Xplor Privacy Notice
Last updated: January 2022
Thanks for using Xplor! This Privacy Notice explains our collection, use, and disclosure of personal data. This Privacy Notice applies to Xplor Technologies and our controlled affiliates and subsidiaries (collectively, “Xplor,” “we,” “our,” or “us”).
Third-party services that we integrate with are governed under their own privacy policies.
References to “Products and Services” in this Privacy Notice includes our websites (see list below), apps, and related products and services, such as our payment processing platforms and our software solutions for Payments, Fitness & Wellbeing, and Home Services.
We operate the following Products and Services, which are subject to this Privacy Notice:
This Privacy Notice describes the following:
- PERSONAL DATA WE COLLECT
- HOW WE USE YOUR DATA
- HOW WE SHARE YOUR DATAYOUR CHOICES
- YOUR PRIVACY RIGHTS
- RETENTION OF PERSONAL DATA
- LOCATION OF PERSONAL DATA
- DATA SECURITY
- CHANGES TO THIS PRIVACY STATEMENT
- CALIFORNIA ADDENDUM – YOUR CALIFORNIA PRIVACY RIGHTS
This Privacy Notice applies when Xplor acts as a controller (when Xplor decides how and why personal data is processed). It does not apply to situations where Xplor is acting as a service provider or processor (as described below). If you have questions regarding your relationship with Xplor, and whether or not this Privacy Notice applies to your interactions with us, please contact Xplor at email@example.com.
A. Xplor as a Service Provider or Data Processor
Xplor Products and Services can be used by businesses that contract with us to use our Products and Services (“Clients”) and by individuals (“End Users”). In most cases it is Xplor’s Clients, rather than Xplor itself, that make decisions about how the Clients’ employees (“authorized users”) and their customers or End Users use our Products and Services. In most of those situations, Xplor is acting as a processor or service provider, and this Privacy Notice does not apply.
If you’re using an Xplor Product and Service through your company, educational institution, gym, coach, or with your company email address, that entity is responsible for determining how your information is used.
This Privacy Notice does not apply to personal data we process as a service provider or data processor on behalf of our Clients. If you are an End User of one of our Clients, you should read that organization’s privacy notice. Questions about privacy practices can be directed to the Client or to firstname.lastname@example.org.
B. Xplor as a Controller
In other situations, Xplor acts as a “data controller” (the entity that decides how and why information is processed). This Privacy Notice applies to situations where Xplor is a data controller, including the processing of Personal Data collected by us, for example when:
Clients and Potential Clients:
- receive communications from us or otherwise communicate with us;
- use our Products and Services in your individual capacity under a contract with us;
- perform billing using our Products and Services;
- receive marketing communications from Xplor;
- register for, attend or take part in Xplor events, webinars, programs, or contests;
- participate in surveys, research or other similar data collection facilitated by us;
- use our Products and Services to pay our Clients;
- use our Products and Services in their individual capacity;
- visit our websites that display or link to this Privacy Notice;
- visit our branded social media pages; or
- register for, attend or take part in Xplor events, webinars, programs, or contests.
C. Third Parties Products and Services
Our websites and Products and Services may also contain links to other websites, applications, platforms and services maintained by third parties. The information practices of these third parties, including the social media platforms that host our branded social media pages, are governed by their privacy notices, which you should review to better understand their privacy practices.
PERSONAL DATA WE COLLECT
The personal data we collect depends on how you interact with us, the Products and Services you use, and the choices you make.
We collect information about you from different sources and in various ways when you use our services, including information you provide directly, information collected automatically, third-party data sources, and data we infer or generate from other data. We may combine any personal data we collect with other personal data we maintain, including those from other sources.
When you are asked to provide personal data, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide data that is necessary for certain features of our Products and Services, those features may not be available or function correctly.
A. Data you provide directly to us.
Website Visitors. We may collect contact information, inquiries, questions, and complaints from you through surveys, feedback requests, and forms on our websites or other locations.
Clients. As a Client, we collect personal data directly from you and your authorized users when you, for example: contract with us to use our Products and Services, integrate our Products and Services with another website or product, or communicate with us in any way.
End Users. As an End User, we collect personal data directly from you and on behalf of our Clients when you sign up to receive services from our Clients, such as a gym, leisure facility, or nursery; or make payments.
Information you provide directly to us includes:
- Contact information, such as name, physical address, email address, phone number.
