Privacy policy

EFFECTIVE DATE: March 1, 2024

This privacy policy (“Privacy Policy” or “Policy”) applies to the website and all other online properties (“Site”) operated by BOSU Fitness, LLC, a Delaware limited liability company (“BOSU,” “we,” “us,” or “our”). The use of the Site, including the purchase of any products or services (“Products” or “Services”) and other online communications, is subject to this Policy. Please read this Privacy Policy carefully. By using this Site, you agree to this Privacy Policy as well as any other terms, guidelines or rules that apply to any portion of this Site, without limitation or qualification.

IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, THEN YOU MUST EXIT THE SITE IMMEDIATELY AND DISCONTINUE ANY USE OF THE INFORMATION OBTAINABLE OR ACCESSIBLE THROUGH THE SITE.

We use Shopify to power our online store. You can read more about how Shopify collects and uses your Personal Information at https://www.shopify.com/legal/privacy.

Contact

After reviewing this policy, if you have additional questions, want more information about our privacy practices, or would like to make a complaint, please contact us by e-mail at marketing@hfitllc.com or by mail at 1010 Hedstrom Drive, Ashland, OH 44805, United States.

Collecting Personal Information

This Privacy Policy explains how BOSU may collect, use, and disclose Personal Information (defined below) we obtain through the Site, your communications with us, or from third parties. “Personal Information” means information that alone or when in combination with other information may be used to readily identify, contact, or locate you, such as: name, address, email address, or phone number. To the extent permitted by applicable law, we do not consider Personal Information to include information that has been anonymized such that it does not allow a third party to easily identify a specific individual.

BOSU may collect both Personal Information and browsing information from you. Such collection may include:

  • Passive Collection. BOSU collects and stores information that is generated automatically as you use the Site, including your preferences and anonymous usage statistics. This information may include Internet protocol (IP) addresses, device and hardware information, geolocation, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site, operating system, date/time stamps, search terms, what sites or products you view, or clickstream data.
  • Tracking Technologies and Identifiers. BOSU and its partners use cookies, pixels, server logs, and other forms of persistent or probabilistic identifiers and similar technology to analyze trends, administer the Site, track users’ movements around the Site, and to gather demographic information about our user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features, functions, or services on the Site.
  • Submissions to the Site. BOSU collects information you submit to the Site. If you choose to submit content to any public area of the Site, such content will be considered “public” and will not be subject to the privacy protections set forth herein. Please also review and familiarize yourself with the section regarding user-generated “Content” in the Site’s Terms of Service found here.
  • Financial Information. We do not collect any financial information about you. However, we partner with third party vendors who will collect financial information about you, including payment information, in connection with purchases through our Site. Although we make efforts to select vendors that will respect and protect your privacy, we have no control over any third parties. Thus, we make no guarantees about, and assume no responsibility for, the information or services provided by third parties. We encourage you to review any third parties to familiarize yourself with their privacy practices.
  • Communication with Us. We may also collect Personal Information from you when you communicate with us, including account creation and use, customer support communications, comments, reviews, surveys, interactions with site content, and other inquiries to or interactions with us online and through this Site.
  • Independent Third Parties. We may obtain Personal Information from other sources, independent of you. For example, we may receive demographic or interest information about you from third parties, including advertisers (such as the fact that an advertiser is interested in showing you an ad or that you have shown interest in a particular product), service providers (such as database administrators, cloud computing services, and data analysts), and payment processors. We may combine information received from third parties with the other information we have about you.

Minors

The Site is not intended for individuals under the age of 18 and we do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address at the top of this Policy to request deletion. If we learn that we have collected any Personal Information from children under 18, we will promptly take reasonable steps to delete such information.

Using and Sharing Personal Information

We use and share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. Uses may include:

