may have the right to request deletion of your Personal Information that we have collected, subject to certain exemptions. Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or enter a promotion, you may not be able to change or delete the Personal Information provided until after the completion of such purchase or promotion). We may also retain residual information, such as records to document that your request has been fulfilled.
Right to Non-Discrimination: You may have the right not to receive discriminatory treatment on the basis of exercising your privacy rights under applicable law.
Right to Correct/Rectify: You may have the right to rectify any incorrect Personal Information we may hold about you.
Right to Object/Restrict: You may have the right to object to a specific use of your Personal Information as it is laid out in this Privacy Policy subject to our legitimate business interests.
Submitting a Request
Where applicable law allows for such a right, if you would like to request to access, correct, object to the use, restrict or delete Personal Information that you have previously provided to us, or if you would like to request to receive an electronic copy of your Personal Information for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), you may submit a request through the MINDBODY Services themselves or contact us at privacy@mindbodyonline.com with the subject line “Data Subject Request.” We will respond to your request consistent with applicable law.
If you are an End User you may, depending on the MINDBODY Service utilized, be able to access, correct or request deletion of Personal Information that you have previously provided to us through your online customer account. These Data Subject Requests and other rights, including objection, restriction and portability (to the extent this right to data portability is provided to you by applicable law), can also be made directly to the relevant Subscriber.
For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. Where applicable law allows for an authorized agent to submit such a request, please or contact us at privacy@mindbodyonline.com with the subject line “Data Subject Request – Agent Request” and someone will be in touch with the agent and the End User to verify the request. We will try to comply with your request as soon as reasonably practicable. Moreover, where you are an End User, MINDBODY may need to forward your request and refer you to your Subscriber who may be better placed to address your request.
If you are under 18 years of age and a user of the MINDBODY Services, you may also be entitled to ask us to remove content or information that you have posted to the MINDBODY Service by submitting a request to support@mindbodyonline.com. Please note that your request does not ensure complete or comprehensive removal of the content or information if doing so infringes on the rights of another user.
If you are an End User of one of our Subscribers and would no longer like to be contacted by one of our Subscribers, or would like request the exercise of a right as set out above in relation to Personal Information held by a Subscriber, please contact the Subscriber directly.
Your choices regarding our use and disclosure of information.
Except for health and fitness tracker data that is obtained via third parties, information we collect may be used by MINDBODY for marketing purposes such as one-off promotional emailing, mobile text messages, direct mail, and sales contacts. We give you many choices regarding our use and disclosure of your Personal Information for marketing purposes. You may:
We will try to comply with your request(s) as soon as reasonably practicable. Please also note that if you do opt-out of receiving marketing-related emails from us, we may still send you messages for administrative, transactional or other purposes directly relating to your use of the MINDBODY Services, and you cannot opt-out from receiving those messages.
Our mobile applications may also send push notifications to your mobile device, provided you consented to this. If you have previously consented to receiving push notifications and no longer wish to receive them, you can also turn push notifications off at the device level. The applications may also request access to your device’s calendar application, storage, Bluetooth, camera, and microphone. If you have previously allowed access to your device’s calendar and no longer wish to allow access, you may edit the application settings at the device level.
International Transfers.
The Mindbody Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Your Personal Information may be stored and processed in any country where we have facilities, namely the United States and the United Kingdom, or in which we engage service providers, and by using the Mindbody Services you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country and whose laws don’t provide the same level of protection as in the European Economic Area (“EEA”) or UK. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.
Some non- EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en). For transfers from the EEA to countries not considered adequate by the European Commission (the United States)we have put in place adequate measures, such as standard contractual clauses (based on the clauses published at http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087, a copy of which can be obtained by Contacting Us, see below) and/or participation in the Swiss-U.S. Privacy Shield to protect your Personal Information in the U.S as further explained below. You can consult our Privacy Shield certification at https://www.privacyshield.gov/participant?id=a2zt0000000TOHGAA4&status=Active.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield.
Mindbody and its subsidiaries participate in and have certified compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. By decision dated July 16, 2020, the Court of Justice of the European Union invalidated the EU-U.S. Privacy Shield Framework. Consequently, we are relying on standard contractual clauses (based on the clauses published at http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087, a copy of which can be obtained by Contacting Us, see below) for transfers of personal data from the EEA.
Nonetheless, and in addition to standard contractual clauses, we are committed to subjecting all personal data received from EEA member countries, the United Kingdom, and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov/list.
Mindbody is responsible for the processing of personal data it receives under each Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. Mindbody complies with the Privacy Shield Principles for all onward transfers of personal data from the EEA, the United Kingdom, and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Mindbody is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you think your personal data has been transferred pursuant to a Privacy Shield Framework and you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Sensitive Information.
We ask that you not send us, and you not disclose, any sensitive Personal Information (e.g. information related to racial or ethnic origin, political opinions, religion or other beliefs, genetic characteristics, trade union membership or criminal background) on or through the MINDBODY Services or otherwise to us, except where explicitly requested or consented to.