Last Modified: July 25, 2018
1. Who We Are
Third Party Links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
2. The Data We Collect About You and How We Collect It
We collect several different types of personal data from you depending on how you interact with our sites. Most of the information we collect is given to us by you through filling out forms, registering for an account, or otherwise providing information when asked. Occasionally, we do collect information about you without you providing it, such as when you participate in a race and we collect your race times, etc. Because we may change our website and the services we offer from time to time, the means and methods to provide us with personal data may also change. Depending on how you interact with us and use the website, the personal data we collect may vary.
Please read below for the common ways in which we collect your personal data.
Creating an Account on the Sites
You are not required to provide any information to the CrossFit sites. However, if you create an account with CrossFit, we collect data from you in order to associate the account with you. This information includes your full name, email address, a password you create, and your date of birth (we use your birthdate to make sure you are put into the correct race categories and to make sure you are eligible to participate in CrossFit events) (“Account Information”). By default, we’ll only use your personal data to administer your account and to provide the products and services you requested from us.
Filling Out Your Athlete Info
Once you have created an account, you are free to provide other personal information about yourself related to your CrossFit status. This can include uploading a picture of yourself, including your height, weight, workout benchmarks, athlete bio, and other information about yourself (“Personal Bio”). By providing this information you are consenting to our processing of it. You may edit, delete, and otherwise change this information at any time.
Applying for Certification Course
When you apply to be a Certified CrossFit Trainer, we ask you for personal information to help us determine whether you are qualified to enroll in a course and, if you are, to enroll you. This information includes you full name, email address, date of birth, telephone number, and mailing address (“Contact Information), as well as information about your education and experience, and any CPR certificates you hold (“Education Information”).
Enrolling in Events
If you enroll or sign up for an event, competition, or the CrossFit Games Open, you will be asked to provide information about yourself in order to help us facilitate the event. This may include Contact Information, Billing Information, Personal Bio, and other information. We use this information for various purposes, including verifying the identity of an athlete, ensuring that the competition rules and requirements are complied with, recording competition results and records of participation, preventing fraud, ensuring the safety of race participants, and generally creating a level playing field.
Making a Purchase
When you make a purchase on our website or elsewhere, we collect your contact information, shipping address, payment card information/account information and billing address (“Billing Information”). We use this information to process payment, process shipments of goods, and for legitimate interests like preventing fraud.
Entering Sweepstakes and Contests
If you decide to enter into a contest or sweepstakes we sponsor, you agree to provide information on necessary to enter and fulfill all of the terms of the contest or sweepstakes. This information varies depending on the contest/sweepstakes, and we will provide you with more information about how your information is used in the related documentation.
Message Boards and User Contributions
When you volunteer information on a message board, comment section, chat feature, or other public comment section, you consent to our processing of that information as you would in any other public forum. Depending on the forum and the comment, we may collect, store, and use that information for various reasons. All Site users must comply with our Terms and Conditions regarding the user contributions.
Information Collected Automatically From Using Our Site
As you interact with the CrossFit sites, we may automatically collect information about your equipment, browsing actions and patterns (“Technical Data”). We collect this technical data by using cookies and other similar technologies. Technical data may include your IP address; device identifier data, the type of device you use, your operating system and version, the URLs of our web pages that you visit, the URLs of referring and exiting pages, the pages you view, the time spent on a page, the number of clicks made,the platform type, and generalized, non-specific location data. When we collect data that does not identify you as a natural person, we are permitted to use and disclose this information for any purpose, notwithstanding anything contrary in this notice, except where prohibited by law.
3. Sensitive Personal Information
From time to time, we collect and process sensitive personal information which may include racial or ethnic origin, genetic data, biometric data, and data concerning health. Other than a few necessary exceptions, you are never required to provide this information, but may consent to our processing it. For example, you may provide information about your personal fitness (exercise regimen, workout routines, vital sign numbers, etc.) on your personal bio page to share that information with other members of the CrossFit community. Whenever the processing of this data is based on consent, you are free to withdraw that consent at any time by removing such information or asking us to remove it for you.
Drug Testing Policy
CrossFit is committed to maintaining drug-free competitions in order to ensure a safe and level playing field. Moreover, the health and safety of the CrossFit athletes and the integrity of the sport are our top priorities. Therefore, when participating in an event, you may undergo drug testing, sometimes randomly, in order to participate in the event to which you signed up. Information regarding how we process sensitive personal data, including the legal basis for such processing, is included in our Drug TestingProgram Policy.
4. How We Use Your Personal Data
We will only use your personal data when allowed by law. Generally, we will use your personal data: (a)where we need to perform the contract we are about to enter into or have entered into with you; (b) where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests; and (c) where we need to comply with a legal or regulatory obligation.