  • Processing your orders and performing services you have purchased from or contracted for with us, including maintaining or servicing user accounts, as well as providing customer service, processing, or fulfilling orders and transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytics services, or providing similar services.
  • Keeping you up to date on new products, services, and offers.
  • Providing, maintaining, and improving our Site, our Products, or our Services.
  • Personalizing services, content, and features that match your activities, preferences, and settings.
  • Analyzing how you use the Site with various analytics tools (such as Google Analytics) to help us understand traffic patterns and know if there are problems with the Site.
  • Auditing by third-parties related to security, compliance, accreditation, and similar concerns.
  • Detecting and responding to security incidents, protecting against, and responding to malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • Undertaking short-term, transient uses, including, but not limited to, non-personalized advertising shown as part of your interactions with our digital properties.
  • Debugging to identify and repair errors that impair existing intended functionality.
  • Undertaking internal research for technological development and demonstration and to make business decisions about current and future Product and Service offerings.
  • Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.
  • Displaying advertisements intended for you based on personal information, related to your activities over time and across nonaffiliated websites or online applications, used to predict your preferences or interests (targeted advertising).
  • Processing liability claims.
  • Complying with and enforcing applicable legal requirements, relevant industry standards, and our policies.
  • Responding to subpoenas, search warrants, or other lawful requests for information we receive, or to otherwise protect our rights.
  • Sharing information that we believe is necessary to prevent imminent and serious bodily harm to a person.
  • Aggregating or anonymizing data such that it cannot reasonably be used to identify you, such as telling an advertiser how many people saw their ad.
  • Carrying out any other purpose readily apparent to you or described to you at the time the Personal Information is collected.

Retention

We retain your Personal Information as needed to provide you with the Site and related Services. This includes data you or others provided to us and data generated or inferred from your use of the Site. Personal Information tied to your user account is retained while your account is in existence. When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. We may store information such as survey responses, support requests, and contact information, that is necessary to enable us to operate effectively and deliver our Services to you.

Data Security

We take reasonable steps to protect your Personal Information against unauthorized access, alteration, disclosure, misuse, or destruction. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. The safety and security of your Personal Information also depends on you. If you have an account with us, you are responsible for keeping your membership details confidential. Your account is protected by your account password, and we urge you to take steps to keep your Personal Information safe by not disclosing your password and by logging out of your account after each use. We further protect your Personal Information from potential security breaches by implementing certain technological security measures including encryption, firewalls, and secure socket layer technology. However, these measures do not guarantee that your Personal Information will not be accessed, disclosed, altered, or destroyed by breach of such firewalls and secure server software. By using the Site, you acknowledge that you understand and agree to assume these risks.

Behavioral Advertising

We may use your Personal Information to provide you with targeted advertisements and marketing communications we believe may be of interest to you and may participate in cross-context behavioral advertising — seeking to place ads to you on others’ digital properties based, at least in part, on Personal Information obtained from your activity on others’ digital properties. For example:

  • We may use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
  • We may share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners and service providers. We may collect and share some of this information directly with our advertising partners and service providers, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).
  • Since our store is powered by Shopify, we may use Shopify Audiences to help us show ads on other websites with our advertising partners to buyers who made purchases with other Shopify merchants and who may also be interested in what we have to offer. We may also share information about your use of the Site, your purchases, and the email address associated with your purchases with Shopify Audiences, through which other Shopify merchants may make offers you may be interested in.

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at https://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can generally opt out of certain targeted advertising by via the following links:

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: https://optout.aboutads.info/. There are also a variety of third-party tools and browser add-ons that can give you additional control over what information you share with websites. To learn more, please visit the sites of the Digital Advertising Alliance and the Network Advertising Initiative, or if you are a user in the European Economic Area, Your Online Choices.

Do Not Track

Most modern web browsers give you the option to send a Do Not Track signal to the sites you visit, indicating that you do not wish to be tracked. However, there is no accepted standard for how a site should respond to this signal, and we generally do not take any action in response to this signal except as required by law. Instead, in addition to publicly available third-party tools, we offer you the choices described in this policy to manage the collection and use of information about you.

Notwithstanding the above, if you visit the Site with the Global Privacy Control opt-out preference signal enabled, we will treat this as a request to opt-out of the “sale” or “sharing” of information for the device and browser you used to visit our Site. We will not sell or share your information.

International Data Transfers

BOSU is based in the United States. The Site is controlled and operated by us from the United States and is not intended to subject us to the laws or jurisdiction of any state, country, or territory other than that of the United States. We generally process and store information on servers located in the United States, but we may store or process information on servers and equipment in other countries depending on a variety of factors, including the locations of our users and service providers. By visiting the Site or otherwise providing information to us, you agree that any dispute over privacy or the terms contained in this Privacy Policy will be governed by the laws of the State of Ohio and the adjudication of any disputes arising in connection with the BOSU or the Site will be in accordance with the terms herein. By accessing or using the Site or otherwise providing information to us, you consent to the processing, transfer, and storage of information in and to the United States and other countries, where you may not have the same rights as you do under the local law of your jurisdiction. If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States and processing globally. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in countries outside your own may be entitled to access your Personal Information. By providing your information you consent to any transfer and processing in accordance with this Privacy Policy.

