Motionsoft Gym Software

Software System for Gyms and Hospitals

Additional EEA Privacy Disclosure

(ref: ‘GDPR General Data Protection Regulation’ (EU) 2016/679)
Last Updated: March 04, 2020.

*** This additional EEA-specific privacy disclosure is provided and is potentially applicable if you are based in the European Economic Area (“EEA”) and use the services of a Club which is a) a Customer of Motionsoft and using our SaaS member management and payment services, and b) where the Club you use is located in the European Economic Area. You will also need to please refer to your Clubs’ own privacy notices for more information regarding how they may collect, use, and share your Personal Information as a Club member and user of their services. ***

Unless otherwise expressly stated, capitalized terms in these Additional European Economic Area (EEA) Privacy Disclosures (“Disclosures”) have the same meaning as defined in our “Privacy Notice”.

Scope of Disclosure

This Additional European Economic Area (EEA) Privacy Disclosures supplements the information contained in our “Privacy Notice” when you are based in the EEA or Switzerland.

Motionsoft, Inc. is the controller responsible for the collection and use of Personal Information covered by our Privacy Notice.

Personal Data Disclosures

When we use the term “personal data” in these Disclosures, we mean any information relating to an identified or identifiable natural person.

Legal Bases for Processing

We rely on the following legal grounds to process the categories of personal data about you listed below, whether such personal data is obtained from you or a third party:

  • Contact information, including your first name, last name, phone number and e-mail address.
    • How we use the personal data: We may use this information to communicate with you, including sending service-related communications. Legal basis for processing: The processing is necessary for the performance of a contract with you.
    • How we use the personal data: We may use this information to deal with enquiries and complaints made by you relating to our Services. Legal basis for processing: The processing is necessary for our legitimate interests, namely administering our Services, and for communicating with you effectively to respond to your queries or complaints.
    • How we use the personal data: We may use this information to send you unsolicited marketing communications in accordance with your preferences. Legal basis for processing: We will only use your personal data in this way to the extent you have given us consent to do so.
    • How we use the personal data: We may use this information to contact you if you provide us with feedback. We use such information in order to administer and improve our Services. Legal basis for processing: This processing is necessary for our legitimate interests, namely facilitating genuine customer feedback.
    • How we use the personal data: If you are interested in doing business with us, we may use your personal data to conduct a background check in order to confirm we are able to do so under applicable laws, including trade sections laws. Legal basis for processing: This processing is necessary for our legitimate interests, namely for risk management purposes in connection with our compliance obligations.
  • Information received from third parties, including demographic information and contact information.
    • How we use the personal data: We use this information to conduct market research, to identify potential customers and employment candidates and to perform background checks. Legal basis for processing: The processing is necessary for our legitimate interests, namely to administer and improve our Services, and for risk management purposes in connection with our compliance obligations.
  • Information from publicly available sources, including information from social media platforms (for example, Facebook, Twitter, and Instagram) and public records
    • How we use the personal data: This information enables us to conduct market research, analyze public interactions with Motionsoft, and improve our Services. Legal basis for processing: The processing is necessary for our legitimate interests, namely to administer and improve our Services.
  • Your IP address.
    • How we use the personal data: We may use this information to detect fraud or suspicious activity. Legal basis for processing: The processing is necessary for our legitimate interests, namely to protect our business and your account from fraud and other illegal activities.
    • How we use the personal data: We may use this information to localize features of our Services. Legal basis for processing: The processing is necessary for our legitimate interest, namely localizing features of our Services and tailoring our Services so that they are more relevant to our users.
  • Information about how you access and use our Services. For example, how frequently you access the Services, the time you access the Services and how long you use them for, the approximate location that you access the Services from, the site from which you came and the site to which you are going when you leave our website, the website pages you visit, the links you click, whether you open emails or click the links contained in emails, whether you access our Services from multiple devices, and other actions you take on our Services.
    • How we use the personal data: We may use information about how you use and connect to our Services to present our Services to you on your device. Legal basis for processing: The processing is necessary for our legitimate interests, namely to tailor the Services to the user.
    • How we use the personal data: We may use this information to determine products and Services that may be of interest to you for marketing purposes. We may use this information to monitor and improve our Services and business, resolve issues and to inform the development of new products and Services. Legal basis for processing: The processing is necessary for our legitimate interests, namely to inform our direct marketing.The processing is necessary for our legitimate interests, namely to monitor and resolve issues with the Services and to improve the Services generally.
  • Log files and information about your device. We also collect information about the computer, tablet, smartphone or other electronic device you use to connect to our Services.
    • How we use the personal data: We may use information about how you use and connect to our Services to present our Services to you on your device. Legal basis for processing: The processing is necessary for our legitimate interests, namely to tailor our Services to the user.
  • All personal information set out above.
    • How we use the personal data: We may use all the personal information we collect to operate, maintain and provide to you the features and functionality of our Services, to communicate with you, to monitor and improve our Services and business, and to help us develop new products and Services. Legal basis for processing: The processing is necessary for our legitimate interests, namely to administer and improve our Services.