Purposes for Which We Will Use Your Personal Data
Below is a chart of some of the common ways in which we process your personal data. We have identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Purpose/Activity||Type of data (varies depending on circumstances)||Lawful Basis for Processing Including Basis of Legitimate Interest|
|To fulfill a purchaseorder.||Contact Information Billing Information||In furtherance of performance of a contract with you.|
|Notifying you about changes to our terms or privacy notice.||Contact Information||Necessary to comply with a legal obligation|
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).||Contact Information Technical Data||Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)|
|To provide you with information and marketing communications about our products and services.||Contact Information||Consent Legitimate interests (in marketing goods or services in personal in which you may have a personal interest based on our ongoing business relationship).|
|To provide you with third party offers that may be relevant to you.||Contact Information||Consent|
|To respond to customer service requests including order status and chat communications.||Contact Information||Legitimate interest (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise) Consent|
|To enroll you in a race or other event||Contact Information Billing Information Personal Bio Other Information||Performance of a contract Legitimate interest (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)|
5. Disclosures Of Your Personal Data
From time to time, we may need to share your personal data with others.
Publicly Available Information
Some of your data will be shared with the general public, including:
- your posts to a public area or feature of our site, such as a message board, chat room, bulletin board, list serve, blog, vlog, wiki or other open forum;
- if you participate in an event like the CrossFit Games or the Open, your name, event results, performance times, and other information about may be posted publicly;
- the information you include in your profile page on the CrossFit website;
- posts, new articles, updates, race results, and other information that we provide to the public about our events may include personally identifiable information. For example, we may report on the winners of a particular event which requires us to identify them by name.
Please note that when information is made publicly available it may be accessed by anyone with access to the site or forum to which the information is posted. It may also be indexed by third-party search engines, and be imported, exported, distributed, aggregated, and redistributed by others without our knowledge. Please take caution before posting information publicly.
Third-Party Service Providers—We may share your information, including but not limited to contact data and technical data, with third party service providers who perform various functions to enable us to provide our services and help us operate our business, such as website design, sending email communications, fraud detection and prevention, customer care, payment processing, or performing analytics. Our contracts with these third parties require them to maintain the confidentiality of the personal data we provide to them, only act on our behalf and under our instructions, and not use personal data for purposes other than the product or service they’re providing to us or on our behalf.
With our Affiliates and Partners—When participating in events or activities that we offer along with our partners and/or affiliates, you may be asked to share personal information with those affiliates and/or partners. For example, some of our certificate courses, events, competitions, seminars, programs, contests, sweepstakes and other offerings may be co-sponsored by another company or companies. In those situations, the information we obtain from you in connection with such contest, sweepstake or offering may be shared with our co-sponsor, unless you instruct us not to. In some of those cases, we may act as co-controllers of your personal information, depending on the circumstances.
With Unaffiliated Controllers—In some cases we may transfer personal data to unaffiliated third-party data controllers. These third parties do not act as agents or service providers and are not performing functions on our behalf. We may transfer your personal data to third-party data controllers for the following purposes: 1) to provide you with third-party offers; 2) to provide us information about the quality of our services offerings. We will only provide your personal data to third-party data controllers where you have not opted-out of such disclosures, or in the case of sensitive personal data, where you have opted in if the disclosure requires consent. We enter into written contracts with any unaffiliated third-party data controllers requiring them to provide the same level of protection for your personal information that is required of us. We also limit their use of your personal data so that it is consistent with any consent you have provided and with the notices you have received.
Protection of CrossFit and Others—We may share personal data when we believe it is appropriate to enforce or apply our Terms of Service and other agreements; or protect the rights, property, or safety of CrossFit, our products and services, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and risk reduction. This does not include selling, renting, sharing, or otherwise disclosing personal data of our customers for commercial purposes in violation of the commitments set forth in this notice.
Response to Subpoenas and Other Legal Requests—We may share your information with courts, lawenforcement agencies, or other government bodies when we have a good faith belief we’re required orpermitted to do so by law, including to meet national security or law enforcement requirements, to protectour company, or to respond to a court order, subpoena, search warrant, or other law enforcement request.
Sale of Our Business—If we sell, merge, or transfer any part of our business, we may be required to share your information. If so, you will be asked if you’d like to stop receiving promotional information following any change of control.
With Your Consent—Other than as set out above, we will provide you with notice and the opportunity tochoose when your personal data may be shared with other third parties.
