Effective Date of Current Policy: December 27, 2019
3. TRANSPARENCY/NOTICE—TYPES OF PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
The types of Personal Information we may collect (directly from you or from third party sources) and our privacy practices depend on the nature of the relationship you have with Peloton and the requirements of applicable law. Some of the ways that Peloton may collect Personal Information include:
- You may provide Personal Information directly to Peloton through interacting with the Services (including when you use our fitness equipment during live in-studio classes or via our subscription services), participating in surveys, during events such as Homecoming, or promotions or sweepstakes, and requesting services or information.
- As you navigate the Services, certain passive information may also be collected about your visit, including through cookies and similar technologies as described below.
It is our goal to collect only that information which is relevant for the purposes of Processing. Below are the ways we collect Personal Information and how we use it.
3.1 TYPES OF PERSONAL INFORMATION WE COLLECT
Peloton collects Personal Information from its current, prospective, and former customers, members, users, visitors, and guests (collectively “Individuals”).
- Information You Provide Directly to Us. When you use the Services, contact us directly, or engage in certain activities, such as registering for an account with Peloton, purchasing Peloton products or Services from us, using our fitness equipment or participating in a studio class live or via our subscription services, we may ask you to provide some or all of the following types of information:
- Purchases. When you choose to purchase Peloton products or Services from us including fitness equipment and accessories, apparel, live in-studio classes or subscription services offered through any device, we may collect information from you including Personal Information, such as your name, email address, mailing address, phone number, payment information, such as a credit card number and/or other related information that may be required from you to complete your purchase (such payment information, “Financial Information”). Unless we tell you otherwise at the time of your purchase or application for financing, your Financial Information is Processed by our third party processors and we do not collect, store or maintain your Financial Information. For more information on how your information is shared in these instances, please see Section 3.5 (“Third-Party Payment Processing”) below. We will also collect a username and password in connection with any account created via the Services.
- Public User Profiles. When you use Peloton fitness equipment (e.g., the Bike or Tread) or subscribe to Peloton Digital, you will be given the opportunity to create a “User Profile” and when you do so we may ask you to provide information about yourself such as a username, email address, weight, height, age, location, birthday, phone number and image or avatar. Only your email address and username are required to set up a User Profile; the rest of the information that you may provide is optional.
Once your User Profile is created, anytime you log in to participate in a studio class in-person or via our subscription service, we will collect additional information and add it to your User Profile, such as the total number of classes taken, the dates you took those classes, fitness performance history (including leaderboard rank, achievements earned, total output, speed, distance and calories burned), your followers and who you are following, and, to the extent you have worn a heart rate monitor that you have connected to your fitness equipment, information about your heart rate over the course of the class and any other information that may be available from time to time.
You acknowledge that your User Profile information may be personal to you, and by creating an account and providing such information through the use of our Services, you allow others, including Peloton, to identify you and therefore you may not be anonymous. Information included in your User Profile, including any achievements, milestones, streaks or badges earned via the Services may be displayed on in-studio digital signage if you come to a live class at any of our studios. Peloton User Profiles are set to public by default, which means that other registered Peloton users will also be able to view your User Profile, including your fitness performance history (as described above), your Peloton leaderboard name, and your location and age (if you have provided it), and those users can contact or follow you through the Services. You have the option to set your profile to “Private,” which means that only members who you approve as followers can see your profile and fitness performance history, and you can remove other users from your followers.
- Voice and Likeness. We may capture your visual image, likeness and voice recording (e.g., via photographs and/or video) if you visit our studios and/or showrooms, participate in studio classes and/or call our member support or inside sales teams. We record and store member support and sales calls to train support and sales agents to help resolve member questions, for quality purposes and as required by law. Additionally, Peloton fitness equipment and the Peloton App may contain a camera, microphone and voice control features. These features are in use only when activated by you, for example, to take a Peloton user profile photo or to initiate or accept a video chat from another user.
- Communications with Us. We may collect Personal Information from you such as your email address, phone number or mailing address, when you choose to request information about our Services, visit our retail showrooms, register to receive Peloton communications over email or text messaging, participate in promotions, or loyalty programs that we may offer from time to time, request to receive member or technical support or otherwise communicate with us.