- Payment information, including credit or debit card numbers, bank account numbers, and other payment details.
- Credentials, including any usernames, passwords, profile photos, and profile details you create to use the Services.
- Content and files, such as the photos, documents, or other files you upload to our Services and the content of your communications with us.
- Other details you chose to provide when scheduling services with our Clients.
If you provide us, our service providers or our affiliates with any Personal Data relating to other individuals, you represent that you have the authority to do so, and where required, have obtained the necessary consent, and acknowledge that it may be used in accordance with this Privacy Notice.
B. Data we collect automatically.
As further described the Cookie Notice, when you use our Products and Services, some data is collected automatically.
For example, when you visit our websites, our web servers automatically log:
- Identifiers and device information, including your device's operating system; Internet Protocol (IP) address; browser type and language; and device type.
- Geolocation data, such as city, state, country, and jurisdiction or precise geolocation, depending on your device or app settings.
- Usage data, such as the website you visited before our websites or apps, access times, and your activity on our websites.
- Recordings, such as when you call a helpdesk operated by us, including helpdesks we operate on behalf of our Clients. Such recordings will be collected and maintained in compliance with applicable law.
C. Data we create or generate.
We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we may infer your general geographic location (such as city, state, country, and jurisdiction) based on your IP address.
D. Data we obtain from third-party sources.
We obtain data from third parties. These third-party sources include, for example:
- Third-party applications and services, such as social networks you choose to connect with or interact with through our Products and Services.
- Service providers, such as third parties that collect or provide data in connection with work they do on our behalf.
- Data brokers, including data aggregators from which we obtain data to supplement the data we collect.
- Publicly available sources, such as open government databases.
- Clients using our Products and Services may provide us with the personal data concerning their employees, contractors, or other personnel in order to provide access to our Products and Services.
- Social Media Platforms, such as the social media features on our websites (including the “Tweet” button and other sharing widgets, “Social Media Features”). Social Media Features may allow you to post information about your activities on our website to outside platforms and social networks. Social Media Features may also allow you to like or highlight information we have posted on our website or our branded social media pages. Social Media Features are either hosted by each respective platform or hosted directly on our website. To the extent the Social Media Features are hosted by the platforms themselves, and you click through to these from our websites, the platform may receive information showing that you have visited our websites. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our websites with your social media profile and may share that data with us.
- HOW WE USE YOUR DATA
We need to know your personal data to perform the functions of our Products and Services and to provide you the Products and Services you request. We use personal data collected through our Products and Services for purposes described in this Privacy Notice or otherwise disclosed to you.
For example, we use each category of personal data (listed above in the II. Personal Data We Collect section) for the following purposes:
- Product and Services delivery, including securing, troubleshooting, improving, and personalizing our Products and Services.
- Product and Services improvement and development, including assessing your use of our Products and Services and creating new or improved Products and Services.
- Business operations, such as improving our internal operations, securing our systems, and detecting fraudulent or illegal activity.
- Personalization, including understanding you and your preferences to enhance your experience and enjoyment using our Products and Services.
- Customer support, such as troubleshooting and responding to your questions.
- We may record phone calls for training, quality assurance, and administration purposes. If required under applicable law, we will obtain your prior consent or give you the option to object to a call being recorded.
- Processing payments, including to verify that information and to collect payments to the extent that doing so is necessary to complete a transaction and perform our contract with you.
- Reviewing compliance with applicable usage terms. We process your personal data to validate that you are a licensed user and to review compliance with the applicable usage terms in our contract with you.
- Communications, such as sending you confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
- Marketing, including communicating with you about new services, offers, promotions, and other information about our Products and Services and Clients. We may process your personal data to conduct market research, advertise to you, provide personalized information about us on and off our websites and to provide other personalized content based upon your activities and interests (see the V. Your Choices section below for how to change your preferences for promotional communications).
- Compliance with legal obligations, such as when cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of personal data to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our websites or Products and Services, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, respond to lawful requests, or for auditing purposes.
We combine data we collect from different sources to give you a more seamless, consistent, and personalized experience.
- HOW WE SHARE YOUR DATA
Xplor may disclose personal data with your consent or as necessary to complete your transactions or provide the Products and Services you have requested or authorized.
In addition, we share each of the categories of personal data described above, with the types of third parties described below, for the following business purposes:
- Public information. You may select options available through our Products and Services to publicly display and share your name and/or username and certain other information, such as your profile, content and files, or geolocation data.