6. SMS Messages
We may make available a service through which you can receive messages on your wireless device viashort message service (“SMS Service”). If you subscribe to one of our SMS Services, you thereby agreeto receive SMS service messages at the address you provide for such purposes. Such messages may comefrom CrossFit, the rest of the CrossFit family and/or the rest of the third parties with which we share youraddress (unless and until you have elected not to receive such messages by following the instructions inthe Right to Opt In and Opt Out section above).
You acknowledge and agree that the SMS service is provided via wireless systems which use radios (andother means) to transmit communications over complex networks. We do not guarantee that your use ofthe SMS service will be private or secure, and we are not liable to you for any lack of privacy or security you may experience. You are fully responsible for taking precautions and providing security measuresbest suited for your situation and intended use of the SMS service. We may also access the content ofyour account and/or wireless account with your carrier for the purpose of identifying and resolvingtechnical problems and/or service related complaints.
By signing up for the SMS service, you consent to receiving, from time to time, further messages whichmay include news, promotions and offers from us, our subsidiaries, entities owned, related to orcontrolled by us and partners, and you consent to our sharing of your personal information with suchparties for such purposes, unless and until you have opted out of these activities by following theinstructions in the Right to Opt In and Opt Out section above. Please follow the instructions provided toyou by third parties to unsubscribe from their messages.
7. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentallylost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to yourpersonal data to those employees, agents, contractors and other third parties who have a business need toknow. They will only process your personal data on our instructions and they are subject to a duty ofconfidentiality. We have put in place procedures to deal with any suspected personal data breach and willnotify you and any applicable regulator of a breach where we are legally required to do so.
8. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for,including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances you can ask us to delete your data (see “EU Data Subjects Legal Rights”). In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. International Data Transfers
CrossFit has its headquarters in the United States. Information we collect from you will be processed in the United States. Where we transfer your personal data to third party service providers outside of the European Economic Area (EEA), we rely on appropriate suitable safeguards or specific derogations recognized under data protections law, including the GDPR.
The European Commission has adopted standard data protection clauses, which provide safeguards for personal data transferred outside of the EEA. We may use Standard Contractual Clauses when transferring personal data from a country in the EEA to a country outside the EEA.
10. EU Data Subjects Privacy Rights
EU data subjects have certain rights with respect to your personal data that we collect and process. We respond to all requests we receive from individuals in the EEA wishing to exercise their data protection rights in accordance with applicable data protection laws.
- Access, Correction or Deletion—You may request access to, correction of, or deletion of your personal data. You can often go directly into the service under Account Settings to take these actions. Please note that even if you request for your personal data to be deleted, certain aspects may be retained for us to: meet our legal or regulatory compliance (e.g. maintaining records of transactions you have made with us); exercise, establish or defend legal claims; and to protect against fraudulent or abusive activity on our Service. Data retained for these purposes will be handled as described in Section 7 “Data Retention,” above.
- Objection—You may object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Restriction—You have the right to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Portability—You have the right to request the transfer of your personal data to you or to a thirdparty. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw Consent—If we have collected and processed your personal data with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
- File a Complaint—You have the right to file a complaint with a supervisory authority about our collection and processing of your personal data.
To file a request or take action on one of your rights, please contact us at the contact details provided. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
11. Children’s Privacy
We are committed to complying with the Children’s Online Privacy Protection Act (COPPA). CrossFitsites and services are not directed to children under the age of 16. We do not knowingly collect personal information from children under the age of 16. If we receive personal information that we discover was provided by a child under the age of 16, we will promptly destroy such information. Additional information is available on the Direct Marketing Association’s home page at http://www.the-dma.org. If you would like to learn more about COPPA, visit the Federal Trade Commission home page at http://www.ftc.gov.
12. Updates to Our Privacy Notice
By using this website, you agree to the terms and conditions contained in this Privacy Notice and Conditions of Use and/or any other agreement that we might have with you. If you do not agree to any of these terms and conditions, you should not use this website. You agree that any dispute over privacy or the terms contained in this Privacy Notice will be governed by the laws of the State of Arizona. You also agree to arbitrate such disputes in Arizona and to abide by any limitation on damages contained in any agreement we may have with you.
This notice is expected to change from time to time. We reserve the right to amend this Notice at any time and provide notice to you by posting of the amended Privacy Notice on the website. We may also email you to give you notice of material changes to this Notice. The provisions contained herein supersede all previous notices or statements regarding our privacy practices and the terms and conditions that govern the use of this website.
13. How to Contact Us
If you have any questions or wish to register a complaint in relation to this Privacy Notice or the manner in which your personal data is used by us, please contact us by any of the following means:
By Email: firstname.lastname@example.org
By Post: 1500 Green Hills Road, Suite 201, Scotts Valley, CA 95066.