- Registration for Sweepstakes or Contests. Occasionally, Peloton may run sweepstakes and contests. We ask those who enter sweepstakes or contests to provide contact information (e.g., a phone number or an email address). If you participate in a sweepstakes or contest, your contact information may be used to reach you about the sweepstakes or contest, and, to the extent permitted by law, for other promotional, marketing and business purposes. In compliance with the laws of your jurisdiction, as a participant you may have the opportunity to opt-out of any communications that are not related to awarding prizes.
- Location Information. Based on your interaction with the Services, the type of device you use to access the Services, and your device’s connectivity, we may collect location-based information including your Internet protocol (IP) address, GPS location, longitude/latitude, city, county, zip code and region, and your location and your smart device’s proximity to “beacons,” Bluetooth networks and/or other proximity systems. We may use this type of information to enhance your user experience (such as using location information for the purposes of displaying the geographic distribution of Peloton workouts on a heat map), to better understand your interaction with our products and services in our showrooms, or to enable you to track your outdoor fitness activities. Unless you provide us with your consent to do otherwise, this information will only be used by us and our third party service providers to provide you with the Services you request or in an aggregated and anonymized format that does not identify you. If you no longer wish to have this location information collected and used by us, you may opt-out by disabling the location and Bluetooth features in the operating system of your device.
- Automatic Data Collection. We may collect certain information automatically through our Services or other methods of web analysis, such as your IP address, cookie identifiers, mobile carrier, mobile advertising identifiers, MAC address, IMEI, Advertiser ID, and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type and language, geo-location information, hardware type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the Services, and other actions taken through use of the Services such as preferences. For more information on Automatic Data Collection, please see Section 3.3.
- Information from Other Sources. We may receive information about you from other sources, including through third party services and organizations, to supplement information provided by you. For example, if you access our Services through a third party application, such as the Apple App Store or Google Play App Store (together with any similar applications, “App Stores”) or social media sites such as Facebook, we may collect information about you from that third party application that you have made public via your privacy settings. Information we collect through App Stores or social media accounts may include your name, your social media site user identification number, your user name, location, gender, birth date, email, profile picture and your social media contacts. This supplemental information allows us to verify information that you have provided to Peloton and to enhance our ability to provide you with information about our business, products and Services.
3.2 HOW PELOTON USES YOUR INFORMATION
We acquire, hold, use and Process Personal Information about Individuals for a variety of business purposes, including:
- To Provide Products, Services, or Information Requested. Peloton may use information about you to fulfill requests for products, Services or information, including information about potential or future services, including to:
- Generally manage Individual information and accounts;
- Respond to questions, comments, and other requests;
- Provide access to certain areas, functionalities, and features of Peloton’s Services;
- Assist with monitoring your performance, fitness and health related statistics and usage trends;
- Personalize exercise and activity goals for you based on your settings and your historical exercise or activity data;
- Communicate with you about logistical matters, including product deliveries and product servicing visits;
- Provide services to you;
- Review and contact you to answer requests for member support or technical support; and
- Allow you to register for classes and events.
- Administrative Purposes. Peloton may use Personal Information about you for its administrative purposes, including to:
- Measure interest in Peloton’s Services;
- Develop new products and Services;
- Ensure quality control;
- Verify Individual identity;
- Communicate about Individual accounts and activities on Peloton’s Services and systems, and, in Peloton’s discretion, changes to any Peloton policy;
- Send emails or text messages to the email address or telephone number you provide to us to verify your account and for informational and operational purposes, such as account management, customer service, delivery updates, or system maintenance;
- Process payment(s) for products or services purchased;
- Process applications and transactions;
- Prevent potentially prohibited or illegal activities;
- Maintain and administer our Services; and
- Enforce our Terms.
- Marketing Peloton Products and Services. Peloton may use Personal Information to provide you with materials about offers, products and Services that may be of interest, including new content or services. Peloton may provide you with these materials by phone, postal mail, text or email, as permitted by applicable law. Such uses include:
- To tailor content, advertisements and offers;
- To notify you about offers, products and services that may be of interest or about which you have previously expressed an interest;
- For other purposes disclosed at the time that Individuals provide Personal Information; or
- Otherwise with your consent. You may contact us at any time to opt-out of the use of your Personal Information for marketing purposes, as further described in Section 5 below.