- Service providers. We share personal data with vendors or agents working on our behalf for the purposes described in this Privacy Notice. For example, companies we have hired to assist in protecting and securing our systems and the Products and Services that may need access to personal data to provide those functions.
- Financial services & payment processing. When you provide payment data, for example to make a purchase, we will share payment and transactional data with banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, or other related financial services.
- Affiliates. We enable access to personal data across our subsidiaries, affiliates, and related companies where, for example, we share common data systems or where access is needed to provide our Products and Services and operate our business.
- Corporate transactions. We may disclose personal data as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets.
- Clients. If you use our Products and Services as an authorized user, we may share your personal data with your affiliated Client responsible for your access to the Product and Services to the extent this is necessary for verifying accounts and activity, investigating suspicious activity, or enforcing our terms and policies.
- Contest and promotion sponsors. We may disclose personal data to sponsors of contests or promotions for which you register in order to fulfill the contest or promotion.
- Professional advisers. In individual instances, we may share your personal data with professional advisers acting as service providers, processors, or joint controllers – including lawyers, bankers, auditors, accountants and insurers who provide consultancy, banking, legal, insurance, audit and accounting services.
- Legal and law enforcement. We may access, disclose, and preserve personal data when we believe that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.
- Security, safety, and protecting rights. We may disclose personal data if we believe it is necessary to:
- protect our Clients and others, for example to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone;
- operate and maintain the security of our Products and Services, including to prevent or stop an attack on our computer systems or networks; or
- protect the rights or property or ourselves or others, including enforcing our agreements, terms, and policies.
Third-party analytics companies also collect personal data through our website and apps including identifiers and device information (such as cookie IDs, device IDs, and IP address), geolocation data, usage data, and inferences based on and associated with that data, as described in the Cookie Notice.
These third-party vendors may combine this data across multiple sites to improve analytics for their own purpose and others. For example, we use Google Analytics on our website to help us understand how users interact with our website. You can learn how Google collects and uses information at www.google.com/policies/privacy/partners.
Please note that some of our Products and Services include integrations, references, or links to services provided by third parties whose privacy practices differ from ours. If you provide personal data to any of those third parties, or allow us to share personal data with them, that data is governed by their privacy notices.
Finally, we may share de-identified information in accordance with applicable law.
- YOUR CHOICES
A. Communications preferences.
Xplor may send promotional communications to current and prospective Clients about new services, offers, promotions, and other information about our Products and Services. You can choose whether you wish to receive promotional communications from us by email, telephone, physical mail, push notifications, and social media. If you receive promotional communications from us and would like them to stop, you can do so by following the directions in the relevant message.
These choices do not apply to mandatory service communications that are part of certain of our Products and Services, or to surveys or other communications that may have their own unsubscribe method.
We may also send marketing communications to End Users about the services our Clients provide, on behalf of our Clients as part of our Products and Services. Additionally, our Clients may have the ability to market to current and prospective End Users directly. If you receive marketing communications from our Clients, please contact them if you have any questions.
B. Analytics and advertising.
Our third-party analytics and advertising partners typically provide options to opt-out of certain data collection or use. See the Cookie Notice for more details.
- YOUR PRIVACY RIGHTS
Depending on your jurisdiction, you may have certain rights with respect to that data:
- the right of access to a copy of the personal data we hold about you;
- the right to request that we correct any inaccuracies in your personal data;
- the right to object to decisions about you being taken by automated means (although we do not envisage making any decisions by automated means);
- where we have sought your consent, the right to withdraw your consent at any time; and
- the right to ask us not to process your personal data for direct marketing purposes.
You may also have the following rights at law in relation to your personal data in certain circumstances:
- the right to object to or request that we restrict our use of your personal data;
- the right to request that we provide a copy of your personal data to others; and
- the right to request that we erase your personal data.
To make such requests, contact us at email@example.com.
However, to the extent permitted by applicable law, we reserve the right to decline requests that are unreasonable, excessive, or prohibited by law, could adversely affect the privacy or other rights of another person, where we are unable to authenticate you as the person to whom the data relates, or where we are otherwise permitted to decline such requests in accordance with applicable law. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.
If you are an End User and we are processing data on behalf of our Client as a data processor (for example, when processing data about your services with our Client), you should direct your request to the appropriate Client or to firstname.lastname@example.org. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.
We rely on different lawful bases for collecting and processing personal data about you, for example, with your consent and/or as necessary to provide the Services you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfill other legitimate interests.
