Note this document may be updated from time to time, whereupon the Effective data above reflects the date of the latest changes.

Whenever you access or use any of the ATBS systems, you acknowledge and agree to the terms and conditions laid out in this Privacy Policy.

Contents:

• Roles
• Types of Personal Data We Collect
• How Your Personal Data is Collected
• Hour Your Personal Data is Used
• How Your Personal Data May Be Shared
• Your Rights Under This Policy
• Retention & Deletion Policy
• Security For Your Personal Data 

Roles

“We” and “our” refer to Above the Bar System (henceforth “ATBS”).  We represent the mobile apps, data systems, and IT infrastructure in which your Personal Data may be stored.  We are responsible for the proper security and handling of your Personal Data within our systems.

A “Licensee” is a client of ATBS that is using our systems to manage their facilities and their relationship with their human resources and end customers (henceforth “End Users”).

End Users are those that enter Personal Data into our systems for the purposes of personal use of our systems and interaction with the Licensee.  The End User’s use of our systems implies consent to the terms and conditions of this Privacy Policy.

Types of Personal Data We Collect

We may collect the following types of data:

Demographic Data

Name, Address, Phone Numbers, Email Addresses, Date-Of-Birth, Gender

Marketing Data

Contact preferences (ie, email, text messaging), Opt-In/Opt-Out preferences, Communications History

Payment Data

We do not collect payment methods such as credit card or ACH credentials.  If our Licensee is processing payments through our system, we do store a secure token record which allows us to process payments on the End User’s behalf.  We do store the results of such payment processes (ie, approved or denied, amount of transaction, and what the transaction was for (membership, product purchase, etc).

End User & Client Program Interaction Data

We collect such information as attendance to classes, workout results, in-system chat dialogs with other End Users, plus such data as Client may request from End User from time-to-time.

System Interaction Data

We collect time of login, time of logout, IP addresses, type of browser, and device & OS used by the End User.  We collect this information for auditing and improving system performance as well as for improving our Licensees’ performance in their relationship with their End Users.

How Your Personal Data is Collected

Direct Interaction

You may give us your personal data through your interactions with any of our mobile applications, our website forms, or our event registration sites.

Licensee Interaction

We may receive your personal data through your interactions with any or our Licensee human resources.

How Your Personal Data is Used

Your personal data is used by the Licensee to manage the relationship between you and the Licensee, so that the Licensee may provide the services you have engaged them to provide.

Your personal data may be used by us to allow us to communicate with you regarding schedule changes, service outages, failed payment transactions, and other communications necessary to maintain effective relations between you and the Licensee.

Your end user & client program interaction data may be used by us to analyze overall performance and provide reporting to the Licensee to improve their offerings.

The subset of end user & client program interaction data specifically related to scoring in workouts and events (“your scoring data”) may be used to provide a ranked listing (“leaderboard”) that may be exposed to all other End Users of your associated Licensee or may be exposed publicly beyond said scope.

How Your Personal Data May Be Shared

The entirety of your personal data collected is shared with the Licensee that you have an association with.

Your scoring data, along with your name, may be shared with the other End Users of your associated Licensee or may even be shared publicly beyond said Licensee.   You are provided the ability to restrict this sharing by means of controls within the ATBS mobile apps. 

Your Rights Under This Privacy Policy

You have the right to request that your demographic personal data be deleted, whereupon such request must be made to your associated Licensee.   Your associated Licensee has the ability to delete your account whereupon it is rendered as a “logical delete” and made no longer unavailable.

Intermittently, our systems perform a “physical delete” sweep, which may remove logically deleted records (see next section).

You have the right to restrict your name and scoring data from being exposed publicly or to other End Users.  In such a case, your name and scoring data will not be displayed on any leaderboard systems provided by ATBS.

Retention & Deletion Policy

We retain personal data for the period needed for various purposes including:

• Maintaining opt-in/opt-out lists

• Complying with mandatory record retention requirements

• Complying with any legal obligations

• Resolving disputes.

Retention periods vary significantly based on the type of personal data.  When a physical delete sweep is performed to remove any logically deleted records, said records are permanently removed.

Security For Your Personal Data

All personal data is stored in a secure database system behind dual firewalls in secure Tier 4 data centers.  All traffic through the firewalls to our web servers is encrypted and all traffic from our web servers to client browser endpoints is via session-enabled, authenticated logins.   With the exception of leaderboards, no data is exposed to any front-end without authentication by the front-end user.