- Research and Development. Peloton may use Personal Information to create non-identifiable information that we may use alone or in the aggregate with information obtained from other sources, in order to help us improve our existing products and Services or develop new products and Services. From time to time, Peloton may perform research (online and offline) via surveys. We may engage third party service providers to conduct such surveys on our behalf. All survey responses are voluntary, and the information collected will be used for research and reporting purposes to help us better serve Individuals by learning more about their needs and the quality of the products and services we provide. The survey responses may be utilized to determine the effectiveness of our Services, various types of communications, advertising campaigns and/or promotional activities. If an Individual participates in a survey, the information given will be used along with that of other study participants. We may share anonymous Individual and aggregate data for research and analysis purposes.
- Direct Mail, Email and Outbound Telemarketing. Individuals who provide us with Personal Information, or whose Personal Information we obtain from third parties, may, as permitted by law, receive periodic emails, newsletters, mailings, text messages or phone calls from us with information on Peloton’s or our business partners’ products and services or upcoming special offers/events that we believe may be of interest. We offer the option to decline these communications at no cost to the Individual by following the instructions in Section 5 below.
- Anonymous and Aggregated Information Use. Peloton may use Personal Information and other information about you to create anonymized and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access Peloton’s Services or other analyses we create. Anonymized and aggregated information is used for a variety of functions, including the measurement of visitors’ interest in and use of various portions or features of the Services. Anonymized or aggregated information is not Personal Information, and Peloton may use such information in a number of ways, including research, internal analysis, analytics and any other legally permissible purposes. We may share this information within Peloton and with third parties for our or their purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.
- Sharing Content with Friends or Colleagues. Peloton’s Services may offer various tools and functionalities. For example, Peloton may allow you to provide information about your friends through our referral services, such as “Refer a Friend.” Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services. Email addresses that you provide for a friend or colleague will be used to send your friend or colleague the content or link you request, but will not be used by Peloton for any other purpose.
- Other Uses. Peloton may use Personal Information for which we have a legitimate interest, such as fraud protection or compliance with legal obligations, or any other purpose disclosed to you at the time you provide Personal Information or with your consent.
3.3 COOKIES, PIXEL TAGS/WEB BEACONS, ANALYTICS INFORMATION, AND INTEREST-BASED ADVERTISING
- Cookies. Cookies are small text files placed in visitors’ computer browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Site may not work properly.
- Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded on the Site that collects information about users’ engagement on that web page. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement.
- Analytics. We may also use Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics on some of our Services and to develop website content. This analytics data is not tied to any Personal Information. For more information about Google Analytics, please visitwww.google.com/policies/privacy/partners/. You can opt-out of Google’s collection and Processing of data generated by your use of the Services by going to https://tools.google.com/dlpage/gaoptout.
Our uses of such Technologies fall into the following general categories:
- Operationally Necessary. We may use Technologies that are necessary to the operation of our Site, Services, applications, and tools. This includes Technologies that allow you access to our Site, Services, applications, and tools; that are required to identify irregular site behavior, prevent fraudulent activity and improve security; or that allow you to make use of functions such as shopping carts, saved search or similar functions.
- Performance Related. We may use Technologies to assess the performance of our Site, applications, Services and tools, including as part of our analytic practices to help us understand how our visitors use our Site, determine if you have interacted with our messaging, determine whether you have viewed an item or link, or to improve our website content, applications, services or tools;
- Functionality Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Sites, Services, applications or tools. This may include identifying you when you sign into our Sites or keeping track of your specified preferences, interests or past items viewed so that we may enhance the presentation of content on our Sites;
- Advertising or Targeting Related. We may use first-party or third party cookies and web beacons to deliver content, including ads relevant to your interests, on our Sites or on third party sites. This includes using technologies to understand the usefulness to you of the advertisements and content that has been delivered to you, such as whether you have clicked on an advertisement.
If you would like to opt-out of the Technologies we employ on our Sites, Services, applications or tools, you may do so by blocking, deleting or disabling them as your browser or device permits. See Section 5 for additional opt-out options. Please note that blocking, deleting, or disabling these Technologies will affect the functionality of our Sites, Services, applications and tools, and may prevent you from being able to access certain features.
3.4 THIRD-PARTY WEBSITES, SOCIAL MEDIA PLATFORMS, AND SOFTWARE DEVELOPMENT KITS
The Service may contain links to other websites and other websites may reference or link to the Peloton Site or other Services. These other domains and websites are not controlled by us, and Peloton does not endorse or make any representations about third party websites or social media platforms. We encourage you to read the privacy policies of each and every website and application with which you interact. We do not endorse, screen or approve, and are not responsible for the privacy practices or content of such other websites or applications. Visiting other websites or applications is at your own risk.