- RETENTION OF PERSONAL DATA
We retain personal data for as long as necessary to provide the Product and Services and fulfill the transactions and the Product and Services our Clients and End Users have requested, or for other essential purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different data types in the context of different Product and Services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations.
If you are an End User receiving services from a Client, you may direct questions about the Client’s retention of your personal data to them or to email@example.com.
- LOCATION OF PERSONAL DATA
The personal data we collect may be stored and processed in your country or region, or in any other country where we or our affiliates, subsidiaries, or service providers maintain facilities. Currently, we primarily use data centers in the European Union, United Kingdom, United States, Canada, Australia, and New Zealand. The storage location(s) are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problem.
We take steps designed to ensure that the data we collect under this Privacy Notice is processed according to the provisions of this Privacy Notice and applicable law wherever the data is located.
A. Location of processing European personal data.
We transfer personal data from the European Economic Area, United Kingdom, and Switzerland to other countries (including the USA), some of which have not been determined by the European Commission to have an adequate level of data protection. When we do so, we use a variety of legal mechanisms, including contracts where appropriate, to help ensure your rights and protections.
To learn more about the European Commission’s decisions on the adequacy of personal data protections, please visit: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
- DATA SECURITY
The security of your personal data is important to us. We take reasonable and appropriate steps to help protect personal data from unauthorized access, use, disclosure, alteration, and destruction.
However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
- CHANGES TO THIS PRIVACY NOTICE
We will update this Privacy Notice when necessary to reflect changes in our Services, how we use personal data, or the applicable law. When we post changes to this Privacy Notice, we will change the “last updated” date at the beginning of this Privacy Notice.
If we make material changes to this Privacy Notice, we will provide notice regarding such changes, and take such other actions as may be required by law.
Any questions, concerns, or complaints for Xplor or about this Privacy Notice should be addressed to firstname.lastname@example.org or by mail to Xplor at 11330 Olive Blvd., Suite 200, Creve Coeur, MO 63141, USA.
- CALIFORNIA ADDENDUM – YOUR CALIFORNIA PRIVACY RIGHTS
If you are a California resident and the processing of personal data about you is subject to the California Consumer Privacy Act (“CCPA”), you have certain rights with respect to that information.
A. Right to know.
You have a right to request that we disclose to you the personal data we have collected about you. You also have a right to request additional information about our collection, use, disclosure, or sale of such personal data.
Note that we have provided much of this information in this Privacy Notice. You may make such a ‘request to know’ by contacting us at email@example.com. If you are an End User and we are processing your data on behalf of our Client as a service provider, you should direct your request to the appropriate Client or to firstname.lastname@example.org.
B. Right to request deletion.
You also have a right to request that we delete personal data under certain circumstances, subject to a number of exceptions. To make a request to delete, contact us at email@example.com. If you are an End User and we are processing your data on behalf of our Client as a service provider, you should direct your request to the appropriate Client or to firstname.lastname@example.org.
C. Right to opt-out.
You have a right to opt-out from future ‘sales’ of personal data. Please note the following:
- The CCPA defines ‘sell’ and ‘personal information’ very broadly, and some of our data sharing described in this privacy statement may be considered a ‘sale’ under those definitions. In particular, we let advertising and analytics providers collect IP addresses, cookie IDs, and mobile IDs through our sites and apps when you use our online services. For more information, including how to opt-out, please see our Cookie Notice.
- We do not knowingly sell the personal data of minors under 16 years of age.
D. Other CCPA rights.
You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.
Further, to provide or delete specific pieces of personal data we will need to verify your identity to the degree of certainty required by law. We will verify your request by asking you to send it from the email address associated with your account or requiring you to provide information necessary to verify your account.
Finally, you have a right to receive notice of our practices at or before collection of personal data, and you have a right to not be discriminated against for exercising these rights set out in the CCPA.
E. ‘Shine the Light’ law.
Additionally, under California Civil Code § 1798.83, also known as the ‘Shine the Light’ law, California residents who have provided personal data to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal data to any third parties for the third parties’ direct marketing purposes.
Please be aware that we do not disclose personal data to any third parties for their direct marketing purposes as defined by this law.
California Customers may request further information about our compliance with this law by e-mailing email@example.com. Please note that businesses are required to respond to one request per California Customer each year and may not be required to respond to requests made by means other than through the designated e-mail address.