You are not required to provide personal data to us, but we do rely on your personal data to provide certain of our Services and products. For example, we need your personal data to facilitate and deliver an order that you request. If you choose not to provide us with your personal data, we may not be able to provide you with a service or product you request.

Data Retention

We retain personal data about you for as long as is necessary for the purposes set out in these Disclosures, unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights.

The criteria used to determine the period for which personal data about you will be retained varies depending on the legal basis under which we process the personal data:

  • Legitimate Interests: Where we are processing personal data based on our legitimate interests, we generally will retain such information for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects.
  • Consent: Where we are processing personal data based on your consent, we generally will retain the information for the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to have certain of your data erased (please refer to the “Your EEA Privacy Rights” section below).
  • Contract: Where we are processing personal data based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.
  • Legal Obligation: Where we are processing personal data based on a legal obligation, we generally will retain the information for the period of time necessary to fulfil the legal obligation.
  • Legal Claim: We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim.  In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.

In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the personal data, as well as the potential risk of harm from unauthorized use or disclosure of your personal data.

International Data Transfers

We may transfer personal data about you to our affiliates, as well as to third parties as identified in the “Our Disclosure of Personal Information” section of this EEA Privacy Disclosure.  Personal data may be transferred to, stored and processed in a country other than the one in which it was collected, including, but not limited to, the United States. The country to which personal data is transferred may not provide the same level of protection for personal data as the country from which it was transferred.

We may transfer personal data about you outside the EEA and when we do so, we rely on appropriate or suitable safeguards recognized under the GDPR including adequacy decisions and standard contractual clauses.

Adequacy Decisions

We may transfer personal data about you to countries that the European Commission has deemed to adequately safeguard personal data.

Standard Contractual Clauses

The European Commission has adopted Standard Contractual Clauses, which provide safeguards for personal data transferred outside of the EEA. We may use these Standard Contractual Clauses when transferring personal data from a country in the EEA to a country outside the EEA that has not been deemed to adequately safeguard personal data. You can request a copy of the Standard Contractual Clauses by contacting us as set forth in the “Contact Us” section below.

EU-U.S. Privacy Shield

The EU-U.S. Privacy Shield Framework (Privacy Shield) was designed by the U.S. Department of Commerce and the European Commission to ensure adequate protection for personal data transferred to a company certified under Privacy Shield. If we transfer any personal data about you from the EEA to a third party outside the EEA who is certified under Privacy Shield as set forth by the U.S. Department of Commerce, we may rely on such certification to ensure adequate protection for personal data so transferred.

Your EEA Privacy Rights

You have the following rights in relation to your personal data (subject to certain limitations at law):

  • Access: The right to access and obtain a copy of personal data about you, as well as information relating to its processing.
  • Rectification: The right to correct or update any personal data about you that is inaccurate or incomplete.
  • Restriction of Processing: The right to require us to limit the purposes for which we process your personal data if the continued processing of the personal data in this way is not justified, such as where the accuracy of the personal data is contested by you.
  • Erasure: The right to request the deletion or erasure of personal data about you without undue delay if the continued processing of that personal information is not justified.
  • Portability: The right to obtain a copy of personal data about you in an easily accessible format and the right to transmit that personal data to another controller.
  • Objection to Processing: You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal data, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.

Please note that if the exercise of these rights limits our ability to process personal data, we may not be able to provide our products or Services to you, or otherwise engage with you going forward.

Right to Withdraw Consent

Where we rely on your consent for processing of your personal data, you also have the right to withdraw your consent to such processing, subject to certain limitations at law.

You may withdraw your consent by contacting us as set forth in the “Contact Us” section below.

Submitting Requests

To submit a request, please contact us as set forth in the “Contact Us” section below. We may need to verify your identity before processing your request, which may require us to obtain additional personal data from you. In certain circumstances, we may decline a request to exercise the rights described above.

Right to Lodge a Complaint

If you have any complaints regarding our privacy practices, you have the right to lodge a complaint with your national data protection authority (i.e., supervisory authority). You also have the right to lodge a complaint to your local data protection authority. If you are based in the European Union, information about how to contact your local data protection authority is available here.

Updates to These Disclosures

We may update these Disclosures from time to time. When we make changes to these Disclosures, we will change the “Last Updated” date at the beginning of these Disclosures. All changes shall be effective from the date of publication unless otherwise provided in the notification.

Contact Us

If you have any questions or requests in connection with these EEA Privacy Disclosures or other privacy-related matters, please send an email to/please email privacy@motionsoft.net with the words EEA GDPR and PRIVACY in the subject line of your email or call 1-800-323-1005.

Alternatively, inquiries may be addressed to:

Motionsoft, Inc.
Attention: EEA / GDPR Privacy
1451 Rockville Pike Suite 500
Rockville, MD 20852