Peloton’s Services may include publicly accessible blogs, community forums, message boards, private messaging or video chat features. The Services may also contain links and interactive features with various social media or music platforms (e.g., widgets). If you already use these platforms, their cookies may be set on your device when using the Services. You should be aware that Personal Information that you voluntarily include and transmit online in a publicly accessible blog, video chat session, social media platform or otherwise online, or that you share in an open forum, may be viewed and used by others without any restrictions. We are unable to control such uses of your information when you interact with a third party platform, and by using such services you assume the risk that the Personal Information provided by you may be viewed and used by third parties for any number of purposes.
3.5 THIRD-PARTY PAYMENT PROCESSING
4. ONWARD TRANSFER—PELOTON MAY DISCLOSE YOUR INFORMATION
4.1 INFORMATION WE SHARE
- Business Partners. Peloton may share Personal Information with our business partners and affiliates for our and our affiliates’ internal business purposes or to provide you with a product or service that you have requested. Peloton may also provide Personal Information to business partners with whom we may jointly offer products or services, or whose products or services we believe may be of interest to you. In such cases, our business partner’s name will appear, along with Peloton.
- Displaying to Other Users. The content you post to the Services may be displayed on the Services. Other users of the Services may be able to see some information about you, such as your name if you submit a review or provide a testimonial to our Site. We are not responsible for the privacy practices of the other users who view and use posted information.
- Marketing – Interest-Based Advertising and Third-Party Marketing. Peloton may allow third party advertising partners to set tracking tools (e.g., cookies) to collect information regarding your activities on our Sites (e.g., your IP address, page(s) visited, time of day). We may also share such de-identified information as well as selected Personal Information (such as demographic information and past purchase history) we have collected with third party advertising partners. These advertising partners may use this information (and similar information collected from other companies) for purposes of delivering targeted advertisements to you when you visit non-Peloton related websites within their networks. This practice is commonly referred to as “interest-based advertising” or “online behavioral advertising”. We may allow access to other data collected by the Site to facilitate transmittal of information that may be useful, relevant, valuable or otherwise of interest to you. If you prefer that we do not share your Personal Information with third party advertising partners, you may opt-out of such sharing at no cost by following the instructions in Section 5 below.
- Disclosures to Protect Us or Others (e.g., as Required by Law and Similar Disclosures). We may access, preserve and disclose your Personal Information, other account information and content if we believe doing so is required or appropriate: (i) to comply with law enforcement or national security requests and legal process, such as, a court order or subpoena; (ii) to respond to your requests; (iii) to protect yours, ours or others’ rights, property or safety; (iv) to enforce Peloton policies or contracts; (v) to collect amounts owed to Peloton; (vi) to comply with records retention policies; (vii) when we believe access, preservation, or disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (viii) if we, in good faith, believe that access, preservation, or disclosure is otherwise necessary or advisable. In addition, from time to time, server logs may be reviewed for security purposes – e.g., to detect unauthorized activity on the Services. In such cases, server log data containing IP addresses may be shared with law enforcement bodies in order to allow them to identify users in connection with their investigation of unauthorized activities.
4.2 INTERNATIONAL DATA TRANSFERS
You agree that all Personal Information collected via or by Peloton may be transferred, Processed and stored anywhere in the world, including but not limited to, the United States, Canada, the European Union, in the cloud, on our servers, on the servers of our affiliates or on the servers of our service providers. Your Personal Information may be accessible to law enforcement or other authorities as described above. By providing information to Peloton, you explicitly consent to the storage of your Personal Information in these locations.
5. OPT-OUT (RIGHT TO OBJECT TO PROCESSING)
You have the right to object to and opt-out of certain uses and disclosures of your Personal Information. Where you have consented to Peloton’s Processing of your Personal Information or Sensitive Personal Information, you may withdraw that consent at any time and opt-out to further Processing by contacting email@example.com. Even if you opt-out, we may still collect and use non-Personal Information regarding your activities on our Service and/or information from the advertisements on third party websites for non-interest based advertising purposes, such as, to determine the effectiveness of the advertisements.
5.2 EMAIL, TEXT AND TELEPHONE COMMUNICATIONS
We maintain “do-not-call” and “do-not-mail” lists as mandated by law. We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists within 60 days after receipt, or such shorter time as may be required by law.