We use Shopify, a Canadian company, to power our online store. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper.

Cookies

A cookie is a small amount of information that is downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing a website to remember your actions and preferences (such as login, region selection, and language preferences). This means you do not have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

Cookies may be set by the site you are visiting (called “first-party cookies”) or by a third party, such as those who provide analytics or advertising services or interactive content on the site (“third-party cookies”). In addition to using cookies on our Site, we may also serve our cookies on third-party sites operated by advertisers and our service providers.

Our first-party cookies include cookies that are strictly necessary, functional cookies, cookies related to analytics/performance, and advertising-related cookies.

Strictly Necessary: These cookies are necessary for our services to function properly and securely and cannot be switched off in our systems. You can set your browser to block or alert you about these cookies, but then some parts of the site will not work.

Functional: These cookies enable us to provide enhanced functionality and personalization. If you do not allow these cookies, then some or all of these features may not function properly.

Analytics and Performance: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

Advertising: We use these cookies to deliver advertisements, to make them more relevant and meaningful to users, and to track the efficiency of our advertising campaigns, both on our services and on other sites or mobile apps. Third-party advertising partners may use these cookies to build a profile of your interests and deliver relevant advertising on other sites.

Third-Party Cookies: Cookies from third parties that we partner with directly or indirectly. This may include third-party companies that work with us or with advertisers who advertise with us in order to help target ads or measure the results of an advertising campaign.

Your browser includes controls that allow you to manage the use of cookies by the sites that you visit, including our site. Most browsers have features that enable you to see and delete cookies stored on your device and to block cookies from all or selected sites. Your mobile device may also include browser settings that allow you to manage the use of cookies, especially if the device supports installing apps such as iOS and Android devices. iOS and Android devices also include additional device settings that control whether advertising partners can use information about your app activity for advertising purposes.

Additional Rights and Information Depending on Location

European Economic Area Residents (GDPR)

Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), you may have certain additional privacy rights. Users in the EEA have the right to request access to, rectification of, or erasure of their personal data; to data portability in certain circumstances; to request restriction of processing; to object to processing; and to withdraw consent for processing where they have previously provided consent. These rights can be exercised as described in Your Rights and Choices. EEA users also have the right to lodge a complaint with their local supervisory authority. If you would like to exercise your rights, please contact us through the contact information at the top of this Policy.

As required by applicable law, we collect and process information about individuals in the EEA only where we have a legal basis for doing so. Our legal bases depend on the services you use and how you use them. We process your information on the following legal bases:

  • Your consent;
  • The performance of the contract between you and the Site, including the provision of Products, Services, customer support, and personalized features and to protect the safety and security of the Site.
  • Compliance with our legal obligations;
  • To protect your vital interests;
  • To perform a task carried out in the public interest;
  • For our legitimate interests or those of a third party.

A “legitimate interest” is a business or commercial reason to use your information, so long as it is not overridden by your own rights and interests.

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you. We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

  • Temporary blacklist of IP addresses associated with repeated failed transactions. This blacklist persists for a small number of hours.
  • Temporary blacklist of credit cards associated with blacklisted IP addresses. This blacklist persists for a small number of days.

California Residents

The California Consumer Privacy Act (“CCPA”), as amended, requires us to provide California residents with some additional information, which we address in this section. If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the “Right to Know”), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased.

If you would like to exercise these rights, please contact us through the contact information at the top of this Policy. When you make a request, we will need to verify your identity. You may also make a rights request using an authorized agent. If you submit a rights request from an authorized agent who does not provide a valid power of attorney, we may ask the authorized agent to provide proof that you gave the agent signed permission to submit the request to exercise rights on your behalf. In the absence of a valid power of attorney, we may also require you to verify your own identity directly with us or confirm to us that you otherwise provided the authorized agent permission to submit the request. If you have any questions or concerns, you may reach us using the contact methods at the top of this Policy.