5.3 MOBILE DEVICES
Peloton may occasionally send you push notifications through our Apps with updates, achievements and other notices that may be of interest to you. You may at any time opt-out from receiving these types of communications by changing the settings on your device. Peloton may also collect location-based information if you use our Apps. You may opt-out of this collection by changing the settings on your device.
5.4 “DO NOT TRACK”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
5.5 COOKIES AND INTEREST-BASED ADVERTISING
As noted above, you may stop or restrict the placement of cookies on your computer or remove them from your browser by adjusting your web browser preferences. Please note that cookie-based opt-outs are not effective on mobile applications. However, on many mobile devices, application users may opt-out of certain mobile advertisements via their device settings.
The online advertising industry also provides websites from which you may opt-out of receiving targeted ads from our data partners and our other advertising partners that participate in self-regulatory programs. You can access these, and also learn more about targeted advertising and consumer choice and privacy, at www.networkadvertising.org/managing/opt_out.asp, www.youronlinechoices.eu/ or www.youradchoices.ca/, and www.aboutads.info/choices/. You can also choose not to be included in Google Analytics here.
6. RIGHTS OF ACCESS, RECTIFICATION, ERASURE, AND RESTRICTION
Although Peloton makes good faith efforts to provide Individuals with access to their Personal Information, there may be circumstances in which Peloton is unable to provide access, including but not limited to where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the Individual’s privacy, in the case in question or where it is commercially proprietary. If Peloton determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, Peloton will take commercially reasonable steps to verify your identity before granting access to or making any changes to your Personal Information.
7. DATA RETENTION
8. SECURITY OF YOUR INFORMATION
By using the Services or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy and administrative issues relating to your use of the Services. If we learn of a security breach, we may attempt to notify you electronically by posting a notice on the Services or sending an email to you. You may have a legal right to receive this notice in writing.
9. NON-U.S. USERS
10. CHILDREN’S PRIVACY
Our Services are not directed to children under the age of 13. In addition, you are not permitted to use our Services if you do not meet the minimum age requirement applicable to our Services in your jurisdiction. We do not knowingly collect Personal Information from children under the age of 13. If you learn that your child has provided us with Personal Information without your consent, you may alert us at firstname.lastname@example.org. If we learn that we have collected Personal Information of a child under the age of 13 (or under the age of 16 in certain jurisdictions, such as EU member countries) we will take steps to delete such information from our files as soon as possible and terminate the child’s account unless we receive verifiable parental consent.
11. REDRESS/COMPLIANCE AND ACCOUNTABILITY
U.S. and Canadian Residents:
Peloton Interactive, Inc.
125 West 25th Street, 11th Floor
New York, NY 10001
Attn: Legal Department
United Kingdom and European Union Residents:
Peloton Interactive UK Ltd.
5 Upper St Martin’s Lane
London WC2H 9EA
Attn: Legal Department
- New Uses of Personal Information. Additionally, before we use Personal Information for any new purpose not originally authorized by you, we will endeavor to provide information regarding the new purpose and give you the opportunity to opt-out. Where consent of the Individual for the Processing of Personal Information is required by law or contract, Peloton will endeavor to comply with the law or contract.
The following capitalized terms have the meanings set forth below.
“Agent” means any Third-Party that Processes Personal Information pursuant to the instructions of, and solely for, Peloton or to which Peloton discloses Personal Information for use on its behalf.
“Employee” refers to any current, temporary, permanent, prospective or former employee, director, contractor, worker, or retiree of Peloton or its subsidiaries worldwide.
“Personal Information” is any information relating to an identified or identifiable natural person (“Individual”).
“Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
“Sensitive Data” or “Sensitive Personal Information” is a subset of Personal Information which, due to its nature, has been classified by law or by policy as deserving additional privacy and security protections, such as certain financial or medical information, and Personal Information regarding EU residents that is classified as a “Special Category of Personal Data” under EU law, such as: (1) race or ethnic origin; (2) political opinions; (3) religious or philosophical beliefs; (4) trade union membership; (5) genetic data; (6) biometric data where Processed to uniquely identify a person; (6) health information; (7) sexual orientation or information about the Individual’s sex life; or (8) information relating to the commission of a criminal offense.
“Third-Party” is any company, natural or legal person, public authority, agency, or body other than the Individual, Peloton or Peloton’s Agents.