In the last 12 months, we collected the following categories of personal information from California residents, depending on the services used:

  • Identifiers, like your account information, email address, IP address, and cookie information.
  • Commercial information, including information about transactions you undertake with us.
  • Internet or other electronic network activity information, such as information about your activity on the Site.
  • Geolocation information based on your IP address or more specific location information if you authorize your device to provide it to us.
  • Inferences we make based on other collected data, for purposes such as advertising, analytics, and the creation of consumer profiles.

BOSU does not “sell” or “share” personal information as those terms are defined under the CCPA. We do not use or disclose sensitive personal information without your express consent except as permitted by the CCPA. For information on how Shopify treats your Personal Information, visit https://www.shopify.com/legal/privacy.

You have the right to opt out of our sharing of personal information for cross-context behavioral advertising. See our Do Not Sell or Share My Personal Information page for more information on how to exercise this right.

You also may have the right to request that we provide you with (a) a list of certain categories of personal information we have disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year and (b) the identity of those third parties. To submit a “Shine the Light Request,” contact us at the email address identified at the top of this page.

Colorado Residents

Colorado law provides Colorado residents with the rights listed below.

Right to Access: You have the right to know and see what personal data we have collected about you in a usable format.

Right to Delete: You have the right to request that we delete the personal data we have collected about you, subject to applicable legal exceptions.

Right to Correct: You have the right to request that we correct inaccurate personal data.

Right to opt Out of Targeted Advertising and Sale of Personal Data: Beginning July 1, 2024, Colorado residents have the right to “opt out” of “targeted advertising” and the “sale” of your “personal data” (as defined under Colorado law).

EXERCISING YOUR COLORADO PRIVACY RIGHTS

Making Access, Deletion, and Correction Requests: To make an access, deletion, or correction request, please contact us via one of the methods indicated at the top of this Policy. When you make a request, we will need to verify your identity. You may also make a rights request using an authorized agent. If you submit a rights request from an authorized agent who does not provide a valid power of attorney, we may ask the authorized agent to provide proof that you gave the agent signed permission to submit the request to exercise rights on your behalf. In the absence of a valid power of attorney, we may also require you to verify your own identity directly with us or confirm to us that you otherwise provided the authorized agent permission to submit the request. If you have any questions or concerns, you may reach us using the contact methods at the top of this Policy.

Making Requests to Opt Out of Targeted Advertising or the Sale of Personal Data: To submit a request to “opt out” of “targeted advertising” or the “sale” of your “personal data,” visit our Do Not Sell or Share My Personal Information page, or you may choose to enable online, where available, a universal tool that automatically communicates your opt-out preferences, such as the Global Privacy Control (“GPC”). We will process the GPC signal as a request to opt out.

Appeal Decisions: To appeal our decision regarding a request related to these rights, you may email us via the contact method indicated at the top of this Policy.

Connecticut Residents

Connecticut law provides Connecticut residents with the rights listed below.

Right to Access: You have the right to know and see what personal data we have collected about you in a usable format.

Right to Delete: You have the right to request that we delete the personal data we have collected about you, subject to applicable legal exceptions.

Right to Correct: You have the right to request that we correct inaccurate personal data.

Right to Opt Out of Targeted Advertising and Sale of Personal Data: Connecticut residents have the right to “opt out” of “targeted advertising” and the “sale” of your “personal data” (as defined under Connecticut law).

EXERCISING YOUR CONNECTICUT PRIVACY RIGHTS

Making Access, Deletion, and Correction Requests: To make an access, deletion, or correction request, please contact us via one of the methods indicated at the top of this Policy. When you make a request, we will need to verify your identity. You may also make a rights request using an authorized agent. If you submit a rights request from an authorized agent who does not provide a valid power of attorney, we may ask the authorized agent to provide proof that you gave the agent signed permission to submit the request to exercise rights on your behalf. In the absence of a valid power of attorney, we may also require you to verify your own identity directly with us or confirm to us that you otherwise provided the authorized agent permission to submit the request. If you have any questions or concerns, you may reach us using the contact methods at the top of this Policy.

Making Requests to Opt Out of Targeted Advertising or the Sale of Personal Data: To submit a request to “opt out” of “targeted advertising” or the “sale” of your “personal data,” visit our Do Not Sell or Share My Personal Information page, or you may choose to enable online, where available, a universal tool that automatically communicates your opt-out preferences, such as the Global Privacy Control (“GPC”). We will process the GPC signal as a request to opt out.

Appeal Decisions: To appeal our decision regarding a request related to these rights, you may email us via the contact method indicated at the top of this Policy.

Utah Residents

Utah law provides Utah residents with the rights listed below.

Right to Access: You have the right to know and see what personal data we have collected about you in a usable format.

Right to Delete: You have the right to request that we delete the personal data we have collected about you, subject to applicable legal exceptions.

Right to Opt Out of Targeted Advertising and Sale of Personal Data: Utah residents have the right to “opt out” of “targeted advertising” and the “sale” of your “personal data” (as defined under Utah law).

EXERCISING YOUR UTAH PRIVACY RIGHTS

Making Access and Deletion Requests: To make an access, deletion, or correction request, please contact us via one of the methods indicated at the top of this Policy. When you make a request, we will need to verify your identity. You may also make a rights request using an authorized agent. If you submit a rights request from an authorized agent who does not provide a valid power of attorney, we may ask the authorized agent to provide proof that you gave the agent signed permission to submit the request to exercise rights on your behalf. In the absence of a valid power of attorney, we may also require you to verify your own identity directly with us or confirm to us that you otherwise provided the authorized agent permission to submit the request. If you have any questions or concerns, you may reach us using the contact methods at the top of this Policy.

Making Requests to Opt Out of Targeted Advertising or the Sale of Personal Data: To submit a request to “opt out” of “targeted advertising” or the “sale” of your “personal data,” visit our Do Not Sell or Share My Personal Information page, or you may choose to enable online, where available, a universal tool that automatically communicates your opt-out preferences, such as the Global Privacy Control (“GPC”). We will process the GPC signal as a request to opt out.

Appeal Decisions: To appeal our decision regarding a request related to these rights, you may email us via the contact method indicated at the top of this Policy.

Virginia Residents

Virginia law provides Virginia residents with the rights listed below.

Right to Access: You have the right to know and see what personal data we have collected about you in a usable format.

Right to Delete: You have the right to request that we delete the personal data we have collected about you, subject to applicable legal exceptions.

Right to Correct: You have the right to request that we correct inaccurate personal data.

Right to Opt Out of Targeted Advertising and Sale of Personal Data: Virginia Residents have the right to “opt out” of “targeted advertising” and the “sale” of your “personal data” (as defined under Virginia law).

EXERCISING YOUR VIRGINIA PRIVACY RIGHTS

Making Access, Deletion, and Correction Requests: To make an access, deletion, or correction request, please contact us via one of the methods indicated at the top of this Policy. When you make a request, we will need to verify your identity. You may also make a rights request using an authorized agent. If you submit a rights request from an authorized agent who does not provide a valid power of attorney, we may ask the authorized agent to provide proof that you gave the agent signed permission to submit the request to exercise rights on your behalf. In the absence of a valid power of attorney, we may also require you to verify your own identity directly with us or confirm to us that you otherwise provided the authorized agent permission to submit the request. If you have any questions or concerns, you may reach us using the contact methods at the top of this Policy.

Making Requests to Opt Out of Targeted Advertising or the Sale of Personal Data: To submit a request to “opt out” of “targeted advertising” or the “sale” of your “personal data,” visit our Do Not Sell or Share My Personal Information page, or you may choose to enable online, where available, a universal tool that automatically communicates your opt-out preferences, such as the Global Privacy Control (“GPC”). We will process the GPC signal as a request to opt out.

Appeal Decisions: To appeal our decision regarding a request related to these rights, you may email us via the contact method indicated at the top of this Policy.

Changes to This Policy

We may change this Privacy Policy from time to time. If we do, we will let you know by revising the date at the top of the policy. If the changes, in our sole discretion, are material, we may also notify you by sending an email to the address associated with your account (if you have created an account) or by otherwise providing notice through the Site. We encourage you to review the Privacy Policy regularly to stay informed about our information practices and the ways you can help protect your privacy. By continuing to use the Site after Privacy Policy changes go into effect, you agree to be bound by the revised policy.

General

This Privacy Policy (including any document expressly incorporated herein) constitutes the entire agreement between you and BOSU with respect to the privacy practices of BOSU and supersedes all prior or contemporaneous communications and proposals, whether electronic, oral, or written with respect to this Site. If any provision of this Privacy Policy or any application thereof shall be invalid or unenforceable, the remainder of this Privacy Policy and any other application of such provision shall not be affected thereby.